GnuPG(2.1.11) update problems
Mire, John
jmire at lsuhsc.edu
Tue Feb 23 15:30:38 UTC 2016
Running FreeBSD 10.2-RELEASE-p12 #1 r295138
IPv4 connectivity only
NO IPv6
Updated (GnuPG) 2.0.29 --> (GnuPG) 2.1.11 from ports
Modified ~/.gnupg/gpg.conf as follows:
##
## gpg.conf
##
no-greeting
comment ""
default-key 500026E6
default-recipient-self
force-v3-sigs
charset utf-8
keyserver hkp://hkps.pool.sks-keyservers.net
#moved options to
#keyserver-options ca-cert-file=/usr/local/share/gnupg/certs/sks-keyservers.netCA.pem
#keyserver-options ca-cert-path=/usr/local/share/gnupg/certs
use-agent
utf8-strings
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
##EOF
Added ~/.gnupg/dirmngr.conf as follows:
##
## dirmngr.conf
##
#keyserver hkp://jirk5u4osbsr34t5.onion
keyserver hkps://hkps.pool.sks-keyservers.net
# --hkp-cacert FILENAME
#
# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
# know the root certificates for verification of the TLS certificates
# used for the connection. Enter the full name of a file with the
# root certificates here. If that file is in PEM format a ".pem"
# suffix is expected. This option may be given multiple times to add
# more root certificates. Tilde expansion is supported.
hkp-cacert /etc/ssl/sks-keyservers.netCA.pem
hkp-cacert /etc/ssl/cert.pem
##EOF
GnuPG(1.4.20) works fine with just HKP :
% gpg --search-keys 0x500026E6
gpg: searching for "0x500026E6" from hkp server hkps.pool.sks-keyservers.net
(1) John Mire <jmire at lsuhsc.edu>
4096 bit RSA key 500026E6, created: 2011-09-11
Keys 1-1 of 1 for "0x500026E6". Enter number(s), N)ext, or Q)uit > q
GnuPG(2.1.11) gives the following:
% gpg2 --search-keys 0x500026E6
gpg: error searching keyserver: No route to host
gpg: keyserver search failed: No route to host
closer examination of dirmngr
unless it decides to use an IPv6 server address, it can resolve:
% dirmngr
dirmngr[61610.0]: permanently loaded certificates: 0
dirmngr[61610.0]: runtime cached certificates: 0
# Home: ~/.gnupg
# Config: /home/jmire/.gnupg/dirmngr.conf
OK Dirmngr 2.1.11 at your service
ks_search 0x500026E6
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4ckbone.de'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.spodhuis.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'keyserver.nbg-ha.de'
S PROGRESS tick ? 0 0
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:ba8:1f1:f2d4::2]'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2604:a880:800:10::163:b001]'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a00:1280:8000:4::3]'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'zimmerman.mayfirst.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'keys02.fedoraproject.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.spodhuis.org' [already known]
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'keyserver.nbg-ha.de' [already known]
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu' [already known]
S PROGRESS tick ? 0 0
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'kronecker.scientia.net'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'mx1.adeti.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'oteiza.siccegge.de'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cryptonomicon.mit.edu'
dirmngr[61610.0]: can't connect to 'oteiza.siccegge.de': no IP address for host
dirmngr[61610.0]: error connecting to 'https://oteiza.siccegge.de:443': Unknown host
dirmngr[61610.0]: marking host 'oteiza.siccegge.de' as dead
S PROGRESS tick ? 0 0
S SOURCE https://cryptonomicon.mit.edu:443
D info:1:1%0Apub:2F69495FFA0850CDD83771E0E3DF4A51500026E6:1:4096:1315778755::%0Auid:John Mire <jmire at lsuhsc.edu>:1315778755::%0A%0D%0A
OK
ks_search 0x4F25E3B6
S PROGRESS tick ? 0 0
S SOURCE https://cryptonomicon.mit.edu:443
D info:1:1%0Apub:D8692123C4065DEA5E0F3AB5249B39D24F25E3B6:1:2048:1294830465:1577790083:%0Auid:Werner Koch (dist sig):1294830465::%0A%0D%0A
OK
Bye
% dirmngr
dirmngr[62413.0]: permanently loaded certificates: 0
dirmngr[62413.0]: runtime cached certificates: 0
# Home: ~/.gnupg
# Config: /home/jmire/.gnupg/dirmngr.conf
OK Dirmngr 2.1.11 at your service
ks_search jmire dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4ckbone.de'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:ba8:1f1:f2d4::2]'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'a.keyserver.pki.scientia.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a01:4a0:59:1000:223:9eff:fe00:100f]'
S PROGRESS tick ? 0 0
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:41d0:8:1856::1:1]'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'prod00.keyserver.dca.witopia.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bone.digitalis.org' [already known]
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ip-209-135-211-141.ragingwire.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4ckbone.de' [already known]
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'kronecker.scientia.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cryptonomicon.mit.edu'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks.srv.dumain.com'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'oteiza.siccegge.de'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'keys02.fedoraproject.org'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'hufu.ki.iif.hu' [already known]
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'mx1.adeti.org'
dirmngr[62413.0]: can't connect to '2a01:4a0:59:1000:223:9eff:fe00:100f': No route to host
dirmngr[62413.0]: error connecting to 'https://[2a01:4a0:59:1000:223:9eff:fe00:100f]:443': No route to host
dirmngr[62413.0]: command 'KS_SEARCH' failed: No route to host
ERR 167804970 No route to host <Dirmngr>
How can I let dirmngr know that IPv6 isn't available???
More information about the freebsd-questions
mailing list