GnuPG 2.1.0: --refresh-keys regression

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Fri Nov 14 14:21:46 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/12/2014 10:34 AM, Werner Koch wrote:
> On Tue, 11 Nov 2014 23:49, aranea at aixah.de said:
> 
>> One of the changes introduced with GnuPG 2.1 -- namely, using
>> dirmngr for key retrieval -- has caused some problems for me.
>> First of all, I'm
> 
> Thanks for reporting.  I am already aware of it asdkg already
> reported that a few days ago.

Thank you for fixing this issue, I just confirmed it working nicely
again in gpg (GnuPG) 2.1.1-beta17.

> 
>> dirmngr also seems to have problems with hkps certificate
>> checking for keyserver addresses with round-robin DNS, but I need
>> to examine this further before I can provide details.
> 

Seems we have the SNI issue back[0,1,2]. Another thing that also
strike me is the number of attempts in the log for verification of
this server rather than continuing to another one (see dirmngr snippet
below).

$ dig sks.karotte.org +short
176.9.51.79

At this point it goes the roundtrip via PTR again as we discussed
earlier:

$ dig -x 176.9.51.79 +short
alita.karotte.org.

And tries to use this as host for keyserver... but this host is not
defined for SKS services and as such we get (i) a connection failure
(CA cert is used rather than sks-keyservers.net CA) (ii) if accepting
(i) a 404 as no virtualhost is set up for this offering SKS

Sorry if the debug info part is a bit messy, but it shows the various
scenarios when testing with curl to show the differences here.

References:

[0] http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028458.html
[1] http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028460.html
[2] http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028465.html

Debug info:

using hkps.pool.sks-keyservers.net as SNI (works using pool CA):

> ---------------snip---------------<
$ curl -vv --cacert $HOME/.gnupg/sks-keyservers.netCA.pem -
- -resolve 'hkps.pool.sks-keyservers.net:443:176.9.51.79'
"https://hkps.pool.sks-k
eyservers.net/pks/lookup?op=stats"
* Added hkps.pool.sks-keyservers.net:443:176.9.51.79 to DNS cache
* Hostname was found in DNS cache
*   Trying 176.9.51.79...
* Connected to hkps.pool.sks-keyservers.net (176.9.51.79) port 443 (#0)
* Initializing NSS with certpath: none
*   CAfile: /home/kristianf/.gnupg/sks-keyservers.netCA.pem
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* Server certificate:
*       subject:
E=admin at sks.karotte.org,CN=sks.karotte.org,O=sks.karotte.org,C=
DE
*       start date: Nov 07 12:35:30 2014 GMT
*       expire date: Nov 07 12:35:30 2015 GMT
*       common name: sks.karotte.org
*       issuer: CN=sks-keyservers.net CA,O=sks-keyservers.net
CA,ST=Oslo,C=NO
> GET /pks/lookup?op=stats HTTP/1.1 User-Agent: curl/7.39.0 Host:
> hkps.pool.sks-keyservers.net Accept: */* 
> ---------------snip---------------<

using sks.karotte.org (works using CA Cert)
$ curl -vv "https://sks.karotte.org/pks/lookup?op=stats"
* Hostname was NOT found in DNS cache
*   Trying 176.9.51.79...
* Connected to sks.karotte.org (176.9.51.79) port 443 (#0)
* Initializing NSS with certpath: none
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* Server certificate:
*       subject: CN=*.karotte.org
*       start date: Apr 18 10:59:40 2014 GMT
*       expire date: Apr 17 10:59:40 2016 GMT
*       common name: *.karotte.org
*       issuer: CN=CAcert Class 3
Root,OU=http://www.CAcert.org,O=CAcert Inc.
> GET /pks/lookup?op=stats HTTP/1.1 User-Agent: curl/7.39.0 Host:
> sks.karotte.org Accept: */* ---------------snip---------------<

using alita.karotte.org (connects using CAcert, no sks service so
returns 404):

> ---------------snip---------------<
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pks/lookup was not found on this server.</p>
> ---------------snip---------------<

And dirmngr log:

> ---------------snip---------------<

2014-11-14 13:59:19 dirmngr[5952.0] DBG: chan_0 <- KEYSERVER --clear
hkps://hkps.pool.sks-keyservers.net

