HTTP(S) preferred key servers always treated as HKP
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	codmyre
	Jan 17 2017, 12:00 AM

Description

When doing a --refresh on keys which have a preferred key server set in their
signature, GnuPG 2.1.x (tested with 2.1.16 and 2.1.17) treats all HTTP(S) URIs
as HKP servers. Both 1.4.x and 2.0.x are able to handle these URIs properly.

Example:

Suppose a key has a preferred key server of "https://example.com/key.asc". Both
1.4.x and 2.0.x would request this exact URI, and the key would be retrieved
from that location.

In 2.1.x, only the protocol and host parts of the URI are used, and an HKP
request is made based on the key fingerprint, such as:

https://example.com/pks/lookup?op=get&options=mr&search=0x0000000000000000000000000000000000000000

     (fingerprint changed to zeros)

I believe the behaviour of previous GnuPG versions is more in line with RFC 4880
(section 5.2.3.18).

Details

Version: 2.1.17

Revisions and Commits

rG GnuPG
	rGb231959728a0 dirmngr: Honor http keyserver URLs.

Related Objects

Mentioned In: T6153: Kleopatra: No error when import from Keyserver fails
Mentioned Here: rGb231959728a0: dirmngr: Honor http keyserver URLs.

Event Timeline

codmyre set Version to 2.1.17.Jan 17 2017, 12:00 AM

codmyre added projects: dirmngr, gnupg (gpg21), gnupg, Bug Report.

codmyre added a subscriber: codmyre.

Thanks for the report. I can replicate this.

justus edited projects, added gnupg (gpg22); removed gnupg, gnupg (gpg21).Jul 17 2017, 10:46 AM

justus claimed this task.Jul 18 2017, 12:05 PM

justus added a commit: rGb231959728a0: dirmngr: Honor http keyserver URLs..Jul 18 2017, 1:59 PM

Fixed in b231959728a0056094134e0fca8cc916c24ef37e.

• werner mentioned this in T6153: Kleopatra: No error when import from Keyserver fails.Aug 24 2022, 2:23 PM