From owner-freebsd-questions@freebsd.org Tue Feb 23 15:30:38 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38BC2AB1B2F for ; Tue, 23 Feb 2016 15:30:38 +0000 (UTC) (envelope-from jmire@lsuhsc.edu) Received: from exchipmx01.lsuhsc.edu (exchipmx01.lsuhsc.edu [155.58.210.27]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "exchipmx01.lsuhsc.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B52251748 for ; Tue, 23 Feb 2016 15:30:37 +0000 (UTC) (envelope-from jmire@lsuhsc.edu) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2CFAgBSesxWihYNOptegm6BHm0GvFcXAQWFEV8CgUM8EAEBAQEBAQERAQEBFRIhJAuEQwUnBl4BFRVWJgEEEwiIEwUJnhaaVQFDgyoBAQEHAQEBAQEBAQEYhhOIVhgNgjsLQBiBDwWHU4VXgTGIKAQBhVaJY0qHEoU5hXKIVzeCP4FQagGHO30BAQE X-IPAS-Result: A2CFAgBSesxWihYNOptegm6BHm0GvFcXAQWFEV8CgUM8EAEBAQEBAQERAQEBFRIhJAuEQwUnBl4BFRVWJgEEEwiIEwUJnhaaVQFDgyoBAQEHAQEBAQEBAQEYhhOIVhgNgjsLQBiBDwWHU4VXgTGIKAQBhVaJY0qHEoU5hXKIVzeCP4FQagGHO30BAQE Received: from unknown (HELO exchmr02.lsuhsc.edu) ([155.58.13.22]) by exchipmx01.lsuhsc.edu with ESMTP/TLS/AES256-SHA; 23 Feb 2016 09:29:24 -0600 Received: from exchmr02.lsuhsc.edu (155.58.13.22) by exchmr02.lsuhsc.edu (155.58.13.22) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 23 Feb 2016 09:29:24 -0600 Received: from SH-EXCHHUB1.master.lsuhsc.edu (155.58.112.71) by exchmr02.lsuhsc.edu (155.58.13.22) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Tue, 23 Feb 2016 09:29:24 -0600 Received: from SH-EXCHMB2.master.lsuhsc.edu ([169.254.2.39]) by SH-ExchHub1.master.lsuhsc.edu ([155.58.112.71]) with mapi id 14.03.0248.002; Tue, 23 Feb 2016 09:28:03 -0600 From: "Mire, John" To: "freebsd-questions@freebsd.org" Subject: GnuPG(2.1.11) update problems Thread-Topic: GnuPG(2.1.11) update problems Thread-Index: AdFuRpFsuVVdakrRSSakJOwdCHuo+A== Date: Tue, 23 Feb 2016 15:28:20 +0000 Message-ID: <0B62814C161EBA4BB69C995965D04C7070D6667D@SH-ExchMB2.master.lsuhsc.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.18.10.7] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Feb 2016 15:30:38 -0000 Running FreeBSD 10.2-RELEASE-p12 #1 r295138 IPv4 connectivity only NO IPv6 Updated (GnuPG) 2.0.29 --> (GnuPG) 2.1.11 from ports Modified ~/.gnupg/gpg.conf as follows: ## ## gpg.conf ## no-greeting comment "" default-key 500026E6 default-recipient-self force-v3-sigs charset utf-8 keyserver hkp://hkps.pool.sks-keyservers.net #moved options to #keyserver-options ca-cert-file=3D/usr/local/share/gnupg/certs/sks-keyserve= rs.netCA.pem #keyserver-options ca-cert-path=3D/usr/local/share/gnupg/certs use-agent utf8-strings personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5= ZLIB BZIP2 ZIP Uncompressed ##EOF Added ~/.gnupg/dirmngr.conf as follows: ## ## dirmngr.conf ## #keyserver hkp://jirk5u4osbsr34t5.onion keyserver hkps://hkps.pool.sks-keyservers.net # --hkp-cacert FILENAME # # For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to # know the root certificates for verification of the TLS certificates # used for the connection. Enter the full name of a file with the # root certificates here. If that file is in PEM format a ".pem" # suffix is expected. This option may be given multiple times to add # more root certificates. Tilde expansion is supported. hkp-cacert /etc/ssl/sks-keyservers.netCA.pem hkp-cacert /etc/ssl/cert.pem ##EOF GnuPG(1.4.20) works fine with just HKP : % gpg --search-keys 0x500026E6 gpg: searching for "0x500026E6" from hkp server hkps.pool.sks-keyservers.ne= t (1) John Mire 4096 bit RSA key 500026E6, created: 2011-09-11 Keys 1-1 of 1 for "0x500026E6". Enter number(s), N)ext, or Q)uit > q GnuPG(2.1.11) gives the following: % gpg2 --search-keys 0x500026E6 gpg: error searching keyserver: No route to host gpg: keyserver search failed: No route to host closer examination of dirmngr unless it decides to use an IPv6 server address, it can resolve: % dirmngr dirmngr[61610.0]: permanently loaded certificates: 0 dirmngr[61610.0]: runtime cached certificates: 0 # Home: ~/.gnupg # Config: /home/jmire/.gnupg/dirmngr.conf OK Dirmngr 2.1.11 at your service ks_search 0x500026E6 dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4c= kbone.de' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks= .spodhuis.org' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key= server.nbg-ha.de' S PROGRESS tick ? 