From nmav at gnutls.org Thu Jun 1 19:33:08 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 1 Jun 2006 19:33:08 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h In-Reply-To: <447DF0EB.7000504@mur.at> References: <200605310021.32720.n.mavrogiannopoulos@gmail.com> <447DF0EB.7000504@mur.at> Message-ID: <200606011933.08885.nmav@gnutls.org> On Wed 31 May 2006 21:39, Rupert Kittinger-Sereinig wrote: > I have not done a detailed review, but here are some points I > noticed: Hello Rupert, thanks for the comments. I've already addressed some of them. (see below) > - exceptions for error handling: will all error conditions throw > exceptions? Yes except for non fatal errors. The functions that only throw fatal exceptions now have a void return type. > - I would like to be able to extract the error code from the > exception, not just a message string. Indeed. Updated. > - I recommend removing all throw() specifications except where > required by the standard (i.e. exception::what()). See e.g. the boost > rationale: > http://www.boost.org/more/lib_guide.htm#Exception-specification > - All those get_ functions should get a const attribute. done. > - most of the classes will need special treatment for copy and > assignement. will address at a later time. > - The session class looks somewhat bloated to me. How about providing > a hierarchy of classes that present different subsets of the > functionality? Indeed it could be cleaner. Any proposals? > - consistency: the c interface uses a mixture of gnutls_datum, char*, > unsigned char*, void*, paired with unsigned int, size_t. It would be > great if the c++ Interface would just stick to one variant, like > std::vector. Hmmm that's tricky to wrap in most of the cases, but it would provide a cleaner api, that's true. If you have any good suggestions on that they're welcome. > - I think there a session cache should be implemented as an object. > so it would be nice to provide a base class that provides member > functions equivalent to the gnutls_db_func types and handles the > installation of forwarding functions. Yes this was my original idea. Now it's implemented. In general i've quite limited time for that so if you or anyone else is interested in that and more in hurry than me, I've put my current sources at: http://members.hellug.gr/nmav/misc/gnutlsxx.h http://members.hellug.gr/nmav/misc/gnutlsxx.cpp > > cheers, > Rupert > > > ------------------------------------------------------------------- > >----- > > > > #ifndef GNUTLSXX_H > > # define GNUTLSXX_H > > > > #include > > #include > > #include > > > > namespace gnutls { > > > > class exception: public std::exception > > { > > public: > > exception( int x); > > const char* what() const throw(); > > protected: > > int retcode; > > }; > > > > > > > > class dh_params > > { > > public: > > dh_params(); > > ~dh_params(); > > void import_raw( const gnutls_datum_t & prime, > > const gnutls_datum_t & generator); > > void import_pkcs3( const gnutls_datum_t & pkcs3_params, > > gnutls_x509_crt_fmt_t format); > > void generate( unsigned int bits); > > > > void export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned > > char *params_data, size_t * params_data_size); void export_raw( > > gnutls_datum_t& prime, gnutls_datum_t &generator); > > > > gnutls_dh_params_t get_params_t() const; > > dh_params & operator=(const dh_params& src); > > protected: > > gnutls_dh_params_t params; > > }; > > > > > > class rsa_params > > { > > public: > > rsa_params(); > > ~rsa_params(); > > void import_raw( const gnutls_datum_t & m, > > const gnutls_datum_t & e, > > const gnutls_datum_t & d, > > const gnutls_datum_t & p, > > const gnutls_datum_t & q, > > const gnutls_datum_t & u); > > void import_pkcs1( const gnutls_datum_t & pkcs1_params, > > gnutls_x509_crt_fmt_t format); > > void generate( unsigned int bits); > > > > void export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned > > char *params_data, size_t * params_data_size); void export_raw( > > gnutls_datum_t & m, gnutls_datum_t & e, gnutls_datum_t & d, > > gnutls_datum_t & p, gnutls_datum_t & q, gnutls_datum_t & u); > > gnutls_rsa_params_t get_params_t() const; > > rsa_params & operator=(const rsa_params& src); > > > > protected: > > gnutls_rsa_params_t params; > > }; > > > > enum priority_flag { ALL_CIPHERS, EXPORT_CIPHERS }; > > > > class session > > { > > protected: > > gnutls_session_t s; > > > > public: > > session( gnutls_connection_end_t); > > virtual ~session(); > > > > int bye( gnutls_close_request_t how); > > int handshake (); > > > > gnutls_alert_description_t get_alert() throw(); > > > > int send_alert ( gnutls_alert_level_t level, > > gnutls_alert_description_t desc); > > int send_appropriate_alert (int err); > > > > gnutls_cipher_algorithm_t get_cipher() throw(); > > gnutls_kx_algorithm_t get_kx () throw(); > > gnutls_mac_algorithm_t get_mac () throw(); > > gnutls_compression_method_t get_compression () throw(); > > gnutls_certificate_type_t get_certificate_type() throw(); > > > > // for the handshake > > void set_private_extensions ( bool allow) throw(); > > > > gnutls_handshake_description_t get_handshake_last_out() > > throw(); gnutls_handshake_description_t get_handshake_last_in() > > throw(); > > > > ssize_t send (const void *data, size_t sizeofdata); > > ssize_t recv (void *data, size_t sizeofdata); > > > > bool get_record_direction() throw(); > > > > // maximum packet size > > size_t get_max_size() throw(); > > void set_max_size(size_t size); > > > > size_t check_pending() throw(); > > > > void prf (size_t label_size, const char *label, > > int server_random_first, > > size_t extra_size, const char *extra, > > size_t outsize, char *out); > > > > void prf_raw ( size_t label_size, const char *label, > > size_t seed_size, const char *seed, > > size_t outsize, char *out); > > > > void set_cipher_priority (const int *list); > > void set_mac_priority (const int *list); > > void set_compression_priority (const int *list); > > void set_kx_priority (const int *list); > > void set_protocol_priority (const int *list); > > void set_certificate_type_priority (const int *list); > > > > /* if you just want some defaults, use the following. > > */ > > void set_default_priority (priority_flag flag); > > > > gnutls_protocol_t get_protocol_version() throw(); > > > > // for resuming sessions > > void set_data ( const void *session_data, > > size_t session_data_size); > > void get_data (void *session_data, > > size_t * session_data_size); > > void get_data(gnutls_session_t session, > > gnutls_datum_t & data); > > void get_id ( void *session_id, > > size_t * session_id_size); > > > > bool is_resumed () throw(); > > > > void set_max_handshake_packet_length ( size_t max) throw(); > > > > void clear_credentials() throw(); > > void set_credentials( class credentials & cred); > > > > void set_transport_ptr( gnutls_transport_ptr_t ptr); > > void set_transport_ptr( gnutls_transport_ptr_t recv_ptr, > > gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t > > get_transport_ptr(); > > void get_transport_ptr(gnutls_transport_ptr_t * recv_ptr, > > gnutls_transport_ptr_t * send_ptr); > > > > void set_transport_lowat (size_t num); > > void set_transport_push_function( gnutls_push_func > > push_func); void set_transport_pull_function( gnutls_pull_func > > pull_func); > > > > void set_user_ptr( void* ptr); > > void *get_user_ptr(); > > > > void send_openpgp_key( gnutls_openpgp_key_status_t status); > > > > gnutls_credentials_type_t get_auth_type(); > > gnutls_credentials_type_t get_server_auth_type(); > > gnutls_credentials_type_t get_client_auth_type(); > > > > // informational stuff > > void set_dh_prime_bits( unsigned int bits); > > unsigned int get_dh_secret_bits(); > > unsigned int get_dh_peers_public_bits(); > > unsigned int get_dh_prime_bits(); > > void get_dh_group( gnutls_datum_t & gen, gnutls_datum_t & > > prime); void get_dh_pubkey( gnutls_datum_t & raw_key); > > void get_rsa_export_pubkey( gnutls_datum& exponent, > > gnutls_datum& modulus); unsigned int get_rsa_export_modulus_bits(); > > > > const gnutls_datum* get_our_certificate(); > > bool get_peers_certificate(std::vector > > &out_certs); bool get_peers_certificate(const gnutls_datum_t** > > certs, unsigned int *certs_size); > > > > time_t get_peers_certificate_activation_time(); > > time_t get_peers_certificate_expiration_time(); > > void verify_peers_certificate( unsigned int& status); > > > > > > }; > > > > class server_session: public session > > { > > > > void set_db_cache_expiration (unsigned int seconds) throw(); > > void db_remove (); > > void set_db_retrieve_function ( gnutls_db_retr_func retr_func); > > void set_db_remove_function ( gnutls_db_remove_func rem_func); > > void set_db_store_function ( gnutls_db_store_func store_func); > > void set_db_ptr ( void *ptr); > > void *get_db_ptr (); > > > > // returns true if session is expired > > bool db_check_entry ( gnutls_datum_t &session_entry); > > > > // server side only > > const char *get_srp_username(); > > const char *get_psk_username(); > > > > void get_server_name (void *data, size_t * data_length, > > unsigned int *type, unsigned int indx); > > > > int rehandshake(); > > void set_certificate_request( gnutls_certificate_request_t); > > > > }; > > > > class client_session: public session > > { > > void set_server_name (gnutls_server_name_type_t type, > > const void *name, size_t name_length); > > > > bool client_session::get_request_status(); > > }; > > > > > > class credentials > > { > > public: > > credentials(gnutls_credentials_type_t t) : type(t) { } > > virtual ~credentials() { } > > gnutls_credentials_type_t get_type(); > > protected: > > friend class session; > > virtual void* ptr(); > > gnutls_credentials_type_t type; > > }; > > > > class certificate_credentials: public credentials > > { > > public: > > ~certificate_credentials(); > > certificate_credentials(); > > > > void free_keys (); > > void free_cas (); > > void free_ca_names (); > > void free_crls (); > > > > void set_dh_params ( const dh_params ¶ms); > > void set_rsa_export_params ( const rsa_params& params); > > void set_verify_flags ( unsigned int flags); > > void set_verify_limits ( unsigned int max_bits, unsigned > > int max_depth); > > > > void set_x509_trust_file(const char *cafile, > > gnutls_x509_crt_fmt_t type); void set_x509_trust(const > > gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type); // FIXME: use > > classes instead of gnutls_x509_crt_t void set_x509_trust ( > > gnutls_x509_crt_t * ca_list, int ca_list_size); > > > > void set_x509_crl_file( const char *crlfile, > > gnutls_x509_crt_fmt_t type); void set_x509_crl(const gnutls_datum_t > > & CRL, gnutls_x509_crt_fmt_t type); void set_x509_crl ( > > gnutls_x509_crl_t * crl_list, int crl_list_size); > > > > void set_x509_key_file(const char *certfile, const char > > *KEYFILE, gnutls_x509_crt_fmt_t type); void set_x509_key(const > > gnutls_datum_t & CERT, const gnutls_datum_t & KEY, > > gnutls_x509_crt_fmt_t type); // FIXME: use classes > > void set_x509_key ( gnutls_x509_crt_t * cert_list, int > > cert_list_size, gnutls_x509_privkey_t key); > > > > > > void set_simple_pkcs12_file( const char *pkcs12file, > > gnutls_x509_crt_fmt_t type, const char *password); > > > > protected: > > void* ptr(); > > gnutls_certificate_credentials_t cred; > > }; > > > > class certificate_server_credentials: public > > certificate_credentials { > > certificate_server_credentials() { } > > public: > > void set_retrieve_function( > > gnutls_certificate_server_retrieve_function* func) throw(); void > > set_params_function( gnutls_params_function* func) throw(); }; > > > > class certificate_client_credentials: public > > certificate_credentials { > > public: > > certificate_client_credentials() { } > > void