Page MenuHome GnuPG
Feed Advanced Search

Jun 15 2018

gniibe added a comment to T3803: dirmngr issues malformed DNS queries.

I think that I identified the issue. This is the libdns (dirmngr/dns.c) problem when hostname is not FQDN.
If you change it to FQDN, you can see that it tries to search adding the domain name.

Jun 15 2018, 8:18 AM · dns, dirmngr, Bug Report
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

For issues/19, it is also reported in T3374: gpg recv-keys fail if first dns server end up with "Connection refused".
This is fixed in master now.
I'm not sure if original reporter's problem is issues/19 or not.

Jun 15 2018, 6:07 AM · dirmngr, gnupg
gniibe added a comment to T3374: gpg recv-keys fail if first dns server end up with "Connection refused".

Fixed in master.

Jun 15 2018, 6:04 AM · dns, dirmngr, Bug Report
gniibe claimed T3374: gpg recv-keys fail if first dns server end up with "Connection refused".

It is indirectly reported at the upstream: https://github.com/wahern/dns/issues/19

Jun 15 2018, 5:57 AM · dns, dirmngr, Bug Report
gniibe renamed T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from dirmngr/dns.c issue with 127.0.0.1 to dirmngr: dirmngr/dns.c issue with 127.0.0.1.
Jun 15 2018, 2:38 AM · dirmngr, gnupg
gniibe claimed T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

I tested on Debian with local dnsmasq. For usual setting, no problem.
If /etc/resolv.conf has nameserver 127.0.0.1 and the service by dnsmasq somehow stops, and we have another nameserver nameserver somewhere-not-local the issues/19 matters.

Jun 15 2018, 2:38 AM · dirmngr, gnupg

Jun 14 2018

dkg created T4022: too-large User ID packets result in dropping an entire certificate.
Jun 14 2018, 6:28 AM · gnupg, Bug Report

Jun 12 2018

RAmbidge added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

@tinkerwolf This is weird... I've reinstalled my PC from scratch with an initial account set as local, and was able to set up GPG4Win perfectly fine for the first time on my PC (as I did in the VM). So, set up a VM with an initial account set up from an online account. GPG4Win started up fine... I am now really confused!! Somewhere within the getting set up with an online account, something has to be happening that interferes with dirmngr..
Will investigate further.

Jun 12 2018, 11:24 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

@RAmbidge are you able to further test this by using a VM with a MS account? I don't have the means right now, or I'd do it myself.

Jun 12 2018, 4:18 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

That actually makes sense, because it works fine on my laptop, where it's been a local account from the start, but it's broken on my desktop where it was originally a MS account, but is now local.

Jun 12 2018, 12:44 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Jun 11 2018

RAmbidge added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

I'm having the same issue. I read somewhere that it's likely caused by using an online Windows account to login with. So I converted to local log in. Issue persists. As a test, I've just set up a VM with a local account set up at install, and GPG4Win works perfectly fine. So I'm guessing that there may be an issue which stays in the files system caused by online account users. I'm not a programmer and have no idea how or where to look to see what's causing it and how to fix it though.

Jun 11 2018, 1:04 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Jun 6 2018

eoincreedon_gmail.com added a comment to T4003: Trusted-certs folder not being taken into account where System folders are read.

Hi Werner,
The issue is the following:
I have 2 certificates in the trusted-certificates folder that is searched by gpgsm (C:\ProgramData\Gnu\etc\gnupg\trusted-certs) which I want to trust. When dirmngr starts, it reads the Windows trusted certifcate store (certlm.msc for both system and user - I don't know the path / location of the windows certificates folder outside certlm) and builds the list of certificates to use. Once this list is read and if any duplicates are found in the trusted-certificate folder, it ignores them - they are already present.

Jun 6 2018, 7:21 PM · dirmngr, S/MIME, Bug Report
werner triaged T4003: Trusted-certs folder not being taken into account where System folders are read as Normal priority.

