Possible IPv6 bug for --keyserver option
David Shaw
dshaw at jabberwocky.com
Wed Nov 30 18:31:50 CET 2011
On Nov 30, 2011, at 11:43 AM, gnupg at lists.grepular.com wrote:
> On 30/11/11 16:25, David Shaw wrote:
>
>>> mike at Fuzzbutt:~$ gpg --keyserver grepular.com --recv-key 11111111
>>> gpg: requesting key 11111111 from hkp server grepular.com
>>> gpgkeys: HTTP fetch error 7: Failed to connect to
>>> 2001:470:1f09:1186::beef: Network is unreachable
>>> gpg: no valid OpenPGP data found.
>>> gpg: Total number processed: 0
>>> mike at Fuzzbutt:~$
>>>
>>> Why is gpg trying to connect to the IPv6 address here? The machine I'm
>>> running it from doesn't have an IPv6 address, so it should be using the
>>> A record instead of the AAAA record...
>>>
>>> mike at Fuzzbutt:~$ ifconfig|grep inet6
>>> mike at Fuzzbutt:~$
>>>
>>> I'm running GnuPG 2.0.14 on Ubuntu 11.04
>>>
>>> P.S. There isn't a keyserver at grepular.com, so I wasn't expecting it
>>> to work. I just wasn't expecting it to use the AAAA record instead of
>>> the A record.
>>
>> Hmm. GnuPG uses libcurl to do the HTTP part of fetching keys, so this might actually be a Curl question. Curl (at least on Linux) uses getaddrinfo to resolve out the IPv4 vs IPv6 question. What happens if you do "curl -v http://grepular.com:11371" on the command line?
>>
>> See also http://manpages.ubuntu.com/manpages/natty/man5/gai.conf.5.html
>
> Seems curl tries IPv4 then IPv6.
>
> mike at Fuzzbutt:~$ curl -v http://grepular.com:11371
> * About to connect() to grepular.com port 11371 (#0)
> * Trying 178.79.145.246... Connection refused
> * Trying 2001:470:1f09:1186::beef... Failed to connect to
> 2001:470:1f09:1186::beef: Network is unreachable
> * Success
> * couldn't connect to host
> * Closing connection #0
> curl: (7) Failed to connect to 2001:470:1f09:1186::beef: Network is
> unreachable
Yes, but look at the error message. It matches what you saw from GnuPG. It looks like libcurl tries the IPv4, fails, then the IPv6, and fails again. It only displays an error message for the IPv6 as that was the last thing tried. The keyserver handler uses libcurl as well, and is doing the same thing.
David
More information about the Gnupg-users
mailing list