[pkg-gnupg-maint] Bug#923482: Bug#923482: dirmngr HKPS fails due to poorly configured certificates on *.pool.sks-keyservers.net
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Mar 1 20:24:31 GMT 2019
Hi Jim--
On Thu 2019-02-28 14:51:07 -0500, Jim Popovitch wrote:
> When a client uses HKPS keyservers dirmngr fails hard due to TLS
> certificate validation errors:
what pool are you using in particular? it looks to me like you're using
"ha.pool.sks-keyservers.net"
However, https://sks-keyservers.net/overview-of-pools.php#pool_ha
suggests that there is no guarantee that servers in that pool all offer
hkps. If you want hkps, you should use
hkps://hkps.pool.sks-keyservers.net (conveniently, that happens to also
be the default setting, which means it should be able to work with no
keyserver setting in either ~/.gnupg/gpg.conf or ~/.gnupg/dirmngr.conf.
I'm closing this bug report because i think it's due to the
configuration error described above, but feel free to re-open it if you
have a different configuration from the one i've surmised. just let me
know what your configuration is!
All the best,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190301/9306c106/attachment.sig>
More information about the pkg-gnupg-maint
mailing list