hkps ssl problem

Ville Määttä vmaatta at gmail.com
Thu May 1 21:48:00 CEST 2014


Hi… any other problems with GPG Tools version?

I was using the brew -installed gpg first, had some issues with getting it to recognise OpenPGP card, I switched to GPG Tools version and it’s been ok. Now I’m having trouble getting non-card based keys to work with SSH through gpg-agent. I.e. they don’t, I need to run ssh-agent on any terminal session I want to use local keys. I’m thinking whether it’s worth the effort of trying the brew version again on that…

PS. The issue I have with gpg-agent has been on the list some years back in some form, but no real solutions… I’m waiting to debug my setup some more first and I’ll send some more info on the list later.

-- 
Ville

On 01 May 2014, at 18:24, Fl <labrani at gmail.com> wrote:

> I already have this line in my config file. 
> Finaly i found the solution : since im running macgogtools its seems that the gpg bin which is coming within is not working fine. I install the gnupg binaries and then use its gpg bin and all work fine. 
>  
> Fl
> 
> On May 1, 2014, at 3:39 PM, Hans of Guardian <hans at guardianproject.info> wrote:
> 
>> 
>> Looks like you need to get this file and point the config to the real path:
>> 
>> keyserver-options ca-cert-file=/pathto/.gnupg/sks-keyservers.netCA.pem
>> 
>> 
>> .hc
>> 
>> On Apr 29, 2014, at 4:41 AM, labrani wrote:
>> 
>>> Hello
>>> 
>>> I'm having some problem while trying to use an hkps pool server as keyserver.
>>> i am using gpg2 client version on a mac  os x maverick os.
>>> i have download the cacert file from the site and i verify that i have the good one while testing with curl.
>>> 
>>> here is the configuration of my client :
>>> 
>>> keyserver hkps://hkps.pool.sks-keyservers.net
>>> keyserver-options ca-cert-file=/pathto/.gnupg/sks-keyservers.netCA.pem
>>> keyserver-options no-honor-keyserver-url
>>> keyserver-options debug
>>> keyserver-options verbose
>>> keyserver-options verbose
>>> auto-key-locate keyserver
>>> fixed-list-mode
>>> keyid-format 0xlong
>>> verify-options show-uid-validity
>>> list-options show-uid-validity
>>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>>> personal-digest-preferences SHA512
>>> cert-digest-algo SHA512
>>> no-emit-version
>>> 
>>> 
>>> 
>>> 
>>> and here is the error i have :
>>> 
>>> gpg2 --recv-keys 0xD9B53384
>>> gpg: requesting key 0xD9B53384 from hkps server hkps.pool.sks-keyservers.net
>>> gpgkeys: curl version = libcurl/7.30.0 SecureTransport zlib/1.2.5
>>> Host:		hkps.pool.sks-keyservers.net
>>> Command:	GET
>>> * Adding handle: conn: 0x1184800
>>> * Adding handle: send: 0
>>> * Adding handle: recv: 0
>>> * Curl_addHandleToPipeline: length: 1
>>> * - Conn 0 (0x1184800) send_pipe: 1, recv_pipe: 0
>>> * About to connect() to hkps.pool.sks-keyservers.net port 443 (#0)
>>> *   Trying 80.239.156.219...
>>> * Connected to hkps.pool.sks-keyservers.net (80.239.156.219) port 443 (#0)
>>> * SSL certificate problem: Invalid certificate chain
>>> * Closing connection 0
>>> gpgkeys: HTTP fetch error 60: SSL certificate problem: Invalid certificate chain
>>> gpg: no valid OpenPGP data found.
>>> gpg: Total number processed: 0
>>> 
>>> 
>>> thxs for your help
>>> 
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140501/cb1bcffc/attachment-0001.html>


More information about the Gnupg-users mailing list