From jas at extundo.com Fri Apr 1 20:37:49 2005 From: jas at extundo.com (Simon Josefsson) Date: Fri, 01 Apr 2005 20:37:49 +0200 Subject: [gnutls-dev] please test snapshots before 1.2.1 release Message-ID: Hi! If you want to help improve the quality of the 1.2.1 release, please test the latest (non-1.0) snapshot from: http://josefsson.org/daily/gnutls/ If there are no surprises, it will go out as 1.2.1 before Monday. Thanks, Simon From jas at extundo.com Mon Apr 4 18:17:16 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon, 04 Apr 2005 18:17:16 +0200 Subject: [gnutls-dev] GnuTLS 1.2.1 Message-ID: We are pleased to announce the availability of GnuTLS 1.2.1! This is a bugfix release on the 1.2.x branch. This release is intended to be stable and we recommend all GnuTLS users to upgrade. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a privately owned company located in Stockholm, is currently funding GnuTLS maintenance, and is always looking for interesting development projects. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.1.tar.bz2 (2.4MB) http://josefsson.org/gnutls/releases/gnutls-1.2.1.tar.bz2 (2.4MB) Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.1.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.2.1.tar.bz2.sig Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the MD5/SHA1 checksums: 6445383421a06b9db3fa83bf6802677e809f2440 gnutls-1.2.1.tar.bz2 f2e0367e538c21c98a342bf019b2a4cb37158af4 gnutls-1.2.1.tar.gz dbc24634ea62b5f3bee45662c2a29f05 gnutls-1.2.1.tar.bz2 8b585f864fa3fe07389e6f322eff39e2 gnutls-1.2.1.tar.gz Noteworthy changes since version 1.2.0: - gnutls_bye() will no longer fail when RDWR is used and application data are available for reading. - Added more strict checks for the SRP parameters (g,n), when they are not in the included list. - Added warning to certtool when MD5 is being used for digital signatures. - Optimizations ("-O2 -finline-functions") are not enabled by default, instead the standard autoconf defaults are used. Use `./configure CFLAGS="-O2 -finline-functions"' to get the old optimizations. - Added the option --get-dh-params to certtool, in order to get the included in the library primes and generators. - Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to allow only trusted Version 1 CAs and introduced GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. - Nettle self tests now build properly, reported by Pierre . - Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. Reported by Yoann Vandoorselaere . - Added the functions: gnutls_x509_crt_list_import(), gnutls_x509_crq_get_attribute_by_oid(), gnutls_x509_crq_set_attribute_by_oid() and gnutls_x509_crt_set_extension_by_oid(). - If the library has been compiled with features disabled, a warning is issued during the compilation of any program. Enjoy, Nikos and Simon _______________________________________________ GNU Announcement mailing list http://lists.gnu.org/mailman/listinfo/info-gnu From mats.rojestal at bredband.net Thu Apr 14 15:30:05 2005 From: mats.rojestal at bredband.net (Mats Rojestal) Date: Thu, 14 Apr 2005 15:30:05 +0200 Subject: [gnutls-dev] Compile problem and missing symbol gc_pkcs5_pbkdf2_sha1 and a possible fix? Message-ID: <425E705D.2030600@bredband.net> I get a missing symbol when i try to build gnutls-1.2.1 and the missing symbols is gc_pkcs5_pbkdf2_sha1 however i added this patch to Makefile.in and did a configure and now it compiles and links cleanly. --Mats R --- Makefile.in.orig Mon Apr 4 17:37:12 2005 +++ Makefile.in Mon Apr 11 21:50:04 2005 @@ -127,7 +127,8 @@ auth_dhe.lo gnutls_dh_primes.lo ext_max_record.lo \ gnutls_alert.lo