[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Test my keyserver please (nginx fix)
|
From: |
Phil Pennock |
|
Subject: |
[Sks-devel] Test my keyserver please (nginx fix) |
|
Date: |
Wed, 6 Mar 2013 04:49:19 -0500 |
If you have an install of GnuPG 2 which is built using curl-shim, not a
real libcurl, then please read on.
You can tell the build by running:
/usr/local/libexec/gpg2keys_hkp --version
(or whatever the path is to the assistant). If it says:
Uses: libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.7
then you can't test this. If it says:
Uses: GnuPG curl-shim
then you can. You can also use {{ --keyserver-options debug,verbose }}
when invoking gpg2.
So nginx 1.3.14 is out, with version 66 of the SPDY patch. I've rebuilt
nginx with this, and it's now running in front of SKS on
sks.spodhuis.org.
This should fix the problem which leads to timing-sensitive connection
drops caused by gpg2's curl-shim mock/stub implementation of the cURL
API using shutdown(sock, SHUT_WR) on the connection after sending the
request.
I can no longer trigger this from the box on the same network as my
server, but that's not _proof_, since this is timing-sensitive.
If you have an affected gpg2 client, could you please try to pull a key
from hkp://sks.spodhuis.org/ and if it fails or reports no keys found
(even if it proceeds to appear to import part of a key) then can you
please let me know? Success reports appreciated too! I want to get
back to the nginx developers and let them know that their fix works for
me.
Thanks!
-Phil
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Sks-devel] Test my keyserver please (nginx fix),
Phil Pennock <=