Forum: help-en
Monitor Forum | 
Start New Thread
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jochen Saalfeld on 2017-09-19 11:11 | [forum:5145] |
|
Hey Jan, There won't be a 2.3.4. But the Release 3.0.0 will hit in the next few days and the fix will be in there. Best wishes, Jochen |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jan Schmidt on 2017-09-19 11:09 | [forum:5144] |
|
Hi, I saw that a fixed is already committed. Thanks at this place for the great work! As I'm unfimiliar with the gpg4win release cycle... Will this change make it into the 3.0.0 release or will there be maybe even a 2.3.4 update? Best regards and thanks again for this fast response and help! Jan |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jan Schmidt on 2017-09-18 13:21 | [forum:5143] |
|
Thanks a lot. I'll have a look at the problem report from time to time to check the progress and for a possible solution :) Best, Jan |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Bernhard Reiter on 2017-09-18 12:17 | [forum:5142] |
|
Hi, thanks for the more verbose debug output, this seems to be a problem with the used TLS library. The message comes from the following code: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=ntbtls.git;a=blob;f=src/protocol.c;h=658cdbd02000c921519e03115df7a6ccc50c0889;hb=HEAD#l1707 As ntbtls is a TLS 1.2 library I guess it will be something else that is wrong. I've created the following problem report: https://dev.gnupg.org/T3411 Best, Bernhard |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jan Schmidt on 2017-09-18 11:16 | [forum:5141] |
|
Me again. I managed to increase the gnutls debug level: ---------------------------------------- dirmngr dirmngr[1888]: NOTE: this is a development version! dirmngr[1888]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog dirmngr[1888]: Fehler beim Öffnen von `C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory dirmngr[1888]: DBG: number of certs loaded from store 'ROOT': 56 dirmngr[1888]: DBG: Zertifikat `CA' ist bereits im Zwischenspeicher dirmngr[1888]: DBG: number of certs loaded from store 'CA': 32 dirmngr[1888]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem' ist bereits im Zwischenspeicher dirmngr[1888]: dauerhaft geladene Zertifikate: 89 dirmngr[1888]: zwischengespeicherte Zertifikate: 0 dirmngr[1888]: vertrauenswürdige Zertifikate: 89 (88,0,0,1) dirmngr[1888]: DBG: chan_0x00000274 -> # Home: C:\Users\Jan\AppData\Roaming\gnupg # Home: C:\Users\Jan\AppData\Roaming\gnupg dirmngr[1888]: DBG: chan_0x00000274 -> # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf dirmngr[1888]: DBG: chan_0x00000274 -> OK Dirmngr 2.2.1-beta9 at your service OK Dirmngr 2.2.1-beta9 at your service KEYSERVER --clear hkps://pgp.mailbox.org dirmngr[1888]: DBG: chan_0x00000274 <- KEYSERVER --clear hkps://pgp.mailbox.org dirmngr[1888]: DBG: chan_0x00000274 -> OK OK KS_SEARCH -- support@mailbox.org dirmngr[1888]: DBG: chan_0x00000274 <- KS_SEARCH -- support@mailbox.org dirmngr[1888]: DBG: dns: dnsserver[0] '134.34.3.2' dirmngr[1888]: DBG: dns: dnsserver[1] '134.34.3.3' dirmngr[1888]: DBG: dns: libdns initialized dirmngr[1888]: DBG: dns: getsrv(_pgpkey-https._tcp.pgp.mailbox.org) -> 0 records dirmngr[1888]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg dirmngr[1888]: resolve_dns_addr for 'pgp.mailbox.org': 'pgp.mailbox.org' [already known] dirmngr[1888]: DBG: http.c:connect_server: trying name='pgp.mailbox.org' port=443 dirmngr[1888]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg dirmngr[1888]: DBG: http.c:1819:socket_new: object 0x03018fb8 for fd 908 created dirmngr[1888]: DBG: ntbtls(2): handshake dirmngr[1888]: DBG: ntbtls(2): client state: 0 (hello_request) dirmngr[1888]: DBG: ntbtls(3): flush output dirmngr[1888]: DBG: ntbtls(2): client state: 1 (client_hello) dirmngr[1888]: DBG: ntbtls(3): flush output dirmngr[1888]: DBG: ntbtls(2): write client_hello dirmngr[1888]: DBG: ntbtls(3): client_hello, max version: [3:3] dirmngr[1888]: DBG: ntbtls(3): client_hello, current time: 1505733222 dirmngr[1888]: DBG: client_hello, random bytes: 59bfaa6669d0d44a6df21fd0d5355d668c95f70a2ecf2387c9bdfe4380c08cea dirmngr[1888]: DBG: ntbtls(3): client_hello, session id len.: 0 dirmngr[1888]: DBG: client_hello, session id: dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49192 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 107 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49172 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 57 TLS-DHE-RSA-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49271 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 196 