gnutls_str.lo gnutls_state.lo gnutls_x509.lo \ ext_cert_type.lo gnutls_rsa_export.lo auth_rsa_export.lo \ - ext_server_name.lo auth_dh_common.lo memmem.lo + ext_server_name.lo auth_dh_common.lo memmem.lo \ + ../crypto/pkcs5.lo ../crypto/gc-libgcrypt.lo am__objects_3 = ext_srp.lo gnutls_srp.lo auth_srp.lo \ auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_2) \ @@ -343,7 +344,8 @@ gnutls_ui.c gnutls_sig.c auth_dhe.c gnutls_dh_primes.c \ ext_max_record.c gnutls_alert.c gnutls_str.c gnutls_state.c \ gnutls_x509.c ext_cert_type.c gnutls_rsa_export.c \ - auth_rsa_export.c ext_server_name.c auth_dh_common.c memmem.c + auth_rsa_export.c ext_server_name.c auth_dh_common.c memmem.c \ + ../crypto/pkcs5.c ../crypto/gc-libgcrypt.c HFILES = debug.h gnutls_compress.h defines.h gnutls_cipher.h \ gnutls_buffers.h gnutls_errors.h gnutls_int.h \ @@ -360,7 +362,7 @@ gnutls_alert.h gnutls_str.h gnutls_state.h gnutls_x509.h \ ext_cert_type.h gnutls_rsa_export.h ext_server_name.h \ auth_dh_common.h ext_srp.h gnutls_srp.h auth_srp.h \ - auth_srp_passwd.h memmem.h + auth_srp_passwd.h memmem.h ../crypto/utils.h # Separate so we can create the documentation From jas at extundo.com Thu Apr 14 16:48:08 2005 From: jas at extundo.com (Simon Josefsson) Date: Thu, 14 Apr 2005 16:48:08 +0200 Subject: [gnutls-dev] Re: Compile problem and missing symbol gc_pkcs5_pbkdf2_sha1 and a possible fix? In-Reply-To: <425E705D.2030600@bredband.net> (Mats Rojestal's message of "Thu, 14 Apr 2005 15:30:05 +0200") References: <425E705D.2030600@bredband.net> Message-ID: Mats Rojestal writes: > I get a missing symbol when i try to build gnutls-1.2.1 > and the missing symbols is gc_pkcs5_pbkdf2_sha1 however i added > this patch to Makefile.in and did a configure and now it > compiles and links cleanly. That symbol should be part of crypto/libgc.la, which should be linked into libgnutls.la by lib/Makefile.am in: libgnutls_la_LIBADD = ../crypto/libgc.la x509/libgnutls_x509.la \ Can you check that gc_pkcs5_pbkdf2_sha1 is defined in crypto/libgc.la? And then why it isn't picked up by the linker when linking lib/gnutls.la? Which OS is this? Thanks. From chip at outoforder.cc Thu Apr 21 03:21:41 2005 From: chip at outoforder.cc (Paul Querna) Date: Wed, 20 Apr 2005 18:21:41 -0700 Subject: [gnutls-dev] gnutls_free_dh_info Message-ID: <42670025.5090100@outoforder.cc> Hello, I am the developer of mod_gnutls for Apache, and I recently upgraded to 1.2.1 from 1.2.0. It looks like _gnutls_free_auth_info was changed to call _gnutls_free_dh_info and _gnutls_free_rsa_info. These are attempting to free() data wrongly for me. Backtrace: #0 0x402ca354 in mallopt () from /lib/libc.so.6 #1 0x402c915f in free () from /lib/libc.so.6 #2 0x404c16c3 in _gnutls_free_datum_m (dat=0x821d950, gfree_func=0x80601ac ) at gnutls_datum.c:100 #3 0x404d8af1 in _gnutls_free_dh_info (dh=0x821d93c) at auth_dh_common.c:49 #4 0x404c2fd1 in _gnutls_unpack_certificate_auth_info (info=0x821d938, packed_session=0xbefff654) at gnutls_session_pack.c:407 #5 0x404c2bde in _gnutls_session_unpack (session=0x8252508, packed_session=0xbefff654) at gnutls_session_pack.c:286 #6 0x404bd48a in gnutls_session_set_data (session=0x8252508, session_data=0x825bda0, session_data_size=801) at gnutls_session.c:137 #7 0x404bd986 in _gnutls_server_restore_session (session=0x8252508, session_id=0x825bb1b "?7>f\034?\237\231???l??\"?\222?A???k\f\235\177qR?.