set_retrieve_function( > > gnutls_certificate_client_retrieve_function* func) throw(); }; > > > > > > > > > > class anon_server_credentials: public credentials > > { > > public: > > anon_server_credentials(); > > ~anon_server_credentials(); > > void set_dh_params ( const dh_params ¶ms); > > void set_params_function ( gnutls_params_function * func) > > throw(); protected: > > gnutls_anon_server_credentials_t cred; > > }; > > > > class anon_client_credentials: public credentials > > { > > public: > > anon_client_credentials(); > > ~anon_client_credentials(); > > protected: > > gnutls_anon_client_credentials_t cred; > > }; > > > > > > class srp_server_credentials: public credentials > > { > > public: > > srp_server_credentials(); > > ~srp_server_credentials(); > > void set_credentials_file (const char *password_file, const > > char *password_conf_file); void set_credentials_function( > > gnutls_srp_server_credentials_function *func); protected: > > void* ptr(); > > gnutls_srp_server_credentials_t cred; > > }; > > > > class srp_client_credentials: public credentials > > { > > public: > > srp_client_credentials(); > > ~srp_client_credentials(); > > void set_credentials (const char *username, const char > > *password); void set_credentials_function( > > gnutls_srp_client_credentials_function* func); protected: > > void* ptr(); > > gnutls_srp_client_credentials_t cred; > > }; > > > > > > class psk_server_credentials: public credentials > > { > > public: > > psk_server_credentials(); > > ~psk_server_credentials(); > > void set_credentials_file(const char* password_file); > > void set_credentials_function( > > gnutls_psk_server_credentials_function* func); void set_dh_params ( > > const dh_params ¶ms); > > void set_params_function (gnutls_params_function * func) > > throw(); protected: > > void* ptr(); > > gnutls_psk_server_credentials_t cred; > > }; > > > > class psk_client_credentials: public credentials > > { > > public: > > psk_client_credentials(); > > ~psk_client_credentials(); > > void set_credentials (const char *username, const > > gnutls_datum_t& key, gnutls_psk_key_flags flags); void > > set_credentials_function( gnutls_psk_client_credentials_function* > > func); protected: > > void* ptr(); > > gnutls_psk_client_credentials_t cred; > > }; > > > > > > }; /* namespace */ > > > > #endif /* GNUTLSXX_H */ > > > > > > ------------------------------------------------------------------- > >----- > > > > _______________________________________________ > > Gnutls-dev mailing list > > Gnutls-dev at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnutls-dev From rks at mur.at Thu Jun 1 23:22:41 2006 From: rks at mur.at (Rupert Kittinger-Sereinig) Date: Thu, 01 Jun 2006 23:22:41 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h In-Reply-To: <200606011933.08885.nmav@gnutls.org> References: <200605310021.32720.n.mavrogiannopoulos@gmail.com> <447DF0EB.7000504@mur.at> <200606011933.08885.nmav@gnutls.org> Message-ID: <447F5AA1.401@mur.at> Hi Nikos, I have thought a little about decomposing the session class. From the code I have looked at, all the state information is supposed to be stored inside the gnutls_session_t. so it would be quite easy to build a derived class that just acts as a wrapper that adds some more functions. e.g. like this: class minimal_session { // maybe this class should do nothing but manage the gnutls_session_t // object public: minimal_session(gnutls_connection_end_t t) { // // I would not use RETWRAP functions here since the // constructor does not return anything // int ret = gnutls_init(&s_, t); if (ret != 0) throw(exception(ret)); } virtual ~minimal_session() { gnutls_deinit(s_); } protected: // // all derived classes shall use the gnutls_session_t from // an instance of minimal session // minimal_session() : s_(0) {} // // adding this function will prevent derived classes from // messing with the pointer. // const