[pkg-gnupg-maint] Bug#860352: Bug#860352: gnupg: cannot handle hkps keyservers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Apr 26 05:43:08 UTC 2017 

Control: tags 860352 + unreproducible moreinfo

Hi Norbert--

On Sat 2017-04-15 10:37:52 +0900, Norbert Preining wrote:
> this is a very similar case to #811146 which supposedly is resolved,
> but it isn't:
>
> Relevant ~/.gnupg/gpg.conf lines:
>
>   keyserver hkps://hkps.pool.sks-keyservers.net
>   keyserver-options no-honor-keyserver-url
>
> Relevant ~/.gnupg/dirmngr.conf lines:
>
>   hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem
>
> $ gpg --version
> gpg (GnuPG) 2.1.18
> ...
> $ dpkg -l gnupg
> ...
> ii  gnupg                   2.1.18-6         amd64            GNU privacy guard - a free PGP replacement
>
> Searching with dirmngr directly succeeds (see above bug report),
> but gnupg fails with
> 	General error
> $ gpg -vvv --debug-level 10 --search-key 58E11BB1E414D9AD
> gpg: using character set 'utf-8'
> gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust ipc clock lookup extprog
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 <- # Home: /home/norbert/.gnupg
> gpg: DBG: chan_3 <- # Config: /home/norbert/.gnupg/dirmngr.conf
> gpg: DBG: chan_3 <- OK Dirmngr 2.1.18 at your service
> gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_3 -> GETINFO version
> gpg: DBG: chan_3 <- D 2.1.18
> gpg: DBG: chan_3 <- OK
> gpg: DBG: chan_3 -> KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net
> gpg: DBG: chan_3 <- OK
> gpg: DBG: chan_3 -> KS_SEARCH -- 58E11BB1E414D9AD
> gpg: DBG: chan_3 <- ERR 1 General error <Unspecified source>
> gpg: error searching keyserver: General error
> gpg: keyserver search failed: General error
> gpg: DBG: chan_3 -> BYE
> gpg: DBG: [not enabled in the source] stop
> gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
>               outmix=0 getlvl1=0/0 getlvl2=0/0
> gpg: secmem usage: 0/65536 bytes in 0 blocks
> $

I'm perplexed by this report, and am unable to reproduce the behavior.

Are you seeing it reproducibly?  If so, can you turn up the logging in
dirmngr itself?  you should be able to do this by adding a few lines to
~/.gnupg/dirmngr.conf:

    debug-all
    gnutls-debug 9999
    debug-level expert

and then stop dirmngr:

    gpgconf --kill dirmngr

and then do the query again and let me know what's shown in the output
of "systemctl --user status dirmngr" or "journalctl --user-unit dirmngr"

Thanks,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170426/ef8b1da8/attachment.sig>

More information about the pkg-gnupg-maint mailing list