GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers
Phil Pennock
gnupg-users at spodhuis.org
Wed Jan 24 03:51:24 CET 2018
On 2018-01-22 at 20:12 -0500, David Gray via Gnupg-users wrote:
> I'm running GnuPG 2.2.4 on Windows. I'm able to successfully query the SKS
> keyserver pool via HKPS (hkps://hkps.pool.sks-keyservers.net) with no
> problems. I'm trying to query the hkps://keys.mailvelope.com keyserver, and
> I'm not having any luck.
Looks to me like a GnuPG bug. In fact, it looks very much like
https://dev.gnupg.org/T1447 which has been marked resolved.
The hostname there is a CNAME to Amazon DNS, and my dirmngr logfile
records:
2018-01-23 21:28:10 dirmngr[70787.6] TLS verification of peer failed: hostname does not match
2018-01-23 21:28:10 dirmngr[70787.6] DBG: expected hostname: keyserver-prod.v3jierkpjv.eu-west-1.elasticbeanstalk.com
The untrusted name retrieved from DNS resolution of the CNAME record is
being used as the name for validation.
The patches to address the issue seem to focus on SRV records, so
repaired one way in which the problem manifested, but either didn't fix
the underlying issue, or there's been a regression.
I've opened a new ticket for the maintainers to track this.
https://dev.gnupg.org/T3755
-Phil
More information about the Gnupg-users
mailing list