Using LDAP keyservers with gpg 2.1.11
Philip Colmer
philip.colmer at linaro.org
Wed Apr 6 17:33:41 CEST 2016
I've configured our LDAP server to act as a keyserver for use with
GnuPG. In testing, with version 1.x and 2.0, sending keys to the
keyserver works.
However, with version 2.1.11, it isn't working. Enabling debug options
where I can find them gives me this output:
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
memstat trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
gpg: DBG: chan_4 <- # Home: /home/ubuntu/.gnupg
gpg: DBG: chan_4 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
gpg: DBG: chan_4 <- OK Dirmngr 2.1.11 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_4 -> GETINFO version
gpg: DBG: chan_4 <- D 2.1.11
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://<DN>:<password>@login.linaro.org
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> KEYSERVER
gpg: DBG: chan_4 <- S KEYSERVER ldaps://uid=<DN>:<password>@login.linaro.org
gpg: DBG: chan_4 <- OK
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: SHORT_KID: 'DC6F3C29'
gpg: DBG: keydb_search: searching keyring (resource 0 of 1)
gpg: DBG: keyring_search: need_uid = 0; need_words = 0; need_keyid =
1; need_fpr = 0; any_skip = 0
gpg: DBG: fd_cache_open (/home/ubuntu/.gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-2.0: open '/home/ubuntu/.gnupg/pubring.gpg'
desc=file_filter(fd) fd=5
gpg: DBG: keyring_search: initializing offset table. (need_keyid: 1 => 1)
gpg: DBG: keyring_search: searching from start of resource.
gpg: DBG: iobuf-2.0: underflow: buffer size: 8192; still buffered: 0
=> space for 8192 bytes
gpg: DBG: iobuf-2.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-2.0: A->FILTER() returned rc=0 (ok), read 1211 bytes
gpg: DBG: parse_packet(iob=2): type=6 length=269 (search.keyring.c.1115)
gpg: DBG: keyring_search: packet starting at offset 0 matched descriptor 0
gpg: DBG: keyring_search: returning success
gpg: DBG: free_packet() type=6
gpg: DBG: keydb_search: searched keyring (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: fd_cache_open (/home/ubuntu/.gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-3.0: open '/home/ubuntu/.gnupg/pubring.gpg'
desc=file_filter(fd) fd=6
gpg: DBG: iobuf-3.0: underflow: buffer size: 8192; still buffered: 0
=> space for 8192 bytes
gpg: DBG: iobuf-3.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-3.0: A->FILTER() returned rc=0 (ok), read 1211 bytes
gpg: DBG: parse_packet(iob=3): type=6 length=269 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=13 length=40 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=2 length=318 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=12 length=2 (parse.keyring.c.414)
gpg: DBG: free_packet() type=12
gpg: DBG: parse_packet(iob=3): type=14 length=269 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=2 length=293 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=12 length=2 (parse.keyring.c.414)
gpg: DBG: free_packet() type=12
gpg: DBG: iobuf-3.0: underflow: buffer size: 8192; still buffered: 0
=> space for 8192 bytes
gpg: DBG: iobuf-3.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-3.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: /home/ubuntu/.gnupg/pubring.gpg: close fd/handle 6
gpg: DBG: fd_cache_close (/home/ubuntu/.gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-3.0: close '?'
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: build_packet() type=6
gpg: DBG: iobuf-4.0: close '?'
gpg: DBG: build_packet() type=13
gpg: DBG: build_packet() type=2
gpg: DBG: iobuf-5.0: close '?'
gpg: DBG: build_packet() type=14
gpg: DBG: iobuf-6.0: close '?'
gpg: DBG: build_packet() type=2
gpg: DBG: iobuf-7.0: close '?'
gpg: DBG: iobuf-2.0: close 'file_filter(fd)'
gpg: DBG: /home/ubuntu/.gnupg/pubring.gpg: close fd/handle 5
gpg: DBG: fd_cache_close (/home/ubuntu/.gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-1.0: close '?'
gpg: sending key DC6F3C29 to ldaps://<DN>:<password>@login.linaro.org
gpg: DBG: chan_4 -> KS_PUT
gpg: DBG: chan_4 <- INQUIRE KEYBLOCK
gpg: DBG: chan_4 -> [ 44 20 99 01 25 30 44 04 56 fe 8f d2 01 08 00 c2
...(982 byte(s) skipped) ]
gpg: DBG: chan_4 -> [ 44 20 20 4f ad 28 53 1c 95 8a ae 0f 57 5f 35 fc
...(231 byte(s) skipped) ]
gpg: DBG: chan_4 -> END
gpg: DBG: chan_4 <- INQUIRE KEYBLOCK_INFO
gpg: DBG: chan_4 -> D
pub::2048:1:4625A9B1DC6F3C29:1459523538:1460128338::::::::::%0Auid:::::1459523538::::Philip
Colmer <philip.colmer at linaro.org>:::::::%0Asig::::4625A9B1DC6F3C29:1459523538:::::::::::%0Asub::2048:1:87E613C66F047E92:1459523538:1460128338::::::::::%0A
gpg: DBG: chan_4 -> END
gpg: DBG: chan_4 <- ERR 167772346 No keyserver available <Dirmngr>
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: keyserver send failed: No keyserver available
gpg: keyserver send failed: No keyserver available
gpg: DBG: chan_4 -> BYE
gpg: DBG: [not enabled in the source] stop
I can't seem to turn up the debugging any higher in order to find out
why Dirmngr is reporting "No keyserver available". I can't find that
message in the source code either so I can't add any extra debugging
statements.
Does anyone know what changed between 2.0 and 2.1 that would
specifically affect LDAP keyserver operation? Or, failing that, what I
should be looking at in order to troubleshoot this further?
Thanks.
Philip
More information about the Gnupg-users
mailing list