-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/12/2014 10:34 AM, Werner Koch wrote: > On Tue, 11 Nov 2014 23:49, ara...@aixah.de said: > >> One of the changes introduced with GnuPG 2.1 -- namely, using >> dirmngr for key retrieval -- has caused some problems for me. >> First of all, I'm > > Thanks for reporting. I am already aware of it asdkg already > reported that a few days ago.
Thank you for fixing this issue, I just confirmed it working nicely again in gpg (GnuPG) 2.1.1-beta17. > >> dirmngr also seems to have problems with hkps certificate >> checking for keyserver addresses with round-robin DNS, but I need >> to examine this further before I can provide details. > Seems we have the SNI issue back[0,1,2]. Another thing that also strike me is the number of attempts in the log for verification of this server rather than continuing to another one (see dirmngr snippet below). $ dig sks.karotte.org +short 176.9.51.79 At this point it goes the roundtrip via PTR again as we discussed earlier: $ dig -x 176.9.51.79 +short alita.karotte.org. And tries to use this as host for keyserver... but this host is not defined for SKS services and as such we get (i) a connection failure (CA cert is used rather than sks-keyservers.net CA) (ii) if accepting (i) a 404 as no virtualhost is set up for this offering SKS Sorry if the debug info part is a bit messy, but it shows the various scenarios when testing with curl to show the differences here. References: [0] http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028458.html [1] http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028460.html [2] http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028465.html Debug info: using hkps.pool.sks-keyservers.net as SNI (works using pool CA): > ---------------snip---------------< $ curl -vv --cacert $HOME/.gnupg/sks-keyservers.netCA.pem - - -resolve 'hkps.pool.sks-keyservers.net:443:176.9.51.79' "https://hkps.pool.sks-k eyservers.net/pks/lookup?op=stats" * Added hkps.pool.sks-keyservers.net:443:176.9.51.79 to DNS cache * Hostname was found in DNS cache * Trying 176.9.51.79... * Connected to hkps.pool.sks-keyservers.net (176.9.51.79) port 443 (#0) * Initializing NSS with certpath: none * CAfile: /home/kristianf/.gnupg/sks-keyservers.netCA.pem CApath: none * SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * Server certificate: * subject: E=ad...@sks.karotte.org,CN=sks.karotte.org,O=sks.karotte.org,C= DE * start date: Nov 07 12:35:30 2014 GMT * expire date: Nov 07 12:35:30 2015 GMT * common name: sks.karotte.org * issuer: CN=sks-keyservers.net CA,O=sks-keyservers.net CA,ST=Oslo,C=NO > GET /pks/lookup?op=stats HTTP/1.1 User-Agent: curl/7.39.0 Host: > hkps.pool.sks-keyservers.net Accept: */* > ---------------snip---------------< using sks.karotte.org (works using CA Cert) $ curl -vv "https://sks.karotte.org/pks/lookup?op=stats"; * Hostname was NOT found in DNS cache * Trying 176.9.51.79... * Connected to sks.karotte.org (176.9.51.79) port 443 (#0) * Initializing NSS with certpath: none * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * Server certificate: * subject: CN=*.karotte.org * start date: Apr 18 10:59:40 2014 GMT * expire date: Apr 17 10:59:40 2016 GMT * common name: *.karotte.org * issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. > GET /pks/lookup?op=stats HTTP/1.1 User-Agent: curl/7.39.0 Host: > sks.karotte.org Accept: */* ---------------snip---------------< using alita.karotte.org (connects using CAcert, no sks service so returns 404): > ---------------snip---------------< <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pks/lookup was not found on this server.</p> > ---------------snip---------------< And dirmngr log: > ---------------snip---------------< 2014-11-14 13:59:19 dirmngr[5952.0] DBG: chan_0 <- KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net ... 2014-11-14 13:59:23 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:23 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:23 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:23 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:23 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:23 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:23 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:23 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:23 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:23 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:23 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:23 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:23 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:23 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:23 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:23 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:23 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:23 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:23 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:23 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:23 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:23 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:23 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:23 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:23 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:23 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:23 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:23 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:23 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:23 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed: status=0x0042 2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:24 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed: status=0x0042 2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:24 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed: status=0x0042 2014-11-14 13:59:24 dirmngr[5952.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:24 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:24 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:24 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:24 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:24 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:24 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:24 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:24 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:24 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:25 dirmngr[5952.0] TLS verification of peer failed: status=0x0042 2014-11-14 13:59:25 dirmngr[5952.