I do not fully understand your problem. Can you please explain it with an example and also state the full file names of the mentioned folders?

Jun 6 2018, 5:56 PM · dirmngr, S/MIME, Bug Report

May 31 2018

werner added projects to T4003: Trusted-certs folder not being taken into account where System folders are read: S/MIME, dirmngr.
May 31 2018, 7:35 PM · dirmngr, S/MIME, Bug Report

May 7 2018

aheinecke created T3966: Dirmngr: no suitable certificate found to verify the OCSP response.
May 7 2018, 1:59 PM · gpg4win, dirmngr, S/MIME

May 3 2018

aheinecke closed T3923: dirmngr: CRL's on windows are not properly cached / parsed as Resolved.

This is resolved in my opinion. I've tested with some larger CRL's and it worked on Windows.

May 3 2018, 10:47 AM · Bug Report, gpg4win, S/MIME, dirmngr
aheinecke closed T3937: Dirmgnr: X509 Searches on Windows can hang as Resolved.

I thoroughly tested this again with the released versions. Works very nicely, including the timeout.

May 3 2018, 10:46 AM · gnupg (gpg22), dirmngr

May 2 2018

werner added a comment to T3937: Dirmgnr: X509 Searches on Windows can hang.

Confirmed. it is also not Windows specific.

May 2 2018, 5:19 PM · gnupg (gpg22), dirmngr
aheinecke added a comment to T3937: Dirmgnr: X509 Searches on Windows can hang.

A strangeness I see is when I am searching for "zitis" on x500.bund.de I get the same key over and over again (until the list is truncated). I'm not sure if the response from the server is wrong or if we have a bug there. If I search for "Telekom" for example I get 10 different certificates, so it works there.

May 2 2018, 2:38 PM · gnupg (gpg22), dirmngr
aheinecke added a comment to T3937: Dirmgnr: X509 Searches on Windows can hang.

I felt confident enough to push a fix for the console window. The code was obvious and the fix, too.

May 2 2018, 2:29 PM · gnupg (gpg22), dirmngr
aheinecke added a comment to T3937: Dirmgnr: X509 Searches on Windows can hang.

Yes! Works nicely. I tested with unreachable and invalid servers, and with multiple queries against x500.bund.de and ca.intevation.de all is fine!

May 2 2018, 1:47 PM · gnupg (gpg22), dirmngr
aheinecke added a parent task for T3937: Dirmgnr: X509 Searches on Windows can hang: T3899: Gpg4win 3.1.1.
May 2 2018, 1:42 PM · gnupg (gpg22), dirmngr
aheinecke closed T2110: Gpgsm 2.1 external key search gives duplicated results, a subtask of T3937: Dirmgnr: X509 Searches on Windows can hang, as Resolved.
May 2 2018, 1:41 PM · gnupg (gpg22), dirmngr

Apr 30 2018

aheinecke added a comment to T3937: Dirmgnr: X509 Searches on Windows can hang.

The hang appears random. It sometimes works 4 out of 5 times.

Apr 30 2018, 10:01 AM · gnupg (gpg22), dirmngr
aheinecke changed the status of T3937: Dirmgnr: X509 Searches on Windows can hang from Testing to Open.

With latest gpg-error and latest gnupg It still hangs for me after printing the certificate.

Apr 30 2018, 9:46 AM · gnupg (gpg22), dirmngr
werner changed the status of T3937: Dirmgnr: X509 Searches on Windows can hang from Open to Testing.
Apr 30 2018, 8:58 AM · gnupg (gpg22), dirmngr

Apr 26 2018

werner changed the status of T3755: TLS hostname verification using hostname from DNS instead of supplied hostname from Open to Testing.
Apr 26 2018, 4:41 PM · gnupg (gpg22), dns, dirmngr
werner claimed T3937: Dirmgnr: X509 Searches on Windows can hang.
Apr 26 2018, 11:15 AM · gnupg (gpg22), dirmngr

Apr 25 2018

aheinecke added a comment to T3937: Dirmgnr: X509 Searches on Windows can hang.

