From jas at extundo.com Fri Jan 7 02:48:06 2005 From: jas at extundo.com (Simon Josefsson) Date: Fri, 07 Jan 2005 02:48:06 +0100 Subject: [gnutls-dev] Last call for 1.2 Message-ID: In case someone on this list missed the following, from help-gnutls, I'm forwarding it: Unless anyone speak up and tell us what's wrong with the 1.1.x branch, I will release it as version 1.2 when/if I get back from skiing. You have two weeks. Thanks, Simon From jas at extundo.com Tue Jan 18 19:57:43 2005 From: jas at extundo.com (Simon Josefsson) Date: Tue, 18 Jan 2005 19:57:43 +0100 Subject: [gnutls-dev] GnuTLS 1.0.24 Message-ID: The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.24.tar.gz (1.6MB) http://josefsson.org/gnutls/releases/gnutls-1.0.24.tar.gz (1.6MB) Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.24.tar.gz.sig http://josefsson.org/gnutls/releases/gnutls-1.0.24.tar.gz.sig Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the MD5/SHA1 checksums: 3debf25f86c8d42670719f654bb19f5e gnutls-1.0.24.tar.gz 7dd74da88c9ed1f1b6bddf60f7a337ee gnutls-1.0.24.tar.gz.sig 556ad2afbf25ed833cb87ede8da208ec52ea1933 gnutls-1.0.24.tar.gz d493748999f1f8eee81980fa1d50517450f8bd82 gnutls-1.0.24.tar.gz.sig Noteworthy changes since the last release: - Corrected several bugs found by Marcin Garski From jas at extundo.com Tue Jan 18 19:31:18 2005 From: jas at extundo.com (Simon Josefsson) Date: Tue, 18 Jan 2005 19:31:18 +0100 Subject: [gnutls-dev] GnuTLS 1.1.23 aka 1.2.0rc1 Message-ID: All: This will hopefully be the final 1.1.x release. The 1.1 branch will be dubbed stable and released as 1.2.0 within a few days. Please test this release as if it were the final 1.2.0. This release is almost the same as the daily snapshots for the past week. If you tested one of those, you have already helped us. I think version 1.2 is supposed to be a simple drop-in for 1.0 applications. If you need to modify your application, written for 1.0, to work with this release, we want to know about it now. If you have reported anything, but not received an answer, or an answer that indicate that we will fix something in the future, you need to remind us. I don't recall any pending issues, except for the snprintf issue that we will not be able to fix before 1.2.0. You can use the Savannah bug tracker to make sure we don't forget your bug: . Enjoy, Simon The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.1.23.tar.bz2 (2.1MB) http://josefsson.org/gnutls/releases/gnutls-1.1.23.tar.bz2 (2.1MB) Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.1.23.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.1.23.tar.bz2.sig Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the MD5/SHA1 checksums: 0b7d0d66f5ffff1ede40a38d8d2ac478 gnutls-1.1.23.tar.bz2 c54decb90adefc8e2b79f1024ef9d402 gnutls-1.1.23.tar.bz2.sig 576ed465239c88df0a5f5ac3e575375f95c52838 gnutls-1.1.23.tar.bz2 c7ff350cef37d70ec24a51d4acaddacd93c769ab gnutls-1.1.23.tar.bz2.sig Noteworthy changes since the last release: - It is now possible to generate PKCS#12 structures without private keys using "certtool --to-p12", suggested by Fabian Fagerholm . - Certtool now prints information for the RSA and DSA parameters of certificates and private keys. - Corrected the write of CRL distribution points. - The certificate chain verification function now checks certificates in the reverse order to minimize the spent resources. - Corrected several bugs found by Marcin Garski - The functions gnutls_x509_crl_get_issuer_dn, gnutls_x509_crq_get_dn, gnutls_x509_crt_get_issuer_dn, gnutls_x509_crt_get_dn, and gnutls_x509_rdn_get now set *sizeof_buf to the buffer length that is required, instead of the string length. That is, the value has been incremented by 1 to account for the terminating zero. Reported by Martin Lambers . - Debug output shouldn't crash on platforms that doesn't handle NULL printf %s values. Reported by Michael.Ringe at aachen.utimaco.de. - Sync included copy of libtasn1 with version 0.2.13. - Client