Forum: help-en
Monitor Forum | 
Start New Thread
| RE: Initial setup for lookup on server [ Reply ] By: Bernhard Reiter on 2022-02-22 07:54 | [forum:8281] |
| Something is at odds here. Let us all follow up in https://dev.gnupg.org/T5639. | |
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 14:00 | [forum:8279] |
|
I have the two LetsEncrypt root certificates. Both self-signed, and AFIK I don't locally have the ISRG Root X1 which is issued by the expired DST Root CA X3 cert. The one that dirmngr keeps referring to. I have looked in all the folders inside certificate manager for both the computer and user. I only have those two self-signed root certs. I don't know where else to look. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 13:53 | [forum:8278] |
|
Here it is said that recent gpg4win or gnupg shouldn't have this problem. https://dev.gnupg.org/T5639#153249 But the log is obviously showing that dirmngr is using the wrong certificate chain to base is validity decision on. Earlier today I re-installed 2.3.4 after verifying that all gpg related processes were dead. afaik there is no other dirmngr on my system. It recognises changes in the conf. When I check the path of dirmngr.exe in TaskMan it's the correct one, from 2021-12-20. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 11:06 | [forum:8277] |
|
Oh, I tried removing the old DST Root CA X3 from trusted CAs, but something seems to pull it back in. I thought I could remove it and reboot, and dirmngr would stop referring to it, but since something is pulling back into the trusted CAs, that's not going to work. I instead ran an sslabs text on keyserver.ubuntu.com and it turns out they still have the old DST Root CA X3 certificate as part of the certificate chain. Not all apps are able to overlook that one of the cert paths is invalid. Discussed here. https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ I tried #1, which it seems I'm not able to, as the certificate is automatically reinstated. #2 & #3 I think are out of my hands. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 09:44 | [forum:8276] |
|
So, is there something I can do? Import some extra LetsEncrypt certificate? I'm fairly sure I did do something back when LE revoked their old certs. Not related to gpg, but to make websites work properly. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 09:42 | [forum:8275] |
|
tls-debug 4 2022-02-21 10:41:28 dirmngr[23236] listening on socket 'C:\\Users\\Kim\\AppData\\Local\\gnupg\\S.dirmngr' 2022-02-21 10:41:28 dirmngr[23236] permanently loaded certificates: 180 2022-02-21 10:41:28 dirmngr[23236] runtime cached certificates: 0 2022-02-21 10:41:28 dirmngr[23236] trusted certificates: 180 (180,0,0,0) 2022-02-21 10:41:28 dirmngr[23236] handler for fd 720 started 2022-02-21 10:41:28 dirmngr[23236] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9' 2022-02-21 10:41:28 dirmngr[23236] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8' 2022-02-21 10:41:28 dirmngr[23236] detected interfaces: IPv4 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): handshake 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): client state: 0 (hello_request) 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): flush output 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): client state: 1 (client_hello) 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): flush output 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): write client_hello 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, max version: [3:3] 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, current time: 1645436488 2022-02-21 10:41:28 dirmngr[23236] DBG: client_hello, random bytes: 62135e4810234c070d9e6be9d2bb4d0188dea1a0a066e7182b80b2508da2b891 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, session id len.: 0 2022-02-21 10:41:28 dirmngr[23236] DBG: client_hello, session id: 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, got 78 ciphersuites 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, compress len.: 2 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, compress alg.: 1 0 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, adding server name extension: 'keyserver.ubuntu.com' 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, adding signature_algorithms extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client hello, adding supported_elliptic_curves extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client hello, adding supported_point_formats extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, adding session ticket extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): client_hello, total extension length: 83 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): write record 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): output record: msgtype = 22, version = [3:3], msglen = 285 2022-02-21 10:41:28 dirmngr[23236] DBG: output record sent to network: 160303011d01000119030362135e4810234c070d9e6be9d2bb4d0188dea1a0a0 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 66e7182b80b2508da2b89100009c00ffc030009fc028006bc0140039c08bc07d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c07700c40088c02f009ec0270067c0130033c08ac07cc07600be0045c0120016 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 00abc03800b3c0360091c091c09bc09700aac03700b2c0350090c090c096c09a \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c034008f009d003d0035c07b00c00084009c003c002fc07a00ba0041000a00ad \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 00b70095c093c09900ac00b60094c092c098009300a900af008dc08fc09500a8 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 00ae008cc08ec094008b02010000530000001900170000146b65797365727665 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 722e7562756e74752e636f6d000d001600140601050104010301020106030503 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 040303030203000a000e000c001700180019001a001b001c000b000201000023 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0000 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): flush output 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): message length: 290, out_left: 290 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): es_write returned: success 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): client state: 2 (server_hello) 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): flush output 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): read server_hello 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): read record 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): fetch input 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): in_left: 0, nb_want: 5 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): input record: msgtype = 22, version = [3:3], msglen = 65 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): fetch input 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): in_left: 5, nb_want: 70 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:41:28 dirmngr[23236] DBG: input record from network: 16030300410200003d0303d04f2c342d24a3f7cbaebf4c401f6d40d05454fb35 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 2c939a444f574e4752440100c02f000015ff0100010000000000000b00040300 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 010200230000 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): handshake message: msglen = 65, type = 2, hslen = 65 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(1): server_hello, chosen version: [3:3] 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): server_hello, current time: 3494849588 2022-02-21 10:41:28 dirmngr[23236] DBG: server_hello, random bytes: d04f2c342d24a3f7cbaebf4c401f6d40d05454fb352c939a444f574e47524401 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): server_hello, session id len.: 0 2022-02-21 10:41:28 dirmngr[23236] DBG: server_hello, session id: 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): no session has been resumed 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(1): server_hello, chosen ciphersuite: 49199 (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256) 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): server_hello, compress alg.: 0 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): server_hello, total extension length: 21 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): found renegotiation extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): unknown extension found: 0 (ignoring) 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): found supported_point_formats extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(4): point format selected: 0 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): found session_ticket extension 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): client state: 3 (server_certificate) 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): flush output 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): read certificate 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): read record 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): fetch input 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): in_left: 0, nb_want: 5 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): input record: msgtype = 22, version = [3:3], msglen = 4056 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): fetch input 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): in_left: 5, nb_want: 4061 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:41:28 dirmngr[23236] DBG: input record from network: 1603030fd80b000fd4000fd100054a308205463082042ea003020102021204cc \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 227c37c5112c6c1b538b751a18451bf6300d06092a864886f70d01010b050030 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 32310b300906035504061302555331163014060355040a130d4c657427732045 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6e6372797074310b3009060355040313025233301e170d323131323235303332 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 3033365a170d3232303332353033323033355a3020311e301c06035504031315 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 686f636b65797075636b2e7562756e74752e636f6d30820122300d06092a8648 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 86f70d01010105000382010f003082010a0282010100ae8f24debd5f4c678c7b \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 940e67989a4309373a2506ee3a4bee1eb5c714a7db3732e177fe95b172664806 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 48340d7ddb33ecb0ee59ef6194ac56db62fd0e2d1e969fae23a15aab3c3bf501 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7ee200537e69a99556754b009a62975d036ee193baa7c414a694e29e08f33bff \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6f849bc046c9e6f343ee3e7844c1b189b7fc20483538a023f745698847eadb7f \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 83d41397ebb2e32939126b2f42719c83f97633813fe67dc4c6b983730f207df6 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 1db1fe77867e60103294472695f4e9b0167b781d3d61ceb492b4ee8a964e1e37 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 57e43db31f84ddd734a73ca24c66c212b11b5fbfca2edabf73cb71325d3a4d16 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 432d94e24051c1a571094a45019accd35f44c252e4c90203010001a382026630 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 820262300e0603551d0f0101ff0404030205a0301d0603551d25041630140608 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 2b0601050507030106082b06010505070302300c0603551d130101ff04023000 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 301d0603551d0e04160414aff96c679324c7c0367aa3ddabdb762e4363b55430 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 1f0603551d23041830168014142eb317b75856cbae500940e61faf9d8b14c2c6 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 305506082b0601050507010104493047302106082b0601050507300186156874 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 74703a2f2f72332e6f2e6c656e63722e6f7267302206082b0601050507300286 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 16687474703a2f2f72332e692e6c656e63722e6f72672f30360603551d11042f \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 302d8215686f636b65797075636b2e7562756e74752e636f6d82146b65797365 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 727665722e7562756e74752e636f6d304c0603551d2004453043300806066781 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0c0102013037060b2b0601040182df130101013028302606082b060105050702 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 01161a687474703a2f2f6370732e6c657473656e63727970742e6f7267308201 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 04060a2b06010401d6790204020481f50481f200f000770041c8cab1df22464a \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f60000017defd1af87 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0000040300483046022100a23361bb24840826e61cf5f04998f902bedd044e29 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 543669d7ad6bb34cb3864902210093467e2402f3e676cd4fe7bb7db884b9ebf0 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 76b3a13f802015b47002ae45c8b600750046a555eb75fa912030b5a28969f4f3 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7d112c4174befd49b885abf2fc70fe6d470000017defd1af9b00000403004630 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 440220776cbbf77f65f8fc74953d339594070ce7b82b89f9be51580bf033c8a0 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: acc72d02207c626dfd7adf5fe95e8a438c12f4b65f4765b568620e52e6e5e57a \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 2a9f582bf7300d06092a864886f70d01010b05000382010100b207f1c41e998d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0a84022a3bbac7e4e6e3fc24de43b446fefc5ec5a8835de05d2c5c84c7e69369 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 932e2ff5eb59bff8f21b05342ecfbeecd62f65c25c6a12cf6cf721e6664eac00 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c3399fd91246fb6239d5a74c8d320dacd70c8b7709ba53c97b20d809897a5822 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 991c3944e44a840b037a4ac64c527077ca3a0bc7834129d8cd0f4913f7e9e00d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 952ae8432ead670004fd75e3e99c33df29c56ce6c548ea1605116158eccda5b2 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 48154bf6f6dd70af903bb19d110fddef7f95d8800f23f94742ef5f7a71794490 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: ff2899e71fb124fff4431755f4c75fd6f6a338cee86d88338eabfc3c6513fe9e \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c177ac89bcd21457ec1669741943a05fc99bed37e4544f7e3300051a30820516 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d0609 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 2a864886f70d01010b0500304f310b3009060355040613025553312930270603 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 55040a1320496e7465726e657420536563757269747920526573656172636820 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 47726f7570311530130603550403130c4953524720526f6f74205831301e170d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 3230303930343030303030305a170d3235303931353136303030305a3032310b \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 300906035504061302555331163014060355040a130d4c6574277320456e6372 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 797074310b300906035504031302523330820122300d06092a864886f70d0101 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f47941455 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 35578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f0 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 5a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: a169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0603551d0f0101ff040403020186301d0603551d250416301406082b06010505 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 07030206082b0601050507030130120603551d130101ff040830060101ff0201 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 00301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6e303206082b0601050507010104263024302206082b06010505073002861668 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f3022 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0603551d20041b30193008060667810c010201300d060b2b0601040182df1301 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b7 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e665 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b823 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a0 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 1d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc055 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 4336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e186 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 93c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f8 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 58f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca2094746 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 3ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506dec \ 2022-02-21 10:41:28 dirmngr[23236] DBG: ce005518fee94964d44eca979cb45bc073a8abb847c200056430820560308204 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 48a00302010202104001772137d4e942b8ee76aa3c640ab7300d06092a864886 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: f70d01010b0500303f31243022060355040a131b4469676974616c205369676e \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 617475726520547275737420436f2e311730150603550403130e44535420526f \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6f74204341205833301e170d3231303132303139313430335a170d3234303933 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 303138313430335a304f310b300906035504061302555331293027060355040a \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 1320496e7465726e65742053656375726974792052657365617263682047726f \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7570311530130603550403130c4953524720526f6f7420583130820222300d06 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 092a864886f70d01010105000382020f003082020a0282020100ade82473f414 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 37f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef600 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 4f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0b \ 2022-02-21 10:41:28 dirmngr[23236] DBG: e8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e2 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 37960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0f \ 2022-02-21 10:41:28 dirmngr[23236] DBG: d8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae05013 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d027 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 5de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 82014630820142300f0603551d130101ff040530030101ff300e0603551d0f01 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 01ff040403020106304b06082b06010505070101043f303d303b06082b060105 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 05073002862f687474703a2f2f617070732e6964656e74727573742e636f6d2f \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 726f6f74732f647374726f6f74636178332e703763301f0603551d2304183016 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 8014c4a7b1a47b2c71fadbe14b9075ffc4156085891030540603551d20044d30 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 4b3008060667810c010201303f060b2b0601040182df130101013030302e0608 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 2b060105050702011622687474703a2f2f6370732e726f6f742d78312e6c6574 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 73656e63727970742e6f7267303c0603551d1f043530333031a02fa02d862b68 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 7474703a2f2f63726c2e6964656e74727573742e636f6d2f445354524f4f5443 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 41583343524c2e63726c301d0603551d0e0416041479b459e67bb6e5e4017380 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0888c81a58f6e99b6e300d06092a864886f70d01010b050003820101000a7300 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 6c966eff0e52d0aedd8ce75a06ad2fa8e38fbfc90a031550c2e56c42bb6f9bf4 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: b44fc244880875cceb079b14626e78deec27ba395cf5a2a16e5694701053b1bb \ 2022-02-21 10:41:28 dirmngr[23236] DBG: e4afd0a2c32b01d496f4c5203533f9d86136e0718db4b8b5aa824595c0f2a923 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 28e7d6a1cb6708daa0432caa1b931fc9def5ab695d13f55b865822ca4d55e470 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 676dc257c5463941cf8a5883586d99fe57e8360ef00e23aafd8897d0e35c0e94 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 49b5b51735d22ebf4e85ef18e08592eb063b6c29230960dc45024c12183be9fb \ 2022-02-21 10:41:28 dirmngr[23236] DBG: 0ededc44f85898aeeabd4545a1885d66cafe10e96f82c811420dfbe9ece38600 \ 2022-02-21 10:41:28 dirmngr[23236] DBG: de9d10e338faa47db1d8e8498284069b2be86b4f010c38772ef9dde739 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(3): handshake message: msglen = 4056, type = 11, hslen = 4056 2022-02-21 10:41:28 dirmngr[23236] ntbtls: peer certificate: chain length=3 2022-02-21 10:41:28 dirmngr[23236]ntbtls: serial: 04cc227c37c5112c6c1b538b751a18451bf6 2022-02-21 10:41:28 dirmngr[23236] ntbtls: issuer: CN=R3,O=Let's Encrypt,C=US 2022-02-21 10:41:28 dirmngr[23236] ntbtls: subject: CN=hockeypuck.ubuntu.com 2022-02-21 10:41:28 dirmngr[23236] ntbtls: aka: (8:dns-name21:hockeypuck.ubuntu.com) 2022-02-21 10:41:28 dirmngr[23236] ntbtls: aka: (8:dns-name20:keyserver.ubuntu.com) 2022-02-21 10:41:28 dirmngr[23236] ntbtls: notBefore: 2021-12-25 03:20:36 2022-02-21 10:41:28 dirmngr[23236] ntbtls: notAfter: 2022-03-25 03:20:35 2022-02-21 10:41:28 dirmngr[23236] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:41:28 dirmngr[23236]ntbtls: serial: 00912b084acf0c18a753f6d62e25a75f5a 2022-02-21 10:41:28 dirmngr[23236] ntbtls: issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US 2022-02-21 10:41:28 dirmngr[23236] ntbtls: subject: CN=R3,O=Let's Encrypt,C=US 2022-02-21 10:41:28 dirmngr[23236] ntbtls: notBefore: 2020-09-04 00:00:00 2022-02-21 10:41:28 dirmngr[23236] ntbtls: notAfter: 2025-09-15 16:00:00 2022-02-21 10:41:28 dirmngr[23236] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:41:28 dirmngr[23236]ntbtls: serial: 4001772137d4e942b8ee76aa3c640ab7 2022-02-21 10:41:28 dirmngr[23236] ntbtls: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. 2022-02-21 10:41:28 dirmngr[23236] ntbtls: subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US 2022-02-21 10:41:28 dirmngr[23236] ntbtls: notBefore: 2021-01-20 19:14:03 2022-02-21 10:41:28 dirmngr[23236] ntbtls: notAfter: 2024-09-30 18:14:03 2022-02-21 10:41:28 dirmngr[23236] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(1): comparing hostname 'hockeypuck.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(1): comparing hostname 'keyserver.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:41:28 dirmngr[23236] certificate already cached 2022-02-21 10:41:28 dirmngr[23236] certificate cached 2022-02-21 10:41:28 dirmngr[23236] Note: non-critical certificate policy not allowed 2022-02-21 10:41:28 dirmngr[23236] certificate is good 2022-02-21 10:41:28 dirmngr[23236] certificate has expired 2022-02-21 10:41:28 dirmngr[23236] (expired at 2021-09-29 19:21:40) 2022-02-21 10:41:28 dirmngr[23236] Note: non-critical certificate policy not allowed 2022-02-21 10:41:28 dirmngr[23236] certificate is good 2022-02-21 10:41:28 dirmngr[23236] certificate has expired 2022-02-21 10:41:28 dirmngr[23236] (expired at 2021-09-30 14:01:15) 2022-02-21 10:41:28 dirmngr[23236] root certificate is good and trusted 2022-02-21 10:41:28 dirmngr[23236] target certificate is NOT valid 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(1): error from the verify callback returned: Certificate expired <Dirmngr> 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): handshake ready 2022-02-21 10:41:28 dirmngr[23236] TLS handshake failed: Certificate expired <Dirmngr> 2022-02-21 10:41:28 dirmngr[23236] error connecting to 'https://162.213.33.9:443': Certificate expired 2022-02-21 10:41:28 dirmngr[23236] DBG: ntbtls(2): release 2022-02-21 10:41:28 dirmngr[23236] command 'KS_SEARCH' failed: Certificate expired 2022-02-21 10:41:28 dirmngr[23236] handler for fd 720 terminated |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 09:42 | [forum:8274] |
|
Ok, here goes. :-) tls-debug 1 2022-02-21 10:34:11 dirmngr[17092] listening on socket 'C:\\Users\\Kim\\AppData\\Local\\gnupg\\S.dirmngr' 2022-02-21 10:34:12 dirmngr[17092] permanently loaded certificates: 180 2022-02-21 10:34:12 dirmngr[17092] runtime cached certificates: 0 2022-02-21 10:34:12 dirmngr[17092] trusted certificates: 180 (180,0,0,0) 2022-02-21 10:34:12 dirmngr[17092] handler for fd 712 started 2022-02-21 10:34:12 dirmngr[17092] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9' 2022-02-21 10:34:12 dirmngr[17092] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8' 2022-02-21 10:34:12 dirmngr[17092] detected interfaces: IPv4 2022-02-21 10:34:12 dirmngr[17092] DBG: ntbtls(1): server_hello, chosen version: [3:3] 2022-02-21 10:34:12 dirmngr[17092] DBG: ntbtls(1): server_hello, chosen ciphersuite: 49199 (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256) 2022-02-21 10:34:12 dirmngr[17092] ntbtls: peer certificate: chain length=3 2022-02-21 10:34:12 dirmngr[17092] DBG: ntbtls(1): comparing hostname 'hockeypuck.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:34:12 dirmngr[17092] DBG: ntbtls(1): comparing hostname 'keyserver.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:34:12 dirmngr[17092] certificate already cached 2022-02-21 10:34:12 dirmngr[17092] certificate cached 2022-02-21 10:34:12 dirmngr[17092] Note: non-critical certificate policy not allowed 2022-02-21 10:34:12 dirmngr[17092] certificate is good 2022-02-21 10:34:12 dirmngr[17092] certificate has expired 2022-02-21 10:34:12 dirmngr[17092] (expired at 2021-09-29 19:21:40) 2022-02-21 10:34:12 dirmngr[17092] Note: non-critical certificate policy not allowed 2022-02-21 10:34:12 dirmngr[17092] certificate is good 2022-02-21 10:34:12 dirmngr[17092] certificate has expired 2022-02-21 10:34:12 dirmngr[17092] (expired at 2021-09-30 14:01:15) 2022-02-21 10:34:12 dirmngr[17092] root certificate is good and trusted 2022-02-21 10:34:12 dirmngr[17092] target certificate is NOT valid 2022-02-21 10:34:12 dirmngr[17092] DBG: ntbtls(1): error from the verify callback returned: Certificate expired <Dirmngr> 2022-02-21 10:34:12 dirmngr[17092] TLS handshake failed: Certificate expired <Dirmngr> 2022-02-21 10:34:12 dirmngr[17092] error connecting to 'https://162.213.33.8:443': Certificate expired 2022-02-21 10:34:12 dirmngr[17092] command 'KS_SEARCH' failed: Certificate expired 2022-02-21 10:34:12 dirmngr[17092] handler for fd 712 terminated tls-debug 2 2022-02-21 10:35:46 dirmngr[22880] listening on socket 'C:\\Users\\Kim\\AppData\\Local\\gnupg\\S.dirmngr' 2022-02-21 10:35:46 dirmngr[22880] permanently loaded certificates: 180 2022-02-21 10:35:46 dirmngr[22880] runtime cached certificates: 0 2022-02-21 10:35:46 dirmngr[22880] trusted certificates: 180 (180,0,0,0) 2022-02-21 10:35:46 dirmngr[22880] handler for fd 708 started 2022-02-21 10:35:46 dirmngr[22880] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9' 2022-02-21 10:35:46 dirmngr[22880] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8' 2022-02-21 10:35:46 dirmngr[22880] detected interfaces: IPv4 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): handshake 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): client state: 0 (hello_request) 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): client state: 1 (client_hello) 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): write client_hello 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): client state: 2 (server_hello) 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): read server_hello 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(1): server_hello, chosen version: [3:3] 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(1): server_hello, chosen ciphersuite: 49199 (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256) 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): server_hello, total extension length: 21 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): found renegotiation extension 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): unknown extension found: 0 (ignoring) 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): found supported_point_formats extension 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): found session_ticket extension 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): client state: 3 (server_certificate) 2022-02-21 10:35:46 dirmngr[22880] ntbtls: peer certificate: chain length=3 2022-02-21 10:35:46 dirmngr[22880]ntbtls: serial: 04cc227c37c5112c6c1b538b751a18451bf6 2022-02-21 10:35:46 dirmngr[22880] ntbtls: issuer: CN=R3,O=Let's Encrypt,C=US 2022-02-21 10:35:46 dirmngr[22880] ntbtls: subject: CN=hockeypuck.ubuntu.com 2022-02-21 10:35:46 dirmngr[22880] ntbtls: aka: (8:dns-name21:hockeypuck.ubuntu.com) 2022-02-21 10:35:46 dirmngr[22880] ntbtls: aka: (8:dns-name20:keyserver.ubuntu.com) 2022-02-21 10:35:46 dirmngr[22880] ntbtls: notBefore: 2021-12-25 03:20:36 2022-02-21 10:35:46 dirmngr[22880] ntbtls: notAfter: 2022-03-25 03:20:35 2022-02-21 10:35:46 dirmngr[22880] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:35:46 dirmngr[22880]ntbtls: serial: 00912b084acf0c18a753f6d62e25a75f5a 2022-02-21 10:35:46 dirmngr[22880] ntbtls: issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US 2022-02-21 10:35:46 dirmngr[22880] ntbtls: subject: CN=R3,O=Let's Encrypt,C=US 2022-02-21 10:35:46 dirmngr[22880] ntbtls: notBefore: 2020-09-04 00:00:00 2022-02-21 10:35:46 dirmngr[22880] ntbtls: notAfter: 2025-09-15 16:00:00 2022-02-21 10:35:46 dirmngr[22880] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:35:46 dirmngr[22880]ntbtls: serial: 4001772137d4e942b8ee76aa3c640ab7 2022-02-21 10:35:46 dirmngr[22880] ntbtls: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. 2022-02-21 10:35:46 dirmngr[22880] ntbtls: subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US 2022-02-21 10:35:46 dirmngr[22880] ntbtls: notBefore: 2021-01-20 19:14:03 2022-02-21 10:35:46 dirmngr[22880] ntbtls: notAfter: 2024-09-30 18:14:03 2022-02-21 10:35:46 dirmngr[22880] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(1): comparing hostname 'hockeypuck.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(1): comparing hostname 'keyserver.