SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris
On Wed, Aug 03, 2005 at 08:44:18PM -0400, David Shaw wrote:
> On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote:

> > Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html ,
> > this might do the trick:
> >
> >   curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
> >
> > if any connection, which always seems to prefer IPv6, doesn't
> > at first succeed.
>
> I'm not sure.  CURL_IPRESOLVE_V4 is documented to force the connection
> to IPv4.  That is, it'll ignore IPv6 addresses altogether, rather than
> try to connect and then fail over within curl.  What happens if you
> add a "-4" to the command line above?  That sets CURL_IPRESOLVE_V4.
(That works fine, of course.)

> Also, going back to the original problem, can you send me the output
> when you try fetching a key with "--keyserver-options debug" set?

OK, with --recv I see it falls back from v6 to v4, which is good, but it
fails with --send:

  %gpg --keyserver-options debug --keyserver keyserver.linux.it --send ...
  gpg: sending key ... to hkp server keyserver.linux.it
  Host:           keyserver.linux.it
  Command:        SEND
  gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add'
  * About to connect() to keyserver.linux.it port 11371
  *   Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host
  * Undefined error: 0
  *   Trying 62.94.26.10... * connected
  * Connected to keyserver.linux.it (62.94.26.10) port 11371
  > POST /pks/add HTTP/1.1
  Host: keyserver.linux.it:11371
  Accept: */*
  Content-Length: 2246
  Content-Type: application/x-www-form-urlencoded
  Expect: 100-continue

  < HTTP/1.1 100 Continue
  * The requested URL returned error: 500
  * Closing connection #0
  gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host

However, this seems to be specific to SKS.  My SKS log reports:

2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Scanf.Scan_failure("scanf: bad input at char number 8: looking for =, found %")

so the connection is being made (in this case via IPv4; skylane also has
an AAAA record).  Moreover, the error messages from curl are confusing this
issue.

Thus, in reality, the "Expect: 100-continue" header appears to be confusing
SKS (during POSTs).

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

David Shaw
On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote:

> > Also, going back to the original problem, can you send me the output
> > when you try fetching a key with "--keyserver-options debug" set?
>
> OK, with --recv I see it falls back from v6 to v4, which is good, but it
> fails with --send:
>
>   %gpg --keyserver-options debug --keyserver keyserver.linux.it --send ...
>   gpg: sending key ... to hkp server keyserver.linux.it
>   Host:           keyserver.linux.it
>   Command:        SEND
>   gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add'
>   * About to connect() to keyserver.linux.it port 11371
>   *   Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host
>   * Undefined error: 0
>   *   Trying 62.94.26.10... * connected
>   * Connected to keyserver.linux.it (62.94.26.10) port 11371
>   > POST /pks/add HTTP/1.1
>   Host: keyserver.linux.it:11371
>   Accept: */*
>   Content-Length: 2246
>   Content-Type: application/x-www-form-urlencoded
>   Expect: 100-continue
>
>   < HTTP/1.1 100 Continue
>   * The requested URL returned error: 500
>   * Closing connection #0
>   gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host
>
> However, this seems to be specific to SKS.  My SKS log reports:
>
> 2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Scanf.Scan_failure("scanf: bad input at char number 8: looking for =, found %")
>
> so the connection is being made (in this case via IPv4; skylane also has
> an AAAA record).  Moreover, the error messages from curl are confusing this
> issue.
>
> Thus, in reality, the "Expect: 100-continue" header appears to be confusing
> SKS (during POSTs).

Hmm.  No really good way to fix that in GPG or curl since they can't
detect that a server is 1.0 without doing a GET first.  Curl, if I
recall, can correctly handle the case when the Continue header is not
supplied (it gives up after a while).

The problem here seems to need a SKS fix.  SKS needs to ignore HTTP
headers that it doesn't understand.  That's HTTP, anyway.

Terribly misleading error message from curl there.

David


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris
On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote:
> On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote:

> > Thus, in reality, the "Expect: 100-continue" header appears to be confusing
> > SKS (during POSTs).
 
> Hmm.  No really good way to fix that in GPG or curl since they can't
> detect that a server is 1.0 without doing a GET first.  Curl, if I

Disregard that.

