On 2018-01-22 at 20:12 -0500, David Gray via Gnupg-users wrote: > I'm running GnuPG 2.2.4 on Windows. I'm able to successfully query the SKS > keyserver pool via HKPS (hkps://hkps.pool.sks-keyservers.net) with no > problems. I'm trying to query the hkps://keys.mailvelope.com keyserver, and > I'm not having any luck.
Looks to me like a GnuPG bug. In fact, it looks very much like https://dev.gnupg.org/T1447 which has been marked resolved. The hostname there is a CNAME to Amazon DNS, and my dirmngr logfile records: 2018-01-23 21:28:10 dirmngr[70787.6] TLS verification of peer failed: hostname does not match 2018-01-23 21:28:10 dirmngr[70787.6] DBG: expected hostname: keyserver-prod.v3jierkpjv.eu-west-1.elasticbeanstalk.com The untrusted name retrieved from DNS resolution of the CNAME record is being used as the name for validation. The patches to address the issue seem to focus on SRV records, so repaired one way in which the problem manifested, but either didn't fix the underlying issue, or there's been a regression. I've opened a new ticket for the maintainers to track this. https://dev.gnupg.org/T3755 -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
