From jas at extundo.com Mon Nov 7 22:34:46 2005 From: jas at extundo.com (Simon Josefsson) Date: Thu Nov 10 17:24:43 2005 Subject: [gnutls-dev] GnuTLS 1.2.9 Message-ID: We are pleased to announce the availability of GnuTLS version 1.2.8. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. This is the last non-bugfix release in the 1.2.x series. We will open the 1.3.x branch after this release. The goal of 1.3.x will be to merge work currently done on CVS branches, for TLS Pre-Shared-Keys and TLS Inner Application. Other planned improvements in 1.3.x are system-independent resume data structures, modularization of the bignum operations, and TLS OpenPGP improvements. This release disable the RSA-MD5 algorithm when verifying untrusted intermediary X.509 CA certificates. This decision was made based on the results in Lenstra, Wang and Weger's "Colliding X.509 Certificates". This is discussed in more detail, including instructions on how to re-enable the algorithm for application's that need backwards compatibility, in: http://josefsson.org/gnutls/manual/html_node/Digital-signatures.html Noteworthy changes since version 1.2.8: - Documentation was updated and improved. - RSA-MD2 is now supported for verifying digital signatures. - Due to cryptographic advances, verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. For applications that must remain interoperable, you can use the GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 flags when verifying certificates. Naturally, this is not recommended default behaviour for applications. To enable the broken algorithms, call gnutls_certificate_set_verify_flags with the proper flag, to change the verification mode used by gnutls_certificate_verify_peers2. - Make it possible to send empty data through gnutls_record_send, to align with the send(2) API. - Some changes in the certificate receiving part of handshake to prevent some possible errors with non-blocking servers. - Added numeric version symbols to permit simple CPP-based feature tests, suggested by Daniel Stenberg . - The (experimental) low-level crypto alternative to libgcrypt used earlier (Nettle) has been replaced with crypto code from gnulib. This leads to easier re-use of these components in other projects, leading to more review and simpler maintenance. The new configure parameter --with-builtin-crypto replace the old --with-nettle, and must be used if you wish to enable this functionality. See README under "Experimental" for more information. Internally, GnuTLS has been updated to use the new "Generic Crypto" API in gl/gc.h. The API is similar to the old crypto/gc.h, because the gnulib code were based on GnuTLS's gc.h. - Fix compiler warning in the "anonself" self test. - API and ABI modifications: gnutls_x509_crt_list_verify: Added 'const' to prototype in . This doesn't reflect a change in behaviour, so we don't break backwards compatibility. GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value. GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value. GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values. Use when calling gnutls_x509_crt_list_verify, gnutls_x509_crt_verify, or gnutls_certificate_set_verify_flags. GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value, used when broken signature algorithms is used (currently RSA-MD2/MD5). LIBGNUTLS_VERSION_MAJOR, LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS version number, can be used for feature existence tests. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: http://josefsson.org/gnutls/releases/gnutls-1.2.9.tar.bz2 (2.7MB) ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.2.9.tar.bz2 (2.7MB) Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.2.9.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.2.9.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: 1280R/B565716F 2002-05-05 [expires: 2006-02-28] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the SHA-1 checksums: 7229d094de83cabd572fcaab806ab3afc6b58959 gnutls-1.2.9.tar.bz2 fae5d7a5d84935406ba3ed6e2804a18cede6fcf1 gnutls-1.2.9.tar.bz2.sig Enjoy, Nikos and Simon From smurf at smurf.noris.de Fri Nov 11 16:27:03 2005 From: smurf at smurf.noris.de (Matthias Urlichs) Date: Fri Nov 11 17:55:54 2005 Subject: [gnutls-dev] Re: Bug not fixed in gnutls12 In-Reply-To: References: Message-ID: <20051111152703.GB27727@kiste.smurf.noris.de> [ Debian bug: http://bugs.debian.org/336456 ] Ian Abel: > This bug is not fixed in gnutls12. The problem line is > lib/gnutls_kx.c:531, the code assumes that if _gnutls_recv_handshake > returns a negative number then the client didn't provide a certificate. > It then runs a gnutls_assert sets the errr to GNUTLS_E_NO_CERTIFICATE and > propagates the error back to the caller of gnutls_handshake(). > > Despite the fact that _gnutls_recv_handshake returns GNUTLS_E_AGAIN if the > socket is non-blocking. > Forwarding to the gnutls mailing list. -- Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de - - "The true contrast between science and myth is more nearly touched when we say that science alone is capable of verification." [George Santayana (1863-1952), "The Life of Reason" (1905-1906)] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20051111/2c2e3a8f/attachment.pgp From smurf at smurf.noris.de Fri Nov 11 18:49:33 2005 From: smurf at smurf.noris.de (Matthias Urlichs) Date: Fri Nov 11 18:50:29 2005 Subject: [gnutls-dev] Re: Bug not fixed in gnutls12 In-Reply-To: <200511111818.00186.n.mavrogiannopoulos@gmail.com> References: <20051111152703.GB27727@kiste.smurf.noris.de> <200511111818.00186.n.mavrogiannopoulos@gmail.com> Message-ID: <20051111174933.GD27727@kiste.smurf.noris.de> Hi, Nikos Mavrogiannopoulos: > Have you checked against the latest release? I think this problem has been > corrected. Thanks; I'll release a Debian-packaged version of 1.2.9 today. -- Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de - - The important thing to remember about walking on eggs is not to hop. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20051111/ca00ca07/attachment.pgp From n.mavrogiannopoulos at gmail.com Fri Nov 11 18:17:59 2005 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Fri Nov 11 21:15:52 2005 Subject: [gnutls-dev] Re: Bug not fixed in gnutls12 In-Reply-To: <20051111152703.GB27727@kiste.smurf.noris.de> References: <20051111152703.GB27727@kiste.smurf.noris.de> Message-ID: <200511111818.00186.n.mavrogiannopoulos@gmail.com> On Friday 11 November 2005 16:27, Matthias Urlichs wrote: > [ Debian bug: http://bugs.debian.org/336456 ] > > Ian Abel: > > This bug is not fixed in gnutls12. The problem line is > > lib/gnutls_kx.c:531, the code assumes that if _gnutls_recv_handshake > > returns a negative number then the client didn't provide a certificate. > > It then runs a gnutls_assert sets the errr to GNUTLS_E_NO_CERTIFICATE and > > propagates the error back to the caller of gnutls_handshake(). > > > > Despite the fact that _gnutls_recv_handshake returns GNUTLS_E_AGAIN if > > the socket is non-blocking. > Forwarding to the gnutls mailing list. Have you checked against the latest release? I think this problem has been corrected. From gnutls-dev at mlists.thewrittenword.com Mon Nov 14 17:22:42 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Mon Nov 14 17:22:45 2005 Subject: [gnutls-dev] 1.2.9 patches to include first Message-ID: <20051114162242.GB12773@mail1.thewrittenword.com> If using config.h or equivalent, you should always include it first in case any of the #defines override something in /usr/include. -- albert chin (china@thewrittenword.com) -- snip snip Index: lib/x509/common.c =================================================================== --- lib/x509/common.c.orig 2005-11-12 21:44:49.713887000 -0600 +++ lib/x509/common.c 2005-11-12 21:44:58.930231000 -0600 @@ -22,8 +22,8 @@ * */ -#include #include +#include #include #include #include Index: lib/x509/crl.c =================================================================== --- lib/x509/crl.c.orig 2005-11-12 21:44:49.665650000 -0600 +++ lib/x509/crl.c 2005-11-12 21:44:58.976507000 -0600 @@ -22,8 +22,8 @@ * */ -#include #include +#include #ifdef ENABLE_PKI Index: lib/x509/dn.c =================================================================== --- lib/x509/dn.c.orig 2005-11-12 21:44:49.689758000 -0600 +++ lib/x509/dn.c 2005-11-12 21:44:59.013661000 -0600 @@ -22,8 +22,8 @@ * */ -#include #include +#include #include #include #include Index: lib/x509/pkcs12.c =================================================================== --- lib/x509/pkcs12.c.orig 2005-11-12 21:44:49.762140000 -0600 +++ lib/x509/pkcs12.c 2005-11-12 21:44:59.055856000 -0600 @@ -25,8 +25,8 @@ /* Functions that relate on PKCS12 packet parsing. */ -#include #include +#include #ifdef ENABLE_PKI Index: lib/x509/pkcs7.c =================================================================== --- lib/x509/pkcs7.c.orig 2005-11-12 21:44:49.738011000 -0600 +++ lib/x509/pkcs7.c 2005-11-12 21:44:59.104202000 -0600 @@ -25,8 +25,8 @@ /* Functions that relate on PKCS7 certificate lists parsing. */ -#include #include +#include #ifdef ENABLE_PKI Index: lib/debug.c =================================================================== --- lib/debug.c.orig 2005-11-12 21:44:49.834522000 -0600 +++ lib/debug.c 2005-11-12 21:44:59.210421000 -0600 @@ -22,10 +22,10 @@ * */ -#include -#include #include "gnutls_int.h" #include "gnutls_errors.h" +#include +#include #include #ifdef DEBUG Index: src/serv.c =================================================================== --- src/serv.c.orig 2005-11-12 21:44:50.075801000 -0600 +++ src/serv.c 2005-11-12 21:44:59.839353000 -0600 @@ -24,6 +24,8 @@ * (which means it is quite unreadable) */ +#include "common.h" +#include "serv-gaa.h" #include #include #include @@ -31,11 +33,8 @@ #include #include #include -#include "common.h" -#include "serv-gaa.h" #include #include -#include #include /* konqueror cannot handle sending the page in multiple Index: libextra/openssl_compat.c =================================================================== --- libextra/openssl_compat.c.orig 2005-05-26 10:19:59.000000000 -0500 +++ libextra/openssl_compat.c 2005-11-13 10:39:47.625789000 -0600 @@ -27,6 +27,8 @@ * API. */ +#include + #include #include #include /* memset */ From gnutls-dev at mlists.thewrittenword.com Mon Nov 14 17:23:46 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Mon Nov 14 17:23:38 2005 Subject: [gnutls-dev] mmap() available on Tru64 UNIX 4.0d but not MAP_FAILED Message-ID: <20051114162346.GC12773@mail1.thewrittenword.com> Tru64 UNIX 4.0D which has mmap() but doesn't define MAP_FAILED. -- albert chin (china@thewrittenword.com) -- snip snip Index: lib/gnutls_x509.c =================================================================== --- lib/gnutls_x509.c.orig 2005-11-12 21:44:49.858670000 -0600 +++ lib/gnutls_x509.c 2005-11-13 13:39:58.025254000 -0600 @@ -697,6 +697,9 @@ #ifdef HAVE_MMAP # include # include +# ifndef MAP_FAILED +# define MAP_FAILED (void *)-1L +# endif #endif #include From gnutls-dev at mlists.thewrittenword.com Mon Nov 14 17:24:38 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Mon Nov 14 17:24:23 2005 Subject: [gnutls-dev] Remove trailing comma after last enum constant Message-ID: <20051114162438.GD12773@mail1.thewrittenword.com> C89 doesn't allow a trailing comma after the last enum constant. Most compilers are forgiving except IBM C v6 :) -- albert chin (china@thewrittenword.com) -- snip snip Index: libextra/opencdk/opencdk.h =================================================================== --- libextra/opencdk/opencdk.h.orig 2005-11-12 21:44:49.955185000 -0600 +++ libextra/opencdk/opencdk.h 2005-11-12 21:44:59.496171000 -0600 @@ -112,7 +112,7 @@ CDK_Wrong_Format = 22, CDK_Inv_Packet_Ver = 23, CDK_Too_Short = 24, - CDK_Unusable_Key = 25, + CDK_Unusable_Key = 25 } cdk_error_t; @@ -160,7 +160,7 @@ CDK_MD_RMD160 = 3, CDK_MD_MD2 = 5, CDK_MD_TIGER = 6, /* will be removed and thus: reserved */ - CDK_MD_SHA256 = 8, + CDK_MD_SHA256 = 8 }; enum cdk_cipher_algo_t { @@ -174,7 +174,7 @@ CDK_CIPHER_AES = 7, CDK_CIPHER_AES192 = 8, CDK_CIPHER_AES256 = 9, - CDK_CIPHER_TWOFISH = 10, + CDK_CIPHER_TWOFISH = 10 }; enum cdk_s2k_type_t { @@ -228,12 +228,12 @@ CDK_ARMOR_PUBKEY = 1, CDK_ARMOR_SECKEY = 2, CDK_ARMOR_SIGNATURE = 3, - CDK_ARMOR_CLEARSIG = 4, + CDK_ARMOR_CLEARSIG = 4 }; enum cdk_stream_control_t { CDK_STREAMCTL_DISABLE = 2, - CDK_STREAMCTL_COMPRESSED = 3, + CDK_STREAMCTL_COMPRESSED = 3 }; enum cdk_keydb_flag_t { @@ -267,7 +267,7 @@ CDK_KEY_INVALID = 1, /* missing or wrong self signature */ CDK_KEY_EXPIRED = 2, CDK_KEY_REVOKED = 4, - CDK_KEY_NOSIGNER= 8, + CDK_KEY_NOSIGNER= 8 }; enum cdk_trust_flag_t { @@ -316,7 +316,7 @@ /* cdk key flags */ CDK_FLAG_KEY_REVOKED = 256, CDK_FLAG_KEY_EXPIRED = 512, - CDK_FLAG_SIG_EXPIRED = 1024, + CDK_FLAG_SIG_EXPIRED = 1024 }; @@ -345,7 +345,7 @@ CDK_PKT_OLD_COMMENT = 16, CDK_PKT_ATTRIBUTE = 17, CDK_PKT_ENCRYPTED_MDC = 18, - CDK_PKT_MDC = 19, + CDK_PKT_MDC = 19 } cdk_packet_type_t; #define CDK_PKT_IS_ENCRYPTED(pkttype) (\ From gnutls-dev at mlists.thewrittenword.com Mon Nov 14 17:25:16 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Mon Nov 14 17:25:15 2005 Subject: [gnutls-dev] C++ comments invalid in C source files Message-ID: <20051114162516.GE12773@mail1.thewrittenword.com> C++ comments invalid in C source files. -- albert chin (china@thewrittenword.com) -- snip snip Index: src/certtool-gaa.c =================================================================== --- src/certtool-gaa.c.orig 2005-11-12 21:44:50.099932000 -0600 +++ src/certtool-gaa.c 2005-11-12 21:44:59.785808000 -0600 @@ -1217,7 +1217,7 @@ len++; a = fgetc( file); - if(a==EOF) return 0; //a = ' '; + if(a==EOF) return 0; /*a = ' ';*/ } len += 1; Index: src/tls_test-gaa.c =================================================================== --- src/tls_test-gaa.c.orig 2005-11-12 21:44:50.051672000 -0600 +++ src/tls_test-gaa.c 2005-11-12 21:44:59.880482000 -0600 @@ -693,7 +693,7 @@ len++; a = fgetc(file); if (a == EOF) - return 0; //a = ' '; + return 0; /*a = ' ';*/ } len += 1; From gnutls-dev at mlists.thewrittenword.com Mon Nov 14 17:35:12 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Mon Nov 14 17:35:03 2005 Subject: [gnutls-dev] Disable installation of some files if --disable-srp-authentication Message-ID: <20051114163512.GF12773@mail1.thewrittenword.com> Disable installation of *srp* programs and man pages if --disable-srp-authentication given. We should also remove the *srp* functions from gnutls.h. What's the best way to do this? We could have includes/gnutls/gnutls.h.in.in -> includes/gnutls/gnutls.h.in via autoconf and them, in some Makefile.am, generate gnutls.h from gnutls.h.in via some sed or m4 magic. The src/prime.c change is from the Redhat gnutls-1.2.6 RPM. -- albert chin (china@thewrittenword.com) -- snip snip Index: configure.in =================================================================== --- configure.in.orig 2005-11-12 21:44:50.160749000 -0600 +++ configure.in 2005-11-13 15:12:41.831553000 -0600 @@ -245,6 +239,7 @@ ac_full=0 AC_MSG_RESULT(yes) fi +AM_CONDITIONAL(ENABLE_SRP, test "$ac_enable_srp" != "no") AC_MSG_CHECKING([whether to disable anonymous authentication support]) AC_ARG_ENABLE(anon-authentication, Index: src/prime.c =================================================================== --- src/prime.c.orig 2005-11-12 22:44:44.733733000 -0600 +++ src/prime.c 2005-11-12 22:45:53.576921000 -0600 @@ -68,6 +68,7 @@ exit(1); } } else { +#ifdef ENABLE_SRP if (bits <= 1024) { p=gnutls_srp_1024_group_prime; g=gnutls_srp_1024_group_generator; @@ -85,6 +86,9 @@ gnutls_strerror(ret)); exit(1); } +#else + fprintf(stderr, "Parameters unavailable as SRP disabled.\n"); +#endif } if (cparams) { Index: doc/examples/Makefile.am =================================================================== --- doc/examples/Makefile.am.orig 2005-10-01 04:30:25.000000000 -0500 +++ doc/examples/Makefile.am 2005-11-14 10:29:44.612591000 -0600 @@ -24,9 +24,12 @@ ../../lib/libgnutls.la \ ../../libextra/libgnutls-extra.la -noinst_PROGRAMS = ex-cert-select ex-client1 ex-client2 \ - ex-client-resume ex-client-srp ex-crq ex-serv1 ex-serv-anon \ - ex-serv-export ex-serv-pgp ex-serv-srp +if ENABLE_SRP +SRP_PROGRAM_FILES = ex-client-srp ex-serv-srp +endif +noinst_PROGRAMS = ex-cert-select ex-client1 ex-client2 \ + ex-client-resume ex-crq ex-serv1 ex-serv-anon \ + ex-serv-export ex-serv-pgp $(SRP_PROGRAM_FILES) noinst_LTLIBRARIES = libexamples.la --- doc/manpages/Makefile.am.orig 2005-11-02 05:41:36.000000000 -0600 +++ doc/manpages/Makefile.am 2005-11-13 15:02:54.610797000 -0600 @@ -1,9 +1,13 @@ -dist_man_MANS = gnutls-cli.1 gnutls-cli-debug.1 gnutls-serv.1 srptool.1 \ - certtool.1 +dist_man_MANS = gnutls-cli.1 gnutls-cli-debug.1 gnutls-serv.1 certtool.1 -APIMANS = gnutls_srp_base64_encode.3 gnutls_srp_base64_encode_alloc.3 gnutls_srp_base64_decode.3 gnutls_srp_base64_decode_alloc.3 gnutls_server_name_get.3 gnutls_server_name_set.3 gnutls_alert_get_name.3 gnutls_alert_send.3 gnutls_error_to_alert.3 gnutls_alert_send_appropriate.3 gnutls_alert_get.3 gnutls_mac_get_name.3 gnutls_compression_get_name.3 gnutls_cipher_get_key_size.3 gnutls_cipher_get_name.3 gnutls_kx_get_name.3 gnutls_protocol_get_name.3 gnutls_cipher_suite_get_name.3 gnutls_certificate_type_get_name.3 gnutls_sign_algorithm_get_name.3 gnutls_pk_algorithm_get_name.3 gnutls_anon_free_server_credentials.3 gnutls_anon_allocate_server_credentials.3 gnutls_anon_free_client_credentials.3 gnutls_anon_allocate_client_credentials.3 gnutls_credentials_clear.3 gnutls_credentials_set.3 gnutls_auth_get_type.3 gnutls_auth_server_get_type.3 gnutls_auth_client_get_type.3 gnutls_record_check_pending.3 gnutls_certificate_free_keys.3 gnutls_certificate_free_cas.3 gnutls_certificate_free_ca_names.3 gnutls_certificate_free_credentials.3 gnutls_certificate_allocate_credentials.3 gnutls_certificate_server_set_request.3 gnutls_certificate_client_set_retrieve_function.3 gnutls_certificate_server_set_retrieve_function.3 gnutls_certificate_verify_peers2.3 gnutls_certificate_verify_peers.3 gnutls_certificate_expiration_time_peers.3 gnutls_certificate_activation_time_peers.3 gnutls_db_set_retrieve_function.3 gnutls_db_set_remove_function.3 gnutls_db_set_store_function.3 gnutls_db_set_ptr.3 gnutls_db_get_ptr.3 gnutls_db_set_cache_expiration.3 gnutls_db_check_entry.3 gnutls_db_remove_session.3 gnutls_dh_params_import_raw.3 gnutls_dh_params_init.3 gnutls_dh_params_deinit.3 gnutls_dh_params_cpy.3 gnutls_dh_params_generate2.3 gnutls_dh_params_import_pkcs3.3 gnutls_dh_params_export_pkcs3.3 gnutls_dh_params_export_raw.3 gnutls_error_is_fatal.3 gnutls_perror.3 gnutls_strerror.3 gnutls_global_set_log_function.3 gnutls_global_set_log_level.3 gnutls_global_set_mem_functions.3 gnutls_global_init.3 gnutls_global_deinit.3 gnutls_transport_set_pull_function.3 gnutls_transport_set_push_function.3 gnutls_check_version.3 gnutls_rehandshake.3 gnutls_handshake.3 gnutls_handshake_set_max_packet_length.3 gnutls_handshake_get_last_in.3 gnutls_handshake_get_last_out.3 gnutls_malloc.3 gnutls_free.3 gnutls_cipher_set_priority.3 gnutls_kx_set_priority.3 gnutls_mac_set_priority.3 gnutls_compression_set_priority.3 gnutls_protocol_set_priority.3 gnutls_certificate_type_set_priority.3 gnutls_set_default_priority.3 gnutls_set_default_export_priority.3 gnutls_protocol_get_version.3 gnutls_transport_set_lowat.3 gnutls_transport_set_ptr.3 gnutls_transport_set_ptr2.3 gnutls_transport_get_ptr.3 gnutls_transport_get_ptr2.3 gnutls_bye.3 gnutls_record_send.3 gnutls_record_recv.3 gnutls_record_get_max_size.3 gnutls_record_set_max_size.3 gnutls_rsa_params_import_raw.3 gnutls_rsa_params_init.3 gnutls_rsa_params_deinit.3 gnutls_rsa_params_cpy.3 gnutls_rsa_params_generate2.3 gnutls_rsa_params_import_pkcs1.3 gnutls_rsa_params_export_pkcs1.3 gnutls_rsa_params_export_raw.3 gnutls_session_get_data.3 gnutls_session_get_id.3 gnutls_session_set_data.3 gnutls_srp_free_client_credentials.3 gnutls_srp_allocate_client_credentials.3 gnutls_srp_set_client_credentials.3 