X.509 authenticated connections via gnutls-cli should now work again. From jas at extundo.com Tue Jan 18 20:49:30 2005 From: jas at extundo.com (Simon Josefsson) Date: Tue, 18 Jan 2005 20:49:30 +0100 Subject: [gnutls-dev] Looking for sponsors Message-ID: With the upcoming 1.2 branch, I'm looking for sponsors that can support my work on GnuTLS. Currently, I fund all my work on GnuTLS personally. Given other assignments, I find that my time on GnuTLS has been limited to (barely) following bug reports, and making releases from time to time. I'd like to be able to do more active development, if possible. I'd like to believe that I am knowledgeable enough to take on most TLS related development projects, ranging from embedded platform tweaks to protocol extensions and research projects. So if you have, or know someone that have, an interesting project that involve TLS, please let me know. I think GnuTLS could use a general code cleanup and code audit. If anyone wish to sponsor such an effort, I believe that would be very valuable for all GnuTLS users. If you like my work on GnuTLS, also please consider making a donation, to help me keep thinking general maintenance work is fun. Sponsor something good and you could even be mentioned in the 1.2.0 release announcement! :-) Thanks, Simon From gnutls-dev at mlists.thewrittenword.com Fri Jan 21 17:46:52 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Fri, 21 Jan 2005 10:46:52 -0600 Subject: [gnutls-dev] libtasn1-0.2.13 patches Message-ID: <20050121164652.GB23083@mail1.thewrittenword.com> 1. [lib/libtasn1.pc, configure.in, lib/Makefile.am] Add pkg-config file. 2. [configure.in] Convert to use of $GCC to test if GCC is available. 3. [configure.in] Redirect STDERR to /dev/null when determining if GNU as available to avoid useless error message if not. 4. [configure.in] Remove extra commas after check for bzero memset memmove bcopy. 5. [configure.in] Convert to AC_MSG_NOTICE rather than AC_MSG_RESULT for status messages. -- albert chin (china at thewrittenword.com) -- snip snip --- /dev/null 2004-11-12 10:15:27.000000000 -0600 +++ lib/libtasn1.pc.in 2005-01-21 03:20:21.000000000 -0600 @@ -0,0 +1,10 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: libtasn1 +Description: Library for ASN.1 and DER manipulation +Version: @VERSION@ +Libs: -L${libdir} -ltasn1 +Cflags: -I${includedir} --- configure.in.orig 2005-01-21 03:01:18.000000000 -0600 +++ configure.in 2005-01-21 10:40:29.000000000 -0600 @@ -20,9 +20,7 @@ AC_PROG_INSTALL AM_MISSING_PROG(PERL,perl,$missing_dir) -AC_MSG_RESULT([*** -*** Detecting compiler options... -]) +AC_MSG_NOTICE([Detecting compiler options]) AC_C_CONST AC_C_INLINE @@ -42,13 +40,13 @@ affect compiling.]) ) -if test $ac_cv_c_compiler_gnu != no; then +if test "$GCC" = "yes"; then CFLAGS="${CFLAGS} -Wall -Wpointer-arith -Wstrict-prototypes" AC_MSG_CHECKING([whether we have GNU assembler]) - GAS=`as --version < /dev/null|grep GNU` + GAS=`as --version < /dev/null 2>/dev/null|grep GNU` if test "$GAS"; then CFLAGS="${CFLAGS} -pipe" AC_MSG_RESULT(yes) @@ -58,19 +56,15 @@ fi -AC_MSG_RESULT([*** -*** Detecting C library capabilities... -]) +AC_MSG_NOTICE([Detecting C library capabilities]) AC_HEADER_STDC AC_CHECK_HEADERS(getopt.h unistd.h strings.h inttypes.h stdint.h) -AC_CHECK_FUNCS(bzero memset memmove bcopy,,) +AC_CHECK_FUNCS(bzero memset memmove bcopy) AC_CHECK_FUNCS(getopt_long) AC_FUNC_ALLOCA -AC_MSG_RESULT([*** -*** Detecting system's parameters... -]) +AC_MSG_NOTICE([Detecting system's parameters]) AC_C_BIGENDIAN @@ -80,9 +74,7 @@ AC_CHECK_SIZEOF(unsigned short int, 2) AC_CHECK_SIZEOF(unsigned char, 1) -AC_MSG_RESULT([*** -*** Detecting options for shared libraries... -]) +AC_MSG_NOTICE([Detecting options for shared libraries]) AM_PROG_LIBTOOL LIBTASN1_LIBS="-L${libdir} -ltasn1 $LIBS" @@ -99,5 +91,6 @@ GTK_DOC_CHECK(1.2) AC_CONFIG_FILES([Makefile src/Makefile tests/Makefile lib/Makefile \ - lib/libtasn1-config doc/Makefile doc/reference/Makefile]) + lib/libtasn1.pc