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 136 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49191 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 103 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49171 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 51 TLS-DHE-RSA-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49270 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 190 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 69 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49170 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 22 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49208 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 179 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49206 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 145 TLS-DHE-PSK-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49307 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49303 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49207 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 178 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49205 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 144 TLS-DHE-PSK-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49302 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49306 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49204 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 143 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 61 TLS-RSA-WITH-AES-256-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 53 TLS-RSA-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 192 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 132 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 60 TLS-RSA-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 47 TLS-RSA-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 186 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 65 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 10 TLS-RSA-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 183 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 149 TLS-RSA-PSK-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49305 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 182 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 148 TLS-RSA-PSK-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49304 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 147 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 175 TLS-PSK-WITH-AES-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 141 TLS-PSK-WITH-AES-256-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49301 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 174 TLS-PSK-WITH-AES-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 140 TLS-PSK-WITH-AES-128-CBC-SHA dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 49300 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 dirmngr[1888]: DBG: ntbtls(5): client_hello, add ciphersuite: 139 TLS-PSK-WITH-3DES-EDE-CBC-SHA dirmngr[1888]: DBG: ntbtls(3): client_hello, got 54 ciphersuites dirmngr[1888]: DBG: ntbtls(3): client_hello, compress len.: 2 dirmngr[1888]: DBG: ntbtls(3): client_hello, compress alg.: 1 0 dirmngr[1888]: DBG: ntbtls(3): client_hello, adding server name extension: 'pgp.mailbox.org' dirmngr[1888]: DBG: ntbtls(3): client_hello, adding signature_algorithms extension dirmngr[1888]: DBG: ntbtls(3): client hello, adding supported_elliptic_curves extension dirmngr[1888]: DBG: ntbtls(3): client hello, adding supported_point_formats extension dirmngr[1888]: DBG: ntbtls(3): client_hello, adding session ticket extension dirmngr[1888]: DBG: ntbtls(3): client_hello, total extension length: 68 dirmngr[1888]: DBG: ntbtls(3): write record dirmngr[1888]: DBG: ntbtls(3): output record: msgtype = 22, version = [3:3], msglen = 222 dirmngr[1888]: DBG: output record sent to network: 16030300de010000da030359bfaa6669d0d44a6df21fd0d5355d668c95f70a2e \ dirmngr[1888]: DBG: cf2387c9bdfe4380c08cea00006c00ffc028006bc0140039c07700c40088c027 \ dirmngr[1888]: DBG: 0067c0130033c07600be0045c0120016c03800b3c0360091c09bc097c03700b2 \ dirmngr[1888]: DBG: c0350090c096c09ac034008f003d003500c00084003c002f00ba0041000a00b7 \ dirmngr[1888]: DBG: 0095c09900b60094c098009300af008dc09500ae008cc094008b020100004400 \ dirmngr[1888]: DBG: 000014001200000f7067702e6d61696c626f782e6f7267000d00160014060105 \ dirmngr[1888]: DBG: 0104010301020106030503040303030203000a000400020017000b0002010000 \ dirmngr[1888]: DBG: 230000 dirmngr[1888]: DBG: ntbtls(3): flush output dirmngr[1888]: DBG: ntbtls(3): message length: 227, out_left: 227 