From nmav at gnutls.org Mon Apr 1 12:20:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Apr 1 12:20:01 2002 Subject: [gnutls-dev] gnutls 0.4.0 Message-ID: <20020401101757.GA9963@gnutls.org> I've just released gnutls 0.4.0 The news since 0.3.92 are: - Added support for RFC2630 (PKCS7) X.509 certificate sets - Added new functions: gnutls_x509_extract_certificate_pk_algorithm(), gnutls_openpgp_extract_key_pk_algorithm(). - Several optimizations in the Handshake protocol - Several optimizations in RSA algorithm - Unified the return values because of small buffers. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From andrew at mcdonald.org.uk Wed Apr 3 23:42:01 2002 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Wed Apr 3 23:42:01 2002 Subject: [gnutls-dev] Re: Bug#140609: mutt/gnutls improperly evaluates certificate lifetimes In-Reply-To: <20020403204849.GA4185@mcdonald.org.uk> References: <200203302120.g2ULKTFT019053@quemadura.shockwave.org> <20020402214600.GB3211@mcdonald.org.uk> <20020403204849.GA4185@mcdonald.org.uk> Message-ID: <20020403214111.GA31827@mcdonald.org.uk> reassign 140609 gnutls thanks (bcc'ed to control) On Wed, Apr 03, 2002 at 09:48:50PM +0100, Andrew McDonald wrote: [after Paul found this problem, my own testing gave:] > > A certificate that openssl shows as created at: > Apr 3 20:04:52 2002 GMT > is shown by mutt's certificate display to be created at: > Wed, 3 Apr 2002 19:04:00 > (UTC is hard coded and tacked on on the assumption that it is) > > Actually, being BST here now (since Sunday) it was created at 21:04 > local time. [see http://bugs.debian.org/140609 for previous messages] This is a gnutls bug. In lib/x509_verify.c in _gnutls_utcTime2gtime() and _gnutls_generalTime2gtime() a call is made to mktime(). mktime() takes the time in local time not UTC. Note to Nikos: this bug was seen in 0.3.5 but also exists in current CVS It isn't immediately obvious to me how to fix this. I don't think there is a GMT/UTC equivalent of mktime(). Andrew -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From nmav at gnutls.org Tue Apr 9 08:03:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Tue Apr 9 08:03:02 2002 Subject: [gnutls-dev] gnutls 0.4.1 Message-ID: <20020408182239.GA29752@gnutls.org> I've sent this message some days ago, but it seems it disappeared in the last disk crash. Thus I resend this message. I've just released gnutls 0.4.1 The changes since 0.4.0 are: - Now uses alloca() for temporary variables - Optimized RSA signing - Added functions to return the peer's certificate activation and expiration time. - Corrected time function's behaviour (the time value returned no longer relate to local timezone). PS. Has anyone tested the server side of gnutls with microsoft clients? -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org ----- End forwarded message ----- -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From andrew at mcdonald.org.uk Sun Apr 14 21:04:01 2002 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Sun Apr 14 21:04:01 2002 Subject: [gnutls-dev]minor doc fix for ...alt_name() Message-ID: <20020414190457.GA26837@mcdonald.org.uk> A minor patch is attached for the description of gnutls_x509_extract_certificate_subject_alt_name The current description talks about "dns names" where it means the more general "alternative name" - I guess this might be left over from the original gnutls_extract_dns_name() (or whatever it was called). Regards, Andrew -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ -------------- next part -------------- --- gnutls_x509.c~ Sun Apr 14 11:49:39 2002 +++ gnutls_x509.c Sun Apr 14 19:59:10 2002 @@ -479,10 +479,10 @@ * gnutls_x509_extract_certificate_subject_alt_name - This function returns the peer's alt name, if any * @cert: should contain an X.509 DER encoded certificate * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) - * @ret: is the place where dns name will be copied to + * @ret: is the place where the alt name will be copied to * @ret_size: holds the size of ret. * - * This function will return the alternative name (the dns part of it), contained in the + * This function will return the alternative names, contained in the * given certificate. * * This is specified in X509v3 Certificate Extensions. From nmav at gnutls.org Sun Apr 14 21:30:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Apr 14 21:30:02 2002 Subject: [gnutls-dev]minor doc fix for ...alt_name() In-Reply-To: <20020414190457.GA26837@mcdonald.org.uk> References: <20020414190457.GA26837@mcdonald.org.uk> Message-ID: <20020414192949.GA2477@gnutls.org> On Sun, Apr 14, 2002 at 08:04:58PM +0100, Andrew McDonald wrote: > A minor patch is attached for the description of > gnutls_x509_extract_certificate_subject_alt_name > The current description talks about "dns names" where it means the more > general "alternative name" - I guess this might be left over from the > original gnutls_extract_dns_name() (or whatever it was called). Just commited. Thank you Andrew. > Regards, > Andrew -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org