8 Jun 23:57
Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
From: Daniel Kahn Gillmor <dkg-debian.org <at> fifthhorseman.net>
Subject: Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel
Date: 2008-06-08 21:57:16 GMT
Subject: Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel
Date: 2008-06-08 21:57:16 GMT
On Sun 2008-06-08 04:58:30 -0400, Nikos Mavrogiannopoulos wrote: > Simon Josefsson wrote: >> This the second release candidate for 2.4.0. Anything that doesn't live >> up to the expectations on a stable release should be reported before >> this turns into the real 2.4.0. We hope to release 2.4.0 within a week >> or two. >> >> The goals for the 2.3.x branch are tracked at: >> >> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4 > > The last open issue with this release has now been solved in the > repository (issue being the OpenPGP certificate verification). It's not clear to me if you mean that this should be resolved in 2.3.12, or after 2.3.12, Nikos. It looks to me like it has *not* been resolved in 2.3.12 yet. In particular, it appears to fail open: when one userid is verified, it treats them all as verified, even User IDs that have no certifications other than self-signatures. When i run the tests from http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz against the 2.3.12 packages in debian experimental, i get the following output: [0 dkg <at> squeak openpgp-certs]$ ./testcerts Set static Diffie Hellman parameters, consider --dhparams. Echo Server ready. Listening to port '12345'. Failure: Connection to unverified (but present) 'localhost' should have failed! Exiting via signal 15 Set static Diffie Hellman parameters, consider --dhparams. Echo Server ready. Listening to port '12345'. Failure: Connection to unverified IP address should have failed! (error code 0) Exiting via signal 15 [1 dkg <at> squeak openpgp-certs]$ --dkg
RSS Feed