Hi Kristian,
On 25/06/2013 21:41, Kristian Fiskerstrand wrote:
On 06/25/2013 10:25 PM, Daniel Austin wrote:
Hi Kristian,
On 25/06/2013 21:18, Kristian Fiskerstrand wrote:
On 06/25/2013 10:01 PM, Daniel Austin wrote:
Hi Kristian,
..
root@bsdlaptop:~ # gpg2 --version
gpg (GnuPG) 2.0.20 libgcrypt 1.5.2 Copyright (C) 2013 Free Software
Foundation, Inc.
...
As far as i'm aware my libcurl and openssl versions should support
SNI
If I re-run the command several times, it works when it hits a
non-SNI certificate.
To try to limit possible causes, do you experience the same issue with
2.0.19 ?
If it helps... running openssl with -servername to trigger SNI also
comes back that a few hosts in the pool are not returning the correct CA
signed cert.
using the following command:
openssl s_client -servername hkps.pool.sks-keyservers.net -connect IP:443
I've also had someone else to test it for me from a Linux server to make
sure it's not just local to my FreeBSD installation.
My curl version is 7.24.0, his is 7.28.1
testing with curl alone (not via gpg) also gives the same incorrect cert.
Using SNI, the following hosts still returned the wrong cert:
198.82.169.69 issuer=/CN=Virginia Tech Global Server CA/OU=Global Server
CA/O=Virginia Tech/C=US
66.16.6.88 issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert
Class 3 Root
2001:470:7:6ad::2 issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert
Signing Authority/emailAddress=supp...@cacert.org
2001:468:c80:210f:0:162:701c:c917 issuer=/CN=Virginia Tech Global Server
CA/OU=Global Server CA/O=Virginia Tech/C=US
2001:470:e232:132:209:6bff:feb7:e69 issuer=/O=CAcert
Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
Thanks,
Daniel.
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