T2984 might also be related as the fetches are ldap.

Apr 25 2018, 5:58 PM · gnupg (gpg22), dirmngr
aheinecke renamed T3937: Dirmgnr: X509 Searches on Windows can hang from Kleopatra: Dirmgnr: X509 Searches on Windows can hang to Dirmgnr: X509 Searches on Windows can hang.
Apr 25 2018, 5:06 PM · gnupg (gpg22), dirmngr
aheinecke added a subtask for T3937: Dirmgnr: X509 Searches on Windows can hang: T2110: Gpgsm 2.1 external key search gives duplicated results.
Apr 25 2018, 4:52 PM · gnupg (gpg22), dirmngr
aheinecke created T3937: Dirmgnr: X509 Searches on Windows can hang.
Apr 25 2018, 4:38 PM · gnupg (gpg22), dirmngr

Apr 24 2018

aheinecke created T3933: Kleopatra: Set allow-ocsp in dirmngr if OCSP is enabled through config dialog.
Apr 24 2018, 9:18 AM · kleopatra, dirmngr, S/MIME

Apr 23 2018

werner added a comment to T3923: dirmngr: CRL's on windows are not properly cached / parsed.

See also T2448

Apr 23 2018, 9:26 AM · Bug Report, gpg4win, S/MIME, dirmngr

Apr 20 2018

aheinecke changed the status of T3923: dirmngr: CRL's on windows are not properly cached / parsed from Open to Testing.

Looks ok now in my tests. I still want to test against more CA's with more CLRs (e.g. COMODO and CACert)

Apr 20 2018, 4:39 PM · Bug Report, gpg4win, S/MIME, dirmngr
aheinecke added a parent task for T3923: dirmngr: CRL's on windows are not properly cached / parsed: T3899: Gpg4win 3.1.1.
Apr 20 2018, 4:38 PM · Bug Report, gpg4win, S/MIME, dirmngr
aheinecke created T3923: dirmngr: CRL's on windows are not properly cached / parsed.
Apr 20 2018, 3:42 PM · Bug Report, gpg4win, S/MIME, dirmngr

Apr 18 2018

jpi added a comment to T3806: error accessing ldaps key server (TLS vs. STARTTLS).

Thanks for looking into this issue :-)

Apr 18 2018, 9:43 AM · Too Old, LDAP, dirmngr, Bug Report

Apr 17 2018

werner triaged T3806: error accessing ldaps key server (TLS vs. STARTTLS) as Normal priority.
Apr 17 2018, 8:39 PM · Too Old, LDAP, dirmngr, Bug Report
werner renamed T3806: error accessing ldaps key server (TLS vs. STARTTLS) from error accessing ldaps key server to error accessing ldaps key server (TLS vs. STARTTLS).
Apr 17 2018, 8:38 PM · Too Old, LDAP, dirmngr, Bug Report
werner triaged T3517: dirmngr: retry without SRV due to buggy routers as High priority.

An option to ignore SRV records would also be good for debugging. Thus I raised the priority and truned this into a feature request.

Apr 17 2018, 8:03 PM · Feature Request, dns, dirmngr
werner triaged T3817: make tls certificate problems more understandable as Wishlist priority.
Apr 17 2018, 7:38 PM · dirmngr

Apr 16 2018

tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

Did that help any?

Apr 16 2018, 2:47 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Apr 13 2018

aheinecke reassigned T3610: dirmngr: Since 2.1 windows firewall asks about dirmngr access from aheinecke to werner.

Werner it would be great if you could look into this. This is currently my most annoying 2.1. regression. Especially with auto-key-locate it is unintuitive when the Firewall question pops up and appears to come out of nowhere (e.g. adding recipients in GpgOL or in Kleopatra).

