2.1.2: keyserver route failure
Werner Koch
wk at gnupg.org
Thu Feb 19 11:03:01 CET 2015
On Wed, 18 Feb 2015 20:13, dkg at fifthhorseman.net said:
> Reasonable IPv6 stacks should return an ENETUNREACH (Network is
> unreachable) error message when trying to connect() to an address for
> which there is no route, which should already cause dirmngr to failover
The error handler after a connect does this:
switch (gpg_err_code (err))
{
case GPG_ERR_ECONNREFUSED:
case GPG_ERR_ENETUNREACH:
case GPG_ERR_UNKNOWN_HOST:
case GPG_ERR_NETWORK:
if (mark_host_dead (request) && *tries_left)
retry = 1;
break;
By setting RETRY the connect will be retried after selecting another
random host. However tehre is a retry limit of 3. Thus if we happen to
select 3 v6 hosts the keyserver action will fail but the next time it
should work.
Need to replicate the problem and check that we really receive the right
error code.
> Should gnupg also try to detect whether the IPv4 networking
> configuration is actually correct? That seems like an operating system
Better error reporting would be useful, though.
> level task. I certainly don't want all of my client software to always
> try to second-guess my netwoking stack, that sounds like a recipe for
dirmngr is a bit special in that it does its own host selection from the
DNS pool instead of leaving it to the usual round-robin scheme. We want
that to recover from host failures without waiting for the resolver
cache to expire.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list