[Sks-devel] SRV records and HKPS requests
Phil Pennock
sks-devel-phil at spodhuis.org
Fri Dec 7 08:40:19 CET 2012
On 2012-12-05 at 23:32 -0500, David Shaw wrote:
> It's working, it's just misleading since the SRV replacement happens
> after the debug logging so the actual URL that is hit is not the one
> that is being logged. If you look at netstat, you can see it's
> connecting to the right port.
Sorry for the delay getting back to you.
> Try this new patch (by itself, not on top of an earlier one) - it logs
> before and after the SRV replacement so it's clear what is going on.
Using Curl:
So, I do see the correct port being used (bug 1446), I don't see the
correct hostname (bug 1447)
----------------------------8< cut here >8------------------------------
% gpg2 --keyserver-options debug,verbose --keyserver hkp://keytest.spodhuis.org/ --recv-key $gpg_key
gpg: requesting key 0x403043153903637F from hkp server keytest.spodhuis.org
gpgkeys: curl version = libcurl/7.24.0 OpenSSL/1.0.1c zlib/1.2.3 libidn/1.22 libssh2/1.4.1 librtmp/2.3
Host: keyserver.spodhuis.org
Port: 11374
Command: GET
* About to connect() to keyserver.spodhuis.org port 11374 (#0)
* Trying 2a02:898:31:0:48:4558:73:6b73...
* connected
* Connected to keyserver.spodhuis.org (2a02:898:31:0:48:4558:73:6b73) port 11374 (#0)
> GET /pks/lookup?op=get&options=mr&search=0x403043153903637F HTTP/1.1
Host: keyserver.spodhuis.org:11374
Accept: */*
Pragma: no-cache
Cache-Control: no-cache
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Fri, 07 Dec 2012 07:26:05 GMT
< Content-Type: application/pgp-keys; charset=UTF-8
< Content-Length: 63475
< Connection: keep-alive
< Server: sks_www/1.1.4
< Cache-Control: no-cache
< Pragma: no-cache
< Expires: 0
< X-HKP-Results-Count: 1
< Content-disposition: attachment; filename=gpgkey.asc
< Via: 1.1 keyserver.spodhuis.org:11374 (nginx)
<
* Connection #0 to host keyserver.spodhuis.org left intact
* Closing connection #0
[gpg output for key]
----------------------------8< cut here >8------------------------------
Without Curl:
The diagnostics confuse as to what is actually going to be sent; if you
know the code well enough to know where the messages come from, I'm
confident it's clear, but myself? I had to use tcpdump to satisfy
myself that the "Host:" line coming _before_ the "original" line was
what actually got sent.
But it looks as though the non-Curl case is now fixed for both bugs 1446
& 1447.
Interesting that the HTTP request itself got split into two packets.
----------------------------8< cut here >8------------------------------
% gpg2 --keyserver-options debug,verbose --keyserver hkp://keytest.spodhuis.org/ --recv-key $gpg_key
gpg: requesting key 0x403043153903637F from hkp server keytest.spodhuis.org
gpgkeys: curl version = GnuPG curl-shim
Host: keytest.spodhuis.org
Command: GET
* HTTP proxy is "null"
* Original HTTP URL is "http://keytest.spodhuis.org:11371/pks/lookup?op=get&options=mr&search=0x403043153903637F"
* SRV tag is "pgpkey-http": URL may be overridden
* HTTP auth is "null"
* HTTP method is GET
* HTTP host:port post-SRV is "keyserver.spodhuis.org:11374"
----------------------------8< cut here >8------------------------------
----------------------------8< cut here >8------------------------------
02:35:22.942405 IP6 (flowlabel 0x9380b, hlim 64, next-header TCP (6) payload length: 136) 2a02:898:31:0:48:4558:73:6b73.65444 > 2a02:898:31:0:48:4558:73:6b73.11374: P, cksum 0x131c (correct), 1:105(104) ack 1 win 32844 <nop,nop,timestamp 3873907875 991822204>
0x0000: 6009 380b 0088 0640 2a02 0898 0031 0000 `.8....@*....1..
0x0010: 0048 4558 0073 6b73 2a02 0898 0031 0000 .HEX.sks*....1..
0x0020: 0048 4558 0073 6b73 ffa4 2c6e e223 9b76 .HEX.sks..,n.#.v
0x0030: 1ab3 cf49 8018 804c 131c 0000 0101 080a ...I...L........
0x0040: e6e7 24a3 3b1e 017c 4745 5420 2f70 6b73 ..$.;..|GET./pks
0x0050: 2f6c 6f6f 6b75 703f 6f70 3d67 6574 266f /lookup?op=get&o
0x0060: 7074 696f 6e73 3d6d 7226 7365 6172 6368 ptions=mr&search
0x0070: 3d30 7834 3033 3034 3331 3533 3930 3336 =0x4030431539036
0x0080: 3337 4620 4854 5450 2f31 2e30 0d0a 486f 37F.HTTP/1.0..Ho
0x0090: 7374 3a20 6b65 7974 6573 742e 7370 6f64 st:.keytest.spod
0x00a0: 6875 6973 2e6f 7267 3a31 3133 3731 0d0a huis.org:11371..
02:35:22.942487 IP6 (flowlabel 0x9380b, hlim 64, next-header TCP (6) payload length: 77) 2a02:898:31:0:48:4558:73:6b73.65444 > 2a02:898:31:0:48:4558:73:6b73.11374: FP, cksum 0xe48f (correct), 105:150(45) ack 1 win 32844 <nop,nop,timestamp 3873907875 991822204>
0x0000: 6009 380b 004d 0640 2a02 0898 0031 0000 `.8..M.@*....1..
0x0010: 0048 4558 0073 6b73 2a02 0898 0031 0000 .HEX.sks*....1..
0x0020: 0048 4558 0073 6b73 ffa4 2c6e e223 9bde .HEX.sks..,n.#..
0x0030: 1ab3 cf49 8019 804c e48f 0000 0101 080a ...I...L........
0x0040: e6e7 24a3 3b1e 017c 4361 6368 652d 436f ..$.;..|Cache-Co
0x0050: 6e74 726f 6c3a 206e 6f2d 6361 6368 650d ntrol:.no-cache.
0x0060: 0a50 7261 676d 613a 206e 6f2d 6361 6368 .Pragma:.no-cach
0x0070: 650d 0a0d 0a e....
----------------------------8< cut here >8------------------------------
Regards,
-Phil
More information about the Gnupg-users
mailing list