[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
From: |
Simon Josefsson |
Subject: |
Re: GnuTLS 2.3.12 - second release candidate for 2.4.0 |
Date: |
Tue, 10 Jun 2008 12:55:44 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
"Nikos Mavrogiannopoulos" <address@hidden> writes:
> On Mon, Jun 9, 2008 at 12:57 AM, Daniel Kahn Gillmor
> <address@hidden> wrote:
>
>> It's not clear to me if you mean that this should be resolved in
>> 2.3.12, or after 2.3.12, Nikos. It looks to me like it has *not* been
>> resolved in 2.3.12 yet. In particular, it appears to fail open: when
>> one userid is verified, it treats them all as verified, even User IDs
>> that have no certifications other than self-signatures.
>
>> When i run the tests from
>> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
>> against the 2.3.12 packages in debian experimental, i get the
>> following output:
>
> Hello Daniel!
> I was talking about a recent commit in the git repository. I've also
> modified your tests to check the gnutls behaviour (as it is now both
> of your tests should fail). The new behaviour is to consider not
> verified all openpgp keys that have at least one unsigned by a trusted
> party user id.
Nikos, the self-test doesn't seem to work, see below.
/Simon
make[1]: Entering directory `/home/jas/src/gnutls/tests/openpgp-certs'
+ srcdir=.
+ SERV='../../src/gnutls-serv -q'
+ CLI=../../src/gnutls-cli
+ unset RETCODE
+ echo 'Checking OpenPGP certificate verification'
Checking OpenPGP certificate verification
+ ../../src/gnutls-serv -q -p 5556 --pgpcertfile
./srv-public-127.0.0.1-signed.gpg --pgpkeyfile ./srv-secret.gpg
+ sleep 2
+ ../../src/gnutls-cli -p 5556 127.0.0.2 --pgpkeyring ./ca-public.gpg
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
+ ../../src/gnutls-cli -p 5556 localhost --pgpkeyring ./ca-public.gpg
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
+ kill %1
+ wait
+ ../../src/gnutls-serv -q -p 5556 --pgpcertfile
./srv-public-localhost-signed.gpg --pgpkeyfile ./srv-secret.gpg
+ sleep 2
+ echo
+ ../../src/gnutls-cli -p 5556 127.0.0.1 --pgpkeyring ./ca-public.gpg
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
+ ../../src/gnutls-cli -p 5556 127.0.0.2 --pgpkeyring ./ca-public.gpg
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
+ kill %1
+ wait
+ ../../src/gnutls-serv -q -p 5556 --pgpcertfile ./srv-public-all-signed.gpg
--pgpkeyfile ./srv-secret.gpg
+ sleep 2
+ echo
+ ../../src/gnutls-cli -p 5556 127.0.0.1 --pgpkeyring ./ca-public.gpg
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
+ fail 'Connection to signed PGP certificate should have succeeded! (error code
1)' 1
+ echo 'Failure: Connection to signed PGP certificate should have succeeded!
(error code 1)'
Failure: Connection to signed PGP certificate should have succeeded! (error
code 1)
+ RETCODE=1
+ ../../src/gnutls-cli -p 5556 127.0.0.2 --pgpkeyring ./ca-public.gpg
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
+ kill %1
+ wait
+ exit 1
FAIL: testcerts
===================================
1 of 1 tests failed
Please report to address@hidden
===================================
make[1]: *** [check-TESTS] Error 1
make[1]: Leaving directory `/home/jas/src/gnutls/tests/openpgp-certs'
make: *** [check-am] Error 2
address@hidden:~/src/gnutls/tests/openpgp-certs$
- GnuTLS 2.3.12 - second release candidate for 2.4.0, Simon Josefsson, 2008/06/07
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Frank Mertens, 2008/06/08
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Nikos Mavrogiannopoulos, 2008/06/08
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Daniel Kahn Gillmor, 2008/06/08
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Simon Josefsson, 2008/06/09
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Nikos Mavrogiannopoulos, 2008/06/09
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Daniel Kahn Gillmor, 2008/06/09
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0,
Simon Josefsson <=
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Nikos Mavrogiannopoulos, 2008/06/10
- Re: GnuTLS 2.3.12 - second release candidate for 2.4.0, Simon Josefsson, 2008/06/10