headers
Simon Josefsson | 7 Jun 22:09

GnuTLS 2.3.12 - second release candidate for 2.4.0

This the second release candidate for 2.4.0.  Anything that doesn't live
up to the expectations on a stable release should be reported before
this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
or two.

The goals for the 2.3.x branch are tracked at:

http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4

Alas, the spammers have found our trac site so it is almost useless. :(
Hopefully I can move it to another host soon...  Is anyone interested in
helping to admin it?  Can anyone sponsor a VPS to run this on?  Help!

More ideas are welcome, just create a new ticket.

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.3.13.tar.bz2
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.3.13.tar.bz2

Here is the Windows binaries:
  http://josefsson.org/gnutls4win/gnutls-2.3.13.exe
  http://josefsson.org/gnutls4win/gnutls-2.3.13.zip

Thanks to Enrico Tassi, we also have mingw32 *.deb's available:
  http://josefsson.org/gnutls4win/mingw32-gnutls_2.3.13-1_all.deb

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
(Continue reading)

Permalink | Reply |
headers
Frank Mertens | 8 Jun 08:11

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

Simon Josefsson wrote:
> This the second release candidate for 2.4.0.  Anything that doesn't live
> up to the expectations on a stable release should be reported before
> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
> or two.
> 
> The goals for the 2.3.x branch are tracked at:
> 
> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
> 
> Alas, the spammers have found our trac site so it is almost useless. :(
> Hopefully I can move it to another host soon...  Is anyone interested in
> helping to admin it?  Can anyone sponsor a VPS to run this on?  Help!
> 

What about redmine? My wife told me she would setup a redmine plus
akismet spam filtering for my new project. Would be a honor for
us to also host gnutls. We are using a Xen-based virtual server on
gandi.net.

Frank
--
Permalink | Reply |
headers
Simon Josefsson | 9 Jun 08:50

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

Frank Mertens <frank <at> cyblogic.de> writes:

> Simon Josefsson wrote:
>> This the second release candidate for 2.4.0.  Anything that doesn't live
>> up to the expectations on a stable release should be reported before
>> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
>> or two.
>>
>> The goals for the 2.3.x branch are tracked at:
>>
>> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
>>
>> Alas, the spammers have found our trac site so it is almost useless. :(
>> Hopefully I can move it to another host soon...  Is anyone interested in
>> helping to admin it?  Can anyone sponsor a VPS to run this on?  Help!
>>
>
> What about redmine? My wife told me she would setup a redmine plus
> akismet spam filtering for my new project. Would be a honor for
> us to also host gnutls. We are using a Xen-based virtual server on
> gandi.net.

Thanks for offering!  I have not used redmine...  I'll take a look.  If
others have thoughts about it, that would be appreciated as well.

I think what we need is a wiki and bug/issue-tracking with good
roadmap-tracking of each bug/issue.

Alternatively, I'll check prices for VPS's too, possibly I can donate
some funding to the gnutls project to keep a small VPS running.
(Continue reading)

Permalink | Reply |
headers
Frank Mertens | 13 Jun 02:20

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

Simon Josefsson wrote:
> Frank Mertens <frank <at> cyblogic.de> writes:
> 
>> Simon Josefsson wrote:
>>> This the second release candidate for 2.4.0.  Anything that doesn't live
>>> up to the expectations on a stable release should be reported before
>>> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
>>> or two.
>>>
>>> The goals for the 2.3.x branch are tracked at:
>>>
>>> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
>>>
>>> Alas, the spammers have found our trac site so it is almost useless. :(
>>> Hopefully I can move it to another host soon...  Is anyone interested in
>>> helping to admin it?  Can anyone sponsor a VPS to run this on?  Help!
>>>
>> What about redmine? My wife told me she would setup a redmine plus
>> akismet spam filtering for my new project. Would be a honor for
>> us to also host gnutls. We are using a Xen-based virtual server on
>> gandi.net.
> 
> Thanks for offering!  I have not used redmine...  I'll take a look.  If
> others have thoughts about it, that would be appreciated as well.
> 
> I think what we need is a wiki and bug/issue-tracking with good
> roadmap-tracking of each bug/issue.
> 
> Alternatively, I'll check prices for VPS's too, possibly I can donate
> some funding to the gnutls project to keep a small VPS running.
(Continue reading)

Permalink | Reply |
headers
Nikos Mavrogiannopoulos | 8 Jun 10:58

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

Simon Josefsson wrote:
> This the second release candidate for 2.4.0.  Anything that doesn't live
> up to the expectations on a stable release should be reported before
> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
> or two.
> 
> The goals for the 2.3.x branch are tracked at:
> 
> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4

The last open issue with this release has now been solved in the
repository (issue being the OpenPGP certificate verification).

regards,
Nikos
Permalink | Reply |
headers
Daniel Kahn Gillmor | 8 Jun 23:57
Face

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0


On Sun 2008-06-08 04:58:30 -0400, Nikos Mavrogiannopoulos wrote:

> Simon Josefsson wrote:
>> This the second release candidate for 2.4.0.  Anything that doesn't live
>> up to the expectations on a stable release should be reported before
>> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
>> or two.
>> 
>> The goals for the 2.3.x branch are tracked at:
>> 
>> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
>
> The last open issue with this release has now been solved in the
> repository (issue being the OpenPGP certificate verification).

It's not clear to me if you mean that this should be resolved in
2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
resolved in 2.3.12 yet.  In particular, it appears to fail open: when
one userid is verified, it treats them all as verified, even User IDs
that have no certifications other than self-signatures.

