From simon at josefsson.org Sat Dec 1 10:54:40 2007 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 01 Dec 2007 10:54:40 +0100 Subject: [gnutls-dev] Consider 2.1.6 a release candidate for 2.2! In-Reply-To: <200711302157.27116.nmav@gnutls.org> (Nikos Mavrogiannopoulos's message of "Fri, 30 Nov 2007 21:57:26 +0200") References: <87k5ohdu5q.fsf@mocca.josefsson.org> <87fxypthsd.fsf@mocca.josefsson.org> <8763zjwrum.fsf@wheatstone.g10code.de> <200711302157.27116.nmav@gnutls.org> Message-ID: <87lk8e4u5b.fsf@mocca.josefsson.org> Nikos Mavrogiannopoulos writes: > On Friday 30 November 2007, Werner Koch wrote: >> On Thu, 29 Nov 2007 12:25, simon at josefsson.org said: >> > Ah, I see. If we wait for libgcrypt to become stable (which was only a >> > few weeks away if I understand correctly), will it be uploaded into >> >> Well, you force me to release it sooner than expected. I will do a new >> devel release the next days and ask people to test it on several >> platforms - in particular on VIA to see that I did not broke anything. >> >> A final release can then be done in ~10 days which would fit your >> release plan I hope. > > Maybe we can depend on libgcrypt 1.2.x temporarily. The functionality that we > lose is the DSA2 signing, which is not so critical to be included now. Yes, I think this is better, if the release schedule libgcrypt is a problem. I see you committed this, thanks. GnuTLS 2.2 will only need libgcrypt 1.2.x then. /Simon From ametzler at downhill.at.eu.org Sat Dec 1 20:16:47 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 1 Dec 2007 20:16:47 +0100 Subject: [gnutls-dev] Please update lib-link.m4 Message-ID: <20071201191647.GH7656@downhill.g.la> Hello, the old verion of lib-link.m4 (serial 9) in gnutls 2.1.7 results in adding a unnecessary -L/usr/lib to the link line for every single found library. (e.g. opencdk or zlib): (cd /tmp/GNUTLS/gnutls25-2.1.6/libextra; /bin/bash ../libtool --tag=CC --mode=relink cc -std=gnu99 -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -pipe -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -Wno-pointer-sign -no-undefined -L/usr/lib -lopencdk -L/usr/lib -lgcrypt -L/usr/lib -lgpg-error -L/usr/lib -lnsl -L/usr/lib -lz -version-info 25:1:0 -llzo2 -Wl,--version-script=./libgnutls-extra.vers -o libgnutls-extra.la -rpath /usr/lib gnutls_extra.lo gnutls_openpgp.lo gnutls_ia.lo openpgp/libgnutls_openpgp.la ../lgl/liblgnu.la ../lib/libgnutls.la -inst-prefix-dir /tmp/GNUTLS/gnutls25-2.1.6/debian/tmp/) The additional -L/usr/lib causes libtool to choose the wrong -lgnutls, prefereing the one in /usr/lib (if it exists) over the newly generated one in DESTDIR/usr/lib. Upgrading lib-link.m4 from serial 9 to serial 13 gets rid of almost all instances of -L/usr/lib: (cd /tmp/GNUTLS/gnutls26-2.1.7/libextra; /bin/bash ../libtool --tag=CC --mode=relink cc -std=gnu99 -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -pipe -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -Wno-pointer-sign -no-undefined -lopencdk -version-info 26:0:0 -llzo2 -Wl,--version-script=./libgnutls-extra.vers -o libgnutls-extra.la -rpath /usr/lib gnutls_extra.lo gnutls_openpgp.lo gnutls_ia.lo openpgp/libgnutls_openpgp.la ../lgl/liblgnu.la ../lib/libgnutls.la -inst-prefix-dir /tmp/GNUTLS/gnutls26-2.1.7/debian/tmp/) Please upgrade lib-link.m4 thanks, cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From wk at gnupg.org Mon Dec 3 11:27:18 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Dec 2007 11:27:18 +0100 Subject: [gnutls-dev] Consider 2.1.6 a release candidate for 2.2! In-Reply-To: <87lk8e4u5b.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Sat, 01 Dec 2007 10:54:40 +0100") References: <87k5ohdu5q.fsf@mocca.josefsson.org> <87fxypthsd.fsf@mocca.josefsson.org> <8763zjwrum.fsf@wheatstone.g10code.de> <200711302157.27116.nmav@gnutls.org> <87lk8e4u5b.fsf@mocca.josefsson.org> Message-ID: <874pf0ul89.fsf@wheatstone.g10code.de> On Sat, 1 Dec 2007 10:54, simon at josefsson.org said: > Yes, I think this is better, if the release schedule libgcrypt is a > problem. I see you committed this, thanks. GnuTLS 2.2 will only need I just release 1.3.2 and if no major problems are found I can do 1.4.0 on next Monday. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From simon at josefsson.org Mon Dec 3 11:43:53 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 03 Dec 2007 11:43:53 +0100 Subject: [gnutls-dev] Please update lib-link.m4 In-Reply-To: <20071201191647.GH7656@downhill.g.la> (Andreas Metzler's message of "Sat, 1 Dec 2007 20:16:47 +0100") References: <20071201191647.GH7656@downhill.g.la> Message-ID: <874pf0njme.fsf@mocca.josefsson.org> Hi! Interesting. We import lib-link.m4 from gnulib, so we should have the latest version. However, it seems that lib-link.m4 is imported by gettext as well, and for some reason that version is included by 'make dist'. The ordering of -I's in ACLOCAL_AMFLAGS doesn't seem to matter. I've installed a cludge to overwrite the gettext files with the gnulib files, but I'll bring this up on the gnulib list as well, to possibly find out what the recommended solution is. Installing gettext 0.17 under /usr/local/ doesn't seem to help either, it still uses the M4 files from /usr. And for some reason, the debian package of gettext 0.17 haven't been built for i386, so I can't update the coy in /usr. I'll file a bug about that... I think we'll need another pre-release to confirm that this is solved. /Simon Andreas Metzler writes: > Hello, > > the old verion of lib-link.m4 (serial 9) in gnutls 2.1.7 results in > adding a unnecessary -L/usr/lib to the link line for every single > found library. (e.g. opencdk or zlib): > > (cd /tmp/GNUTLS/gnutls25-2.1.6/libextra; /bin/bash ../libtool --tag=CC --mode=relink cc -std=gnu99 -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -pipe -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -Wno-pointer-sign -no-undefined -L/usr/lib -lopencdk -L/usr/lib -lgcrypt -L/usr/lib -lgpg-error -L/usr/lib -lnsl -L/usr/lib -lz -version-info 25:1:0 -llzo2 -Wl,--version-script=./libgnutls-extra.vers -o libgnutls-extra.la -rpath /usr/lib gnutls_extra.lo gnutls_openpgp.lo gnutls_ia.lo openpgp/libgnutls_openpgp.la ../lgl/liblgnu.la ../lib/libgnutls.la -inst-prefix-dir /tmp/GNUTLS/gnutls25-2.1.6/debian/tmp/) > > > The additional -L/usr/lib causes libtool to choose the wrong -lgnutls, > prefereing the one in /usr/lib (if it exists) over the newly generated > one in DESTDIR/usr/lib. > > > > Upgrading lib-link.m4 from serial 9 to serial 13 gets rid of almost all > instances of -L/usr/lib: > > (cd /tmp/GNUTLS/gnutls26-2.1.7/libextra; /bin/bash ../libtool --tag=CC --mode=relink cc -std=gnu99 -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -pipe -g -Wall -O2 -D_REENTRANT -D_THREAD_SAFE -Wno-pointer-sign -no-undefined -lopencdk -version-info 26:0:0 -llzo2 -Wl,--version-script=./libgnutls-extra.vers -o libgnutls-extra.la -rpath /usr/lib gnutls_extra.lo gnutls_openpgp.lo gnutls_ia.lo openpgp/libgnutls_openpgp.la ../lgl/liblgnu.la ../lib/libgnutls.la -inst-prefix-dir /tmp/GNUTLS/gnutls26-2.1.7/debian/tmp/) > > Please upgrade lib-link.m4 > > thanks, cu andreas > -- > `What a good friend you are to him, Dr. Maturin. His other friends are > so grateful to you.' > `I sew his ears on from time to time, sure' From alon.barlev at gmail.com Tue Dec 4 12:52:30 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Tue, 4 Dec 2007 13:52:30 +0200 Subject: [gnutls-dev] gnome-keyring PKCS#11 provider implemented In-Reply-To: <20071203204640.22A2B94C8A9@mx.npubs.com> References: <20071203204640.22A2B94C8A9@mx.npubs.com> Message-ID: <9e0cf0bf0712040352k5f63d1a3h8cf70e6c8555889e@mail.gmail.com> On 12/3/07, Stef Walter wrote: > My email to gnutls-dev didn't seem to make it there, but I figured you > guys would be interested in this: > > > It took longer than I initially thought, but gnome-keyring now has a > working PKCS#11 provider. It supports with RSA and DSA keys, > certificates etc. and integrates them with the user's login keyring. > > Some details: > http://live.gnome.org/GnomeKeyring/CertificatesKeys > http://live.gnome.org/GnomeKeyring/ApplicationSetup > http://live.gnome.org/GnomeKeyring > > Implementation notes: > http://live.gnome.org/GnomeKeyring/Cryptoki > > The gnome-keyring PKCS#11 provider is probably a bit young and naive, > and I'd like to make sure that it works with GnuTLS. > > In fact I'd be overjoyed if someone with more crypto knowledge than me > took a look and made sure it's doing things correctly. > > The code is in the SVN trunk of gnome-keyring (slated for GNOME 2.22): > http://svn.gnome.org/svn/gnome-keyring/trunk/ > > Cheers, > Stef Walter > > These are great news! You can use the test program of gnutls-pkcs11 to test if it works with GnuTLS: http://alon.barlev.googlepages.com/gnutls-pkcs11 This requires pkcs11-helper dependency from: http://www.opensc-project.org/pkcs11-helper Be sure to configure this with --enable-crypto-engine-gnutls You can run the test program: src/gnutls-pkcs11-cli --add-provider=@@PROVIDER@@ --cmd=ids src/gnutls-pkcs11-cli --add-provider=/usr/lib/pkcs11/libasepkcs.so --cmd=connect --pkcs11-id='@@PKCS#11 ID@@' --host=localhost --port=443 You can test this with some of my other solutions, you can use it with OpenSSH, OpenVPN, eCryptfs, gnupg-pkcs11-scd, these are compete applications, so it would be easier. References: http://alon.barlev.googlepages.com/open-source I currently support only RSA based keys. I've never seen (touched) a token that supports DSA... :) But I will be happy to extend this to DSA as well. I also appreciate if you can send me the output of: pkcs11-dump info @@PROVIDER@@ pkcs11-dump slotlist @@PROVIDER@@ pkcs11-dump dump @@PROVIDER@@ @@SLOT@@ @@PIN@@ pkcs11-dump available from: http://alon.barlev.googlepages.com/pkcs11-utilities Best Regards, Alon Bar-Lev. From simon at josefsson.org Mon Dec 10 00:28:37 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2007 00:28:37 +0100 Subject: [gnutls-dev] GnuTLS presentation at FSCONS Message-ID: <877ijnjvmi.fsf@mocca.josefsson.org> I gave a presentation about GnuTLS at FSCONS on December 8th, and the presentation is available online: http://josefsson.org/fscons/fscons-gnutls.pdf For info about FSCONS (although over for now), see: http://fscons.org/ The organizers will put videos of the presentation online eventually, and I'll follow up with a link to it when it is available. /Simon From simon at josefsson.org Mon Dec 10 12:38:20 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2007 12:38:20 +0100 Subject: [gnutls-dev] GnuTLS 2.1.8 Message-ID: <87odcyrd8z.fsf@mocca.josefsson.org> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available Url : /pipermail/attachments/20071210/35bc736b/attachment.pgp From simon at josefsson.org Mon Dec 10 15:42:30 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2007 15:42:30 +0100 Subject: [gnutls-dev] GnuTLS 2.1.8 In-Reply-To: <87odcyrd8z.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Mon, 10 Dec 2007 12:38:20 +0100") References: <87odcyrd8z.fsf@mocca.josefsson.org> Message-ID: <87k5nmd31l.fsf@mocca.josefsson.org> Simon Josefsson writes: > Consider this a release candidate for version 2.2. I plan to release > this on December 13th if there are no serious reports. I've branched off gnutls_2_2_x from 2.1.8, in case you are wondering why git master (soon) contains gnutls 2.3.x stuff. /Simon From simon at josefsson.org Mon Dec 10 17:13:22 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2007 17:13:22 +0100 Subject: [gnutls-dev] Libtasn1 1.2 Message-ID: <87sl2a34v1.fsf@mocca.josefsson.org> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available Url : /pipermail/attachments/20071210/d3f6bf47/attachment.pgp