GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers

Phil Pennock gnupg-users at
Wed Jan 24 03:51:24 CET 2018

On 2018-01-22 at 20:12 -0500, David Gray via Gnupg-users wrote:
> I'm running GnuPG 2.2.4 on Windows.  I'm able to successfully query the SKS
> keyserver pool via HKPS (hkps:// with no
> problems.  I'm trying to query the hkps:// keyserver, and
> I'm not having any luck.

Looks to me like a GnuPG bug.  In fact, it looks very much like which has been marked resolved.

The hostname there is a CNAME to Amazon DNS, and my dirmngr logfile

2018-01-23 21:28:10 dirmngr[70787.6] TLS verification of peer failed: hostname does not match
2018-01-23 21:28:10 dirmngr[70787.6] DBG: expected hostname:

The untrusted name retrieved from DNS resolution of the CNAME record is
being used as the name for validation.

The patches to address the issue seem to focus on SRV records, so
repaired one way in which the problem manifested, but either didn't fix
the underlying issue, or there's been a regression.

I've opened a new ticket for the maintainers to track this.


More information about the Gnupg-users mailing list