It isn't the Expect: header, it was the [s]scanf.  This patch fixes it:

diff -u -r1.5 dbserver.ml
--- dbserver.ml
+++ dbserver.ml
@@ -415,8 +415,9 @@
   let request = Wserver.strip request in
   match request with
       "/pks/add" ->
- let keytext = Scanf.sscanf body "keytext=%s" (fun s -> s) in
+ let keytext = Scanf.sscanf body "keytext%s" (fun s -> s) in
  let keytext = Wserver.decode keytext in
+ let keytext = Str.string_after keytext 1 in
  let keys = Armor.decode_pubkey keytext in
  plerror 3 "Handling /pks/add for %d keys"
   (List.length keys);

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
As you can tell from the SKS keyserver, I'm no expert on HTTP.  Under what circumstances is the character in question an =, and in what case is it a %?  Are there any other possibilities?

y

On 8/5/05, Jason Harris <[hidden email]> wrote:
On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote:
> On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote:

> > Thus, in reality, the "Expect: 100-continue" header appears to be confusing
> > SKS (during POSTs).

> Hmm.  No really good way to fix that in GPG or curl since they can't
> detect that a server is 1.0 without doing a GET first.  Curl, if I

Disregard that.

It isn't the Expect: header, it was the [s]scanf.  This patch fixes it:

diff -u -r1.5 dbserver.ml
--- dbserver.ml
+++ dbserver.ml
@@ -415,8 +415,9 @@
          let request = Wserver.strip request in
          match request with
              "/pks/add" ->
-               let keytext = Scanf.sscanf body "keytext=%s" (fun s -> s) in
+               let keytext = Scanf.sscanf body "keytext%s" (fun s -> s) in
                let keytext = Wserver.decode keytext in
+               let keytext = Str.string_after keytext 1 in
                let keys = Armor.decode_pubkey keytext in
                plerror 3 "Handling /pks/add for %d keys"
                  (List.length keys);

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel





_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

David Shaw
In reply to this post by Jason Harris
On Fri, Aug 05, 2005 at 06:33:25AM -0400, Jason Harris wrote:

> On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote:
> > On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote:
>
> > > Thus, in reality, the "Expect: 100-continue" header appears to be confusing
> > > SKS (during POSTs).
>  
> > Hmm.  No really good way to fix that in GPG or curl since they can't
> > detect that a server is 1.0 without doing a GET first.  Curl, if I
>
> Disregard that.
>
> It isn't the Expect: header, it was the [s]scanf.  This patch fixes it:

Excellent.  Thanks, Jason.  I'm glad these little details are getting
fixed before the next GnuPG which uses curl by default.

David


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris
In reply to this post by Yaron Minsky
On Fri, Aug 05, 2005 at 07:56:50AM -0400, Yaron Minsky wrote:

> As you can tell from the SKS keyserver, I'm no expert on HTTP. Under what
> circumstances is the character in question an =, and in what case is it a %?

Before GPG+libcurl, nothing had been brought to our attention (for hex-
escaping the = sign).

> Are there any other possibilities?

Not by definition (of HKP).

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Peter Palfrader-2
In reply to this post by Yaron Minsky
On Fri, 05 Aug 2005, Yaron Minsky wrote:

> As you can tell from the SKS keyserver, I'm no expert on HTTP. Under what
> circumstances is the character in question an =, and in what case is it a %?
> Are there any other possibilities?

So, there are now quite a few patches again.  Do you plan to make a new
release any time soon?

Cheers,
Peter
--
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
I just committed a version of Jason's patch to my mainline tree.  Any other patches not there that people think worth of inclusion before I bless another release?

Yaron

On 8/6/05, Peter Palfrader <[hidden email]> wrote:
On Fri, 05 Aug 2005, Yaron Minsky wrote:

> As you can tell from the SKS keyserver, I'm no expert on HTTP. Under what
> circumstances is the character in question an =, and in what case is it a %?
> Are there any other possibilities?

So, there are now quite a few patches again.  Do you plan to make a new
release any time soon?