Apr 13 2018, 8:10 AM · gpg4win, dirmngr

Apr 12 2018

tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

So I used a debugger to see if I could garner any additional info. Here's the log:

Apr 12 2018, 10:17 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Apr 11 2018

Syssou added a comment to T3867: [DIRMNGR] Key server should be tried if passed with --keyserver, regardless of the "dead" mark.

The following post assumes that we want gpg --search to try to search; meaning that we don't want gpg to exit immediately because of the dead marks, without having sent a single network request to anyone.
The post is a bit long; sorry about that.

Apr 11 2018, 4:31 PM · Feature Request, dirmngr

Apr 10 2018

tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.
dirmngr -v --debug ipc,dns,network --log-file - --server --debug-wait 3
Apr 10 2018, 8:41 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
werner added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

--debug-wait 3

Apr 10 2018, 1:51 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

@werner here's the only output I get:

Apr 10 2018, 10:53 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
werner triaged T3381: dirmngr won't start on Windows 10 with admin level account as Normal priority.

Please kill all existing dirmngr instances and don't run any programs which will trigger it to be started (e.g. Kleopatra). Then run in a _standard_ shell (cmd.exe):

Apr 10 2018, 10:48 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
tinkerwolf added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

I, too, have this problem. I have Windows 10 Pro 64-bit with BitDefender Total Security. My first reaction when this wasn't working was to disable all functions on BitDefender. That didn't help, so I ran dirmngr as admin in cmd (I despise PowerShell) without any luck. I created a non-admin user and ran it in there, again without luck. I've come up dry. No logs, no output, and no answers. Is there anything shy of downgrading dirmngr that will make this work? Has there been any progress as to figuring this out?

Apr 10 2018, 10:05 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Apr 9 2018

werner edited projects for T3755: TLS hostname verification using hostname from DNS instead of supplied hostname, added: gnupg (gpg22); removed gnupg.

That slipped my attention due to the missing gpg22 tag I should have added. Sorry.

Apr 9 2018, 10:45 PM · gnupg (gpg22), dns, dirmngr
twforeman added a comment to T3755: TLS hostname verification using hostname from DNS instead of supplied hostname.

Is there any ETA for when this might get fixed? We are having the same issue with our keyserver since it's behind a cname.

Apr 9 2018, 2:43 PM · gnupg (gpg22), dns, dirmngr

Mar 27 2018

Syssou added a comment to T3867: [DIRMNGR] Key server should be tried if passed with --keyserver, regardless of the "dead" mark.

Thank you for your answer ! :)

Mar 27 2018, 6:46 PM · Feature Request, dirmngr
werner triaged T3867: [DIRMNGR] Key server should be tried if passed with --keyserver, regardless of the "dead" mark as Normal priority.

You can do a

Mar 27 2018, 6:18 PM · Feature Request, dirmngr

Mar 7 2018

aheinecke renamed T3830: Dirmngr: Bad error message (regression) when no key is found on the keyserver from Dirmngr: Bad error messaage (regression) when no key is found on the keyserver to Dirmngr: Bad error message (regression) when no key is found on the keyserver.
Mar 7 2018, 8:39 AM · gnupg, dirmngr
aheinecke created T3830: Dirmngr: Bad error message (regression) when no key is found on the keyserver.
Mar 7 2018, 8:36 AM · gnupg, dirmngr

Feb 28 2018

werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

That will be the IP of proxy.x.com - the log shows that it finds that. But the log also shows that it can't find the address for the other names. "No Name" is EAI_NONAME.