\211f", session_id_size=32) at gnutls_db.c:254 #8 0x404b1c51 in _gnutls_read_client_hello (session=0x8252508, data=0x825baf8 "\003\002Bf?????", datalen=150) at gnutls_handshake.c:322 #9 0x404b5255 in _gnutls_recv_hello (session=0x8252508, data=0x825baf8 "\003\002Bf?????", datalen=150) at gnutls_handshake.c:1807 #10 0x404b3702 in _gnutls_recv_handshake (session=0x8252508, data=0x0, datalen=0x0, type=GNUTLS_CLIENT_HELLO, optional=MANDATORY_PACKET) at gnutls_handshake.c:1104 #11 0x404b6288 in _gnutls_handshake_server (session=0x8252508) at gnutls_handshake.c:2239 #12 0x404b5411 in gnutls_handshake (session=0x8252508) at gnutls_handshake.c:1962 #13 0x4049058e in gnutls_do_handshake (ctxt=0x824d518) at gnutls_io.c:366 #14 0x40490948 in mod_gnutls_filter_input (f=0x82515a0, bb=0x8253e98, mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0) at gnutls_io.c:442 #15 0x0807cd63 in ap_get_brigade (next=0x82515a0, bb=0x4659a318, mode=1180279576, block=1180279576, readbytes=136436216) at util_filter.c:489 #16 0x0807cd63 in ap_get_brigade (next=0x8253e38, bb=0x4659a318, mode=1180279576, block=1180279576, readbytes=136436216) at util_filter.c:489 #17 0x08066d1e in ap_rgetline_core (s=0x8253070, n=8192, read=0xbefff980, r=0x8253058, fold=0, bb=0x8253e98) at protocol.c:215 #18 0x08067297 in read_request_line (r=0x8253058, bb=0x8253e98) at protocol.c:580 #19 0x08067a61 in ap_read_request (conn=0x82373f8) at protocol.c:872 #20 0x0807d248 in ap_process_http_connection (c=0x82373f8) at http_core.c:165 #21 0x08079eb5 in ap_run_process_connection (c=0x82373f8) at connection.c:43 #22 0x08083a51 in process_socket (p=0x8237210, sock=0x8237248, my_child_num=1043843360, my_thread_num=1180279576, bucket_alloc=0x4659a318) at worker.c:521 #23 0x0808422a in worker_thread (thd=0x4659a318, dummy=0x4659a318) at worker.c:859 #24 0x401be466 in dummy_worker (opaque=0x4659a318) at threadproc/unix/thread.c:138 #25 0x40209e51 in pthread_start_thread () from /lib/libpthread.so.0 #26 0x40209ecf in pthread_start_thread_event () from /lib/libpthread.so.0 #27 0x4032f92a in clone () from /lib/libc.so.6 I have had time to look at how to fix this, but I was wondering if this was a known problem? On a sidenote, I have Server Name Indication for TLS 1.1 working in my development tree, and I hope to release a version of mod_gnutls that supports this sometime this coming weekend. Thanks, -Paul Querna From nmav at gnutls.org Thu Apr 21 09:03:56 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 21 Apr 2005 09:03:56 +0200 Subject: [gnutls-dev] gnutls_free_dh_info In-Reply-To: <42670025.5090100@outoforder.cc> References: <42670025.5090100@outoforder.cc> Message-ID: <200504210903.56415.nmav@gnutls.org> On Thursday 21 April 2005 03:21, Paul Querna wrote: > Hello, > > I am the developer of mod_gnutls for Apache, and I recently upgraded to > 1.2.1 from 1.2.0. > It looks like _gnutls_free_auth_info was changed to call > _gnutls_free_dh_info and _gnutls_free_rsa_info. These are attempting to > free() data wrongly for me. Hello Paul, Does the following patch to gnutls, solves this problem? Does this only happen while resuming sessions? It seems I was freeing data from a stored session (that probably have been freed before). -- Nikos Mavrogiannopoulos -------------- next part -------------- Index: gnutls_session_pack.c =================================================================== RCS file: /cvs/gnutls/gnutls/lib/gnutls_session_pack.c,v retrieving revision 2.29 diff -u -r2.29 gnutls_session_pack.c --- gnutls_session_pack.c 19 Mar 2005 14:24:44 -0000 2.29 +++ gnutls_session_pack.c 21 Apr 2005 06:58:56 -0000 @@ -178,6 +178,8 @@ return pack_size; } +/* Load session data from a buffer. + */ int _gnutls_session_unpack(gnutls_session_t session, const gnutls_datum_t * packed_session) { @@ -255,7 +257,6 @@ /* Delete the DH parameters. (this might