Cheers,
Peter
--
PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
http://www.palfrader.org/ |   `-    http://www.debian.org/


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris
On Mon, Aug 08, 2005 at 09:14:53PM -0400, Yaron Minsky wrote:

> I just committed a version of Jason's patch to my mainline tree. Any other
> patches not there that people think worth of inclusion before I bless
> another release?

First, don't forget the patch from:

  Date: Mon, 25 Apr 2005 15:44:42 -0400
  From: Jason Harris <[hidden email]>
  To: [hidden email]
  Subject: Re: [Sks-devel] keyserver.linux.it - Error parsing headers: no colon found
  Message-ID: <[hidden email]>

Second, [hidden email]--2004/sks--mainline--1.0--patch-40
probably doesn't work (or at least shouldn't).  The strings are
normally "keytext=" or "keytext%3D" (as currently hex-escaped by
GPG+libcurl).  The "3D" should (if not MUST) be removed from the input
to Armor.decode_pubkey().

NB:  I now see that pks hex-decodes the entire thing before doing its
(albeit case-insensitive) comparison with "keytext=" - this is probably
best for SKS too.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

David Shaw
On Tue, Aug 09, 2005 at 10:15:25AM -0400, Jason Harris wrote:

> On Mon, Aug 08, 2005 at 09:14:53PM -0400, Yaron Minsky wrote:
>
> > I just committed a version of Jason's patch to my mainline tree. Any other
> > patches not there that people think worth of inclusion before I bless
> > another release?
>
> First, don't forget the patch from:
>
>   Date: Mon, 25 Apr 2005 15:44:42 -0400
>   From: Jason Harris <[hidden email]>
>   To: [hidden email]
>   Subject: Re: [Sks-devel] keyserver.linux.it - Error parsing headers: no colon found
>   Message-ID: <[hidden email]>
>
> Second, [hidden email]--2004/sks--mainline--1.0--patch-40
> probably doesn't work (or at least shouldn't).  The strings are
> normally "keytext=" or "keytext%3D" (as currently hex-escaped by
> GPG+libcurl).  The "3D" should (if not MUST) be removed from the input
> to Armor.decode_pubkey().
>
> NB:  I now see that pks hex-decodes the entire thing before doing its
> (albeit case-insensitive) comparison with "keytext=" - this is probably
> best for SKS too.

Even more so, I believe that (while no program currently does this to
my knowledge), it is legal for the contents of keytext (i.e. the key
data itself) to be %-escaped as well.  Case insensitive is incorrect
though.  No harm in this case, but pksd shouldn't do that.

David


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
On 8/9/05, David Shaw <[hidden email]> wrote:
On Tue, Aug 09, 2005 at 10:15:25AM -0400, Jason Harris wrote:

> On Mon, Aug 08, 2005 at 09:14:53PM -0400, Yaron Minsky wrote:
>
> > I just committed a version of Jason's patch to my mainline tree. Any other
> > patches not there that people think worth of inclusion before I bless
> > another release?
>
> First, don't forget the patch from:
>
>   Date: Mon, 25 Apr 2005 15:44:42 -0400
>   From: Jason Harris <[hidden email]>
>   To: [hidden email]
>   Subject: Re: [Sks-devel] keyserver.linux.it - Error parsing headers: no colon found
>   Message-ID: <[hidden email]>
I'll dig this one out.

> Second, [hidden email]--2004/sks--mainline--1.0--patch-40
> probably doesn't work (or at least shouldn't).  The strings are
> normally "keytext=" or "keytext%3D" (as currently hex-escaped by
> GPG+libcurl).  The "3D" should (if not MUST) be removed from the input
> to Armor.decode_pubkey().

Got it.  I fixed it by just applying Wserver.decode to the whole of body before doing the rest.  Take a look at patch-41 and see if you like it better.

> NB:  I now see that pks hex-decodes the entire thing before doing its
> (albeit case-insensitive) comparison with "keytext=" - this is probably
> best for SKS too.

Even more so, I believe that (while no program currently does this to
my knowledge), it is legal for the contents of keytext (i.e. the key
data itself) to be %-escaped as well.  Case insensitive is incorrect
though.  No harm in this case, but pksd shouldn't do that.

