hkps ssl problem

labrani labrani at gmail.com
Fri May 2 10:40:07 CEST 2014 

Hi

Personnaly i've installed gpgtools in order to use it with mail mac os application.
and it is working fine unless i try to use an hkps server. with http there is no problem.
i dont know the real reason why the gpgtools version is not working since on their site they said all is ok : i think that there is a bug while trying to use the ca-cert options.

FL

On May 1, 2014, at 21:48, Ville Määttä <vmaatta at gmail.com> wrote:

> Hi… any other problems with GPG Tools version?
> 
> I was using the brew -installed gpg first, had some issues with getting it to recognise OpenPGP card, I switched to GPG Tools version and it’s been ok. Now I’m having trouble getting non-card based keys to work with SSH through gpg-agent. I.e. they don’t, I need to run ssh-agent on any terminal session I want to use local keys. I’m thinking whether it’s worth the effort of trying the brew version again on that…
> 
> PS. The issue I have with gpg-agent has been on the list some years back in some form, but no real solutions… I’m waiting to debug my setup some more first and I’ll send some more info on the list later.
> 
> -- 
> Ville
> 
> On 01 May 2014, at 18:24, Fl <labrani at gmail.com> wrote:
> 
>> I already have this line in my config file. 
>> Finaly i found the solution : since im running macgogtools its seems that the gpg bin which is coming within is not working fine. I install the gnupg binaries and then use its gpg bin and all work fine. 
>>  
>> Fl
>> 
>> On May 1, 2014, at 3:39 PM, Hans of Guardian <hans at guardianproject.info> wrote:
>> 
>>> 
>>> Looks like you need to get this file and point the config to the real path:
>>> 
>>> keyserver-options ca-cert-file=/pathto/.gnupg/sks-keyservers.netCA.pem
>>> 
>>> 
>>> .hc
>>> 
>>> On Apr 29, 2014, at 4:41 AM, labrani wrote:
>>> 
>>>> Hello
>>>> 
>>>> I'm having some problem while trying to use an hkps pool server as keyserver.
>>>> i am using gpg2 client version on a mac  os x maverick os.
>>>> i have download the cacert file from the site and i verify that i have the good one while testing with curl.
>>>> 
>>>> here is the configuration of my client :
>>>> 
>>>> keyserver hkps://hkps.pool.sks-keyservers.net
>>>> keyserver-options ca-cert-file=/pathto/.gnupg/sks-keyservers.netCA.pem
>>>> keyserver-options no-honor-keyserver-url
>>>> keyserver-options debug
>>>> keyserver-options verbose
>>>> keyserver-options verbose
>>>> auto-key-locate keyserver
>>>> fixed-list-mode
>>>> keyid-format 0xlong
>>>> verify-options show-uid-validity
>>>> list-options show-uid-validity
>>>> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
>>>> personal-digest-preferences SHA512
>>>> cert-digest-algo SHA512
>>>> no-emit-version
>>>> 
>>>> 
>>>> 
>>>> 
>>>> and here is the error i have :
>>>> 
>>>> gpg2 --recv-keys 0xD9B53384
>>>> gpg: requesting key 0xD9B53384 from hkps server hkps.pool.sks-keyservers.net
>>>> gpgkeys: curl version = libcurl/7.30.0 SecureTransport zlib/1.2.5
>>>> Host:		hkps.pool.sks-keyservers.net
>>>> Command:	GET
>>>> * Adding handle: conn: 0x1184800
>>>> * Adding handle: send: 0
>>>> * Adding handle: recv: 0
>>>> * Curl_addHandleToPipeline: length: 1
>>>> * - Conn 0 (0x1184800) send_pipe: 1, recv_pipe: 0
>>>> * About to connect() to hkps.pool.sks-keyservers.net port 443 (#0)
>>>> *   Trying 80.239.156.219...
>>>> * Connected to hkps.pool.sks-keyservers.net (80.239.156.219) port 443 (#0)
>>>> * SSL certificate problem: Invalid certificate chain
>>>> * Closing connection 0
>>>> gpgkeys: HTTP fetch error 60: SSL certificate problem: Invalid certificate chain
>>>> gpg: no valid OpenPGP data found.
>>>> gpg: Total number processed: 0
>>>> 
>>>> 
>>>> thxs for your help
>>>> 
>>>> _______________________________________________
>>>> Gnupg-users mailing list
>>>> Gnupg-users at gnupg.org
>>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>> 
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140502/a79ce814/attachment.html>

More information about the Gnupg-users mailing list