dirmngr[1888]: DBG: ntbtls(3): es_write returned: success dirmngr[1888]: DBG: ntbtls(2): client state: 2 (server_hello) dirmngr[1888]: DBG: ntbtls(3): flush output dirmngr[1888]: DBG: ntbtls(2): read server_hello dirmngr[1888]: DBG: ntbtls(3): read record dirmngr[1888]: DBG: ntbtls(3): fetch input dirmngr[1888]: DBG: ntbtls(3): in_left: 0, nb_want: 5 dirmngr[1888]: DBG: ntbtls(3): es_read returned: success dirmngr[1888]: DBG: ntbtls(3): input record: msgtype = 21, version = [3:3], msglen = 2 dirmngr[1888]: DBG: ntbtls(3): fetch input dirmngr[1888]: DBG: ntbtls(3): in_left: 5, nb_want: 7 dirmngr[1888]: DBG: ntbtls(3): es_read returned: success dirmngr[1888]: DBG: input record from network: 15030300020228 dirmngr[1888]: DBG: ntbtls(2): got an alert message, type: [2:40] dirmngr[1888]: DBG: ntbtls(1): is a fatal alert message (msg 40) dirmngr[1888]: DBG: ntbtls(1): read_record returned: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[1888]: DBG: ntbtls(2): handshake ready dirmngr[1888]: TLS handshake failed: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[1888]: Fehler beim Verbinden mit 'https://pgp.mailbox.org:443': Fatale "Alert" Nachricht erhalten dirmngr[1888]: DBG: ntbtls(2): release dirmngr[1888]: command 'KS_SEARCH' failed: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[1888]: DBG: chan_0x00000274 -> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS> ------------------- Best, Jan P.S.: By the way, it is a Windwows 10 Enterprise Version 10.0.15063 Build 15063 64bit machine. |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jan Schmidt on 2017-09-18 11:07 | [forum:5140] |
|
Hi Bernhard, even with "debug-all" there is not a lot more information: ----------------------------- dirmngr dirmngr[7864]: NOTE: this is a development version! dirmngr[7864]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog dirmngr[7864]: Fehler beim Öffnen von `C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory dirmngr[7864]: DBG: number of certs loaded from store 'ROOT': 56 dirmngr[7864]: DBG: Zertifikat `CA' ist bereits im Zwischenspeicher dirmngr[7864]: DBG: number of certs loaded from store 'CA': 32 dirmngr[7864]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem' ist bereits im Zwischenspeicher dirmngr[7864]: dauerhaft geladene Zertifikate: 89 dirmngr[7864]: zwischengespeicherte Zertifikate: 0 dirmngr[7864]: vertrauenswürdige Zertifikate: 89 (88,0,0,1) dirmngr[7864]: DBG: chan_0x00000274 -> # Home: C:\Users\Jan\AppData\Roaming\gnupg # Home: C:\Users\Jan\AppData\Roaming\gnupg dirmngr[7864]: DBG: chan_0x00000274 -> # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf dirmngr[7864]: DBG: chan_0x00000274 -> OK Dirmngr 2.2.1-beta9 at your service OK Dirmngr 2.2.1-beta9 at your service KEYSERVER --clear hkps://pgp.mailbox.org dirmngr[7864]: DBG: chan_0x00000274 <- KEYSERVER --clear hkps://pgp.mailbox.org dirmngr[7864]: DBG: chan_0x00000274 -> OK OK KS_SEARCH -- support@mailbox.org dirmngr[7864]: DBG: chan_0x00000274 <- KS_SEARCH -- support@mailbox.org dirmngr[7864]: DBG: dns: dnsserver[0] '134.34.3.2' dirmngr[7864]: DBG: dns: dnsserver[1] '134.34.3.3' dirmngr[7864]: DBG: dns: libdns initialized dirmngr[7864]: DBG: dns: getsrv(_pgpkey-https._tcp.pgp.mailbox.org) -> 0 records dirmngr[7864]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg dirmngr[7864]: resolve_dns_addr for 'pgp.mailbox.org': 'pgp.mailbox.org' [already known] dirmngr[7864]: DBG: http.c:connect_server: trying name='pgp.mailbox.org' port=443 dirmngr[7864]: DBG: dns: resolve_dns_name(pgp.mailbox.org): Erfolg dirmngr[7864]: DBG: http.c:1819:socket_new: object 0x03173228 for fd 844 created dirmngr[7864]: DBG: ntbtls(1): is a fatal alert message (msg 40) dirmngr[7864]: DBG: ntbtls(1): read_record returned: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[7864]: TLS handshake failed: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[7864]: Fehler beim Verbinden mit 'https://pgp.mailbox.org:443': Fatale "Alert" Nachricht erhalten dirmngr[7864]: command 'KS_SEARCH' failed: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[7864]: DBG: chan_0x00000274 -> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS> ------------------------- Hope that helps. Best, Jan |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Bernhard Reiter on 2017-09-18 09:56 | [forum:5139] |
|
Hi Jan, please try to enable the debuging options in dirmngr.conf to see more. Best Regards, Bernhard |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jan Schmidt on 2017-09-18 07:04 | [forum:5137] |
|