David


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
Just added patch-42, which deals with the header-parsing issue that David mentioned.  Could a couple people try out the latest release and see if it seems OK?  If no one complains over the next few days, I will put out a new release.

Thanks for all the patches,
y

On 8/9/05, Yaron Minsky <[hidden email]> wrote:
On 8/9/05, David Shaw <[hidden email]> wrote:
On Tue, Aug 09, 2005 at 10:15:25AM -0400, Jason Harris wrote:

> On Mon, Aug 08, 2005 at 09:14:53PM -0400, Yaron Minsky wrote:
>
> > I just committed a version of Jason's patch to my mainline tree. Any other
> > patches not there that people think worth of inclusion before I bless
> > another release?
>
> First, don't forget the patch from:
>
>   Date: Mon, 25 Apr 2005 15:44:42 -0400
>   From: Jason Harris <[hidden email]>
>   To: [hidden email]
>   Subject: Re: [Sks-devel] <a href="http://keyserver.linux.it" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> keyserver.linux.it - Error parsing headers: no colon found
>   Message-ID: <[hidden email]>
I'll dig this one out.

> Second, [hidden email]--2004/sks--mainline--1.0--patch-40
> probably doesn't work (or at least shouldn't).  The strings are
> normally "keytext=" or "keytext%3D" (as currently hex-escaped by
> GPG+libcurl).  The "3D" should (if not MUST) be removed from the input
> to Armor.decode_pubkey().

Got it.  I fixed it by just applying Wserver.decode to the whole of body before doing the rest.  Take a look at patch-41 and see if you like it better.

> NB:  I now see that pks hex-decodes the entire thing before doing its
> (albeit case-insensitive) comparison with "keytext=" - this is probably
> best for SKS too.

Even more so, I believe that (while no program currently does this to
my knowledge), it is legal for the contents of keytext (i.e. the key
data itself) to be %-escaped as well.  Case insensitive is incorrect
though.  No harm in this case, but pksd shouldn't do that.

David


_______________________________________________
Sks-devel mailing list
[hidden email]
<a href="http://lists.nongnu.org/mailman/listinfo/sks-devel" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.nongnu.org/mailman/listinfo/sks-devel



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Dinko Korunic
On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:
> mentioned. Could a couple people try out the latest release and see if it
> seems OK? If no one complains over the next few days, I will put out a new

Seems to be working fine on pks.aaiedu.hr.

Cheers,
D.

--
NAME:Dinko.kreator.Korunic      NOTE:Standard.disclaimer.applies
URL:kreator.esa.fer.hr   IRC:kre   ICQ:16965294   PGP:0xea160d0b


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris
On Wed, Aug 10, 2005 at 10:53:35AM +0200, Dinko Korunic wrote:
> On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:

> > mentioned. Could a couple people try out the latest release and see if it
> > seems OK? If no one complains over the next few days, I will put out a new
>
> Seems to be working fine on pks.aaiedu.hr.

Are you sure?  Sending a key using GPG 1.4.2+libcurl to my (test) SKS
server with Yaron's latest patches now breaks with:

  Error handling request (POST,/pks/add,[+accept:*/*+content-length:45716+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Failure("Error while decoding ascii-armored key:  text terminated before reaching PGP public key header line")

Interestingly, gpg-1.4.3-cvs reports:

  gpgkeys: HTTP post error 22: Failed to connect to 2001:1868:205:1::100: Connection refused

(even though SKS confirms contact and generates the above error)
while gpg-1.4.2 reports:

  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Your server is also bouncing keys from gpg-1.4.2 and gpg-1.4.3-cvs:

  gpg: sending key ... to hkp server pks.aaiedu.hr
  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Both GPGs are linked with curl-7.14.0.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
The new patch behaves differently from Jason's original patch, as far as I can tell.  Jason's patch assumed the structure was "keytext=<key>" or "keytext%<key>".  My current uses Wserver.decode, which effectively requires either "keytext=<key>" or "keytext%3D<key>".  Which behavior is actually correct?

y

On 8/10/05, Jason Harris <[hidden email]> wrote:
On Wed, Aug 10, 2005 at 10:53:35AM +0200, Dinko Korunic wrote:
> On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:

> > mentioned. Could a couple people try out the latest release and see if it
> > seems OK? If no one complains over the next few days, I will put out a new
>
> Seems to be working fine on pks.aaiedu.hr.