Feb 28 2018, 9:23 PM · gnupg (gpg22), dns, dirmngr
Ainahir added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

I did some digging with Wireshark:

  1. there are DNS queries for proxy records A & AAAA (ipv4 & ipv6 - both regardless of --disable-ipv6)
  2. DNS reply returns correct IP address in A record
  3. there are no outgoing connections to proxy IP address
Feb 28 2018, 7:59 PM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3817: make tls certificate problems more understandable.
$ gpg-error --desc GPG_ERR_WRONG_NAME
313 = (0, 313) = (GPG_ERR_SOURCE_UNKNOWN, GPG_ERR_WRONG_NAME) = (Unspecified source, Unknown error code)
Feb 28 2018, 2:31 PM · dirmngr
bernhard added a comment to T3817: make tls certificate problems more understandable.

Note that "Wrong name" severely misses information about that it is connection related in any way. :)
Just adding "Connection problem: TLS: " would already help a lot.

Feb 28 2018, 1:23 PM · dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Well, if your proxy inhibits GnuPG to retrieve information about the keyservers, GnuPG can't do anything about it.

Feb 28 2018, 10:21 AM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3817: make tls certificate problems more understandable.

Debugging network problems is always hard and applications should not include tcpdump facilities. Right, I consider TLS network failures identical to layer 3 network failures because we should assume that all traffic is encrypted. Wrong certificates are also a severe network failure much like wrong voltage levels at layer one ;-).

Feb 28 2018, 10:18 AM · dirmngr
Ainahir added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Just to clarify:
1.I'm behind corporate network
2.Network resolves only local addresses, so this is correct: dirmngr[7416]: resolving 'hkps.pool.sks-keyservers.net' failed: No name
3.Network address of the proxy is resolvable (I can see it's address and it responds to ping
4.Internet browser without proxy will not work
5,Internet browser with the proxy below works
6.When using gpg on this computer outside of corporate network everything works

Feb 28 2018, 9:55 AM · gnupg (gpg22), dns, dirmngr
bernhard added a comment to T3817: make tls certificate problems more understandable.
An additional note: It is harder than with gpg-2.0 to get more details about a failed attempt to receive pubkey material. The keyserver options cannot be called from gpg direclty, but have to be given to dirmngr. I don't have a solution this, it is just an observation.
Feb 28 2018, 8:52 AM · dirmngr
bernhard created T3817: make tls certificate problems more understandable in the S1 Public space.
Feb 28 2018, 8:51 AM · dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

The stripped down log is

Feb 28 2018, 8:30 AM · gnupg (gpg22), dns, dirmngr

Feb 27 2018

Ainahir added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

@werner Problem persists (same results with disabling ipv4 or ipv6

Feb 27 2018, 11:49 PM · gnupg (gpg22), dns, dirmngr
werner edited projects for T3065: dirmngr: proxy issues with dnslookup causing failure, added: dirmngr, dns; removed Info Needed.
Feb 27 2018, 3:45 PM · gnupg (gpg22), dns, dirmngr

Feb 23 2018

werner added projects to T3806: error accessing ldaps key server (TLS vs. STARTTLS): dirmngr, LDAP.
Feb 23 2018, 11:06 AM · Too Old, LDAP, dirmngr, Bug Report

Feb 22 2018

werner closed T3331: gpg: Address family not supported by protocol if kernel doesn't support ipv6 as Resolved.

Will go into 2.2.6

Feb 22 2018, 8:55 PM · gnupg (gpg22), dirmngr, Bug Report
werner added a project to T3331: gpg: Address family not supported by protocol if kernel doesn't support ipv6: gnupg (gpg22).
Feb 22 2018, 8:42 PM · gnupg (gpg22), dirmngr, Bug Report
werner claimed T3803: dirmngr issues malformed DNS queries.
Feb 22 2018, 2:11 PM · dns, dirmngr, Bug Report

Feb 21 2018

dkg added a comment to T3803: dirmngr issues malformed DNS queries.

hm, i think this is the file:

Feb 21 2018, 8:34 PM · dns, dirmngr, Bug Report
dkg created T3803: dirmngr issues malformed DNS queries.
Feb 21 2018, 8:32 PM · dns, dirmngr, Bug Report

Feb 1 2018

kristianf added a comment to T3331: gpg: Address family not supported by protocol if kernel doesn't support ipv6.

