tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/101604-cant-use-local-mailvelope-keyserverGPGTools: Discussion 2019-12-15T13:56:04Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/475676102019-08-27T22:32:52Z2019-08-27T22:32:53ZCan't use local mailvelope keyserver<div><p>Hi,</p>
<p>I configured a local mailvelope keyserver, which works well if queried manually using hkps:</p>
<p>openssl s_client -connect 192.0.2.15:443<br>
GET /pks/lookup?op=get&keyId=0xabcdef1234567890&options=mr</p>
<p>However when using gpgtools/GPG Keychain and setting the keyserver there to 192.0.2.15, all I get is "bad server".</p>
<p>When observing traffic with Wireshark, i notice the ssl connection being terminated right after the key exchange.</p>
<p>I've tried to run a "fake" ssl server using openssl s_server on port 443, but all I get is the same behaviour.</p>
<p>Using: GPG Suite 2019.1 2542n, GPG Kychain 1.5 1579n</p></div>T. Initustag:gpgtools.tenderapp.com,2011-11-04:Comment/475676102019-08-27T22:34:11Z2019-08-27T22:34:12ZCan't use local mailvelope keyserver<div><p>Since there were these automated suggestions: There is no firewall issue, since openssl is able to connect.</p></div>T. Initustag:gpgtools.tenderapp.com,2011-11-04:Comment/475676102019-08-28T07:05:27Z2019-08-28T07:05:31ZCan't use local mailvelope keyserver<div><p>I however have the impression it is unlikely to be a certificate issue either, since:</p>
<p>$ /usr/local/MacGPG2/bin/dirmngr -vvvv --no-detach (...) dirmngr[2891.0]: Vertrauenswürdiges Zertifikat `/Users/t/keyserver.pem' wurde geladen<br>
(...) OK Dirmngr 2.2.17 at your service<br>
KEYSERVER hkps://keyserver.example.org<br>
OK<br>
KS_GET (fingerprint)<br>
dirmngr[2891.0]: resolve_dns_addr for 'keyserver.example.org': 'keyserver.example.org' [already known]<br>
S SOURCE <a href="https://keyserver.example.org:443">https://keyserver.example.org:443</a><br>
(...) OK</p>
<p>works just fine and as expected.</p></div>T. Initustag:gpgtools.tenderapp.com,2011-11-04:Comment/475676102019-09-17T12:49:06Z2019-09-17T12:49:06ZCan't use local mailvelope keyserver<div><p>Hmm... kannst du bitte mal debug logging aktivieren für dirmngr:</p>
<p>echo "debug-level guru" >> ~/.gnupg/dirmngr.conf<br>
echo "debug-all" >> ~/.gnupg/dirmngr.conf<br>
echo "log-file /tmp/dirmngr.log" >> ~/.gnupg/dirmngr.conf<br>
killall dirmngr</p>
<p>Dann einen versuch in GPG Keychain ausführen den keyserver zu switchen und /tmp/dirmngr.log hier anhängen.</p>
<p>Danke!</p></div>Luke Le