gnutls_session& get_session() { return s; } private: // // disable copying by declaring, but not defining copy // constructor and assignement operator // minimal_session(const minimal session &s); minimal session& operator=(const minimal session &s); // // adding a trailing underscore to member variables is a // nice convention used by a lot of people nowadays // gnutls_session_t s_; }; // // this class provides the configuration functionality // class config_session : public minimal session { public: config_session(const session& other) : s_(other.get_session()) {} // default destructor is fine // copy ctor and assignement op are disabled because they are // private in the base class size_t get_max_size () const; void set_max_size(size_t size); ... private: const gnutls_session_t s_; }; // // this class provides the configuration functionality // class io_session : public minimal session { public: // same as above io_session(const session& other) : s_(other.get_session()){} ssize_t record_recv (void * data, size_t sizeofdata); ssize_t record_send (const void * data, size_t sizeofdata); ... private: const gnutls_session_t s_; }; Now if we move configuration, data transfer, etc in separarte functions, we can create the right "view" of the class at the function call border: void configure_session(config_session &s) { s.set_max_size(4711); ... } void send_something(io_session &s) { std::string msg("hello world\n"); s.record_send(msg.c_str(), msg.size()); ... } These functions may be called like this: int main() { minimal_session s(GNUTLS_CLIENT); // create a temporary for the function configure_session(config_session(s)); send_something(io_session(s)); ... } About coding in general: I do not have too much time either, but I think I will be able to do at least some detailed code reviewing. greetings, Rupert PS: the CC should work now, I have updated my subscription data. Nikos Mavrogiannopoulos schrieb: > On Wed 31 May 2006 21:39, Rupert Kittinger-Sereinig wrote: > >> I have not done a detailed review, but here are some points I >> noticed: > > Hello Rupert, > thanks for the comments. I've already addressed some of them. (see > below) > >> - exceptions for error handling: will all error conditions throw >> exceptions? > > Yes except for non fatal errors. The functions that only throw fatal > exceptions now have a void return type. > >> - I would like to be able to extract the error code from the >> exception, not just a message string. > Indeed. Updated. > >> - I recommend removing all throw() specifications except where >> required by the standard (i.e. exception::what()). See e.g. the boost >> rationale: >> http://www.boost.org/more/lib_guide.htm#Exception-specification >> - All those get_ functions should get a const attribute. > done. > >> - most of the classes will need special treatment for copy and >> assignement. > > will address at a later time. > >> - The session class looks somewhat bloated to me. How about providing >> a hierarchy of classes that present different subsets of the >> functionality? > > Indeed it could be cleaner. Any proposals? > >> - consistency: the c interface uses a mixture of gnutls_datum, char*, >> unsigned char*, void*, paired with unsigned int, size_t. It would be >> great if the c++ Interface would just stick to one variant, like >> std::vector. > > Hmmm that's tricky to wrap in most of the cases, but it would provide a > cleaner api, that's true. If you have any good suggestions on that > they're welcome. > >> - I think there a session cache should be implemented as an object. >> so it would be nice to provide a base class that provides member >> functions equivalent to the gnutls_db_func types and handles the >> installation of forwarding functions. > > Yes this was my original idea. Now it's implemented. > > In general i've quite limited time for that so if you or anyone else is > interested in that and more in hurry than