Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache i

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache i

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net"
Date:	Fri, 08 Nov 2013 23:06:31 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/08/2013 09:33 PM, Nat Howard wrote:

...

> 
> P.S. I noticed that some of you in the "hkps green zone" on the
> status page *also* don't have this working (I won't name names!).
> In fact, almost all of the ones I tried didn't have this working
> (Yes, I changed the https name as appropriate in the curl command).
> However congratulations to keys.sflc.info --

In curl the SNI isn't directly interprented from the Host name by
default, I'm using a patch available at [0] for this to happen. The
proper curl protocol to override the hostname is to use curl_resolve
for this, making it somewhat more difficult to debug. But in this case
I'm testing for hostname of hkps.pool.sks-keyservers.net directly,
which is why it works for PGP clients.

[0]
https://bitbucket.org/kristianf/portage-user-patches/src/d40e0f3634ed0f4c2fc4237d364f387f6ddf3f9d/patches/net-misc/curl/01_http_host_sni.patch?at=default


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Nunc aut numquam
Now or never
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSfWBnAAoJEAt/i2Dj7frjO1cP/ApIlAcoQpRL4WvkisN0JeG/
RzDSwKnGpZpsoWaVc50kXKp6UzTfg8opJeN1gypHe2w5otDz66YEJsRS4Bx9EUDw
SBCgNfEW3OHz/bEhtp1A1ytyFzznhy/plJUGorEkW+bdAdLrDmzWtDMlSp1gZKil
C2NJuX4wtErUIodheH68b1x4rHwBS0ehVKGHGnj37sJRkYJwSH3/qFlIg1aA5Wsc
OEnJ+SDJPJaoMyzIMq0XJKgZ6yRdu2DuUhM5g8BCMEelbXaiYQq13NM6BBTuGhqV
GboJNXlbRFIclHYFUYsv8le3Io8u4npd7AGo0x6/iPgNSOP0b3F0W2nwEEM2ofBU
uP7HX91CW6JnbDgBf4FG83A8r9+Yh+XNTzZgDMCavBAzff/wn3a5L2KJM5PD/piz
wRPYn3x3gvQYAbj38wmJyKgqwxZ+xrqN/Gr/EmMJXLkP3Q9Xzluzz0unipifvyTU
V8VJgoVxnthbKSLAC0vfNPzA6DZf5s0NCoTcfEGVluQd1VHreG/zlsoyEZ4jdapP
5XObi+X0IdO0Mi7E0pLLc5z+IQ4OXwxhKfYMmpJeiZ5XHAXr8MgvLqevO12JGffH
OjmVBQjemHBlD76WX8IyFqHlWCsUpJs+MwHV+X4/ZAmfSRqan0bvQ3kf4vNrnzhq
SazPmtertaoh2xo8Ni6S
=KPcQ
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net", Nat Howard, 2013/11/08
- Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net", Kristian Fiskerstrand <=
- Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net", Daniel Kahn Gillmor, 2013/11/08
  - Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net", Nat Howard, 2013/11/08
- Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net", Clint Adams, 2013/11/09

Prev by Date: Re: [Sks-devel] Peering request
Next by Date: Re: [Sks-devel] Seeking peers for pgp.ohai.su
Previous by thread: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net"
Next by thread: Re: [Sks-devel] pain of joining hkps -- reverse proxy config in apache issue with "hkps.pool.sks-keyservers.net"
Index(es):
- Date
- Thread