Page MenuHome GnuPG
Create Task
Maniphest T1792

hkps: Hostname verification uses the wrong hostname
Closed, ResolvedPublic
Actions

Description

As per the ExtLink, dirmngr’s hostname verification when using a hkps pool is
broken and uses the hostname of the host instead of the hostname of the pool when
verifying the hostname.

Details

External Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771666

Related Objects

Event Timeline

kyrias set External Link to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771666.Dec 20 2014, 4:55 PM
kyrias added projects: dirmngr, Debian, Bug Report.
kyrias added a subscriber: kyrias.
werner added a subscriber: werner.Dec 22 2014, 2:47 PM

Well, that is quite possible. I have seen other reports about this. I have not
yet come around to look at the hkps bugs.

davidw added a subscriber: davidw.Mar 17 2015, 5:21 AM

D275: 586_poolname_and_SNI.patch

davidw added a comment.Mar 17 2015, 5:21 AM

The attached patch fixes hkps: hostname verification and makes
hkps: use SNI correctly.

The patch is against GnuPG 2.1.2. It has been tested successfully against
hkps://hkps.pool.sks-keyservers.net on FreeBSD 10.1 using GnuTLS 3.2.21 and the
2.1 setup instructions at https://sks-keyservers.net/overview-of-pools.php#pool_hkps

davidw mentioned this in T1924: Fix hkps: hostname verification and SNI.Mar 30 2017, 7:14 PM
werner added a comment.Mar 19 2015, 3:40 PM

Thanks. Fixed with commit dc10d46.

werner added projects: Restricted Project, gnupg.Mar 19 2015, 3:40 PM
werner closed this task as Resolved.May 11 2015, 7:55 PM
werner claimed this task.
werner removed a project: Restricted Project.
justus mentioned this in T2869: Requesting HKPS service from non-HKPS gives "error searching keyserver: General error".Mar 30 2017, 7:19 PM