GnuTLS 2.3.14 - third release candidate for 2.4.0

Daniel Kahn Gillmor dkg at
Thu Jun 12 16:46:59 CEST 2008

On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:

> * Version 2.3.14 (released 2008-06-11)
> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
> An OpenPGP certificate is now only considered verified if all the user
> IDs are verified.

I've tested this change against Andreas Metzler's debian packaging of
2.3.14, and it looks correct.  A single unverifiable User ID on the
certificate causes verification failure.  This "fail closed" behavior
is significantly better than the earlier "fail open" behavior.

Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
certificate verification, where irrelevant unverified UserIDs don't
cause a failure.

Thanks for all the work on this,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20080612/d80a50af/attachment.pgp>

More information about the Gnutls-devel mailing list