Dear Bernhard, thanks for that hint. I already tried that and it acutally works for me on ubuntu16.04 also! But unfortunatly with gpg4win it doesn't. ----------------------------------------------- dirmngr dirmngr[13708]: NOTE: this is a development version! dirmngr[13708]: Fehler beim Öffnen von `C:\Users\Jan\AppData\Roaming\gnupg\dirmngr_ldapservers.conf': No such file or directory dirmngr[13708]: Zertifikat `D:\SwissSign_Silver_CA_-_G2.pem' ist bereits im Zwischenspeicher dirmngr[13708]: dauerhaft geladene Zertifikate: 89 dirmngr[13708]: zwischengespeicherte Zertifikate: 0 dirmngr[13708]: vertrauenswürdige Zertifikate: 89 (88,0,0,1) # Home: C:\Users\Jan\AppData\Roaming\gnupg # Config: C:\Users\Jan\AppData\Roaming\gnupg\dirmngr.conf OK Dirmngr 2.2.1-beta9 at your service KEYSERVER --clear hkps://pgp.mailbox.org OK KS_SEARCH -- support@mailbox.org dirmngr[13708]: resolve_dns_addr for 'pgp.mailbox.org': 'pgp.mailbox.org' [already known] dirmngr[13708]: DBG: ntbtls(1): is a fatal alert message (msg 40) dirmngr[13708]: DBG: ntbtls(1): read_record returned: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[13708]: TLS handshake failed: Fatale "Alert" Nachricht erhalten <TLS> dirmngr[13708]: Fehler beim Verbinden mit 'https://pgp.mailbox.org:443': Fatale "Alert" Nachricht erhalten dirmngr[13708]: command 'KS_SEARCH' failed: Fatale "Alert" Nachricht erhalten <TLS> ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS> -------------------------------- Do you have any clue what "ntbtls(1): is a fatal alert message (msg 40)" means and how to solve it? It seems the dirmngr.conf is read and the CA-certficate is loaded. Best regards, Jan |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Bernhard Reiter on 2017-09-15 14:36 | [forum:5134] |
|
Dear Jan, note that with GnuPG 2.2 dirmngr is the component to do the keyserver access. On a GNU system with a modern gpg your command failed for me also, unless I make the used root certificate known to dirmngr. You could add the option 'hkp-cacert /path/to/root.pem' and 'verbose' and 'gnutls-debug 1' into your dirmngr.conf. This worked for me in one setting on a Debian system. Best Regards, Bernhard |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Jan Schmidt on 2017-09-15 13:15 | [forum:5132] |
|
Are there any news about gpg4win and TLS 1.2? I tried to access the mailbox.org pgp server (hkps://pgp.mailbox.org) with gpg4win (2.3.4 and 3.0.0 beta 299) and I always do get an error. It works with GnuPG 1.4.0 on Ubuntu 16.04 and with OpenKeyChain on my Android smartphone. I'm not 100% sure but it seems it is a problem with TLS1.2. I also tried to add the CA certificate in the gnupg.conf (or dirmngr.conf). Thanks in advance, Jan ----------------------- gpg --debug-all --keyserver=hkps://pgp.mailbox.org --search support@mailbox.org gpg: Hinweis: Keine voreingestellte Optionendatei 'C:/Users/Jan/AppData/Roaming/gnupg/gpg.conf' vorhanden gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: chan_0x00000224 <- # Home: C:/Users/Jan/AppData/Roaming/gnupg gpg: DBG: chan_0x00000224 <- # Config: [none] gpg: DBG: chan_0x00000224 <- OK Dirmngr 2.2.0 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_0x00000224 -> GETINFO version gpg: DBG: chan_0x00000224 <- D 2.2.0 gpg: DBG: chan_0x00000224 <- OK gpg: DBG: chan_0x00000224 -> KEYSERVER --clear hkps://pgp.mailbox.org gpg: DBG: chan_0x00000224 <- OK gpg: DBG: chan_0x00000224 -> KS_SEARCH -- support@mailbox.org gpg: DBG: chan_0x00000224 <- ERR 285212905 Fatale "Alert" Nachricht erhalten <TLS> gpg: error searching keyserver: Fatale "Alert" Nachricht erhalten gpg: Suche auf dem Schlüsselserver fehlgeschlagen: Fatale "Alert" Nachricht erhalten gpg: DBG: chan_0x00000224 -> BYE gpg: DBG: [not enabled in the source] stop gpg: keydb: handles=0 locks=0 parse=0 get=0 gpg: build=0 update=0 insert=0 delete=0 gpg: reset=0 found=0 not=0 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=0 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0 gpg: secmem usage: 0/32768 bytes in 0 blocks |
|
| RE: gpg4win 2.3.3 and mailvelope key server [ Reply ] By: Bernhard Reiter on 2016-09-12 10:49 | [forum:4671] |
|
Hi D B, unfortunately, TLS for dirmngr is currently missing in Gpg4win, see https://bugs.gnupg.org/gnupg/issue1804 Best Regards, Bernhard |
|
| gpg4win 2.3.3 and mailvelope key server [ Reply ] By: D B on 2016-09-09 09:54 | [forum:4667] |
|
Hello, I want to configure gpg4win 2.3.3 to work with the new mailvelope key server -> https://keys.mailvelope.com/ The key server supports HKPS but there is no option for HKPS in Kleopatra, only HKP. Additionally the key server supports a REST api over HTTPS but I do not know how to configure Kleopatra for this. Thanks in advance! |
|