Are you sure?  Sending a key using GPG 1.4.2+libcurl to my (test) SKS
server with Yaron's latest patches now breaks with:

  Error handling request (POST,/pks/add,[+accept:*/*+content-length:45716+content-type:application/x-www-form-urlencoded+expect:100-continue+host: skylane.kjsl.com:21371]): Failure("Error while decoding ascii-armored key:  text terminated before reaching PGP public key header line")

Interestingly, gpg-1.4.3-cvs reports:

  gpgkeys: HTTP post error 22: Failed to connect to 2001:1868:205:1::100: Connection refused

(even though SKS confirms contact and generates the above error)
while gpg-1.4.2 reports:

  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Your server is also bouncing keys from gpg-1.4.2 and gpg-1.4.3-cvs:

  gpg: sending key ... to hkp server pks.aaiedu.hr
  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Both GPGs are linked with curl-7.14.0.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel





_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Jason Harris
On Wed, Aug 10, 2005 at 08:45:02PM -0400, Yaron Minsky wrote:

> The new patch behaves differently from Jason's original patch, as far as I

Indeed!

Here is my latest patch:

- let keytext = Scanf.sscanf (Wserver.decode body) "keytext=%s" (fun s -> s) in
+ let keytext = Wserver.decode body in
+ let tosser = Scanf.sscanf keytext "keytext=" (fun s -> s) in
+ let keytext = Str.string_after keytext 8 in

Modify it at your own peril.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
In reply to this post by Jason Harris
I've put the server at sks.dnsalias.net back up (just the sks db, not the reconciliation server).  Could someone try it to see whether it fixes the gpg/curl bug described here?

y

On 8/10/05, Jason Harris <[hidden email]> wrote:
On Wed, Aug 10, 2005 at 10:53:35AM +0200, Dinko Korunic wrote:
> On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:

> > mentioned. Could a couple people try out the latest release and see if it
> > seems OK? If no one complains over the next few days, I will put out a new
>
> Seems to be working fine on pks.aaiedu.hr.

Are you sure?  Sending a key using GPG 1.4.2+libcurl to my (test) SKS
server with Yaron's latest patches now breaks with:

  Error handling request (POST,/pks/add,[+accept:*/*+content-length:45716+content-type:application/x-www-form-urlencoded+expect:100-continue+host: skylane.kjsl.com:21371]): Failure("Error while decoding ascii-armored key:  text terminated before reaching PGP public key header line")

Interestingly, gpg-1.4.3-cvs reports:

  gpgkeys: HTTP post error 22: Failed to connect to 2001:1868:205:1::100: Connection refused

(even though SKS confirms contact and generates the above error)
while gpg-1.4.2 reports:

  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Your server is also bouncing keys from gpg-1.4.2 and gpg-1.4.3-cvs:

  gpg: sending key ... to hkp server pks.aaiedu.hr
  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Both GPGs are linked with curl-7.14.0.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel





_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
I still haven't heard back.  Does the sks.dnsalias.net keyserver work with gpg+libcurl?  Has any one tried it?

y

On 8/13/05, Yaron Minsky <[hidden email]> wrote:
I've put the server at <a href="http://sks.dnsalias.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">sks.dnsalias.net back up (just the sks db, not the reconciliation server).  Could someone try it to see whether it fixes the gpg/curl bug described here?

y

On 8/10/05, Jason Harris <[hidden email]> wrote:
On Wed, Aug 10, 2005 at 10:53:35AM +0200, Dinko Korunic wrote:
> On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:

> > mentioned. Could a couple people try out the latest release and see if it
> > seems OK? If no one complains over the next few days, I will put out a new
>
> Seems to be working fine on <a href="http://pks.aaiedu.hr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> pks.aaiedu.hr.