gnutls_srp_free_server_credentials.3 gnutls_srp_allocate_server_credentials.3 gnutls_srp_set_server_credentials_file.3 gnutls_srp_set_server_credentials_function.3 gnutls_srp_set_client_credentials_function.3 gnutls_srp_server_get_username.3 gnutls_srp_verifier.3 gnutls_cipher_get.3 gnutls_certificate_type_get.3 gnutls_kx_get.3 gnutls_mac_get.3 gnutls_compression_get.3 gnutls_init.3 gnutls_deinit.3 gnutls_openpgp_send_key.3 gnutls_certificate_send_x509_rdn_sequence.3 gnutls_handshake_set_private_extensions.3 gnutls_session_is_resumed.3 gnutls_session_get_ptr.3 gnutls_session_set_ptr.3 gnutls_record_get_direction.3 gnutls_dh_set_prime_bits.3 gnutls_dh_get_group.3 gnutls_dh_get_pubkey.3 gnutls_rsa_export_get_pubkey.3 gnutls_dh_get_secret_bits.3 gnutls_dh_get_prime_bits.3 gnutls_rsa_export_get_modulus_bits.3 gnutls_dh_get_peers_public_bits.3 gnutls_certificate_get_ours.3 gnutls_certificate_get_peers.3 gnutls_certificate_client_get_request_status.3 gnutls_fingerprint.3 gnutls_anon_set_server_dh_params.3 gnutls_certificate_set_dh_params.3 gnutls_certificate_set_params_function.3 gnutls_anon_set_params_function.3 gnutls_certificate_set_verify_flags.3 gnutls_certificate_set_verify_limits.3 gnutls_certificate_set_rsa_export_params.3 gnutls_certificate_set_x509_key_mem.3 gnutls_certificate_set_x509_key.3 gnutls_certificate_set_x509_key_file.3 gnutls_certificate_set_x509_trust_mem.3 gnutls_certificate_set_x509_trust.3 gnutls_certificate_set_x509_trust_file.3 gnutls_certificate_set_x509_crl_mem.3 gnutls_certificate_set_x509_crl.3 gnutls_certificate_set_x509_crl_file.3 gnutls_certificate_free_crls.3 gnutls_pem_base64_encode.3 gnutls_pem_base64_encode_alloc.3 gnutls_pem_base64_decode.3 gnutls_pem_base64_decode_alloc.3 gnutls_global_init_extra.3 gnutls_extra_check_version.3 gnutls_certificate_set_openpgp_key_mem.3 gnutls_certificate_set_openpgp_key_file.3 gnutls_certificate_set_openpgp_keyring_file.3 gnutls_certificate_set_openpgp_keyring_mem.3 gnutls_certificate_set_openpgp_keyserver.3 gnutls_certificate_set_openpgp_trustdb.3 gnutls_openpgp_set_recv_key_function.3 gnutls_certificate_set_openpgp_key.3 gnutls_x509_dn_oid_known.3 gnutls_x509_crl_init.3 gnutls_x509_crl_deinit.3 gnutls_x509_crl_import.3 gnutls_x509_crl_get_issuer_dn.3 gnutls_x509_crl_get_issuer_dn_by_oid.3 gnutls_x509_crl_get_dn_oid.3 gnutls_x509_crl_get_signature_algorithm.3 gnutls_x509_crl_get_version.3 gnutls_x509_crl_get_this_update.3 gnutls_x509_crl_get_next_update.3 gnutls_x509_crl_get_crt_count.3 gnutls_x509_crl_get_crt_serial.3 gnutls_x509_crl_export.3 gnutls_x509_crl_set_version.3 gnutls_x509_crl_sign2.3 gnutls_x509_crl_sign.3 gnutls_x509_crl_set_this_update.3 gnutls_x509_crl_set_next_update.3 gnutls_x509_crl_set_crt_serial.3 gnutls_x509_crl_set_crt.3 gnutls_x509_crq_init.3 gnutls_x509_crq_deinit.3 gnutls_x509_crq_import.3 gnutls_x509_crq_get_dn.3 gnutls_x509_crq_get_dn_by_oid.3 gnutls_x509_crq_get_dn_oid.3 gnutls_x509_crq_get_challenge_password.3 gnutls_x509_crq_set_attribute_by_oid.3 gnutls_x509_crq_get_attribute_by_oid.3 gnutls_x509_crq_set_dn_by_oid.3 gnutls_x509_crq_set_version.3 gnutls_x509_crq_get_version.3 gnutls_x509_crq_set_key.3 gnutls_x509_crq_set_challenge_password.3 gnutls_x509_crq_sign2.3 gnutls_x509_crq_sign.3 gnutls_x509_crq_export.3 gnutls_x509_crq_get_pk_algorithm.3 gnutls_x509_rdn_get.3 gnutls_x509_rdn_get_by_oid.3 gnutls_x509_rdn_get_oid.3 gnutls_pkcs12_bag_init.3 gnutls_pkcs12_bag_deinit.3 gnutls_pkcs12_bag_get_type.3 gnutls_pkcs12_bag_get_count.3 gnutls_pkcs12_bag_get_data.3 gnutls_pkcs12_bag_set_data.3 gnutls_pkcs12_bag_set_crt.3 gnutls_pkcs12_bag_set_crl.3 gnutls_pkcs12_bag_set_key_id.3 gnutls_pkcs12_bag_get_key_id.3 gnutls_pkcs12_bag_get_friendly_name.3 gnutls_pkcs12_bag_set_friendly_name.3 gnutls_pkcs12_bag_decrypt.3 gnutls_pkcs12_bag_encrypt.3 gnutls_pkcs12_init.3 gnutls_pkcs12_deinit.3 gnutls_pkcs12_import.3 gnutls_pkcs12_export.3 gnutls_pkcs12_get_bag.3 gnutls_pkcs12_set_bag.3 gnutls_pkcs12_generate_mac.3 gnutls_pkcs12_verify_mac.3 gnutls_pkcs7_init.3 gnutls_pkcs7_deinit.3 gnutls_pkcs7_import.3 gnutls_pkcs7_get_crt_raw.3 gnutls_pkcs7_get_crt_count.3 gnutls_pkcs7_export.3 gnutls_pkcs7_set_crt_raw.3 gnutls_pkcs7_set_crt.3 gnutls_pkcs7_delete_crt.3 gnutls_pkcs7_get_crl_raw.3 gnutls_pkcs7_get_crl_count.3 gnutls_pkcs7_set_crl_raw.3 gnutls_pkcs7_set_crl.3 gnutls_pkcs7_delete_crl.3 gnutls_x509_privkey_init.3 gnutls_x509_privkey_deinit.3 gnutls_x509_privkey_cpy.3 gnutls_x509_privkey_import.3 gnutls_x509_privkey_import_rsa_raw.3 gnutls_x509_privkey_import_dsa_raw.3 gnutls_x509_privkey_get_pk_algorithm.3 gnutls_x509_privkey_export.3 gnutls_x509_privkey_export_rsa_raw.3 gnutls_x509_privkey_export_dsa_raw.3 gnutls_x509_privkey_generate.3 gnutls_x509_privkey_get_key_id.3 gnutls_x509_privkey_sign_data.3 gnutls_x509_privkey_verify_data.3 gnutls_x509_privkey_fix.3 gnutls_x509_privkey_export_pkcs8.3 gnutls_x509_privkey_import_pkcs8.3 gnutls_x509_crt_check_hostname.3 gnutls_x509_crt_check_issuer.3 gnutls_x509_crt_list_verify.3 gnutls_x509_crt_verify.3 gnutls_x509_crl_check_issuer.3 gnutls_x509_crl_verify.3 gnutls_x509_crt_init.3 gnutls_x509_crt_deinit.3 gnutls_x509_crt_import.3 gnutls_x509_crt_get_issuer_dn.3 gnutls_x509_crt_get_issuer_dn_by_oid.3 gnutls_x509_crt_get_issuer_dn_oid.3 gnutls_x509_crt_get_dn.3 gnutls_x509_crt_get_dn_by_oid.3 gnutls_x509_crt_get_dn_oid.3 gnutls_x509_crt_get_signature_algorithm.3 gnutls_x509_crt_get_version.3 gnutls_x509_crt_get_activation_time.3 gnutls_x509_crt_get_expiration_time.3 gnutls_x509_crt_get_serial.3 gnutls_x509_crt_get_subject_key_id.3 gnutls_x509_crt_get_authority_key_id.3 gnutls_x509_crt_get_pk_algorithm.3 gnutls_x509_crt_get_subject_alt_name.3 gnutls_x509_crt_get_ca_status.3 gnutls_x509_crt_get_key_usage.3 gnutls_x509_crt_get_extension_by_oid.3 gnutls_x509_crt_get_extension_oid.3 gnutls_x509_crt_get_fingerprint.3 gnutls_x509_crt_export.3 gnutls_x509_crt_get_key_id.3 gnutls_x509_crt_check_revocation.3 gnutls_x509_crt_verify_data.3 gnutls_x509_crt_get_crl_dist_points.3 gnutls_x509_crt_get_key_purpose_oid.3 gnutls_x509_crt_get_pk_rsa_raw.3 gnutls_x509_crt_get_pk_dsa_raw.3 gnutls_x509_crt_list_import.3 gnutls_x509_crt_set_dn_by_oid.3 gnutls_x509_crt_set_issuer_dn_by_oid.3 gnutls_x509_crt_set_version.3 gnutls_x509_crt_set_key.3 gnutls_x509_crt_set_crq.3 gnutls_x509_crt_set_extension_by_oid.3 gnutls_x509_crt_set_ca_status.3 gnutls_x509_crt_set_key_usage.3 gnutls_x509_crt_set_subject_alternative_name.3 gnutls_x509_crt_sign2.3 gnutls_x509_crt_sign.3 gnutls_x509_crt_set_activation_time.3 gnutls_x509_crt_set_expiration_time.3 gnutls_x509_crt_set_serial.3 gnutls_x509_crt_set_crl_dist_points.3 gnutls_x509_crt_cpy_crl_dist_points.3 gnutls_x509_crt_set_subject_key_id.3 