need to be moved to a function) */ info = session->key->auth_info; - _gnutls_free_dh_info( &info->dh); memset(&info->dh, 0, sizeof(dh_info_st)); } break; @@ -389,7 +390,8 @@ return pack_size + PACK_HEADER_SIZE + sizeof(uint32); } - +/* Load session data. + */ int _gnutls_unpack_certificate_auth_info(cert_auth_info_t info, const gnutls_datum_t * packed_session) @@ -404,8 +406,6 @@ /* Delete the dh_info_st and rsa_info_st fields. */ - _gnutls_free_dh_info( &info->dh); - _gnutls_free_rsa_info( &info->rsa_export); memset(&info->dh, 0, sizeof(dh_info_st)); memset(&info->rsa_export, 0, sizeof(rsa_info_st)); From chip at outoforder.cc Thu Apr 21 17:57:38 2005 From: chip at outoforder.cc (Paul Querna) Date: Thu, 21 Apr 2005 08:57:38 -0700 Subject: [gnutls-dev] gnutls_free_dh_info In-Reply-To: <200504210903.56415.nmav@gnutls.org> References: <42670025.5090100@outoforder.cc> <200504210903.56415.nmav@gnutls.org> Message-ID: <4267CD72.8070206@outoforder.cc> Nikos Mavrogiannopoulos wrote: >On Thursday 21 April 2005 03:21, Paul Querna wrote: > > >>Hello, >> >>I am the developer of mod_gnutls for Apache, and I recently upgraded to >>1.2.1 from 1.2.0. >>It looks like _gnutls_free_auth_info was changed to call >>_gnutls_free_dh_info and _gnutls_free_rsa_info. These are attempting to >>free() data wrongly for me. >> >> >Hello Paul, > Does the following patch to gnutls, solves this problem? >Does this only happen while resuming sessions? >It seems I was freeing data from a stored session (that probably have >been freed before). > > > Yup, The patch stops the crashing. Thanks. -Paul From jas at extundo.com Fri Apr 22 01:11:50 2005 From: jas at extundo.com (Simon Josefsson) Date: Fri, 22 Apr 2005 01:11:50 +0200 Subject: [gnutls-dev] Please test GnuTLS 1.2.2rc! (was: Re: gnutls_free_dh_info) In-Reply-To: <4267CD72.8070206@outoforder.cc> (Paul Querna's message of "Thu, 21 Apr 2005 08:57:38 -0700") References: <42670025.5090100@outoforder.cc> <200504210903.56415.nmav@gnutls.org> <4267CD72.8070206@outoforder.cc> Message-ID: Paul Querna writes: > Yup, The patch stops the crashing. Thanks. Thank for testing! This appears to be a serious bug, so we will release 1.2.2 on Sunday. However, I have installed some major internal changes wrt how #include's are handled to CVS. (More cleanups are planned.) I have built this version on many platforms, but there could be serious issues left. Hence: Please download, build and test http://josefsson.org/daily/gnutls/gnutls-20050422.tar.gz as if it were the final 1.2.2 release. If there are non-trivial problems with it, we will make 1.2.2 be the same as 1.2.1 plus the patch to fix the crash, instead. The NEWS entries read: * Version 1.2.2 - gnutls_error_to_alert() now considers GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. - Fixed error in session resuming that could cause a crash in a session. - Fixed pkcs12 friendly name and local key identifier decoding. - Internal cleanups, removed duplicate typedef/struct definitions, and made source code include external include file, to check function prototypes during compile time. - API and ABI modifications: No changes since last version. Thanks, Simon From chip at outoforder.cc Mon Apr 25 09:30:55 2005 From: chip at outoforder.cc (Paul Querna) Date: Mon, 25 Apr 2005 00:30:55 -0700 Subject: [gnutls-dev] Re: Please test GnuTLS 1.2.2rc! In-Reply-To: References: <42670025.5090100@outoforder.cc> <200504210903.56415.nmav@gnutls.org> <4267CD72.8070206@outoforder.cc> Message-ID: <426C9CAF.3080505@outoforder.cc> Simon Josefsson wrote: >Paul Querna writes: > > > >>Yup, The patch stops the crashing. Thanks. >> >> > >Thank