Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't install 
that one without an explicit parameter boggles me a bit. Oh well. Is 
that sufficient, or will I have to install the very latest from source?

The web server is enabled, there's just no main page in the directory yet.

I see "Error fetching key from hash **** : Not_found" messages in the 
log though, is this normal? The hashes update, so I'm not overly 
worried, just want to know if this is normal.

Anyway, thanks again for taking the time to assist me.

Martin

On 04/05/2014 04:38 PM, BluKeyserver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Martin,
>
> Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>
> 'Versions prior to 1.1.2 have a severe interoperability bug (POST
> requests for exchanging keys are HTTP/0.9, does not work with modern
> setups having reverse HTTP proxies in front as a best practice.'
>
> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?
>
> Also, I have noticed, that you did not enable the built-in www server:
>
> 'Page not found: /var/lib/sks/www/index.html'
>
> Regards,
> H.Storm [TheBluProject]
>
> On 05/04/2014 07:52, Martin Papik wrote:
> > Thank you very much Jerzy, however I'm facing some problems. I
> > wonder if you have any insight. I'm new to sks, but it seems to me
> > that there might be an apache proxy intercepting the connections
> > and interfering somehow. I don't see my server in
> > http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the
> > sks servers are talking to each other on 11370 so I'm assuming
> > there's some kind of asymmetric setup.
> >
> > Any help would be appreciated.
> >
> > Martin
> >
> > In the log I see  (after incrementing http_fetch_size to 1000 to
> > reduce the number of entries).
> >
> > 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370
> > changed from [] to [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET
> > [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
> > recovered from <ADDR_INET [176.241.243.15]:11371> 2014-04-05
> > 08:44:11 Requesting 1000 missing keys from <ADDR_INET
> > [176.241.243.15]:11371>, starting with
> > 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> > <ADDR_INET [176.241.243.15]:11371>, starting with
> > 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> > <ADDR_INET [176.241.243.15]:11371>, starting with
> > 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> > <ADDR_INET [176.241.243.15]:11371>, starting with
> > 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> > <ADDR_INET [176.241.243.15]:11371>, starting with
> > A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">") 2014-04-05 08:44:12 Requesting 1000 missing keys from
> > <ADDR_INET [176.241.243.15]:11371>, starting with
> > D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">") 2014-04-05 08:44:12 Requesting 64 missing keys from
> > <ADDR_INET [176.241.243.15]:11371>, starting with
> > FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting
> > missing keys: Failure("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
> > 2.0//EN\">")
> >
> > The tcpdump output contains (looks like HTTP 0.9, no host header in
> > the request, no HTTP headers in the response).
> >
> > Request to 176.241.243.15:11371
> >
> > POST /pks/hashquery content-length: 24
> >
> > Response from 176.241.243.15:11371
> >
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
> > <title>502 Proxy Error</title> </head><body> <h1>Proxy Error</h1>
> > <p>The proxy server received an invalid response from an upstream
> > server.<br /> The proxy server could not handle the request <em><a
> > href="/pks/hashquery">POST&nbsp;/pks/hashquery</a></em>.<p> Reason:
> > <strong>Error reading from remote server</strong></p></p> <hr>
> > <address>Apache Server at keyserver.kolosowscy.pl Port
> > 80</address> </body></html>
> >
> >
> >
> >
> > On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
> > > Hi,
> > >
> > > I added your server. My line to add:
> > >
> > > keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
> > > <address@hidden>
> > >
> > > Rgds,
> > >
> > > Jerzy Ko?osowski
> > >
> > > Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
> > > > Hi everyone,
> > > >
> > > > I've just configured sks 1.1.1 (default on Ubuntu) on
> > > > sks-server.randala.com. The machine has IPv6 but SKS has not
> > > > yet been assigned an address. I wonder, is there an advantage
> > > > (e.g. in terms of peering)? The server is located in
> > > > Germany/EU. For now I'm deploying
> > > the
> > > > server for R&D as a proxy for my private server (behind my
> > > > ISPs randomized NAT).
> > > >
> > > > You may contact me if you have further questions or for any
> > > > issues, operational or otherwise.
> > > >
> > > > Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ...
> > > > köszönöm] Loaded: 3583821 keys
> > > >
> > > > Line to add to /etc/sks/membership
> > > >
> > > > sks-server.randala.com 11370
> > > >
> > > > Thank you.
> > > >
> > > > Martin
> > > >
> > > > _______________________________________________ Sks-devel
> > > > mailing list address@hidden
> > > > https://lists.nongnu.org/mailman/listinfo/sks-devel
> > > >
> > > >
> > > > _______________________________________________ Sks-devel
> > > > mailing list address@hidden
> > > > https://lists.nongnu.org/mailman/listinfo/sks-devel
> >
> >
> > _______________________________________________ Sks-devel mailing
> > list address@hidden
> > https://lists.nongnu.org/mailman/listinfo/sks-devel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTQAc1AAoJECAbDNi5hly1xZsP/33HxdOB3IR2xKVb611YHDCg
> Sq4+bqrMystY4uN4tXIZY9n4QC7GzeXzX8Z84nfPrroNaWUeDsQVhO5Wj6fH0hOV
> QSF3CruKigQEQOfhwZtto1y8bVAXrQtHyt28RNl8ogkwv99iIf+0uR6zvnGh/Mo3
> ViYIWzlPvCf9sa5wSL2R678EKQ7tK3YUcouNhBAr4HZSrDGao1KfEoA5VnzblwLY
> bndrMA3JSO4wyYsAIKPks1EXe42tOSQJ5c7t1snFDxDkkMGTXQjiVkXJbYjDD+++
> jRRFhxeJRZBpddl/1yYieqOIUC9up2xAY6s0ypSSQYOkfOZxGvgbPULSUNY0VdyR
> cwQqJ4/iahcLnFiHggLKIRt+ec3LyosHtLigFzmZ3WaRZIeW2loRTOYGTxhA9kxr
> tmWeoJpWfLWD7kqEa1QBb/9VwIidZ3nq6UhXLDRYr9PDU3iKRpZmDVj5Me/bqU4D
> e7u3G9M3jV+RALayav6zdETIQUBkt4/l8M22XZSv1HZFY1EXsWX2uctJPOxr/5D6
> q1kl4sNzWFgK2kVBqyOMMD2hXyt3FKT2Sf66jA/q46hfRS+uxJ1TeKOe5gI4PUqE
> T8/8SXAm4BVjAD/DIlrnwSClpZL7uRr8VmNUIvyEWEkJYhuJRgpLUqFOHK25W84V
> weobILt1mOdzud5jg1rQ
> =P0g7
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel