Control: severity 849845 grave Hi all--
I've been able to replicate the problems described by intrigeri in https://bugs.debian.org/849845; i'm preparing an update to gpg with cherry-picked patches that resolves most of them for me. This issue is bad enough that it basically makes dirmngr unusable, afaict. The remaining problem for me ws that when i use tor, if i get back AAAA records, the connections fail, but the IPv6 records are not marked as dead, so they fail repeatedly. here's an example: Jan 03 15:48:37 alice dirmngr[11194]: DBG: chan_5 <- KS_GET -- 0x4FA73DE89ADE75998AC24E97B8C1D523FE7AAA84 Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a02:898:31:0:48:4558:73:6b73]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a00:14b0:4200:3000:27::27]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2606:1c00:2802::b]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:bc8:4700:2300::10:f15]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:738:0:600:216:3eff:fe02:42]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:720:418:caf1::8]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:610:1108:5011::70]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:470:1:116::6]' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '216.66.15.2' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '212.12.48.27' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '193.224.163.43' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '192.94.109.73' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '131.155.141.70' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '130.206.1.8' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '94.142.242.225' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '51.15.53.138' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '37.191.238.78' Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '18.9.60.141' Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L3: ASSERT: mpi.c[_gnutls_x509_read_uint]:246 Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: Allocating epoch #0 Jan 03 15:48:42 alice dirmngr[11194]: can't connect to '2a02:898:31:0:48:4558:73:6b73': Invalid argument Jan 03 15:48:42 alice dirmngr[11194]: error connecting to 'https://[2a02:898:31:0:48:4558:73:6b73]:443': Invalid argument Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: Start of epoch cleanup Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: End of epoch cleanup Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: Epoch #0 freed Jan 03 15:48:42 alice dirmngr[11194]: command 'KS_GET' failed: Invalid argument Jan 03 15:48:42 alice dirmngr[11194]: DBG: chan_5 -> ERR 167804976 Invalid argument <Dirmngr> Jan 03 15:48:42 alice dirmngr[11194]: DBG: chan_5 <- BYE Jan 03 15:48:42 alice dirmngr[11194]: DBG: chan_5 -> OK closing connection Jan 03 15:48:42 alice dirmngr[11194]: handler for fd 5 terminated Jan 03 15:49:11 alice dirmngr[11194]: handler for fd 5 started Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> # Home: /home/dkg/.gnupg Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> # Config: /home/dkg/.gnupg/dirmngr.conf Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> OK Dirmngr 2.1.17 at your service Jan 03 15:49:11 alice dirmngr[11194]: connection from process 11200 (1000:1000) Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 <- GETINFO version Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> D 2.1.17 Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> OK Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 <- KS_GET -- 0x4FA73DE89ADE75998AC24E97B8C1D523FE7AAA84 Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L3: ASSERT: mpi.c[_gnutls_x509_read_uint]:246 Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: Allocating epoch #0 Jan 03 15:49:11 alice dirmngr[11194]: can't connect to '2a02:898:31:0:48:4558:73:6b73': Invalid argument Jan 03 15:49:11 alice dirmngr[11194]: error connecting to 'https://[2a02:898:31:0:48:4558:73:6b73]:443': Invalid argument Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: Start of epoch cleanup Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: End of epoch cleanup Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: Epoch #0 freed Jan 03 15:49:11 alice dirmngr[11194]: command 'KS_GET' failed: Invalid argument Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> ERR 167804976 Invalid argument <Dirmngr> Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 <- BYE Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> OK closing connection Jan 03 15:49:11 alice dirmngr[11194]: handler for fd 5 terminated Jan 03 15:49:14 alice dirmngr[11194]: handler for fd 5 started If i connect to dirmngr directly with 'gpg-connect-agent --dirmngr' and manually do "keyserver --dead [2a02:898:31:0:48:4558:73:6b73]", etc, for all AAAA addresses, then dirmngr works again by falling through to the IPv4 addresses. --dkg
signature.asc
Description: PGP signature