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown. 2014-11-14 13:59:25 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:25 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:25 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:25 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:25 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:25 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:25 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:25 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:25 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:25 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:25 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:25 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:25 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:25 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:25 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:25 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:25 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:25 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:25 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:25 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:25 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:25 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:25 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:25 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:25 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:25 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:25 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:25 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:25 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:25 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed: status=0x0042 2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown. 2014-11-14 13:59:26 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:26 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:26 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:26 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:26 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:26 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:26 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:26 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:26 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:26 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:26 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:26 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:26 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:26 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:26 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:26 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:26 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:26 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed: status=0x0042 2014-11-14 13:59:26 dirmngr[5952.0] TLS verification of peer failed: The certificate is NOT trusted. The certificate issuer is unknown. 2014-11-14 13:59:26 dirmngr[5952.0] DBG: expected hostname: alita.karotte.org 2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[0]': 2014-11-14 13:59:26 dirmngr[5952.0] DBG: serial: 02326A 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notBefore: 2014-04-18 10:59:40 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notAfter: 2016-04-17 10:59:40 2014-11-14 13:59:26 dirmngr[5952.0] DBG: issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:26 dirmngr[5952.0] DBG: subject: CN=*.karotte.org 2014-11-14 13:59:26 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.13 2014-11-14 13:59:26 dirmngr[5952.0] DBG: SHA1 fingerprint: 7B587956C292593511947904CD88937BC4B610BB 2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[1]': 2014-11-14 13:59:26 dirmngr[5952.0] DBG: serial: 00 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notBefore: 2003-03-30 12:29:49 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notAfter: 2033-03-29 12:29:49 2014-11-14 13:59:26 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:26 dirmngr[5952.0] DBG: subject: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:26 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.4 2014-11-14 13:59:26 dirmngr[5952.0] DBG: SHA1 fingerprint: 135CEC36F49CB8E93B1AB270CD80884676CE8F33 2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:26 dirmngr[5952.0] DBG: BEGIN Certificate 'server[2]': 2014-11-14 13:59:26 dirmngr[5952.0] DBG: serial: 0A418A 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notBefore: 2011-05-23 17:48:02 2014-11-14 13:59:26 dirmngr[5952.0] DBG: notAfter: 2021-05-20 17:48:02 2014-11-14 13:59:26 dirmngr[5952.0] DBG: issuer: 1.2.840.113549.1.9.1=#737570706F7274406361636572742E6F7267,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 2014-11-14 13:59:26 dirmngr[5952.0] DBG: subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. 2014-11-14 13:59:26 dirmngr[5952.0] DBG: hash algo: 1.2.840.113549.1.1.11 2014-11-14 13:59:26 dirmngr[5952.0] DBG: SHA1 fingerprint: AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE 2014-11-14 13:59:26 dirmngr[5952.0] DBG: END Certificate 2014-11-14 13:59:26 dirmngr[5952.0] TLS connection authentication failed: General error 2014-11-14 13:59:26 dirmngr[5952.0] error connecting to 'https://alita.karotte.org:443': General error 2014-11-14 13:59:26 dirmngr[5952.0] command 'KS_GET' failed: General error <Unspecified source> 2014-11-14 13:59:26 dirmngr[5952.0] DBG: chan_0 -> ERR 1 General error <Unspecified source> 2014-11-14 13:59:26 dirmngr[5952.0] DBG: chan_0 <- BYE 2014-11-14 13:59:26 dirmngr[5952.0] DBG: chan_0 -> OK closing connection 2014-11-14 13:59:26 dirmngr[5952.0] handler for fd 0 terminated > ---------------snip---------------< - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "Knowing is not enough; we must apply. Willing is not enough; we must do." (Johann Wolfgang von Goethe) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUZgHoAAoJEPw7F94F4TagbIIP/1GToztHnstSfz8xklgNKY8x IUY0YZ9OLfYu2TFjYN7E/6Scrh2l5OTxxlHKmZ9MpaWQ5ah/mFZc5KC6ZrKpVm5v PhMVlZRnqDXUbn7CYaBwvTSsY05G6/ifa/dCtt2Zr08IM7ReUDP97m/tdH3rOm7f IDNGJLcxxt2vhgzB2+CJuzNirCKEYqHylkI4+30UHXAb8D/ME4B16wGxgT0+OHpL 0fg6jxZMnjJ6YWRHOatoMyEhGtcayJc74b37dMzNr8TzowVTvBMnB+Pvy81/ROgd 7jMmdeO732zxVjXUssedcQOK/6mydr75LKCA82gEZE8TcFHm1/q2LZ+6NEaIHX8Y FYuGeZV4/kyJt/5aI7gLcygtxNIrbRIlFsLZgjdzzFCD+UzNlBxkzl+jqAKemKBs LzE2Hdryiuy081wFIugRUtWKOxaneDn7H03XxrqVvvIWN2TZC62wkvX5zE2fSjGD 4OYnL1yZO3wK5Wkk0rWpuPGVcABewmWLKDJ6NuYjTpSTkoWqSXC5+2ZV5PEuG+Es JCqogS+hW9H41bX70sbPWKQhQQ0HQxNOAhQDg1DSbSF3cxrlNJ0RrzOM1+4ABY6k VZGqSgFiaeaGgenudfsXEgDy92co0i4jH29Y/8YL4cldwWvDqmFY82ec/Ng3/MnO vC5TxJq6y1BsiBb5bRn8 =pDmu -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
