Keyserver problems in 2.1.17

Werner Koch wk at gnupg.org
Mon Jan 2 10:14:48 CET 2017


Hello and a happy new year.

Unfortunately the recent 2.1.17 has a problem with keyserver access.
The cause for the problem is the new DNS code which appends the root
zone part (".") to the result of a CNAME query.  Most of the other
network functions don't work correctly with such a name and thus almost
all keyserver access does not work.

There is a simple workaround and probably one of the reasons why I
missed this regression: With Tor running the default keyserver will be
hkp://jirk5u4osbsr34t5.onion and that does not need any DNS.

The fix has been pushed and is attached.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
Type: text/x-diff
Size: 1545 bytes
Desc: not available
URL: </pipermail/attachments/20170102/a69b9ed7/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170102/a69b9ed7/attachment.sig>


More information about the Gnupg-devel mailing list