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:35:46 dirmngr[22880] certificate already cached 2022-02-21 10:35:46 dirmngr[22880] certificate cached 2022-02-21 10:35:46 dirmngr[22880] Note: non-critical certificate policy not allowed 2022-02-21 10:35:46 dirmngr[22880] certificate is good 2022-02-21 10:35:46 dirmngr[22880] certificate has expired 2022-02-21 10:35:46 dirmngr[22880] (expired at 2021-09-29 19:21:40) 2022-02-21 10:35:46 dirmngr[22880] Note: non-critical certificate policy not allowed 2022-02-21 10:35:46 dirmngr[22880] certificate is good 2022-02-21 10:35:46 dirmngr[22880] certificate has expired 2022-02-21 10:35:46 dirmngr[22880] (expired at 2021-09-30 14:01:15) 2022-02-21 10:35:46 dirmngr[22880] root certificate is good and trusted 2022-02-21 10:35:46 dirmngr[22880] target certificate is NOT valid 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(1): error from the verify callback returned: Certificate expired <Dirmngr> 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): handshake ready 2022-02-21 10:35:46 dirmngr[22880] TLS handshake failed: Certificate expired <Dirmngr> 2022-02-21 10:35:46 dirmngr[22880] error connecting to 'https://162.213.33.8:443': Certificate expired 2022-02-21 10:35:46 dirmngr[22880] DBG: ntbtls(2): release 2022-02-21 10:35:46 dirmngr[22880] command 'KS_SEARCH' failed: Certificate expired 2022-02-21 10:35:46 dirmngr[22880] handler for fd 708 terminated tls-debug 3 2022-02-21 10:40:31 dirmngr[2592] listening on socket 'C:\\Users\\Kim\\AppData\\Local\\gnupg\\S.dirmngr' 2022-02-21 10:40:31 dirmngr[2592] permanently loaded certificates: 180 2022-02-21 10:40:31 dirmngr[2592] runtime cached certificates: 0 2022-02-21 10:40:31 dirmngr[2592] trusted certificates: 180 (180,0,0,0) 2022-02-21 10:40:31 dirmngr[2592] handler for fd 720 started 2022-02-21 10:40:31 dirmngr[2592] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9' 2022-02-21 10:40:31 dirmngr[2592] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8' 2022-02-21 10:40:31 dirmngr[2592] detected interfaces: IPv4 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): handshake 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): client state: 0 (hello_request) 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): flush output 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): client state: 1 (client_hello) 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): flush output 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): write client_hello 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, max version: [3:3] 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, current time: 1645436431 2022-02-21 10:40:31 dirmngr[2592] DBG: client_hello, random bytes: 62135e0f392dc4c64d93cd9d246245268727da03abf349002ac3e54038f381a1 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, session id len.: 0 2022-02-21 10:40:31 dirmngr[2592] DBG: client_hello, session id: 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, got 78 ciphersuites 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, compress len.: 2 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, compress alg.: 1 0 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, adding server name extension: 'keyserver.ubuntu.com' 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, adding signature_algorithms extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client hello, adding supported_elliptic_curves extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client hello, adding supported_point_formats extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, adding session ticket extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): client_hello, total extension length: 83 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): write record 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): output record: msgtype = 22, version = [3:3], msglen = 285 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): flush output 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): message length: 290, out_left: 290 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): es_write returned: success 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): client state: 2 (server_hello) 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): flush output 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): read server_hello 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): read record 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): fetch input 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): in_left: 0, nb_want: 5 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): input record: msgtype = 22, version = [3:3], msglen = 65 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): fetch input 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): in_left: 5, nb_want: 70 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): handshake message: msglen = 65, type = 2, hslen = 65 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(1): server_hello, chosen version: [3:3] 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): server_hello, current time: 2411400778 2022-02-21 10:40:31 dirmngr[2592] DBG: server_hello, random bytes: 8fbb0e4a0803168a8830148b455259b7d8239aa390d8cf50444f574e47524401 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): server_hello, session id len.: 0 2022-02-21 10:40:31 dirmngr[2592] DBG: server_hello, session id: 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): no session has been resumed 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(1): server_hello, chosen ciphersuite: 49199 (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256) 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): server_hello, compress alg.: 0 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): server_hello, total extension length: 21 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): found renegotiation extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): unknown extension found: 0 (ignoring) 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): found supported_point_formats extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): found session_ticket extension 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): client state: 3 (server_certificate) 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): flush output 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): read certificate 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): read record 