lib/libtasn1-config doc/Makefile \ + doc/reference/Makefile]) AC_OUTPUT --- lib/Makefile.am.orig 2005-01-21 03:06:56.000000000 -0600 +++ lib/Makefile.am 2005-01-21 10:41:11.000000000 -0600 @@ -5,6 +5,9 @@ m4datadir = $(datadir)/aclocal dist_m4data_DATA = libtasn1.m4 +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libtasn1.pc + lib_LTLIBRARIES = libtasn1.la libtasn1_la_SOURCES = libtasn1.h der.h mem.h gstr.h errors.h defines.h \ From jas at extundo.com Sat Jan 22 00:19:55 2005 From: jas at extundo.com (Simon Josefsson) Date: Sat, 22 Jan 2005 00:19:55 +0100 Subject: [gnutls-dev] Re: libtasn1-0.2.13 patches In-Reply-To: <20050121164652.GB23083@mail1.thewrittenword.com> (Albert Chin's message of "Fri, 21 Jan 2005 10:46:52 -0600") References: <20050121164652.GB23083@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > 1. [lib/libtasn1.pc, configure.in, lib/Makefile.am] > Add pkg-config file. > 2. [configure.in] > Convert to use of $GCC to test if GCC is available. > 3. [configure.in] > Redirect STDERR to /dev/null when determining if GNU as available > to avoid useless error message if not. > 4. [configure.in] > Remove extra commas after check for bzero memset memmove bcopy. > 5. [configure.in] > Convert to AC_MSG_NOTICE rather than AC_MSG_RESULT for status > messages. Thanks, applied. If you want to send more patches (most welcome!), I think a copyright disclaimer or assignment will be required. Mail me for the details. Thanks, Simon From gnutls-dev at mlists.thewrittenword.com Sat Jan 22 08:39:05 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Sat, 22 Jan 2005 01:39:05 -0600 Subject: [gnutls-dev] Fedora gnutls-1.0.20-5.src.rpm Message-ID: <20050122073905.GA91810@mail1.thewrittenword.com> The latest development RPM from Fedora for gnutls-1.0.20 does not contain the SRP authentication code because of the following Changelog entry: * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 - patent tainted SRP code removed. Is this correct? If so, should SRP be disabled from gnutls? -- albert chin (china at thewrittenword.com) From gnutls-dev at mlists.thewrittenword.com Sat Jan 22 08:42:31 2005 From: gnutls-dev at mlists.thewrittenword.com (Albert Chin) Date: Sat, 22 Jan 2005 01:42:31 -0600 Subject: [gnutls-dev] Re: Fedora gnutls-1.0.20-5.src.rpm In-Reply-To: <20050122073905.GA91810@mail1.thewrittenword.com> References: <20050122073905.GA91810@mail1.thewrittenword.com> Message-ID: <20050122074231.GB91810@mail1.thewrittenword.com> On Sat, Jan 22, 2005 at 01:39:05AM -0600, Albert Chin wrote: > The latest development RPM from Fedora for gnutls-1.0.20 does not > contain the SRP authentication code because of the following Changelog > entry: > * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 > - patent tainted SRP code removed. > > Is this correct? If so, should SRP be disabled from gnutls? Seems there are some possible patent issues: http://www.pdl.cmu.edu/mailinglists/ips/mail/msg09292.html -- albert chin (china at thewrittenword.com) From jas at extundo.com Sat Jan 22 13:04:43 2005 From: jas at extundo.com (Simon Josefsson) Date: Sat, 22 Jan 2005 13:04:43 +0100 Subject: [gnutls-dev] Re: Fedora gnutls-1.0.20-5.src.rpm In-Reply-To: <20050122074231.GB91810@mail1.thewrittenword.com> (Albert Chin's message of "Sat, 22 Jan 2005 01:42:31 -0600") References: <20050122073905.GA91810@mail1.thewrittenword.com> <20050122074231.GB91810@mail1.thewrittenword.com> Message-ID: Albert Chin writes: > On Sat, Jan 22, 2005 at 01:39:05AM -0600, Albert Chin wrote: >> The latest development RPM from Fedora for gnutls-1.0.20 does not >> contain the SRP authentication code because of the following Changelog >> entry: >> * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 >> - patent tainted SRP code removed. >> >> Is this correct? If so, should SRP be disabled from gnutls? > > Seems there are some possible patent issues: > http://www.pdl.cmu.edu/mailinglists/ips/mail/msg09292.html I think everyone will have to