The patch is available in our downstream bugtracker as attachment to https://bugs.gentoo.org/646194

Feb 1 2018, 2:16 PM · gnupg (gpg22), dirmngr, Bug Report
mgorny added a comment to T3331: gpg: Address family not supported by protocol if kernel doesn't support ipv6.

This can easily be solved by adding two more cases to handle_send_request_error(): for GPG_ERR_EADDRNOTAVAIL (that's IPv6 disabled via procfs) and GPG_ERR_EAFNOSUPPORT (that's missing kernel support). Normally I'd submit a patch but I don't care enough to jump through all the hoops just to get two-line change in.

Feb 1 2018, 1:40 PM · gnupg (gpg22), dirmngr, Bug Report
werner triaged T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs as High priority.

Originally dirmngr was designed to be a system service for the reason that CRLs are not user specific. However, the majority of systems today are used by a single user and thus we dropped that feature when integrating dirmngr into gnupg.

Feb 1 2018, 9:26 AM · Documentation, Feature Request, gnupg, dirmngr

Jan 31 2018

dkg created T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs in the S1 Public space.
Jan 31 2018, 7:56 PM · Documentation, Feature Request, gnupg, dirmngr

Jan 24 2018

werner triaged T3755: TLS hostname verification using hostname from DNS instead of supplied hostname as High priority.
Jan 24 2018, 8:47 AM · gnupg (gpg22), dns, dirmngr

Jan 17 2018

aheinecke closed T3741: dirmngr, GnuPG: WKD lookup unexpectedly slow as Resolved.

Indeed with debug dns I can see that what takes so long is the resolve_dns_name. After the debug output prints that line the key comes nearly instant.

Jan 17 2018, 12:28 PM · dirmngr, gnupg
werner added a comment to T3741: dirmngr, GnuPG: WKD lookup unexpectedly slow.

I can't replicate it here. With my key it takes
real 0m0.346s
user 0m0.080s
sys 0m0.004s
and for your key it takes a few 10ms longer (more hops). Is one of your DNS responder failing? Can you please run dirmngr with --debug dns ?

Jan 17 2018, 9:19 AM · dirmngr, gnupg
aheinecke created T3741: dirmngr, GnuPG: WKD lookup unexpectedly slow.
Jan 17 2018, 8:48 AM · dirmngr, gnupg

Jan 15 2018

RouL added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

I have exactly the same problem on my Windows 10 machine. I am using bitdefender as virus scanner, but it doesn't work no matter if it is active or not. Windows is fully updated and I am using gpg4win 3.0.3.

Jan 15 2018, 8:30 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Jan 10 2018

werner raised the priority of T3374: gpg recv-keys fail if first dns server end up with "Connection refused" from Normal to High.
Jan 10 2018, 4:11 PM · dns, dirmngr, Bug Report
joshchia added a comment to T3374: gpg recv-keys fail if first dns server end up with "Connection refused".

I'm using gnupg 2.2.4 and this problem repros for me, and it impacts downstream things like pacman-key (Arch Linux) quite insidiously, which fails with an misleading error message that would not point a regular user to this line of investigation.

Jan 10 2018, 1:48 PM · dns, dirmngr, Bug Report

Dec 12 2017

aheinecke added a comment to T3610: dirmngr: Since 2.1 windows firewall asks about dirmngr access.

Well the problem is both TCP and UDP. Somehow dirmngr tries to open a listening socket. I think that may be some feature probing in the DNS resolver. Because if the Firewall access is denied I don't see any feature loss.

Dec 12 2017, 12:46 PM · gpg4win, dirmngr
werner added a comment to T3610: dirmngr: Since 2.1 windows firewall asks about dirmngr access.

This is very likely dirmngr's DNS resolver which uses UDP by default. Fixies: a) use Tor. b) We add an option to use only TCP queries.