gnutls_x509_crt_set_authority_key_id.3 gnutls_x509_crt_set_key_purpose_oid.3 gnutls_x509_crt_to_xml.3 gnutls_openpgp_keyring_init.3 gnutls_openpgp_keyring_deinit.3 gnutls_openpgp_keyring_check_id.3 gnutls_openpgp_keyring_import.3 gnutls_openpgp_trustdb_init.3 gnutls_openpgp_trustdb_deinit.3 gnutls_openpgp_trustdb_import_file.3 gnutls_openpgp_key_init.3 gnutls_openpgp_key_deinit.3 gnutls_openpgp_key_import.3 gnutls_openpgp_key_export.3 gnutls_openpgp_key_get_fingerprint.3 gnutls_openpgp_key_get_name.3 gnutls_openpgp_key_get_pk_algorithm.3 gnutls_openpgp_key_get_version.3 gnutls_openpgp_key_get_creation_time.3 gnutls_openpgp_key_get_expiration_time.3 gnutls_openpgp_key_get_id.3 gnutls_openpgp_key_check_hostname.3 gnutls_openpgp_key_get_key_usage.3 gnutls_openpgp_key_verify_ring.3 gnutls_openpgp_key_verify_self.3 gnutls_openpgp_key_verify_trustdb.3 gnutls_openpgp_privkey_init.3 gnutls_openpgp_privkey_deinit.3 gnutls_openpgp_privkey_import.3 gnutls_openpgp_privkey_get_pk_algorithm.3 gnutls_openpgp_key_to_xml.3 +if ENABLE_SRP +dist_man_MANS += srptool.1 +SRP_APIMANS = gnutls_srp_base64_encode.3 gnutls_srp_base64_encode_alloc.3 gnutls_srp_base64_decode.3 gnutls_srp_base64_decode_alloc.3 gnutls_srp_free_client_credentials.3 gnutls_srp_allocate_client_credentials.3 gnutls_srp_set_client_credentials.3 gnutls_srp_free_server_credentials.3 gnutls_srp_allocate_server_credentials.3 gnutls_srp_set_server_credentials_file.3 gnutls_srp_set_server_credentials_function.3 gnutls_srp_set_client_credentials_function.3 gnutls_srp_server_get_username.3 gnutls_srp_verifier.3 +endif -dist_man_MANS += $(APIMANS) +APIMANS = gnutls_server_name_get.3 gnutls_server_name_set.3 gnutls_alert_get_name.3 gnutls_alert_send.3 gnutls_error_to_alert.3 gnutls_alert_send_appropriate.3 gnutls_alert_get.3 gnutls_mac_get_name.3 gnutls_compression_get_name.3 gnutls_cipher_get_key_size.3 gnutls_cipher_get_name.3 gnutls_kx_get_name.3 gnutls_protocol_get_name.3 gnutls_cipher_suite_get_name.3 gnutls_certificate_type_get_name.3 gnutls_sign_algorithm_get_name.3 gnutls_pk_algorithm_get_name.3 gnutls_anon_free_server_credentials.3 gnutls_anon_allocate_server_credentials.3 gnutls_anon_free_client_credentials.3 gnutls_anon_allocate_client_credentials.3 gnutls_credentials_clear.3 gnutls_credentials_set.3 gnutls_auth_get_type.3 gnutls_auth_server_get_type.3 gnutls_auth_client_get_type.3 gnutls_record_check_pending.3 gnutls_certificate_free_keys.3 gnutls_certificate_free_cas.3 gnutls_certificate_free_ca_names.3 gnutls_certificate_free_credentials.3 gnutls_certificate_allocate_credentials.3 gnutls_certificate_server_set_request.3 gnutls_certificate_client_set_retrieve_function.3 gnutls_certificate_server_set_retrieve_function.3 gnutls_certificate_verify_peers2.3 gnutls_certificate_verify_peers.3 gnutls_certificate_expiration_time_peers.3 gnutls_certificate_activation_time_peers.3 gnutls_db_set_retrieve_function.3 gnutls_db_set_remove_function.3 gnutls_db_set_store_function.3 gnutls_db_set_ptr.3 gnutls_db_get_ptr.3 gnutls_db_set_cache_expiration.3 gnutls_db_check_entry.3 gnutls_db_remove_session.3 gnutls_dh_params_import_raw.3 gnutls_dh_params_init.3 gnutls_dh_params_deinit.3 gnutls_dh_params_cpy.3 gnutls_dh_params_generate2.3 gnutls_dh_params_import_pkcs3.3 gnutls_dh_params_export_pkcs3.3 gnutls_dh_params_export_raw.3 gnutls_error_is_fatal.3 gnutls_perror.3 gnutls_strerror.3 gnutls_global_set_log_function.3 gnutls_global_set_log_level.3 gnutls_global_set_mem_functions.3 gnutls_global_init.3 gnutls_global_deinit.3 gnutls_transport_set_pull_function.3 gnutls_transport_set_push_function.3 gnutls_check_version.3 gnutls_rehandshake.3 gnutls_handshake.3 gnutls_handshake_set_max_packet_length.3 gnutls_handshake_get_last_in.3 gnutls_handshake_get_last_out.3 gnutls_malloc.3 gnutls_free.3 gnutls_cipher_set_priority.3 gnutls_kx_set_priority.3 gnutls_mac_set_priority.3 gnutls_compression_set_priority.3 gnutls_protocol_set_priority.3 gnutls_certificate_type_set_priority.3 gnutls_set_default_priority.3 gnutls_set_default_export_priority.3 gnutls_protocol_get_version.3 gnutls_transport_set_lowat.3 gnutls_transport_set_ptr.3 gnutls_transport_set_ptr2.3 gnutls_transport_get_ptr.3 gnutls_transport_get_ptr2.3 gnutls_bye.3 gnutls_record_send.3 gnutls_record_recv.3 gnutls_record_get_max_size.3 gnutls_record_set_max_size.3 gnutls_rsa_params_import_raw.3 gnutls_rsa_params_init.3 gnutls_rsa_params_deinit.3 gnutls_rsa_params_cpy.3 gnutls_rsa_params_generate2.3 gnutls_rsa_params_import_pkcs1.3 gnutls_rsa_params_export_pkcs1.3 gnutls_rsa_params_export_raw.3 gnutls_session_get_data.3 gnutls_session_get_id.3 gnutls_session_set_data.3 gnutls_cipher_get.3 gnutls_certificate_type_get.3 gnutls_kx_get.3 gnutls_mac_get.3 gnutls_compression_get.3 gnutls_init.3 gnutls_deinit.3 gnutls_openpgp_send_key.3 gnutls_certificate_send_x509_rdn_sequence.3 gnutls_handshake_set_private_extensions.3 gnutls_session_is_resumed.3 gnutls_session_get_ptr.3 gnutls_session_set_ptr.3 gnutls_record_get_direction.3 gnutls_dh_set_prime_bits.3 gnutls_dh_get_group.3 gnutls_dh_get_pubkey.3 gnutls_rsa_export_get_pubkey.3 gnutls_dh_get_secret_bits.3 gnutls_dh_get_prime_bits.3 gnutls_rsa_export_get_modulus_bits.3 gnutls_dh_get_peers_public_bits.3 gnutls_certificate_get_ours.3 gnutls_certificate_get_peers.3 gnutls_certificate_client_get_request_status.3 gnutls_fingerprint.3 gnutls_anon_set_server_dh_params.3 gnutls_certificate_set_dh_params.3 gnutls_certificate_set_params_function.3 gnutls_anon_set_params_function.3 gnutls_certificate_set_verify_flags.3 gnutls_certificate_set_verify_limits.3 gnutls_certificate_set_rsa_export_params.3 gnutls_certificate_set_x509_key_mem.3 gnutls_certificate_set_x509_key.3 gnutls_certificate_set_x509_key_file.3 gnutls_certificate_set_x509_trust_mem.3 gnutls_certificate_set_x509_trust.3 gnutls_certificate_set_x509_trust_file.3 gnutls_certificate_set_x509_crl_mem.3 gnutls_certificate_set_x509_crl.3 gnutls_certificate_set_x509_crl_file.3 gnutls_certificate_free_crls.3 gnutls_pem_base64_encode.3 gnutls_pem_base64_encode_alloc.3 gnutls_pem_base64_decode.3 gnutls_pem_base64_decode_alloc.3 gnutls_global_init_extra.3 gnutls_extra_check_version.3 gnutls_certificate_set_openpgp_key_mem.3 gnutls_certificate_set_openpgp_key_file.3 gnutls_certificate_set_openpgp_keyring_file.3 gnutls_certificate_set_openpgp_keyring_mem.3 gnutls_certificate_set_openpgp_keyserver.3 gnutls_certificate_set_openpgp_trustdb.3 gnutls_openpgp_set_recv_key_function.3 gnutls_certificate_set_openpgp_key.3 gnutls_x509_dn_oid_known.3 gnutls_x509_crl_init.3 gnutls_x509_crl_deinit.3 gnutls_x509_crl_import.3 gnutls_x509_crl_get_issuer_dn.3 gnutls_x509_crl_get_issuer_dn_by_oid.3 gnutls_x509_crl_get_dn_oid.3 gnutls_x509_crl_get_signature_algorithm.3 gnutls_x509_crl_get_version.3 gnutls_x509_crl_get_this_update.3 gnutls_x509_crl_get_next_update.3 gnutls_x509_crl_get_crt_count.3 gnutls_x509_crl_get_crt_serial.3 gnutls_x509_crl_export.3 gnutls_x509_crl_set_version.3 gnutls_x509_crl_sign2.3 gnutls_x509_crl_sign.3 gnutls_x509_crl_set_this_update.3 gnutls_x509_crl_set_next_update.3 gnutls_x509_crl_set_crt_serial.3 gnutls_x509_crl_set_crt.3 gnutls_x509_crq_init.3 gnutls_x509_crq_deinit.3 gnutls_x509_crq_import.3 gnutls_x509_crq_get_dn.3 gnutls_x509_crq_get_dn_by_oid.3 gnutls_x509_crq_get_dn_oid.3 gnutls_x509_crq_get_challenge_password.3 gnutls_x509_crq_set_attribute_by_oid.3 gnutls_x509_crq_get_attribute_by_oid.3 gnutls_x509_crq_set_dn_by_oid.3 gnutls_x509_crq_set_version.3 gnutls_x509_crq_get_version.3 gnutls_x509_crq_set_key.3 gnutls_x509_crq_set_challenge_password.3 gnutls_x509_crq_sign2.3 gnutls_x509_crq_sign.3 gnutls_x509_crq_export.3 gnutls_x509_crq_get_pk_algorithm.3 gnutls_x509_rdn_get.3 gnutls_x509_rdn_get_by_oid.3 gnutls_x509_rdn_get_oid.3 gnutls_pkcs12_bag_init.3 gnutls_pkcs12_bag_deinit.3 gnutls_pkcs12_bag_get_type.3 gnutls_pkcs12_bag_get_count.3 gnutls_pkcs12_bag_get_data.3 gnutls_pkcs12_bag_set_data.3 gnutls_pkcs12_bag_set_crt.3 gnutls_pkcs12_bag_set_crl.3 gnutls_pkcs12_bag_set_key_id.3 gnutls_pkcs12_bag_get_key_id.3 gnutls_pkcs12_bag_get_friendly_name.3 gnutls_pkcs12_bag_set_friendly_name.3 gnutls_pkcs12_bag_decrypt.3 gnutls_pkcs12_bag_encrypt.3 gnutls_pkcs12_init.3 gnutls_pkcs12_deinit.3 gnutls_pkcs12_import.3 gnutls_pkcs12_export.3 gnutls_pkcs12_get_bag.3 gnutls_pkcs12_set_bag.3 gnutls_pkcs12_generate_mac.3 gnutls_pkcs12_verify_mac.3 gnutls_pkcs7_init.3 gnutls_pkcs7_deinit.3 gnutls_pkcs7_import.3 gnutls_pkcs7_get_crt_raw.3 gnutls_pkcs7_get_crt_count.3 gnutls_pkcs7_export.3 gnutls_pkcs7_set_crt_raw.3 gnutls_pkcs7_set_crt.3 gnutls_pkcs7_delete_crt.3 gnutls_pkcs7_get_crl_raw.3 gnutls_pkcs7_get_crl_count.3 gnutls_pkcs7_set_crl_raw.3 gnutls_pkcs7_set_crl.3 gnutls_pkcs7_delete_crl.3 gnutls_x509_privkey_init.3 gnutls_x509_privkey_deinit.3 gnutls_x509_privkey_cpy.3 gnutls_x509_privkey_import.3 gnutls_x509_privkey_import_rsa_raw.3 gnutls_x509_privkey_import_dsa_raw.3 gnutls_x509_privkey_get_pk_algorithm.3 gnutls_x509_privkey_export.3 gnutls_x509_privkey_export_rsa_raw.3 gnutls_x509_privkey_export_dsa_raw.3 gnutls_x509_privkey_generate.3 gnutls_x509_privkey_get_key_id.3 gnutls_x509_privkey_sign_data.3 gnutls_x509_privkey_verify_data.3 gnutls_x509_privkey_fix.3 gnutls_x509_privkey_export_pkcs8.3 gnutls_x509_privkey_import_pkcs8.3 gnutls_x509_crt_check_hostname.3 gnutls_x509_crt_check_issuer.3 gnutls_x509_crt_list_verify.3 gnutls_x509_crt_verify.3 gnutls_x509_crl_check_issuer.3 gnutls_x509_crl_verify.3 gnutls_x509_crt_init.3 gnutls_x509_crt_deinit.3 gnutls_x509_crt_import.3 gnutls_x509_crt_get_issuer_dn.3 gnutls_x509_crt_get_issuer_dn_by_oid.3 gnutls_x509_crt_get_issuer_dn_oid.3 gnutls_x509_crt_get_dn.3 gnutls_x509_crt_get_dn_by_oid.3 gnutls_x509_crt_get_dn_oid.3 gnutls_x509_crt_get_signature_algorithm.3 gnutls_x509_crt_get_version.3 gnutls_x509_crt_get_activation_time.3 gnutls_x509_crt_get_expiration_time.3 gnutls_x509_crt_get_serial.3 gnutls_x509_crt_get_subject_key_id.3 gnutls_x509_crt_get_authority_key_id.3 gnutls_x509_crt_get_pk_algorithm.3 gnutls_x509_crt_get_subject_alt_name.3 gnutls_x509_crt_get_ca_status.3 gnutls_x509_crt_get_key_usage.3 gnutls_x509_crt_get_extension_by_oid.3 gnutls_x509_crt_get_extension_oid.3 gnutls_x509_crt_get_fingerprint.3 gnutls_x509_crt_export.3 gnutls_x509_crt_get_key_id.3 gnutls_x509_crt_check_revocation.3 gnutls_x509_crt_verify_data.3 gnutls_x509_crt_get_crl_dist_points.3 gnutls_x509_crt_get_key_purpose_oid.3 gnutls_x509_crt_get_pk_rsa_raw.3 gnutls_x509_crt_get_pk_dsa_raw.3 gnutls_x509_crt_list_import.3 gnutls_x509_crt_set_dn_by_oid.3 gnutls_x509_crt_set_issuer_dn_by_oid.3 gnutls_x509_crt_set_version.3 gnutls_x509_crt_set_key.3 gnutls_x509_crt_set_crq.3 gnutls_x509_crt_set_extension_by_oid.3 gnutls_x509_crt_set_ca_status.3 gnutls_x509_crt_set_key_usage.3 gnutls_x509_crt_set_subject_alternative_name.3 gnutls_x509_crt_sign2.3 gnutls_x509_crt_sign.3 gnutls_x509_crt_set_activation_time.3 gnutls_x509_crt_set_expiration_time.3 gnutls_x509_crt_set_serial.3 gnutls_x509_crt_set_crl_dist_points.3 gnutls_x509_crt_cpy_crl_dist_points.3 gnutls_x509_crt_set_subject_key_id.3 gnutls_x509_crt_set_authority_key_id.3 gnutls_x509_crt_set_key_purpose_oid.3 gnutls_x509_crt_to_xml.3 gnutls_openpgp_keyring_init.3 gnutls_openpgp_keyring_deinit.3 gnutls_openpgp_keyring_check_id.3 gnutls_openpgp_keyring_import.3 gnutls_openpgp_trustdb_init.3 gnutls_openpgp_trustdb_deinit.3 gnutls_openpgp_trustdb_import_file.3 gnutls_openpgp_key_init.3 gnutls_openpgp_key_deinit.3 gnutls_openpgp_key_import.3 gnutls_openpgp_key_export.3 gnutls_openpgp_key_get_fingerprint.3 gnutls_openpgp_key_get_name.3 gnutls_openpgp_key_get_pk_algorithm.3 gnutls_openpgp_key_get_version.3 gnutls_openpgp_key_get_creation_time.3 gnutls_openpgp_key_get_expiration_time.3 gnutls_openpgp_key_get_id.3 gnutls_openpgp_key_check_hostname.3 gnutls_openpgp_key_get_key_usage.3 gnutls_openpgp_key_verify_ring.3 gnutls_openpgp_key_verify_self.3 gnutls_openpgp_key_verify_trustdb.3 gnutls_openpgp_privkey_init.3 gnutls_openpgp_privkey_deinit.3 gnutls_openpgp_privkey_import.3 gnutls_openpgp_privkey_get_pk_algorithm.3 gnutls_openpgp_key_to_xml.3 + +dist_man_MANS += $(APIMANS) $(SRP_APIMANS) $(APIMANS): make update-makefile Index: src/Makefile.am =================================================================== --- src/Makefile.am.orig 2005-11-13 14:58:39.596394000 -0600 +++ src/Makefile.am 2005-11-13 14:58:51.065988000 -0600 @@ -24,17 +24,22 @@ INCLUDES = -I$(top_srcdir)/lib -I../includes -I$(top_srcdir)/includes \ -I$(top_srcdir)/gl -I$(srcdir)/cfg -bin_PROGRAMS = gnutls-serv gnutls-cli srptool gnutls-cli-debug certtool +bin_PROGRAMS = gnutls-serv gnutls-cli gnutls-cli-debug certtool +if ENABLE_SRP +bin_PROGRAMS += srptool +endif gnutls_serv_SOURCES = serv.gaa serv-gaa.h serv-gaa.c list.h serv.c \ common.h common.c gnutls_serv_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la \ $(LIBGCRYPT_LIBS) $(LIBTASN1_LIBS) $(LIBOPENCDK_LIBS) +if ENABLE_SRP srptool_SOURCES = crypt.gaa crypt-gaa.h crypt-gaa.c crypt.c srptool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la \ $(LIBGCRYPT_LIBS) $(LIBTASN1_LIBS) $(LIBOPENCDK_LIBS) \ ../gl/libgnu.la +endif gnutls_cli_SOURCES = cli.gaa cli-gaa.h cli-gaa.c cli.c common.h \ common.c From jas at extundo.com Mon Nov 14 18:12:39 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon Nov 14 18:12:52 2005 Subject: [gnutls-dev] Re: mmap() available on Tru64 UNIX 4.0d but not MAP_FAILED In-Reply-To: <20051114162346.GC12773@mail1.thewrittenword.com> (Albert Chin's message of "Mon, 14 Nov 2005 10:23:46 -0600") References: <20051114162346.GC12773@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > Tru64 UNIX 4.0D which has mmap() but doesn't define MAP_FAILED. Hi Albert! Installed. Thanks, Simon > -- > albert chin (china@thewrittenword.com) > > -- snip snip > Index: lib/gnutls_x509.c > =================================================================== > --- lib/gnutls_x509.c.orig 2005-11-12 21:44:49.858670000 -0600 > +++ lib/gnutls_x509.c 2005-11-13 13:39:58.025254000 -0600 > @@ -697,6 +697,9 @@ > #ifdef HAVE_MMAP > # include > # include > +# ifndef MAP_FAILED > +# define MAP_FAILED (void *)-1L > +# endif > #endif > > #include From jas at extundo.com Mon Nov 14 18:14:28 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon Nov 14 18:14:36 2005 Subject: [gnutls-dev] Re: Remove trailing comma after last enum constant In-Reply-To: <20051114162438.GD12773@mail1.thewrittenword.com> (Albert Chin's message of "Mon, 14 Nov 2005 10:24:38 -0600") References: <20051114162438.GD12773@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > C89 doesn't allow a trailing comma after the last enum constant. Most > compilers are forgiving except IBM C v6 :) Installed this one too. Thanks! From jas at extundo.com Mon Nov 14 18:15:51 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon Nov 14 18:17:06 2005 Subject: [gnutls-dev] Re: 1.2.9 patches to include first In-Reply-To: <20051114162242.GB12773@mail1.thewrittenword.com> (Albert Chin's message of "Mon, 14 Nov 2005 10:22:42 -0600") References: <20051114162242.GB12773@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > If using config.h or equivalent, you should always include it first in > case any of the #defines override something in /usr/include. Installed too. Thanks! From jas at extundo.com Tue Nov 15 13:57:50 2005 From: jas at extundo.com (Simon Josefsson) Date: Tue Nov 15 13:57:49 2005 Subject: [gnutls-dev] Re: Disable installation of some files if --disable-srp-authentication In-Reply-To: <20051114163512.GF12773@mail1.thewrittenword.com> (Albert Chin's message of "Mon, 14 Nov 2005 10:35:12 -0600") References: <20051114163512.GF12773@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > Disable installation of *srp* programs and man pages if > --disable-srp-authentication given. Installed, thanks! The doc/manpages/Makefile.am file is generated (see the update-makefile target in that file), so I had to fix the logic that create the file. > We should also remove the *srp* functions from gnutls.h. What's the > best way to do this? We could have includes/gnutls/gnutls.h.in.in -> > includes/gnutls/gnutls.h.in via autoconf and them, in some > Makefile.am, generate gnutls.h from gnutls.h.in via some sed or m4 > magic. I believe the simplest would be to move the SRP functions from gnutls.h.in to srp.h, and include the latter in the former through a @INCLUDE_SRP_H@ AC_SUBST which is defined to '#include ' in configure.in unless --disable-srp. Some things, like enum types like GNUTLS_CRED_SRP, would be easiest to keep in gnutls.h. Thanks, Simon From jas at extundo.com Tue Nov 15 14:12:31 2005 From: jas at extundo.com (Simon Josefsson) Date: Tue Nov 15 14:12:34 2005 Subject: [gnutls-dev] Re: C++ comments invalid in C source files In-Reply-To: <20051114162516.GE12773@mail1.thewrittenword.com> (Albert Chin's message of "Mon, 14 Nov 2005 10:25:16 -0600") References: <20051114162516.GE12773@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > C++ comments invalid in C source files. Those files were generated. I had to modify GAA to fix this. That is now done in my local copy of GAA. I installed the newly generated files. Thanks, Simon > -- > albert chin (china@thewrittenword.com) > > -- snip snip > Index: src/certtool-gaa.c > =================================================================== > --- src/certtool-gaa.c.orig 2005-11-12 21:44:50.099932000 -0600 > +++ src/certtool-gaa.c 2005-11-12 21:44:59.785808000 -0600 > @@ -1217,7 +1217,7 @@ > > len++; > a = fgetc( file); > - if(a==EOF) return 0; //a = ' '; > + if(a==EOF) return 0; /*a = ' ';*/ > } > > len += 1; > Index: src/tls_test-gaa.c > =================================================================== > --- src/tls_test-gaa.c.orig 2005-11-12 21:44:50.051672000 -0600 > +++ src/tls_test-gaa.c 2005-11-12 21:44:59.880482000 -0600 > @@ -693,7 +693,7 @@ > len++; > a = fgetc(file); > if (a == EOF) > - return 0; //a = ' '; > + return 0; /*a = ' ';*/ > } > > len += 1; From jas at extundo.com Tue Nov 15 17:50:12 2005 From: jas at extundo.com (Simon Josefsson) Date: Tue Nov 15 17:50:15 2005 Subject: [gnutls-dev] GnuTLS 1.3.0 Message-ID: We are pleased to announce the availability of GnuTLS version 1.3.0. This is the first release on the experimental 1.3.x branch that will lead to 1.4.0. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. The goal of 1.3.x will be to merge work currently done on CVS branches, for TLS Pre-Shared-Keys and TLS Inner Application. Other planned improvements in 1.3.x are system-independent resume data structures, modularization of the bignum operations, and TLS OpenPGP improvements. Noteworthy changes since version 1.2.9: ** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. This add several new APIs, see below. Read the updated manual for more information. A new self test "pskself" has been added, that will test this functionality. ** The session resumption data are now system independent. ** The code has been re-indented to conform to the GNU coding style. ** Removed the RIPEMD ciphersuites. ** Added a discussion of the internals of gnutls in manual. ** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin. ** Remove trailing comma in enums, for IBM C v6, from Albert Chin. ** Make sure config.h is included first in a few files, from Albert Chin. ** Don't use C++ comments ("//") as they are invalid, from Albert Chin. ** Don't install SRP programs and man pages if --disable-srp-authentication, from Albert Chin. ** API and ABI modifications: New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK New gnutls_credentials_type_t credential type: GNUTLS_CRD_PSK New credential types: gnutls_psk_server_credentials_t gnutls_psk_client_credentials_t New functions to allocate PSK credentials: gnutls_psk_allocate_client_credentials gnutls_psk_free_client_credentials gnutls_psk_free_server_credentials gnutls_psk_allocate_server_credentials New enum type for PSK key flags: gnutls_psk_key_flags New function prototypes for credential callback: gnutls_psk_client_credentials_function gnutls_psk_server_credentials_function New function to set PSK username and key: gnutls_psk_set_client_credentials New function to set PSK passwd file: gnutls_psk_set_server_credentials_file New function to extract PSK user in server: gnutls_psk_server_get_username New functions to set PSK callback: gnutls_psk_set_server_credentials_function gnutls_psk_set_client_credentials_function Use size_t instead of int for output size parameter: gnutls_srp_base64_encode gnutls_srp_base64_decode Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: http://josefsson.org/gnutls/releases/gnutls-1.3.0.tar.bz2 (3.0MB) ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.0.tar.bz2 (3.0MB) Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.3.0.