[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] hkps pool
|
From: |
Daniel Austin |
|
Subject: |
Re: [Sks-devel] hkps pool |
|
Date: |
Tue, 25 Jun 2013 21:01:38 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 |
Hi Kristian,
On 25/06/2013 20:53, Kristian Fiskerstrand wrote:
On 06/25/2013 09:29 PM, Daniel Austin wrote:
Hi,
It appears that several of the current active hosts in the hkps
pool are not signed using the sks CA which is causing issues when
trying to publish keys to it.
Hi Daniel,
I suspect that you're trying to access the hosts directly and not
using the hostname hkps.pool.sks-keyservers.net. Note that most hosts
only offer the pool CA in the chain for this hostname (using SNI).
I'm assuming the version of GPG i have doesn't support SNI then.
about 70% of the time, I get the following:
gpg: requesting key 7F003DE6 from hkps server hkps.pool.sks-keyservers.net
gpgkeys: HTTP fetch error 60: SSL certificate problem, verify that the
CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
If the majority of GPG users don't support SNI is it wise to have
servers in the pool that only work if the client supports SNI?
Would it be worth having two separate pools?
Thanks,
Daniel.
- [Sks-devel] hkps pool, Daniel Austin, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool,
Daniel Austin <=
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Daniel Austin, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Daniel Austin, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25