Are you sure?  Sending a key using GPG 1.4.2+libcurl to my (test) SKS
server with Yaron's latest patches now breaks with:

  Error handling request (POST,/pks/add,[+accept:*/*+content-length:45716+content-type:application/x-www-form-urlencoded+expect:100-continue+host: <a href="http://skylane.kjsl.com:21371" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">skylane.kjsl.com:21371]): Failure("Error while decoding ascii-armored key:  text terminated before reaching PGP public key header line")

Interestingly, gpg-1.4.3-cvs reports:

  gpgkeys: HTTP post error 22: Failed to connect to 2001:1868:205:1::100: Connection refused

(even though SKS confirms contact and generates the above error)
while gpg-1.4.2 reports:

  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Your server is also bouncing keys from gpg-1.4.2 and gpg-1.4.3-cvs:

  gpg: sending key ... to hkp server <a href="http://pks.aaiedu.hr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">pks.aaiedu.hr
  gpgkeys: HTTP post error 22: The requested URL returned error: 500

Both GPGs are linked with curl-7.14.0.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  <a href="http://keyserver.kjsl.com/%7Ejharris/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004


_______________________________________________
Sks-devel mailing list
[hidden email]
<a href="http://lists.nongnu.org/mailman/listinfo/sks-devel" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.nongnu.org/mailman/listinfo/sks-devel






_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

David Shaw
I just tried it.  It does not work.

David

On Fri, Aug 19, 2005 at 09:22:27PM -0400, Yaron Minsky wrote:

> I still haven't heard back. Does the
> sks.dnsalias.net<http://sks.dnsalias.net>keyserver work with
> gpg+libcurl? Has any one tried it?
>
> y
>
> On 8/13/05, Yaron Minsky <[hidden email]> wrote:
> >
> > I've put the server at sks.dnsalias.net <http://sks.dnsalias.net> back up
> > (just the sks db, not the reconciliation server). Could someone try it to
> > see whether it fixes the gpg/curl bug described here?
> >
> > y
> >
> > On 8/10/05, Jason Harris <[hidden email]> wrote:
> >
> > > On Wed, Aug 10, 2005 at 10:53:35AM +0200, Dinko Korunic wrote:
> > > > On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:
> > >
> > > > > mentioned. Could a couple people try out the latest release and see
> > > if it
> > > > > seems OK? If no one complains over the next few days, I will put out
> > > a new
> > > >
> > > > Seems to be working fine on pks.aaiedu.hr <http://pks.aaiedu.hr>.
> > >
> > > Are you sure? Sending a key using GPG 1.4.2+libcurl to my (test) SKS
> > > server with Yaron's latest patches now breaks with:
> > >
> > > Error handling request
> > > (POST,/pks/add,[+accept:*/*+content-length:45716+content-type:application/x-www-form-urlencoded+expect:100-continue+host:
> > > skylane.kjsl.com:21371 <http://skylane.kjsl.com:21371>]): Failure("Error
> > > while decoding ascii-armored key: text terminated before reaching PGP public
> > > key header line")
> > >
> > > Interestingly, gpg-1.4.3-cvs reports:
> > >
> > > gpgkeys: HTTP post error 22: Failed to connect to 2001:1868:205:1::100:
> > > Connection refused
> > >
> > > (even though SKS confirms contact and generates the above error)
> > > while gpg-1.4.2 reports:
> > >
> > > gpgkeys: HTTP post error 22: The requested URL returned error: 500
> > >
> > > Your server is also bouncing keys from gpg-1.4.2 and gpg-1.4.3-cvs:
> > >
> > > gpg: sending key ... to hkp server pks.aaiedu.hr <http://pks.aaiedu.hr>
> > > gpgkeys: HTTP post error 22: The requested URL returned error: 500
> > >
> > > Both GPGs are linked with curl-7.14.0.
> > >
> > > --
> > > Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
> > > [hidden email] _|_ web: http://keyserver.kjsl.com/~jharris/<http://keyserver.kjsl.com/%7Ejharris/>
> > > Got photons? (TM), (C) 2004
> > >
> > >
> > > _______________________________________________
> > > Sks-devel mailing list
> > > [hidden email]
> > > http://lists.nongnu.org/mailman/listinfo/sks-devel 
> > >
> > >
> > >
> > >
> >

> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> http://lists.nongnu.org/mailman/listinfo/sks-devel



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Yaron Minsky
On 8/19/05, David Shaw <[hidden email]> wrote:
I just tried it.  It does not work.