Dec 12 2017, 10:13 AM · gpg4win, dirmngr

Dec 11 2017

aheinecke added a comment to T3610: dirmngr: Since 2.1 windows firewall asks about dirmngr access.

This is the question:

Dec 11 2017, 4:30 PM · gpg4win, dirmngr
aheinecke created T3610: dirmngr: Since 2.1 windows firewall asks about dirmngr access.
Dec 11 2017, 1:45 PM · gpg4win, dirmngr

Dec 6 2017

aseibert88 added a comment to T3381: dirmngr won't start on Windows 10 with admin level account.

I experience this same behavior, standard shell. Both with admin, windows live based account and local, non-admin account.

Dec 6 2017, 9:02 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Nov 29 2017

werner added a comment to T3517: dirmngr: retry without SRV due to buggy routers.

For reference here is @mcgrof's dump in a directly readable format:

00:29:33.472844 IP 192.168.4.7.10218 > 192.168.4.1.domain: 53039+ SRV? _pgpkey-https._tcp.hkps.pool.sks-keyservers.net. (65)
00:29:33.879268 IP 192.168.4.1.domain > 192.168.4.7.10218: 53039 FormErr 0/0/0 (65)
00:29:33.880719 IP 192.168.4.7.10218 > 192.168.4.1.domain: 51133+ Type0 (Class 8448)? _pgpkey-https._tcp.hkps.pool.sks-keyservers.net. (66)
00:29:33.902115 IP 192.168.4.1.domain > 192.168.4.7.10218: 51133 FormErr 0/0/0 (65)
Nov 29 2017, 10:17 AM · Feature Request, dns, dirmngr

Nov 21 2017

werner added a comment to T3517: dirmngr: retry without SRV due to buggy routers.

Unconditionally retrying without SRV lookup is not a good idea. SRV record are there for a reason. What we could do is an option to skip SRV record lookups.

Nov 21 2017, 11:52 AM · Feature Request, dns, dirmngr
werner added projects to T3517: dirmngr: retry without SRV due to buggy routers: dirmngr, dns.
Nov 21 2017, 11:50 AM · Feature Request, dns, dirmngr

Nov 19 2017

elonsatoshi added a comment to T2968: gpg --search: Connection closed in DNS.

You know... I think connman and DNS have something to do with this. Connman does some weird DNS thing. And it auto-generates /etc/resolv.conf to use localhost as the DNS server.

Nov 19 2017, 4:48 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Nov 17 2017

werner closed T3510: dirmngr: Crash when CRL signature check fails as Resolved.

Okay, I took your suggestion but also improved the documentation. Fixed in 2.2

Nov 17 2017, 10:45 AM · gnupg (gpg22), dirmngr, Bug Report
werner added a comment to T3510: dirmngr: Crash when CRL signature check fails.

Oh that is not good. A passed arg should not be closed by the called fucntion unless that fucntion is documented as gaining ownership of it. Let me check.

Nov 17 2017, 10:29 AM · gnupg (gpg22), dirmngr, Bug Report
aheinecke created T3510: dirmngr: Crash when CRL signature check fails.
Nov 17 2017, 10:21 AM · gnupg (gpg22), dirmngr, Bug Report

Nov 15 2017

werner closed T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set as Resolved.

This has been fixed a while ago my having dirmngr print a hint on the possible problem. gpg will then print a warning about a problem with the Tor configuration and with --verbose print the hint on solving this as well.

Nov 15 2017, 6:56 PM · Debian, Bug Report, gnupg, dirmngr

Nov 13 2017

aheinecke closed T3487: Check ldap timeout for CMS certificate search as Resolved.

Indeed bug in Kleo, it was always 0 in kleo. (likely created during Qt5 port) fixed with: https://commits.kde.org/kleopatra/0d53416cfbe6d8fa087887c428cdfffb13514a7d

Nov 13 2017, 9:34 AM · Windows, dirmngr, gpg4win