On 21/06/17 14:30, David Sommerseth wrote: > On 21/06/17 13:48, Jonathan K. Bullard wrote: >> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen <sam...@openvpn.net> wrote: >>> The OpenVPN community project team is proud to release OpenVPN 2.4.3. It >>> can be downloaded from here: >>> >>> <http://openvpn.net/index.php/open-source/downloads.html> >> >> Hi. Thanks for this release. >> >> Verifying the PGP signature on 2.3.17.tar.gz works fine (so did 2.4.2 >> a few weeks ago), but trying to verify the signature on 2.4.3.tar.gz >> fails with: >> >> $ gpg2 -v --verify /XXX/openvpn-2.4.3.tar.gz.asc >> >> gpg: armor header: Version: GnuPG v1 >> gpg: assuming signed data in '/XXX/openvpn-2.4.3.tar.gz' >> gpg: Signature made Wed Jun 21 06:19:19 2017 EDT >> gpg: using RSA key D72AF3448CC2B034 >> gpg: using subkey D72AF3448CC2B034 instead of primary key 12F5F7B42F2B01E7 >> gpg: using pgp trust model >> gpg: BAD signature from "OpenVPN - Security Mailing List >> <secur...@openvpn.net>" [unknown] >> gpg: binary signature, digest algorithm SHA1, key algorithm rsa4096 >> >> The SHA256 ofopenvpn-2.4.3.tar.gz is >> 84a01aa3df0c12a3552ca3baaa39d700137b5bce4b6de683fe87fb79bfa5df0b >> >> The SHA256 of openvpn-2.4.3.tar.gz.asc is >> 695afa06fcf94f9e8bd2ee63267332d14e52fe24dd58c470e42dafbea371e437 >> >> The files were downloaded from >> https://openvpn.net/index.php/open-source/downloads.html at about >> 10:24 UCT today from the New York City area. >> >> For reference, here is the output from verifying 2.3.17: >> >> $ gpg2 -v --verify /Users/jonathanbullard/Desktop/openvpn-2.3.17.tar.gz.asc >> >> gpg: armor header: Version: GnuPG v1 >> gpg: assuming signed data in >> '/Users/jonathanbullard/Desktop/openvpn-2.3.17.tar.gz' >> gpg: Signature made Wed Jun 21 06:18:55 2017 EDT >> gpg: using RSA key D72AF3448CC2B034 >> gpg: using subkey D72AF3448CC2B034 instead of primary key 12F5F7B42F2B01E7 >> gpg: using pgp trust model >> gpg: Good signature from "OpenVPN - Security Mailing List >> <secur...@openvpn.net>" [unknown] >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. >> Primary key fingerprint: F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7 >> Subkey fingerprint: B596 06E2 D8C6 E10B 80BE 2B31 D72A F344 8CC2 B034 >> gpg: binary signature, digest algorithm SHA1, key algorithm rsa4096 >> >> Any ideas or suggestions? > > I believe it is Cloudflare playing tricks on us again. > > Attached are the proper signature files and below a list of the SHA256 > checksums: > > d300029416b045666f2dc957bdde407ba97894428b5ad8433df789e793ccc1d3 > openvpn-2.3.17.tar.xz > b206065f4a1720c022fde710c0449b5b25e9dda8ca2911a82bacf21b9fcb4e29 > openvpn-2.3.17.tar.xz.asc > 7aa86167a5b8923e54e8795b814ed77288c793671f59fd830d9ab76d4b480571 > openvpn-2.4.3.tar.xz > 9f5f089f4a4b3e270ddb53cb0b689f4c0bad89d7e2ee08a1d4666e7ab869f210 > openvpn-2.4.3.tar.xz.asc > > This is based on the files I've already pushed to the Fedora builder (koji), > which > I downloaded soon after the swupdates.openvpn.net server was updated. Lets try to attach the _proper_ signature file for v2.4.3. I managed to send the signature for the previous (v2.4.2) release in the previous mail.
-- kind regards, David Sommerseth OpenVPN Technologies, Inc
openvpn-2.4.3.tar.xz.asc
Description: application/pgp-encrypted
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
