[Sks-devel] SRV records and HKPS requests

Phil Pennock sks-devel-phil at spodhuis.org
Mon Dec 3 08:00:47 CET 2012


On 2012-12-02 at 23:46 -0500, David Shaw wrote:
> Hmm.  Were you intending to test with the internal HTTP support or
> with libcurl?  You're currently built with internal support:

Ah.  I couldn't tell, since the helper binaries are installed and
nothing explicitly said so.  I used whatever FreeBSD Ports created by
default.

Looking at the Makefile, looks as though FreeBSD has a sense inversion
in the curl option test for gnupg (2).  If you build with the CURL
option set, as it will be by default, then instead of "Use the real curl
library (worked around if no)" Ports passes --without-libcurl to
GnuPG2's build.

Turned _off_ that option and gpg2keys_hkp gains a lot more link
dependencies.

> > gpgkeys: curl version = GnuPG curl-shim
> 
> Looking at the internal support, it seems not to work on platforms
> with getaddrinfo(), which is odd as that part works in the 1.4 code.
> Anyway, try the attached patch in addition to the original one, and
> you should hopefully have better results.

Looks like the internal support still isn't working, but the external
is picking up the port (and visibly sending the DNS-derived hostname).

I've also just generated a new TLS cert for keytest.spodhuis.org, so
that you get different certs for keytest.spodhuis.org (SRV-only DNS) and
keyserver.spodhuis.org (SRV and A/AAAA records, the address records
being used for keytest).


Built with CURL set (so --without-libcurl):
----------------------------8< cut here >8------------------------------
% gpg2 --keyserver-options debug,verbose --keyserver hkp://keytest.spodhuis.org/ --recv-key $gpg_key
gpg: requesting key 0x403043153903637F from hkp server keytest.spodhuis.org
gpgkeys: curl version = GnuPG curl-shim
Host:		keytest.spodhuis.org
Command:	GET
* HTTP proxy is "null"
* HTTP URL is "http://keytest.spodhuis.org:11371/pks/lookup?op=get&options=mr&search=0x403043153903637F"
* HTTP auth is "null"
* HTTP method is GET
gpg: key 0x403043153903637F: "Phil Pennock <phil.pennock at globnix.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
----------------------------8< cut here >8------------------------------

Built after switching the option to get the curl dependency:
----------------------------8< cut here >8------------------------------
% gpg2 --keyserver-options debug,verbose --keyserver hkp://keytest.spodhuis.org/ --recv-key $gpg_key
gpg: requesting key 0x403043153903637F from hkp server keytest.spodhuis.org
gpgkeys: curl version = libcurl/7.24.0 OpenSSL/1.0.1c zlib/1.2.3 libidn/1.22 libssh2/1.4.1 librtmp/2.3
Host:		keyserver.spodhuis.org
Port:		11374
Command:	GET
* About to connect() to keyserver.spodhuis.org port 11374 (#0)
*   Trying 2a02:898:31:0:48:4558:73:6b73...
* connected
* Connected to keyserver.spodhuis.org (2a02:898:31:0:48:4558:73:6b73) port 11374 (#0)
> GET /pks/lookup?op=get&options=mr&search=0x403043153903637F HTTP/1.1
Host: keyserver.spodhuis.org:11374
Accept: */*
Pragma: no-cache
Cache-Control: no-cache

* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Mon, 03 Dec 2012 06:58:47 GMT
< Content-Type: application/pgp-keys; charset=UTF-8
< Content-Length: 63475
< Connection: keep-alive
< Server: sks_www/1.1.4
< Cache-Control: no-cache
< Pragma: no-cache
< Expires: 0
< X-HKP-Results-Count: 1
< Content-disposition: attachment; filename=gpgkey.asc
< Via: 1.1 keyserver.spodhuis.org:11374 (nginx)
< 
* Connection #0 to host keyserver.spodhuis.org left intact
* Closing connection #0
gpg: key 0x403043153903637F: "Phil Pennock <phil.pennock at globnix.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
----------------------------8< cut here >8------------------------------



More information about the Gnupg-users mailing list