for testing! > >This appears to be a serious bug, so we will release 1.2.2 on Sunday. > >However, I have installed some major internal changes wrt how >#include's are handled to CVS. (More cleanups are planned.) I have >built this version on many platforms, but there could be serious >issues left. Hence: > >Please download, build and test > >http://josefsson.org/daily/gnutls/gnutls-20050422.tar.gz > >as if it were the final 1.2.2 release. > >If there are non-trivial problems with it, we will make 1.2.2 be the >same as 1.2.1 plus the patch to fix the crash, instead. > >The NEWS entries read: > >* Version 1.2.2 >- gnutls_error_to_alert() now considers > GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. >- Fixed error in session resuming that could cause a crash in a session. >- Fixed pkcs12 friendly name and local key identifier decoding. >- Internal cleanups, removed duplicate typedef/struct definitions, > and made source code include external include file, to check > function prototypes during compile time. >- API and ABI modifications: > No changes since last version. > > FYI, this nightly has been working great for me. Running on FreeBSD and Linux. -Paul From jas at extundo.com Mon Apr 25 12:19:33 2005 From: jas at extundo.com (Simon Josefsson) Date: Mon, 25 Apr 2005 12:19:33 +0200 Subject: [gnutls-dev] GnuTLS 1.2.2 Message-ID: We are pleased to announce the availability of GnuTLS 1.2.2! This is a bugfix release on the 1.2.x branch. Among other things, this release fixes a serious double memory de-allocation problem. Also included are my initial work on cleaning up the #include file situation. The source code files now include the public header file for most data types, instead of duplicating possibly stale prototypes. Note that this has not been tested extensively, although I have had some positive reports. Your feedback is needed for deciding whether to possibly back this change out. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a privately owned company located in Stockholm, is currently funding GnuTLS maintenance, and is always looking for interesting development projects. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.2.tar.bz2 (2.4MB) http://josefsson.org/gnutls/releases/gnutls-1.2.2.tar.bz2 (2.4MB) Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.2.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.2.2.tar.bz2.sig Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the MD5/SHA1 checksums: 2f7e1343fa1565a1cf5ebb2a02d63abc8f036b2a gnutls-1.2.2.tar.bz2 633a89a8a751d35a49dffe8007203b06b1ebe65b gnutls-1.2.2.tar.bz2.sig 63e618657561a1a185b31ea8f4da895b gnutls-1.2.2.tar.bz2 c7e82a42c43a878d68f920dfc7a66980 gnutls-1.2.2.tar.bz2.sig Noteworthy changes since version 1.2.1: - gnutls_error_to_alert() now considers GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. - Fixed error in session resuming that could cause a crash in a session. - Fixed pkcs12 friendly name and local key identifier decoding. - Internal cleanups, removed duplicate typedef/struct definitions, and made source code include external include file, to check function prototypes during compile time. - API and ABI modifications: No changes since last version. At least not intentional, but due to the include header changes, there may be inadvertant changes, please let us know if you find any. Enjoy, Nikos and Simon From nmav at gnutls.org Thu Apr 28 09:25:38 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 28 Apr 2005 09:25:38 +0200 Subject: [gnutls-dev] Re: [Help-gnutls] certtool and win2k In-Reply-To: <20050426000513.GA4784@suffields.me.uk> References: <20050425182449.GA7181@suffields.me.uk> <200504252129.04759.nmav@gnutls.org> <20050426000513.GA4784@suffields.me.uk> Message-ID: <200504280925.38548.nmav@gnutls.org> On Tuesday 26 April 2005 02:05, Andrew Suffield wrote: > On Mon, Apr 25, 2005 at 09:29:04PM +0200, Nikos Mavrogiannopoulos wrote: > > On Monday 25 April 2005 20:24, Andrew Suffield wrote: > > > Has anybody managed to get certtool/gnutls-generated keys to work with > > > win2k? I started out with a weird problem, and eventually tracked it > > > down to something that makes no sense to me at all: > > Hello Andrew, > > can win2k import the attached key? > Nope. I've updated the library to generate the proper coefficient now. If desired old keys can be fixed to contain the correct parameters with the new certtool (certtool -k newkey). This does not change the secret key, but rather some parameters that depend on it. -- Nikos Mavrogiannopoulos From jas at extundo.com Thu Apr 28 13:06:48 2005 From: jas at extundo.com (Simon Josefsson) Date: Thu, 28 Apr 2005 13:06:48 +0200 Subject: [gnutls-dev] GnuTLS 1.2.3 and 1.0.25 Message-ID: We are pleased to announce the availability of two new GnuTLS releases; GnuTLS 1.2.3 and GnuTLS 1.0.25! These releases were prompted by the discovery of a denial of service problem. We recommend 1.0 users to move to 1.2. We will continue to make releases on the old branch when security problems are discovered, for those who feel unable to upgrade. We do not have the resources to analyze and write an explanation of this security problem. Volunteers who want to read the bug reports and the CVS changes, and write up an explanation in plain English, are most welcome! Having a detailed track record of security problems can be a useful reference when discussing security in free software packages in general. Naturally, if you wish to sponsor us to do this work for you, please contact me. PS. The ftp.gnutls.org server appear down at the moment, but the files below will be available as soon as possible. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: http://josefsson.org/gnutls/releases/gnutls-1.0.25.tar.gz (1.5MB) ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.25.tar.gz (1.5MB) http://josefsson.org/gnutls/releases/gnutls-1.2.3.tar.bz2 (2.4MB) ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.3.tar.bz2 (2.4MB) Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.0.25.tar.gz.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.25.tar.gz.sig http://josefsson.org/gnutls/releases/gnutls-1.2.3.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.3.tar.bz2.sig Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the MD5/SHA1 checksums: 3585b5b204135e51e0efc9084b3e028b gnutls-1.0.25.tar.gz 80527e5a5d17e199cb8a2848178990a6 gnutls-1.0.25.tar.gz.sig e790b848b9aa1e98d8f28ecf522d8e5dc7e0cb0b gnutls-1.0.25.tar.gz 7db580ff783bcfb2febe5085f3a3ad10d76d5508 gnutls-1.0.25.tar.gz.sig 4986c2bf8ce533d6b5d4dd6f9f1bbdf1 gnutls-1.2.3.tar.bz2 04a61b016ae24c4b7983c2373c9e023c gnutls-1.2.3.tar.bz2.sig 78e1b92a9d818479faca9042d446eed61770fb17 gnutls-1.2.3.tar.bz2 c3ccbd42db7918e5d1f69dbdd40e755f8fa5a985 gnutls-1.2.3.tar.bz2.sig Noteworthy changes since version 1.0.24/1.2.3: - Corrected bug in record packet parsing that could lead to a denial of service attack. - Corrected bug in RSA key export. Previously exported keys can be fixed using certtool. Use certtool -k outfile - API and ABI modifications: gnutls_x509_privkey_fix(): Add. Enjoy, Nikos and Simon From unleashed at amule.org Sat Apr 30 19:16:44 2005 From: unleashed at amule.org (Alex Unleashed) Date: Sat, 30 Apr 2005 19:16:44 +0200 Subject: [gnutls-dev] MD4 support Message-ID: <1114881404.11072.8.camel@localhost> Hi folks, this should probably go to users mailing list, but I've been unable to subscribe today because the host seems to be down, and decided to post here. Sorry if this causes you any inconvenience. My problem is that I'm porting a GPL'd app from openssl to gnutls and I need MD4 support, which gnutls seems to lack in current releases. Is there any plan (or chance) to include it in the future? Regards, Alex From jas at extundo.com Sat Apr 30 19:58:54 2005 From: jas at extundo.com (Simon Josefsson) Date: Sat, 30 Apr 2005 19:58:54 +0200 Subject: [gnutls-dev] Re: MD4 support In-Reply-To: <1114881404.11072.8.camel@localhost> (Alex Unleashed's message of "Sat, 30 Apr 2005 19:16:44 +0200") References: <1114881404.11072.8.camel@localhost> Message-ID: Alex Unleashed writes: > Hi folks, > > this should probably go to users mailing list, but I've been unable to > subscribe today because the host seems to be down, and decided to post > here. Sorry if this causes you any inconvenience. Hi Alex, and welcome! Since your post is about missing functionality, the dev list seem fine. > My problem is that I'm porting a GPL'd app from openssl to gnutls and I > need MD4 support, which gnutls seems to lack in current releases. Is > there any plan (or chance) to include it in the future? Perhaps, if we can learn exactly what you need and why. MD4 isn't mentioned in RFC 2246, as far as I can tell, so isn't used by TLS directly. Do you need it for X.509 certificate signatures? Thanks, Simon From unleashed at amule.org Sat Apr 30 21:38:00 2005 From: unleashed at amule.org (Alex Unleashed) Date: Sat, 30 Apr 2005 21:38:00 +0200 Subject: [gnutls-dev] Re: MD4 support In-Reply-To: References: <1114881404.11072.8.camel@localhost> Message-ID: <1114889880.10955.2.camel@localhost> Oops, I just realized I didn't reply to the list! Oh well... :) El s?b, 30-04-2005 a las 19:58 +0200, Simon Josefsson escribi?: > Perhaps, if we can learn exactly what you need and why. MD4 isn't > mentioned in RFC 2246, as far as I can tell, so isn't used by TLS > directly. Do you need it for X.509 certificate signatures? No, MD4 is not appropriate for that, AFAIK it's broken. I need it to generate file digests as in those used by the eDonkey2000 P2P protocol. Due to license issues[1] I must drop OpenSSL and I'm looking for alternatives. So far gnutls covers my needs regarding eMule's SecurId extensions, but MD4 is missing. My option right now is to implement it myself, which I think is not a good idea. Hence the question. But... maybe it's not interesting for gnutls to include support for MD4 as it's becoming less and less used, and as you say it's not mentioned in RFC 2246. Thanks for your timely answer. [1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html Regards, Alex From nmav at gnutls.org Sat Apr 30 21:43:02 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 30 Apr 2005 21:43:02 +0200 Subject: [gnutls-dev] Re: MD4 support In-Reply-To: <1114889880.10955.2.camel@localhost> References: <1114881404.11072.8.camel@localhost> <1114889880.10955.2.camel@localhost> Message-ID: <200504302143.03366.nmav@gnutls.org> On Saturday 30 April 2005 21:38, Alex Unleashed wrote: > Due to license issues[1] I must drop OpenSSL and I'm looking for > alternatives. So far gnutls covers my needs regarding eMule's SecurId > extensions, but MD4 is missing. My option right now is to implement it > myself, which I think is not a good idea. Hence the question. You'd better use libgcrypt directly for that hash. As far as I know it includes md4. -- Nikos Mavrogiannopoulos