When i run the tests from
http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
against the 2.3.12 packages in debian experimental, i get the
following output:

[0 dkg <at> squeak openpgp-certs]$ ./testcerts 
Set static Diffie Hellman parameters, consider --dhparams.
Echo Server ready. Listening to port '12345'.
(Continue reading)

Permalink | Reply |
headers
Simon Josefsson | 9 Jun 08:47

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

Daniel Kahn Gillmor <dkg-debian.org <at> fifthhorseman.net> writes:

> On Sun 2008-06-08 04:58:30 -0400, Nikos Mavrogiannopoulos wrote:
>
>> Simon Josefsson wrote:
>>> This the second release candidate for 2.4.0.  Anything that doesn't live
>>> up to the expectations on a stable release should be reported before
>>> this turns into the real 2.4.0.  We hope to release 2.4.0 within a week
>>> or two.
>>> 
>>> The goals for the 2.3.x branch are tracked at:
>>> 
>>> http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4
>>
>> The last open issue with this release has now been solved in the
>> repository (issue being the OpenPGP certificate verification).
>
> It's not clear to me if you mean that this should be resolved in
> 2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
> resolved in 2.3.12 yet.  In particular, it appears to fail open: when
> one userid is verified, it treats them all as verified, even User IDs
> that have no certifications other than self-signatures.

Actually, it should only be fixed after 2.3.13, but it seems the daily
builds for trunk has stopped working some time ago -- I'll try to fix
that.

> When i run the tests from
> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
> against the 2.3.12 packages in debian experimental, i get the
(Continue reading)

Permalink | Reply |
headers
Nikos Mavrogiannopoulos | 9 Jun 14:01

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

On Mon, Jun 9, 2008 at 12:57 AM, Daniel Kahn Gillmor
<dkg-debian.org <at> fifthhorseman.net> wrote:

> It's not clear to me if you mean that this should be resolved in
> 2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
> resolved in 2.3.12 yet.  In particular, it appears to fail open: when
> one userid is verified, it treats them all as verified, even User IDs
> that have no certifications other than self-signatures.

> When i run the tests from
> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
> against the 2.3.12 packages in debian experimental, i get the
> following output:

Hello Daniel!
 I was talking about a recent commit in the git repository. I've also
modified your tests to check the gnutls behaviour (as it is now both
of your tests should fail). The new behaviour is to consider not
verified all openpgp keys that have at least one unsigned by a trusted
party user id.

regards,
Nikos
Permalink | Reply |
headers
Daniel Kahn Gillmor | 9 Jun 17:59
Face

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

On Mon 2008-06-09 08:01:17 -0400, Nikos Mavrogiannopoulos wrote:

>  I was talking about a recent commit in the git repository. I've
> also modified your tests to check the gnutls behaviour (as it is now
> both of your tests should fail). The new behaviour is to consider
> not verified all openpgp keys that have at least one unsigned by a
> trusted party user id.

Hi Nikos--

Thanks for clarifying.  The failure you describe sounds like the right
thing until we can fix up the API to do more nuanced hostname
checking.

Sorry i haven't been able to help out as much as i wanted to.

      --dkg

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel <at> gnu.org
http://lists.gnu.org/mailman/listinfo/gnutls-devel
Permalink | Reply |
headers
Simon Josefsson | 10 Jun 12:55

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

"Nikos Mavrogiannopoulos" <n.mavrogiannopoulos <at> gmail.com> writes:

> On Mon, Jun 9, 2008 at 12:57 AM, Daniel Kahn Gillmor
> <dkg-debian.org <at> fifthhorseman.net> wrote:
>
>> It's not clear to me if you mean that this should be resolved in
>> 2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
>> resolved in 2.3.12 yet.  In particular, it appears to fail open: when
>> one userid is verified, it treats them all as verified, even User IDs
>> that have no certifications other than self-signatures.
>
>> When i run the tests from
>> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
>> against the 2.3.12 packages in debian experimental, i get the
>> following output:
>
> Hello Daniel!
>  I was talking about a recent commit in the git repository. I've also
> modified your tests to check the gnutls behaviour (as it is now both
> of your tests should fail). The new behaviour is to consider not
> verified all openpgp keys that have at least one unsigned by a trusted
> party user id.

Nikos, the self-test doesn't seem to work, see below.

/Simon

make[1]: Entering directory `/home/jas/src/gnutls/tests/openpgp-certs'
+ srcdir=.
+ SERV='../../src/gnutls-serv -q'
(Continue reading)

Permalink | Reply |
headers
Nikos Mavrogiannopoulos | 10 Jun 15:20

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

On Tue, Jun 10, 2008 at 1:55 PM, Simon Josefsson <simon <at> josefsson.org> wrote:
> Nikos, the self-test doesn't seem to work, see below.

Could you increase the verbosity? It works for me and I cannot reproduce it.

regards,
Nikos
Permalink | Reply |
headers
Simon Josefsson | 10 Jun 16:06

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0

"Nikos Mavrogiannopoulos" <n.mavrogiannopoulos <at> gmail.com> writes:

> On Tue, Jun 10, 2008 at 1:55 PM, Simon Josefsson <simon <at> josefsson.org> wrote:
>> Nikos, the self-test doesn't seem to work, see below.
>
> Could you increase the verbosity? It works for me and I cannot reproduce it.

Heh...

bind() failed: Address already in use

I had a gnutls-serv running in background that I had forgotten about.

I changed so that the script uses port 5557 instead, which might make
accidental failures like this less likely.

/Simon
Permalink | Reply |

Gmane