[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Re: seeking peers for keyserver.siccegge.de
From: |
Hauke Lampe |
Subject: |
[Sks-devel] Re: seeking peers for keyserver.siccegge.de |
Date: |
Wed, 13 Oct 2010 02:18:59 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100922 Thunderbird/3.1.4 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Christoph.
On 12.10.2010 00:23, Christoph Egger wrote:
> After some more fiddling the firewall's now fine with IPv4 gossip
One problem remains:
> Requesting 1 missing keys from <ADDR_INET [212.114.250.149]:11371>, starting
> with C11C28AEA21E0CBF4960BC150B2D62DC
> Error getting missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD
> HTML 2.0//EN\">")
The problem here is that sks hash queries don't behave well.
The server sends a simple "POST /pks/hashquery" without "HTTP/x.x".
Your HTTP proxy immediately responds with "502 Proxy Error" and drops
the connection. I don't even know if a proxy could be convinced to pass
on these requests.
The issue appears to be old and several servers already applied patches.
I just modified mine and posted the patch here:
http://code.google.com/p/sks-keyserver/issues/detail?id=5
So your key server can receive missing keys from all its IPv4 peers, but
it can't distribute new keys to unpatched servers.
Hauke.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAky0+ukACgkQKIgAG9lfHFPZaACfQz7aehc3QhgijMHmnev4viSn
28UAniQ3CjlS1IYQDEgrJ0/jK0JczHd8
=yHOG
-----END PGP SIGNATURE-----