[EMAIL PROTECTED] (Ludovic Courtès) writes: > Hi, > > Currently, `gnutls_openpgp_key_check_hostname ()' will only return true > if one of the key's names matches _exactly_ HOSTNAME. Since key names > are not supposed to be host names but rather RFC822 strings, this is of > little use. > > Perhaps it should rather check whether the email part of one of the key > names matches HOSTNAME?
I'm not sure... it is pretty important that name checks are well defined. As I recall, there are no clear requirements on what key names should be in the standard, or is there? How do this cause problems? Perhaps we can solve it by simply improving documentation to make it clear that you'll have to generate a OpenPGP key with a name matching exactly the server's. Adding better warnings to gnutls-cli/gnutls-serv when this isn't true might help too. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
