Bugs related to gnupg's dirmngr component.
Thu, Feb 1
Fixed by changing server as noted above.
Thanks for all the help @gniibe.
It should not be removed as I believe it is required to be compliant:
I'm afraid that your particular configuration would cause the problem of the negotiation.
Jan 4 2024
Note that we now have also an option instead of the workaround from 2015
Dec 11 2023
For various reasons dirmngr requires and implements a full resolver and implements that. This way all DNS queries are passed through Tor. Thus this is a feature and not a bug. The error message could be better but we can only return what SOCKS tells us.
Nov 28 2023
Sep 26 2023
Lot's of things changed in the meantime.
HKP keyservers are anyway out of fashion and thus we won't put anymore effort into his part of the code.
Lot's of changes since 2.4.
Jul 4 2023
Jun 22 2023
See for T6545 for a new request to support IDP.
Jun 15 2023
I have now disabled the rewriting in the 2.4 branch. Those who want to keep the old behaviour may add
May 3 2023
I will review the issue. A likely outcome will be to follow your suggestion but to add an option for the old behaviour to avoid further security discussions.
Apr 21 2023
Apr 19 2023
Apr 16 2023
Apr 14 2023
Apr 5 2023
Apr 3 2023
After diligently reading the code I realized that this bug has long been fixed. For reference here is the patch I wrote to extend dirmngr_ldap during my tests:
Mar 29 2023
This has been solved loooong ago.
Mar 21 2023
We need to extend dirmngr_ldap.c to take a list of attributes to return. We already have the --multi option which returns all attributes for latter filtering by the caller but the specified attr is also used and thus dirmngr's start_cacert_fetch_ldap() retruns only the requested caCertificate.
Mar 17 2023
Feb 27 2023
The code has meanwhile been reworked and the mentioned test server is not anymore available
Jan 19 2023
Dec 5 2022
Nov 17 2022
Oct 11 2022
Sep 29 2022
Applied and pushed the change from @joeyberkovitz in rG3257385378bb: dirmngr: Interrogate LDAP server when base DN specified..
Sep 26 2022
BTW, I have also in mind to use an AD entry to figure out the used keyserver. It turned out that people don't like to modify the schema of their AD but instead use a separate LDS.
To proceed, I pushed an initial part as rG993820c31521: dirmngr: Factor out interrogate_ldap_dn function., which doesn't change any behavior.
Then, the point of the change will be clearer.