[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] hkps pool
|
From: |
Daniel Austin |
|
Subject: |
Re: [Sks-devel] hkps pool |
|
Date: |
Tue, 25 Jun 2013 21:25:01 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 |
Hi Kristian,
On 25/06/2013 21:18, Kristian Fiskerstrand wrote:
On 06/25/2013 10:01 PM, Daniel Austin wrote:
Hi Kristian,
...
I'm assuming the version of GPG i have doesn't support SNI then.
What version of GPG is it and what do you get when running
gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net
- --keyserver-options
ca-cert-file=sks-keyservers.netCA.pem,verbose,debug --recv-key
0x6b0b9508 ?
I'm thinking specifically of the curl link, i.e.
gpgkeys: curl version = libcurl/7.29.0 GnuTLS/3.1.9 zlib/1.2.7
address@hidden:~ # gpg2 --keyserver hkps://hkps.pool.sks-keyservers.net
--keyserver-options ca-cert-file=sks-keyservers.netCA.pem,verbose,debug
--recv-key 0x6b0b9508
gpg: requesting key 6B0B9508 from hkps server hkps.pool.sks-keyservers.net
gpgkeys: curl version = libcurl/7.24.0 OpenSSL/1.0.1e zlib/1.2.8
libidn/1.26 libssh2/1.4.3 librtmp/2.3
* About to connect() to hkps.pool.sks-keyservers.net port 443 (#0)
* Trying 198.82.169.69...
* connected
* Connected to hkps.pool.sks-keyservers.net (198.82.169.69) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: sks-keyservers.netCA.pem
CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0
gpgkeys: HTTP fetch error 60: SSL certificate problem, verify that the
CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
address@hidden:~ # gpg2 --version
gpg (GnuPG) 2.0.20
libgcrypt 1.5.2
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
As far as i'm aware my libcurl and openssl versions should support SNI
If I re-run the command several times, it works when it hits a non-SNI
certificate.
Thanks,
Daniel.
- [Sks-devel] hkps pool, Daniel Austin, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Daniel Austin, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool,
Daniel Austin <=
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Daniel Austin, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25
- Re: [Sks-devel] hkps pool, Kristian Fiskerstrand, 2013/06/25