Page MenuHome GnuPG
Create Task
Maniphest T6015

Default OpenPGP keyserver
Closed, ResolvedPublic
Actions

Description

After installing gpg4win, the default OpenPGP keyserver is set to hkps://keyserver.ubuntu.com

"Lookup on server" returns no results and when trying to refresh OpenPGP Certificates it returns the following error;

<snip>
An error occurred while trying to refresh OpenPGP certificates.

The output from
C:\Program Files\GnuPG\bin\gpg.exe was: gpg: refreshing 5 keys from hkps://keyserver.ubuntu.com gpg: keyserver refresh failed: No inquire callback in IPC
</snip>

If the OpenPGP keyserver is changed to hkp://keyserver.ubuntu.com, both of these issue resolve, presumably because TLS is no longer required.

The host OS in use is Windows 7 with the TLS 1.2/1.3 patches applied so it is not clear (to me) why the default keyserver is not working.

Looking at the error log I can see the following;

dirmngr[2288]: certificate is good
dirmngr[2288]: certificate's policy list: 2.23.140.1.2.1:N:\n1.3.6.1.4.1.44947.1.1.1:N:
dirmngr[2288]: Note: non-critical certificate policy not allowed
dirmngr[2288]: DBG: find_cert_bysubject: certificate not in cache
dirmngr[2288]: DBG: chan_0x0000023c -> INQUIRE SENDCERT_SKI C4A7B1A47B2C71FADBE14B9075FFC41560858910 /CN=DST Root CA X3,O=Digital Signature Trust Co.
dirmngr[2288]: assuan_inquire(SENDCERT_SKI) failed: Input/output error
dirmngr[2288]: DBG: find_cert_bysubject: certificate not returned by caller - doing lookup
dirmngr[2288]: error fetching certificate by subject: Configuration error
dirmngr[2288]: issuer certificate {C4A7B1A47B2C71FADBE14B9075FFC41560858910} not found using authorityKeyIdentifier
dirmngr[2288]: issuer certificate not found
dirmngr[2288]: issuer certificate: #/CN=DST Root CA X3,O=Digital Signature Trust Co.
dirmngr[2288]: TLS handshake failed: Missing issuer certificate <Dirmngr>
dirmngr[2288]: error connecting to 'https://162.213.33.9:443': Missing issuer certificate

I understand that Windows 7 is now effectively out of any form of support so I would also understand an answer that aligns with that, although I am curious as to why this doesn't work when other TLS sessions appear to work and thought this might be something simple. The logs and error message haven't really helped me.

TIA

Details

Version
gpg4win v4.0.2

Event Timeline

david-on-gnupg created this task.Jun 7 2022, 1:22 AM
werner added a subscriber: werner.Jun 10 2022, 11:53 PM

You need to install the correct Let's Encrypt CA certificates on your legacy Windows box. Check the mailing lists for a discussion on this topic.

werner closed this task as Resolved.Jun 23 2022, 10:48 AM
werner claimed this task.
werner edited projects, added Support; removed Bug Report.