GnuTLS 2.3.12 - second release candidate for 2.4.0

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Sun Jun 8 23:57:16 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun 2008-06-08 04:58:30 -0400, Nikos Mavrogiannopoulos wrote:

> Simon Josefsson wrote:
>> This the second release candidate for 2.4.0.  Anything that doesn't live
>> up to the expectations on a stable release should be reported before
>> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
>> or two.
>> 
>> The goals for the 2.3.x branch are tracked at:
>> 
>> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
>
> The last open issue with this release has now been solved in the
> repository (issue being the OpenPGP certificate verification).

It's not clear to me if you mean that this should be resolved in
2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
resolved in 2.3.12 yet.  In particular, it appears to fail open: when
one userid is verified, it treats them all as verified, even User IDs
that have no certifications other than self-signatures.

When i run the tests from
http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
against the 2.3.12 packages in debian experimental, i get the
following output:

[0 dkg at squeak openpgp-certs]$ ./testcerts 
Set static Diffie Hellman parameters, consider --dhparams.
Echo Server ready. Listening to port '12345'.

Failure: Connection to unverified (but present) 'localhost' should have failed!
Exiting via signal 15
Set static Diffie Hellman parameters, consider --dhparams.
Echo Server ready. Listening to port '12345'.

Failure: Connection to unverified IP address should have failed! (error code 0)
Exiting via signal 15
[1 dkg at squeak openpgp-certs]$ 


   --dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBSExVwszS7ZTSFznpAQKSHQ/8Do0CLciHXS70M2Qf5eeqJO75iC2+PONP
ZZN77ikf5EvXrFo855hzt8FnlIh28rW+fUEOBaYbQZXAimFZvD+Ro6ERPGPYmoOt
ICuUtmc3t5rcuKT9b9gmnk0QaRyzTN1caCERa5pSTO9xGJKpE/qWjnZ3bSMZ+xAS
Tbx8il6MMB4Vdx8x8qJQkB+x3QnbOI3K4si0AXhpv9VmcuJjL+6YSwtApS394YKe
f0ebrjkVm+3YMjoge5EstW0hY5kCJsElLrfxUQeMtvoaulovQoKH7kZhTxuzMGk2
zQXgX93VMZdOA6tbQkX646dQalyXm2d/NHWunBSgocy9yTNKu7inbrDFG0vFQ0j6
B/3nOmLeLjMobAQspq6va8benezeSEIeSmVrcOli8wSnERToUDTydz9FNBnEkRic
vVXamMjH03S/HtmJn1HRAAxiQtAiyu+G68LVr7cCi7Ctanu463e7DajGrts8lk4k
Wr2hZ7IQ++cj/5GJaT19fGeFaBSwrae7rq25COeX4+UOfjJwgbMGtmqkTQv/1XzM
EkkCKjiZ0lwFELmibLni+wg2SpEQdNd8f2WQ/yV4Aj4nqY5e8LojNF2g2Ra5MtPY
ehUbPUjRyFsOO0Y+s4gIBo/EhaTFhOqv/sOg8QDenYwAvG57/fCvObGORYcULIHE
w1CHGL0ogbU=
=Nzgk
-----END PGP SIGNATURE-----





More information about the Gnutls-devel mailing list