...
2014-11-14 13:59:23 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:23 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:23 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:23 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:23 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:23 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:23 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:23 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:23 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:23 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:23 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:23 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:23 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:23 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:23 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:23 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:23 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:23 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:23 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:23 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:23 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:23 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed:
status=0x0042
2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed:
The certificate is NOT trusted. The certificate issuer is unknown.
2014-11-14 13:59:24 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:24 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed:
status=0x0042
2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed:
The certificate is NOT trusted. The certificate issuer is unknown.
2014-11-14 13:59:24 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:24 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed:
status=0x0042
2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed:
The certificate is NOT trusted. The certificate issuer is unknown.
2014-11-14 13:59:24 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:24 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:24 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:24 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:24 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:24 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:24 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:25 dirmngr[5952.0] TLS verification of peer failed:
status=0x0042
2014-11-14 13:59:25 dirmngr[5952.0] TLS verification of peer failed:
The certificate is NOT trusted. The certificate issuer is unknown.
2014-11-14 13:59:25 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:25 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:25 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:25 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:25 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:25 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:25 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:25 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:25 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:25 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:25 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:25 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:25 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:25 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:25 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:25 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:25 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:25 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:25 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:25 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:25 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:25 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed:
status=0x0042
2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed:
The certificate is NOT trusted. The certificate issuer is unknown.
2014-11-14 13:59:26 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:26 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:26 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:26 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:26 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:26 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:26 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:26 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:26 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed:
status=0x0042
2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed:
The certificate is NOT trusted. The certificate issuer is unknown.
2014-11-14 13:59:26 dirmngr[5952.0] DBG: expected hostname:
alita.karotte.org
2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]':
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      serial: 02326A
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   notBefore: 2014-04-18 10:59:40
2014-11-14 13:59:26 dirmngr[5952.0] DBG:    notAfter: 2016-04-17 10:59:40
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      issuer: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:26 dirmngr[5952.0] DBG:     subject: CN=*.karotte.org
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.13
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   SHA1 fingerprint:
7B587956C292593511947904CD88937BC4B610BB
2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]':
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      serial: 00
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   notBefore: 2003-03-30 12:29:49
2014-11-14 13:59:26 dirmngr[5952.0] DBG:    notAfter: 2033-03-29 12:29:49
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:26 dirmngr[5952.0] DBG:     subject:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   hash algo: 1.2.840.113549.1.1.4
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   SHA1 fingerprint:
135CEC36F49CB8E93B1AB270CD80884676CE8F33
2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]':
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      serial: 0A418A
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   notBefore: 2011-05-23 17:48:02
2014-11-14 13:59:26 dirmngr[5952.0] DBG:    notAfter: 2021-05-20 17:48:02
2014-11-14 13:59:26 dirmngr[5952.0] DBG:      issuer:
1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert
Signing Authority,OU=http://www.cacert.org,O=Root CA
2014-11-14 13:59:26 dirmngr[5952.0] DBG:     subject: CN=CAcert Class
3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   hash algo:
1.2.840.113549.1.1.11
2014-11-14 13:59:26 dirmngr[5952.0] DBG:   SHA1 fingerprint:
AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE
2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate
2014-11-14 13:59:26 dirmngr[5952.0] TLS connection authentication
failed: General error
2014-11-14 13:59:26 dirmngr[5952.0] error connecting to
'https://alita.karotte.org:443': General error
2014-11-14 13:59:26 dirmngr[5952.0] command 'KS_GET' failed: General
error <Unspecified source>
2014-11-14 13:59:26 dirmngr[5952.0] DBG: chan_0 -> ERR 1 General error
<Unspecified source>
2014-11-14 13:59:26 dirmngr[5952.0] DBG: chan_0 <- BYE
2014-11-14 13:59:26 dirmngr[5952.0] DBG: chan_0 -> OK closing connection
2014-11-14 13:59:26 dirmngr[5952.0] handler for fd 0 terminated


> ---------------snip---------------<




- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Knowing is not enough; we must apply. Willing is not enough; we must do."
(Johann Wolfgang von Goethe)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUZgHoAAoJEPw7F94F4TagbIIP/1GToztHnstSfz8xklgNKY8x
IUY0YZ9OLfYu2TFjYN7E/6Scrh2l5OTxxlHKmZ9MpaWQ5ah/mFZc5KC6ZrKpVm5v
PhMVlZRnqDXUbn7CYaBwvTSsY05G6/ifa/dCtt2Zr08IM7ReUDP97m/tdH3rOm7f
IDNGJLcxxt2vhgzB2+CJuzNirCKEYqHylkI4+30UHXAb8D/ME4B16wGxgT0+OHpL
0fg6jxZMnjJ6YWRHOatoMyEhGtcayJc74b37dMzNr8TzowVTvBMnB+Pvy81/ROgd
7jMmdeO732zxVjXUssedcQOK/6mydr75LKCA82gEZE8TcFHm1/q2LZ+6NEaIHX8Y
FYuGeZV4/kyJt/5aI7gLcygtxNIrbRIlFsLZgjdzzFCD+UzNlBxkzl+jqAKemKBs
LzE2Hdryiuy081wFIugRUtWKOxaneDn7H03XxrqVvvIWN2TZC62wkvX5zE2fSjGD
4OYnL1yZO3wK5Wkk0rWpuPGVcABewmWLKDJ6NuYjTpSTkoWqSXC5+2ZV5PEuG+Es
JCqogS+hW9H41bX70sbPWKQhQQ0HQxNOAhQDg1DSbSF3cxrlNJ0RrzOM1+4ABY6k
VZGqSgFiaeaGgenudfsXEgDy92co0i4jH29Y/8YL4cldwWvDqmFY82ec/Ng3/MnO
vC5TxJq6y1BsiBb5bRn8
=pDmu
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list