[pkg-gnupg-maint] Bug#923482: Bug#923482: dirmngr HKPS fails due to poorly configured certificates on *.pool.sks-keyservers.net

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 1 20:24:31 GMT 2019

Hi Jim--

On Thu 2019-02-28 14:51:07 -0500, Jim Popovitch wrote:
> When a client uses HKPS keyservers dirmngr fails hard due to TLS
> certificate validation errors:

what pool are you using in particular?  it looks to me like you're using

However, https://sks-keyservers.net/overview-of-pools.php#pool_ha
suggests that there is no guarantee that servers in that pool all offer
hkps.  If you want hkps, you should use
hkps://hkps.pool.sks-keyservers.net (conveniently, that happens to also
be the default setting, which means it should be able to work with no
keyserver setting in either ~/.gnupg/gpg.conf or ~/.gnupg/dirmngr.conf.

I'm closing this bug report because i think it's due to the
configuration error described above, but feel free to re-open it if you
have a different configuration from the one i've surmised.  just let me
know what your configuration is!

All the best,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190301/9306c106/attachment.sig>

More information about the pkg-gnupg-maint mailing list