Apache
------
By default, breaks all clients which use a real libcurl, blocking their
ability to POST (--send-key) to the server. The clients set an "Expect:
100-continue" HTTP/1.1 header and unfortunately Apache actually
implements the part of the HTTP specification (RFC2616) which says that
a HTTP/1.1 proxy should issue a "417 Expectation Failed" response if it
would pass onto an HTTP/1.0 server.
I strongly suspect that this:
RequestHeader unset Expect early
will fix Apache configurations, but need someone using Apache to confirm
it. You also need the mod_headers module loaded. The version in the
wiki wraps that in an IfModule guard, but we should look at making sure
that works and then encourage people to make it a hard failure if the
directive is not available.
You can test the fix by using a GnuPG built against libcurl (*not*
curl-shim) and try to --send-key your own key to your keyserver:
gpg2 -v --keyserver-options verbose,debug --keyserver YOURSERVER --send-key
YOURKEY
This currently fails reproducibly, every time, for an Apache server. If
it stops failing with the "RequestHeader unset Expect early" directive,
you know you've fixed it. Please let us know if this works or not!
Feedback is needed.