make their own decision, although, as far as I am aware, the SRP patent is FUD. If anyone know of any real threats against anyone distributing software with SRP in it, I'd like to know about it. If I understood correctly, for example Kermit uses SRP, without a license, and it is even being distributed commercially. Perhaps Nikos can tell you more. Regards, Simon From nmav at gnutls.org Mon Jan 24 17:18:26 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 24 Jan 2005 17:18:26 +0100 Subject: [gnutls-dev] Fedora gnutls-1.0.20-5.src.rpm In-Reply-To: <20050122073905.GA91810@mail1.thewrittenword.com> References: <20050122073905.GA91810@mail1.thewrittenword.com> Message-ID: <200501241718.26416.nmav@gnutls.org> On Saturday 22 January 2005 08:39, Albert Chin wrote: > The latest development RPM from Fedora for gnutls-1.0.20 does not > contain the SRP authentication code because of the following Changelog > entry: > * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 > - patent tainted SRP code removed. > Is this correct? If so, should SRP be disabled from gnutls? According to SRP's author, the only patent of SRP is the one of Stanford's, and this is available royalty free. Nobody else have claimed patents on SRP. The only statements i've seen are of the kind "we may hold a patent on SRP" by companies holding patents on competitive technologies. In my opinion their patents affect SRP the same way the MP3 patent affects OGG. It would be a shame to drop SRP support, especially when nobody has actually claimed to hold a patent affecting SRP. -- Nikos Mavrogiannopoulos From jbj at redhat.com Tue Jan 25 20:09:04 2005 From: jbj at redhat.com (Jeff Johnson) Date: Tue, 25 Jan 2005 14:09:04 -0500 Subject: [gnutls-dev] Fedora gnutls-1.0.20-5.src.rpm In-Reply-To: <200501241718.26416.nmav@gnutls.org> References: <20050122073905.GA91810@mail1.thewrittenword.com> <200501241718.26416.nmav@gnutls.org> Message-ID: <20050125190904.GS9722@devserv.devel.redhat.com> On Mon, Jan 24, 2005 at 05:18:26PM +0100, Nikos Mavrogiannopoulos wrote: > On Saturday 22 January 2005 08:39, Albert Chin wrote: > > The latest development RPM from Fedora for gnutls-1.0.20 does not > > contain the SRP authentication code because of the following Changelog > > entry: > > * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 > > - patent tainted SRP code removed. > > Is this correct? If so, should SRP be disabled from gnutls? > According to SRP's author, the only patent of SRP is the one of Stanford's, > and this is available royalty free. Nobody else have claimed patents on SRP. > The only statements i've seen are of the kind "we may hold a patent on SRP" > by companies holding patents on competitive technologies. In my opinion their > patents affect SRP the same way the MP3 patent affects OGG. It would be > a shame to drop SRP support, especially when nobody has actually claimed > to hold a patent affecting SRP. > Patent tainting is a Red Hat risk, not a gnutls risk. Red Hat lawyer's often have trouble understanding three letter acronyms, and are conservative, as they should be. *Please* don't remove SRP from gnutls. 73 de Jeff -- Jeff Johnson ARS N3NPQ jbj at redhat.com (jbj at jbj.org) Chapel Hill, NC From nmav at gnutls.org Tue Jan 25 20:55:39 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 25 Jan 2005 20:55:39 +0100 Subject: [gnutls-dev] Fedora gnutls-1.0.20-5.src.rpm In-Reply-To: <20050125190904.GS9722@devserv.devel.redhat.com> References: <20050122073905.GA91810@mail1.thewrittenword.com> <200501241718.26416.nmav@gnutls.org> <20050125190904.GS9722@devserv.devel.redhat.com> Message-ID: <200501252055.39692.nmav@gnutls.org> On Tuesday 25 January 2005 20:09, you wrote: > > According to SRP's author, the only patent of SRP is the one of > > Stanford's, and this is available royalty free. Nobody else have claimed > > patents on SRP. The only statements i've seen are of the kind "we may > > hold a patent on SRP" by companies holding patents on competitive > > technologies. In my opinion their patents affect SRP the same way the MP3 > > patent affects OGG. It would be a shame to drop SRP support, especially > > when nobody has actually claimed to hold a patent affecting SRP. > Patent tainting is a Red Hat risk, not a gnutls risk. Red Hat lawyer's > often have trouble understanding three letter acronyms, and are > conservative, as they should be. > *Please* don't remove SRP from gnutls. We will not drop SRP support, my comment refered to redhat. Moreover the SRP functionality was transfered to the main library for the next release. > 73 de Jeff -- Nikos Mavrogiannopoulos From jas at extundo.com Thu Jan 27 16:25:47 2005 From: jas at extundo.com (Simon Josefsson) Date: Thu, 27 Jan 2005 16:25:47 +0100 Subject: [gnutls-dev] GnuTLS 1.2.0 Message-ID: We are pleased to announce the availability of GnuTLS 1.2.0! This release is the result of the 23 development releases made on the development branch (1.1.x). Major changes compared to the 1.0 branch include: * Moved SRP password authentication from the GnuTLS-extra library (licensed under GPL) to the core library (licensed under LGPL). * The API has been cleaned up, and data types now use a '_t' suffix. * Fixes to handle denial of service problem when verifying long certificate chains. * The manual has been converted to Texinfo and is consequently available in many formats, see: * A reference API manual has been added, and is available in HTML and DevHelp formats, thanks to GTK-DOC, see: The 1.2.0 version is intended to be stable, and to be a drop-in replacement of the stable 1.0.x branch. We encourage developers to move to the 1.2 branch as soon as possible, since we will now spend less time improving version 1.0.x. We are not planning to open a 1.3 development branch soon, because there are no plans to start work on any major new feature today. Instead, we will continue to carefully improve the quality of this release over time. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a privately owned company located in Stockholm, is currently funding GnuTLS maintenance, and is always looking for interesting development projects. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.0.tar.bz2 (2.4MB) http://josefsson.org/gnutls/releases/gnutls-1.2.0.tar.bz2 (2.4MB) Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.0.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.2.0.tar.bz2.sig Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the SHA-1 checksums: 618d502fc872530b726e791a818af5a95ee39d00 gnutls-1.2.0.tar.bz2 9866f7250e3e78dc1273aebc6eeba6549dcb8683 gnutls-1.2.0.tar.bz2.sig Noteworthy changes since version 1.1.23: * Added the definitions and OIDs for the RIPEMD-160 hash algorithm. * Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and gnutls_x509_crl_sign2(). * Fixed license header in source code files. Enjoy, Nikos and Simon From nmav at gnutls.org Thu Jan 27 23:45:35 2005 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 27 Jan 2005 23:45:35 +0100 Subject: [gnutls-dev] GnuTLS 1.2.0 In-Reply-To: References: Message-ID: <200501272345.35754.nmav@gnutls.org> On Thursday 27 January 2005 16:25, Simon Josefsson wrote: > Major changes compared to the 1.0 branch include: Just a last minute note. Although gnutls 1.2.x will be source compatible with the previous stable branch there are some functions that were deprecated soon after 1.0.0 was released, and were completely removed in 1.2.0. These functions were deprecated and replaced by other functions achieving the same functionality with much better semantics (there where several problems in the previous ones). These functions are: gnutls_certificate_client_set_select_function() replaced by gnutls_certificate_client_set_retrieve_function() gnutls_certificate_server_set_select_function() replaced by gnutls_certificate_server_set_retrieve_function() gnutls_srp_server_select_function replaced by gnutls_srp_set_server_credentials_function(). -- Nikos Mavrogiannopoulos