Harumph.  So I'm just confused.  Here's the code in the current version:

          match request with
              "/pks/add" ->
                let keytext = Scanf.sscanf (Wserver.decode body) "keytext=%s" (fun s -> s) in
                let keys = Armor.decode_pubkey keytext in
 
This looks right to me.  It handles "keytext=<some string>" as well as "keytext%3D<some string>".  Jason's first patch seemed to handle the cases "keytext=<some string>" and "keytext%<some string>".  Jason later proposed the following patch:

              let keytext = Wserver.decode body in
              let tosser = Scanf.sscanf keytext "keytext=" (fun s -> s) in
              let keytext = Str.string_after keytext 8 in

Which seems like the same thing as  my most recent patch.  So what's the right behavior?  Can someone explain to me what I'm doing wrong?

Confusedly,
Ron

David

On Fri, Aug 19, 2005 at 09:22:27PM -0400, Yaron Minsky wrote:
> I still haven't heard back. Does the
> sks.dnsalias.net<http://sks.dnsalias.net>keyserver work with
> gpg+libcurl? Has any one tried it?
>
> y
>
> On 8/13/05, Yaron Minsky <[hidden email]> wrote:

> >
> > I've put the server at sks.dnsalias.net < http://sks.dnsalias.net> back up
> > (just the sks db, not the reconciliation server). Could someone try it to
> > see whether it fixes the gpg/curl bug described here?
> >
> > y
> >
> > On 8/10/05, Jason Harris <[hidden email]> wrote:
> >
> > > On Wed, Aug 10, 2005 at 10:53:35AM +0200, Dinko Korunic wrote:
> > > > On Tue, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote:
> > >
> > > > > mentioned. Could a couple people try out the latest release and see
> > > if it
> > > > > seems OK? If no one complains over the next few days, I will put out
> > > a new
> > > >
> > > > Seems to be working fine on pks.aaiedu.hr <http://pks.aaiedu.hr>.
> > >
> > > Are you sure? Sending a key using GPG 1.4.2+libcurl to my (test) SKS
> > > server with Yaron's latest patches now breaks with:
> > >
> > > Error handling request
> > > (POST,/pks/add,[+accept:*/*+content-length:45716+content-type:application/x-www-form-urlencoded+expect:100-continue+host:
> > > skylane.kjsl.com:21371 <http://skylane.kjsl.com:21371>]): Failure("Error
> > > while decoding ascii-armored key: text terminated before reaching PGP public
> > > key header line")
> > >
> > > Interestingly, gpg-1.4.3-cvs reports:
> > >
> > > gpgkeys: HTTP post error 22: Failed to connect to 2001:1868:205:1::100:
> > > Connection refused
> > >
> > > (even though SKS confirms contact and generates the above error)
> > > while gpg-1.4.2 reports:
> > >
> > > gpgkeys: HTTP post error 22: The requested URL returned error: 500
> > >
> > > Your server is also bouncing keys from gpg-1.4.2 and gpg-1.4.3-cvs:
> > >
> > > gpg: sending key ... to hkp server pks.aaiedu.hr <http://pks.aaiedu.hr>
> > > gpgkeys: HTTP post error 22: The requested URL returned error: 500
> > >
> > > Both GPGs are linked with curl-7.14.0 .
> > >
> > > --
> > > Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
> > > [hidden email] _|_ web: http://keyserver.kjsl.com/~jharris/<http://keyserver.kjsl.com/%7Ejharris/>
> > > Got photons? (TM), (C) 2004
> > >
> > >
> > > _______________________________________________
> > > Sks-devel mailing list
> > > [hidden email]
> > > http://lists.nongnu.org/mailman/listinfo/sks-devel
> > >
> > >
> > >
> > >
> >

> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> http://lists.nongnu.org/mailman/listinfo/sks-devel



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
12