Page MenuHome GnuPG

hkps: Hostname verification uses the wrong hostname
Closed, ResolvedPublic

Description

As per the ExtLink, dirmngr’s hostname verification when using a hkps pool is
broken and uses the hostname of the host instead of the hostname of the pool when
verifying the hostname.

Event Timeline

kyrias set External Link to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771666.Dec 20 2014, 4:55 PM
kyrias added projects: dirmngr, Debian, Bug Report.
kyrias added a subscriber: kyrias.

Well, that is quite possible. I have seen other reports about this. I have not
yet come around to look at the hkps bugs.

The attached patch fixes hkps: hostname verification and makes
hkps: use SNI correctly.

The patch is against GnuPG 2.1.2. It has been tested successfully against
hkps://hkps.pool.sks-keyservers.net on FreeBSD 10.1 using GnuTLS 3.2.21 and the
2.1 setup instructions at https://sks-keyservers.net/overview-of-pools.php#pool_hkps

werner claimed this task.
werner removed a project: Restricted Project.