[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
From: |
Simon Josefsson |
Subject: |
Re: GnuTLS 2.3.12 - second release candidate for 2.4.0 |
Date: |
Mon, 09 Jun 2008 08:47:38 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
Daniel Kahn Gillmor <address@hidden> writes:
> On Sun 2008-06-08 04:58:30 -0400, Nikos Mavrogiannopoulos wrote:
>
>> Simon Josefsson wrote:
>>> This the second release candidate for 2.4.0. Anything that doesn't live
>>> up to the expectations on a stable release should be reported before
>>> this turns into the real 2.4.0. We hope to release 2.4.0 within a week
>>> or two.
>>>
>>> The goals for the 2.3.x branch are tracked at:
>>>
>>> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
>>
>> The last open issue with this release has now been solved in the
>> repository (issue being the OpenPGP certificate verification).
>
> It's not clear to me if you mean that this should be resolved in
> 2.3.12, or after 2.3.12, Nikos. It looks to me like it has *not* been
> resolved in 2.3.12 yet. In particular, it appears to fail open: when
> one userid is verified, it treats them all as verified, even User IDs
> that have no certifications other than self-signatures.
Actually, it should only be fixed after 2.3.13, but it seems the daily
builds for trunk has stopped working some time ago -- I'll try to fix
that.
> When i run the tests from
> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
> against the 2.3.12 packages in debian experimental, i get the
> following output:
>
> [0 address@hidden openpgp-certs]$ ./testcerts
> Set static Diffie Hellman parameters, consider --dhparams.
> Echo Server ready. Listening to port '12345'.
>
> Failure: Connection to unverified (but present) 'localhost' should have
> failed!
> Exiting via signal 15
> Set static Diffie Hellman parameters, consider --dhparams.
> Echo Server ready. Listening to port '12345'.
>
> Failure: Connection to unverified IP address should have failed! (error code
> 0)
> Exiting via signal 15
> [1 address@hidden openpgp-certs]$
I'll do a 2.3.14 release so that you can confirm that this has been
fixed.
Thanks,
Simon
- GnuTLS 2.3.12 - second release candidate for 2.4.0, Simon Josefsson, 2008/06/07
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Frank Mertens, 2008/06/08
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Nikos Mavrogiannopoulos, 2008/06/08
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Daniel Kahn Gillmor, 2008/06/08
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0,
Simon Josefsson <=
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Nikos Mavrogiannopoulos, 2008/06/09
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Daniel Kahn Gillmor, 2008/06/09
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Simon Josefsson, 2008/06/10
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Nikos Mavrogiannopoulos, 2008/06/10
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Simon Josefsson, 2008/06/10