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.0.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: 1280R/B565716F 2002-05-05 [expires: 2006-02-28] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the SHA-1 checksums: 6cf8ebd216c0be614039790438dbc55f91692327 gnutls-1.3.0.tar.bz2 086da32866fc66ce20731216682832f8c50daea1 gnutls-1.3.0.tar.bz2.sig Enjoy, Nikos and Simon From joe at manyfish.co.uk Tue Nov 29 14:44:53 2005 From: joe at manyfish.co.uk (Joe Orton) Date: Tue Nov 29 19:55:35 2005 Subject: [gnutls-dev] [PATCH] gnutls_session_get_data overflow handling Message-ID: <20051129134453.GA9979@manyfish.co.uk> If called with a too-short buffer parameter, and a non-NULL data parameter, gnutls_session_get_data returns zero for success, which I think is counter-intuitive; on success one would expect that it has actually filled in the buffer. I'd propose changing it as per this entirely untested and uncompiled patch (with apologies): --- ./gnutls_session.c.overflow 2005-11-29 13:40:17.000000000 +0000 +++ ./gnutls_session.c 2005-11-29 13:41:44.000000000 +0000 @@ -48,17 +48,16 @@ gnutls_datum_t psession; int ret; - if (*session_data_size < SESSION_SIZE || session_data == NULL) { + if (session_data == NULL) { *session_data_size = SESSION_SIZE; - session_data = NULL; /* return with the new session_data_size value */ + return 0; } + if (*session_data_size < SESSION_SIZE) + return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (session->internals.resumable == RESUME_FALSE) return GNUTLS_E_INVALID_SESSION; - /* just return the session size */ - if (session_data == NULL) { - return 0; - } psession.data = session_data; From joe at manyfish.co.uk Tue Nov 29 20:31:25 2005 From: joe at manyfish.co.uk (Joe Orton) Date: Tue Nov 29 20:35:05 2005 Subject: [gnutls-dev] [PATCH] gnutls_session_get_id overflow handling In-Reply-To: <20051129134453.GA9979@manyfish.co.uk> References: <20051129134453.GA9979@manyfish.co.uk> Message-ID: <20051129193125.GA5658@manyfish.co.uk> Errr, sorry, I was completely confused and talking about the wrong function having been separately trying to track down why my _get_data usage was wrong with 1.3.0. I meant gnutls_session_get_id. In 1.3.0, gnutls_session_get_id() will silently overflow the passed-in buffer if it's too short. This is even more surprising behaviour! How does this look: (compiled and even tested) * lib/gnutls_session.c (gnutls_session_get_id): If a non-NULL buffer is given, fail if the given size is too short rather than silently overflowing the buffer. --- ./gnutls_session.c.sessid 2005-11-15 15:53:09.000000000 +0000 +++ ./gnutls_session.c 2005-11-29 19:23:29.000000000 +0000 @@ -126,13 +126,20 @@ void *session_id, size_t * session_id_size) { - *session_id_size = session->security_parameters.session_id_size; - /* just return the session size */ if (session_id == NULL) { + *session_id_size = session->security_parameters.session_id_size; return 0; } + + if (*session_id_size < session->security_parameters.session_id_size) + { + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + *session_id_size = session->security_parameters.session_id_size; + memcpy (session_id, &session->security_parameters.session_id, *session_id_size); From joe at manyfish.co.uk Tue Nov 29 22:46:23 2005 From: joe at manyfish.co.uk (Joe Orton) Date: Tue Nov 29 23:10:12 2005 Subject: [gnutls-dev] GnuTLS 1.3.0 In-Reply-To: References: Message-ID: <20051129214623.GA22333@manyfish.co.uk> Patch below fixes session caching with 1.3.0. The neon test suite is still failing in some strange ways relative to 1.0.25, so there may be some more regressions too. * lib/gnutls_session_pack.c (pack_certificate_auth_info): Initialize cert_size to zero. --- gnutls_session_pack.c.orig +++ gnutls_session_pack.c @@ -269,6 +269,8 @@ if (info) { + cert_size = 0; + for (i = 0; i < info->ncerts; i++) cert_size += info->raw_certificate_list[i].size; From joe at manyfish.co.uk Tue Nov 29 23:45:20 2005 From: joe at manyfish.co.uk (Joe Orton) Date: Tue Nov 29 23:46:58 2005 Subject: [gnutls-dev] [PATCH] gnutls.h fixes Message-ID: <20051129224520.GA3142@manyfish.co.uk> * includes/gnutls/gnutls.h.in (gnutls_session_get_data2): Add missing prototype. (gnutls_global_set_mem_functions): Rename alloc_func and free_func parameter names to avoid gcc warnings from shadowing zlib.h's types of same. --- includes/gnutls/gnutls.h.in.orig 2005-11-29 22:41:32.000000000 +0000 +++ includes/gnutls/gnutls.h.in 2005-11-29 22:40:13.000000000 +0000 @@ -326,6 +326,7 @@ */ int gnutls_session_set_data( gnutls_session_t session, const void* session_data, size_t session_data_size); int gnutls_session_get_data( gnutls_session_t session, void* session_data, size_t *session_data_size); +int gnutls_session_get_data2(gnutls_session_t session, gnutls_datum *data); /* returns the session ID */ #define GNUTLS_MAX_SESSION_ID 32 @@ -451,11 +452,11 @@ typedef void* (*gnutls_realloc_function)(void*, size_t); extern void -gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, +gnutls_global_set_mem_functions(gnutls_alloc_function galloc_func, gnutls_alloc_function secure_alloc_func, gnutls_is_secure_function is_secure_func, gnutls_realloc_function realloc_func, - gnutls_free_function free_func); + gnutls_free_function gfree_func); /* For use in callbacks */ extern gnutls_alloc_function gnutls_malloc; From nmav at gnutls.org Wed Nov 30 13:01:22 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed Nov 30 13:35:14 2005 Subject: [gnutls-dev] [PATCH] gnutls.h fixes In-Reply-To: <20051129224520.GA3142@manyfish.co.uk> References: <20051129224520.GA3142@manyfish.co.uk> Message-ID: <200511301301.22863.nmav@gnutls.org> On Tuesday 29 November 2005 23:45, Joe Orton wrote: > * includes/gnutls/gnutls.h.in (gnutls_session_get_data2): Add missing > prototype. > (gnutls_global_set_mem_functions): Rename alloc_func and free_func > parameter names to avoid gcc warnings from shadowing zlib.h's types > of same. Thank you for all the patches and the suggestions! I've commited the fixes in cvs. -- Nikos Mavrogiannopoulos