On the SSL issue: keys.gnupg.net is an alias to the SKS keyserver pool, which is a number of public volunteer run servers:
https://sks-keyservers.net/status/ My guess is you hit a misconfigured one that redirected you to TLS without checking what host you requested. For example I redirect http://keyserver.paulfurley.com to https://keyserver.paulfurley.com *only* if the requested host is keyserver.paulfurley.com. Otherwise I would serve a certificate with a mismatching domain. I'd recommend posting your finding to the sks-devel mailing list since it's probably something the pool should look out for and warn servers they're misconfigured. (I'll post it in the morning if you like.) Paul > > On Jul 10, 2017 at 10:58 pm, <tor (mailto:[email protected])> wrote: > > > > Actually, the directions on https://www.torproject.org/docs/debian.html.en > work okay. I was trying to automate things with Ansible, but the format > changed at some point, from something like: > > > > apt_key: id=A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 > url=http://keys.gnupg.net/pks/lookup?op=get&search=A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 > > > > to: > > > > apt_key: id=A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 > keyserver=keys.gnupg.net > > > > The URL at /pks/lookup no longer exists, so I saw a 404. Using the newer > format with just the hostname of the keyserver it works okay. > > > > Regarding http://keys.gnupg.net I still don't know why there is a SSL > mismatch in the browser, or why you can no longer access the web UI, but it's > not as broken as it looked. > > >
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
