GnuTLS 2.3.14 - third release candidate for 2.4.0

Simon Josefsson simon at
Sun Jun 15 23:03:27 CEST 2008

Daniel Kahn Gillmor <dkg at> writes:

> On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:
>> * Version 2.3.14 (released 2008-06-11)
>> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
>> An OpenPGP certificate is now only considered verified if all the user
>> IDs are verified.
> I've tested this change against Andreas Metzler's debian packaging of
> 2.3.14, and it looks correct.  A single unverifiable User ID on the
> certificate causes verification failure.  This "fail closed" behavior
> is significantly better than the earlier "fail open" behavior.
> Thanks!
> Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
> certificate verification, where irrelevant unverified UserIDs don't
> cause a failure.
> Thanks for all the work on this,

Great.  Thanks for confirming the status.  I think we are ready for
2.4.0, but I'll do another release candidate now to make sure.


More information about the Gnutls-devel mailing list