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): fetch input 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): in_left: 0, nb_want: 5 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): input record: msgtype = 22, version = [3:3], msglen = 4056 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): fetch input 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): in_left: 5, nb_want: 4061 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): es_read returned: success 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(3): handshake message: msglen = 4056, type = 11, hslen = 4056 2022-02-21 10:40:31 dirmngr[2592] ntbtls: peer certificate: chain length=3 2022-02-21 10:40:31 dirmngr[2592]ntbtls: serial: 04cc227c37c5112c6c1b538b751a18451bf6 2022-02-21 10:40:31 dirmngr[2592] ntbtls: issuer: CN=R3,O=Let's Encrypt,C=US 2022-02-21 10:40:31 dirmngr[2592] ntbtls: subject: CN=hockeypuck.ubuntu.com 2022-02-21 10:40:31 dirmngr[2592] ntbtls: aka: (8:dns-name21:hockeypuck.ubuntu.com) 2022-02-21 10:40:31 dirmngr[2592] ntbtls: aka: (8:dns-name20:keyserver.ubuntu.com) 2022-02-21 10:40:31 dirmngr[2592] ntbtls: notBefore: 2021-12-25 03:20:36 2022-02-21 10:40:31 dirmngr[2592] ntbtls: notAfter: 2022-03-25 03:20:35 2022-02-21 10:40:31 dirmngr[2592] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:40:31 dirmngr[2592]ntbtls: serial: 00912b084acf0c18a753f6d62e25a75f5a 2022-02-21 10:40:31 dirmngr[2592] ntbtls: issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US 2022-02-21 10:40:31 dirmngr[2592] ntbtls: subject: CN=R3,O=Let's Encrypt,C=US 2022-02-21 10:40:31 dirmngr[2592] ntbtls: notBefore: 2020-09-04 00:00:00 2022-02-21 10:40:31 dirmngr[2592] ntbtls: notAfter: 2025-09-15 16:00:00 2022-02-21 10:40:31 dirmngr[2592] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:40:31 dirmngr[2592]ntbtls: serial: 4001772137d4e942b8ee76aa3c640ab7 2022-02-21 10:40:31 dirmngr[2592] ntbtls: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. 2022-02-21 10:40:31 dirmngr[2592] ntbtls: subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US 2022-02-21 10:40:31 dirmngr[2592] ntbtls: notBefore: 2021-01-20 19:14:03 2022-02-21 10:40:31 dirmngr[2592] ntbtls: notAfter: 2024-09-30 18:14:03 2022-02-21 10:40:31 dirmngr[2592] ntbtls: hashAlgo: 1.2.840.113549.1.1.11 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(1): comparing hostname 'hockeypuck.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(1): comparing hostname 'keyserver.ubuntu.com' to 'keyserver.ubuntu.com' 2022-02-21 10:40:31 dirmngr[2592] certificate already cached 2022-02-21 10:40:31 dirmngr[2592] certificate cached 2022-02-21 10:40:31 dirmngr[2592] Note: non-critical certificate policy not allowed 2022-02-21 10:40:31 dirmngr[2592] certificate is good 2022-02-21 10:40:31 dirmngr[2592] certificate has expired 2022-02-21 10:40:31 dirmngr[2592] (expired at 2021-09-29 19:21:40) 2022-02-21 10:40:31 dirmngr[2592] Note: non-critical certificate policy not allowed 2022-02-21 10:40:31 dirmngr[2592] certificate is good 2022-02-21 10:40:31 dirmngr[2592] certificate has expired 2022-02-21 10:40:31 dirmngr[2592] (expired at 2021-09-30 14:01:15) 2022-02-21 10:40:31 dirmngr[2592] root certificate is good and trusted 2022-02-21 10:40:31 dirmngr[2592] target certificate is NOT valid 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(1): error from the verify callback returned: Certificate expired <Dirmngr> 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): handshake ready 2022-02-21 10:40:31 dirmngr[2592] TLS handshake failed: Certificate expired <Dirmngr> 2022-02-21 10:40:31 dirmngr[2592] error connecting to 'https://162.213.33.8:443': Certificate expired 2022-02-21 10:40:31 dirmngr[2592] DBG: ntbtls(2): release 2022-02-21 10:40:31 dirmngr[2592] command 'KS_SEARCH' failed: Certificate expired 2022-02-21 10:40:31 dirmngr[2592] handler for fd 720 terminated tls-debug 4 - eh, that's so long it deserves its own post. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Bernhard Reiter on 2022-02-21 09:07 | [forum:8271] |
|
Hi Kim, thanks for the log and the config and the patience. :) The log confirms, that it is a problem with the TLS certificate of 2022-02-21 09:29:40 dirmngr[25220] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8' 2022-02-21 09:29:41 dirmngr[25220] certificate has expired 2022-02-21 09:29:41 dirmngr[25220] (expired at 2021-09-30 14:01:15) 2022-02-21 09:29:41 dirmngr[25220] root certificate is good and trusted 2022-02-21 09:29:41 dirmngr[25220] target certificate is NOT valid 2022-02-21 09:29:41 dirmngr[25220] TLS handshake failed: Certificate expired <Dirmngr> So my suspicion is that the windows installation misses some of the new Let's encrypt certificates. (I think when restarting dirmngr, a debug option can list, which certificates it loads precisely.) If not, there is still a TLS certificate certification issue lurking somewhere. Regards Bernhard |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 08:32 | [forum:8270] |
|
This is my gpg.conf by the way. ###+++--- GPGConf ---+++### utf8-strings default-key 84A94C18F68F97DC3709E5057B294EAD4F52CAAA keyserver hkps://keyserver.ubuntu.com ###+++--- GPGConf ---+++### 2022-02-15 18:12:04 V�steuropa, normaltid # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. personal-cipher-preferences AES256 AES192 AES personal-digest-preferences SHA512 SHA384 SHA256 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed cert-digest-algo SHA512 s2k-digest-algo SHA512 s2k-cipher-algo AES256 charset utf-8 fixed-list-mode no-comments no-emit-version keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint require-cross-certification no-symkey-cache throw-keyids use-agent |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-21 08:31 | [forum:8269] |
|
