GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers
David Gray
dgray4656 at yahoo.com
Wed Jan 24 14:17:39 CET 2018
Thanks, Phil -
I appreciate your help and your response.
Thanks,
Dave
Sent from my iPhone
> On Jan 23, 2018, at 9:51 PM, Phil Pennock <gnupg-users at spodhuis.org> wrote:
>
> Looks to me like a GnuPG bug. In fact, it looks very much like
> https://dev.gnupg.org/T1447 which has been marked resolved.
>
> The hostname there is a CNAME to Amazon DNS, and my dirmngr logfile
> records:
>
> 2018-01-23 21:28:10 dirmngr[70787.6] TLS verification of peer failed: hostname does not match
> 2018-01-23 21:28:10 dirmngr[70787.6] DBG: expected hostname: keyserver-prod.v3jierkpjv.eu-west-1.elasticbeanstalk.com
>
> The untrusted name retrieved from DNS resolution of the CNAME record is
> being used as the name for validation.
>
> The patches to address the issue seem to focus on SRV records, so
> repaired one way in which the problem manifested, but either didn't fix
> the underlying issue, or there's been a regression.
>
> I've opened a new ticket for the maintainers to track this.
> https://dev.gnupg.org/T3755
>
> -Phil
More information about the Gnupg-users
mailing list