GnuTLS 2.3.14 - third release candidate for 2.4.0
Simon Josefsson
simon at josefsson.org
Sun Jun 15 23:03:27 CEST 2008
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:
>
>> * Version 2.3.14 (released 2008-06-11)
>>
>> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
>> An OpenPGP certificate is now only considered verified if all the user
>> IDs are verified.
>
> I've tested this change against Andreas Metzler's debian packaging of
> 2.3.14, and it looks correct. A single unverifiable User ID on the
> certificate causes verification failure. This "fail closed" behavior
> is significantly better than the earlier "fail open" behavior.
> Thanks!
>
> Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
> certificate verification, where irrelevant unverified UserIDs don't
> cause a failure.
>
> Thanks for all the work on this,
Great. Thanks for confirming the status. I think we are ready for
2.4.0, but I'll do another release candidate now to make sure.
/Simon
More information about the Gnutls-devel
mailing list