This is what my log said when trying to lookup my own key with hkps. 2022-02-21 09:29:40 dirmngr[25220] listening on socket 'C:\\Users\\Kim\\AppData\\Local\\gnupg\\S.dirmngr' 2022-02-21 09:29:40 dirmngr[25220] permanently loaded certificates: 180 2022-02-21 09:29:40 dirmngr[25220] runtime cached certificates: 0 2022-02-21 09:29:40 dirmngr[25220] trusted certificates: 180 (180,0,0,0) 2022-02-21 09:29:40 dirmngr[25220] handler for fd 700 started 2022-02-21 09:29:40 dirmngr[25220] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9' 2022-02-21 09:29:40 dirmngr[25220] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8' 2022-02-21 09:29:41 dirmngr[25220] detected interfaces: IPv4 2022-02-21 09:29:41 dirmngr[25220] certificate already cached 2022-02-21 09:29:41 dirmngr[25220] certificate cached 2022-02-21 09:29:41 dirmngr[25220] Note: non-critical certificate policy not allowed 2022-02-21 09:29:41 dirmngr[25220] certificate is good 2022-02-21 09:29:41 dirmngr[25220] certificate has expired 2022-02-21 09:29:41 dirmngr[25220] (expired at 2021-09-29 19:21:40) 2022-02-21 09:29:41 dirmngr[25220] Note: non-critical certificate policy not allowed 2022-02-21 09:29:41 dirmngr[25220] certificate is good 2022-02-21 09:29:41 dirmngr[25220] certificate has expired 2022-02-21 09:29:41 dirmngr[25220] (expired at 2021-09-30 14:01:15) 2022-02-21 09:29:41 dirmngr[25220] root certificate is good and trusted 2022-02-21 09:29:41 dirmngr[25220] target certificate is NOT valid 2022-02-21 09:29:41 dirmngr[25220] TLS handshake failed: Certificate expired <Dirmngr> 2022-02-21 09:29:41 dirmngr[25220] error connecting to 'https://162.213.33.8:443': Certificate expired 2022-02-21 09:29:41 dirmngr[25220] command 'KS_SEARCH' failed: Certificate expired 2022-02-21 09:29:41 dirmngr[25220] handler for fd 700 terminated |
|
| RE: Initial setup for lookup on server [ Reply ] By: Bernhard Reiter on 2022-02-16 08:04 | [forum:8260] |
|
Hi Kim, one differente between GNU/Linux and Windows with GnuPG's dirmngr is where they take their trusted certificates (the root certificates) from. On Windows the come from the Windows own store, which can have a different content then what is available on GNU/Linux. To debug this, someone can add log-file and debug options to dirmngr.conf (and restart it). In our tests keyserver.ubuntu.com works fine so far on Windows. History: Problems came up when Let's encrypt used (a legitimate) trick when they had to migrate from one root ca to the next. So the validation of the certificate chain in dirmngr was improved, but there still might be defects in it. Regards, Bernhard |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:44 | [forum:8259] |
|
I don't know what is wrong or what happened, but I can't make gpg cli work with any encrypted server. Regardless of which version I install. I tried all versions from 2.34 down to 2.3.34. None work with an encrypted keyserver. They all work with non-encrypted keyservers. 2.3.4 work great with encrypted keyservers in Ubuntu. All I know is that hkps://keyserver.ubuntu.com used to work great, before I installed 4.0.0. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:27 | [forum:8258] |
|
Aaaaand now I have to apologise. gpg 2.3.4 in cmd on Windows 10 also fails all encrypted hosts, with invalid certificate. gpg 2.3.4 in Linux (Ubuntu in WSL on the same Windows 10 system) works great with all hosts. Sorry. I didn't realise that I was in the WSL terminal, and not cmd terminal when reporting earlies. So this means that both Kleopatra 4.0.0 and gpg 2.3.4 fail with hkps and https on Windows. gpg 2.3.4 in WSL Ubuntu works fine with all hosts. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:15 | [forum:8257] |
|
Just to verify, this is a change from gpg4win before version 4. I've had hkps://keyserver.ubuntu.com for years without issue. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:12 | [forum:8256]
gpg4win_400_refresh_pgp_keys-hkp.png (8) downloads
|
|
But with hkp it works. Using hkps & https works great in cmd with gpg. But Kleopatra doesn't like it. gpg even accepts http, but not Kleopatra. Kleopatra only accepts hkp. |
|
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:10 | [forum:8255]
gpg4win_400_refresh_pgp_keys-hkps.png (12) downloads
|
| Same invalid certificate with hkps. | |
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:09 | [forum:8254]
gpg4win_400_refresh_pgp_keys-https.png (7) downloads
|
| If I use https://keyserver.ubuntu.com I get an error message saying certificate is invalid. | |
| RE: Initial setup for lookup on server [ Reply ] By: Kim Nilsson on 2022-02-15 17:09 | [forum:8253]
gpg4win_400_refresh_pgp_keys.png (7) downloads
|
| Having that setting empty fails completely for me. | |
| RE: Initial setup for lookup on server [ Reply ] By: Bernhard Reiter on 2022-01-18 14:26 | [forum:8223] |
|
Yes, this is the reason why searching for public keys does not work at all. Remove the setting (make it empty) so that the default is used or use one of the keyservers in from the list I've posted. Best, Bernhard |
|
| RE: Initial setup for lookup on server [ Reply ] By: Mark W on 2022-01-16 23:02 | [forum:8221] |
|
I just looked at my GPG4Win 4 install to see what it was set at, and it is "hkp://keys.gnupg.net";. I have been using GPG4Win since v3 so is that the reason? Should it be changed to "https://keyserver.ubuntu.com"; |
|
| RE: Initial setup for lookup on server [ Reply ] By: Bernhard Reiter on 2022-01-06 09:33 | [forum:8199] |
|
Hi Matt, the keyserver should be empty to use the default, which in current GnuPG is 'https://keyserver.ubuntu.com' Did you have Gpg4win installed before? This could be the reason why there is the old keyserver. To use an even more modern one, see https://social.tchncs.de/@ber/107008659842900171 for the emerging new network of pubkeyservers. Regards Bernhard |
|
| Initial setup for lookup on server [ Reply ] By: Matt Postiff on 2022-01-02 00:55 | [forum:8193] |
|
Hi, I'm having trouble doing a lookup on server...I believe because I don't have Settings | Configure Kleopatra | Directory Services set up properly. The OpenPGP keyserver box has kttp://keys.gnupg.net and the X.509 Directory Services box is empty. The Add button offers Active Directory or LDAP. But the dialog box does not like what I see in online documentation with various columns and other settings. It is not obvious what I do at this point even after hunting around online. I would think the install defaults should work, even if not ideally, but it appears not. Can someone give me some guidance? I'm not experienced with this software. I just downloaded 4.0.0, installed, and rebooted. |
|