0 0 dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[20= 01:ba8:1f1:f2d4::2]' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[26= 04:a880:800:10::163:b001]' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bon= e.digitalis.org' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf= u.ki.iif.hu' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a= 00:1280:8000:4::3]' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'zim= merman.mayfirst.org' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key= s02.fedoraproject.org' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks= .spodhuis.org' [already known] dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key= server.nbg-ha.de' [already known] dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf= u.ki.iif.hu' [already known] S PROGRESS tick ? 0 0 dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'kro= necker.scientia.net' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'mx1= .adeti.org' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ote= iza.siccegge.de' dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cry= ptonomicon.mit.edu' dirmngr[61610.0]: can't connect to 'oteiza.siccegge.de': no IP address for = host dirmngr[61610.0]: error connecting to 'https://oteiza.siccegge.de:443': Unk= nown host dirmngr[61610.0]: marking host 'oteiza.siccegge.de' as dead S PROGRESS tick ? 0 0 S SOURCE https://cryptonomicon.mit.edu:443 D info:1:1%0Apub:2F69495FFA0850CDD83771E0E3DF4A51500026E6:1:4096:1315778755= ::%0Auid:John Mire :1315778755::%0A%0D%0A OK ks_search 0x4F25E3B6 S PROGRESS tick ? 0 0 S SOURCE https://cryptonomicon.mit.edu:443 D info:1:1%0Apub:D8692123C4065DEA5E0F3AB5249B39D24F25E3B6:1:2048:1294830465= :1577790083:%0Auid:Werner Koch (dist sig):1294830465::%0A%0D%0A OK Bye % dirmngr dirmngr[62413.0]: permanently loaded certificates: 0 dirmngr[62413.0]: runtime cached certificates: 0 # Home: ~/.gnupg # Config: /home/jmire/.gnupg/dirmngr.conf OK Dirmngr 2.1.11 at your service ks_search jmire dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyse= rvers.net': 'b4ckbone.de' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[20= 01:ba8:1f1:f2d4::2]' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'a.k= eyserver.pki.scientia.net' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a= 01:4a0:59:1000:223:9eff:fe00:100f]' S PROGRESS tick ? 0 0 dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bon= e.digitalis.org' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf= u.ki.iif.hu' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[20= 01:41d0:8:1856::1:1]' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'pro= d00.keyserver.dca.witopia.net' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bon= e.digitalis.org' [already known] dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ip-= 209-135-211-141.ragingwire.net' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4c= kbone.de' [already known] dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'kro= necker.scientia.net' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cry= ptonomicon.mit.edu' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks= .srv.dumain.com' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ote= iza.siccegge.de' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key= s02.fedoraproject.org' dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf= u.ki.iif.hu' [already known] dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'mx1= .adeti.org' dirmngr[62413.0]: can't connect to '2a01:4a0:59:1000:223:9eff:fe00:100f': N= o route to host dirmngr[62413.0]: error connecting to 'https://[2a01:4a0:59:1000:223:9eff:f= e00:100f]:443': No route to host dirmngr[62413.0]: command 'KS_SEARCH' failed: No route to host ERR 167804970 No route to host How can I let dirmngr know that IPv6 isn't available???