me, I've put my current > sources at: > http://members.hellug.gr/nmav/misc/gnutlsxx.h > http://members.hellug.gr/nmav/misc/gnutlsxx.cpp > > >> cheers, >> Rupert >> >>> ------------------------------------------------------------------- >>> ----- >>> >>> #ifndef GNUTLSXX_H >>> # define GNUTLSXX_H >>> >>> #include >>> #include >>> #include >>> >>> namespace gnutls { >>> >>> class exception: public std::exception >>> { >>> public: >>> exception( int x); >>> const char* what() const throw(); >>> protected: >>> int retcode; >>> }; >>> >>> >>> >>> class dh_params >>> { >>> public: >>> dh_params(); >>> ~dh_params(); >>> void import_raw( const gnutls_datum_t & prime, >>> const gnutls_datum_t & generator); >>> void import_pkcs3( const gnutls_datum_t & pkcs3_params, >>> gnutls_x509_crt_fmt_t format); >>> void generate( unsigned int bits); >>> >>> void export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned >>> char *params_data, size_t * params_data_size); void export_raw( >>> gnutls_datum_t& prime, gnutls_datum_t &generator); >>> >>> gnutls_dh_params_t get_params_t() const; >>> dh_params & operator=(const dh_params& src); >>> protected: >>> gnutls_dh_params_t params; >>> }; >>> >>> >>> class rsa_params >>> { >>> public: >>> rsa_params(); >>> ~rsa_params(); >>> void import_raw( const gnutls_datum_t & m, >>> const gnutls_datum_t & e, >>> const gnutls_datum_t & d, >>> const gnutls_datum_t & p, >>> const gnutls_datum_t & q, >>> const gnutls_datum_t & u); >>> void import_pkcs1( const gnutls_datum_t & pkcs1_params, >>> gnutls_x509_crt_fmt_t format); >>> void generate( unsigned int bits); >>> >>> void export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned >>> char *params_data, size_t * params_data_size); void export_raw( >>> gnutls_datum_t & m, gnutls_datum_t & e, gnutls_datum_t & d, >>> gnutls_datum_t & p, gnutls_datum_t & q, gnutls_datum_t & u); >>> gnutls_rsa_params_t get_params_t() const; >>> rsa_params & operator=(const rsa_params& src); >>> >>> protected: >>> gnutls_rsa_params_t params; >>> }; >>> >>> enum priority_flag { ALL_CIPHERS, EXPORT_CIPHERS }; >>> >>> class session >>> { >>> protected: >>> gnutls_session_t s; >>> >>> public: >>> session( gnutls_connection_end_t); >>> virtual ~session(); >>> >>> int bye( gnutls_close_request_t how); >>> int handshake (); >>> >>> gnutls_alert_description_t get_alert() throw(); >>> >>> int send_alert ( gnutls_alert_level_t level, >>> gnutls_alert_description_t desc); >>> int send_appropriate_alert (int err); >>> >>> gnutls_cipher_algorithm_t get_cipher() throw(); >>> gnutls_kx_algorithm_t get_kx () throw(); >>> gnutls_mac_algorithm_t get_mac () throw(); >>> gnutls_compression_method_t get_compression () throw(); >>> gnutls_certificate_type_t get_certificate_type() throw(); >>> >>> // for the handshake >>> void set_private_extensions ( bool allow) throw(); >>> >>> gnutls_handshake_description_t get_handshake_last_out() >>> throw(); gnutls_handshake_description_t get_handshake_last_in() >>> throw(); >>> >>> ssize_t send (const void *data, size_t sizeofdata); >>> ssize_t recv (void *data, size_t sizeofdata); >>> >>> bool get_record_direction() throw(); >>> >>> // maximum packet size >>> size_t get_max_size() throw(); >>> void set_max_size(size_t size); >>> >>> size_t check_pending() throw(); >>> >>> void prf (size_t label_size, const char *label, >>> int server_random_first, >>> size_t extra_size, const char *extra, >>> size_t outsize, char *out); >>> >>> void prf_raw ( size_t label_size, const char *label, >>> size_t seed_size, const char *seed, >>> size_t outsize, char *out); >>> >>> void set_cipher_priority (const int *list); >>> void set_mac_priority (const int *list); >>> void set_compression_priority (const int *list); >>> void set_kx_priority (const int *list); >>> void set_protocol_priority (const int *list); >>> void set_certificate_type_priority (const int *list); >>> >>> /* if you just want some defaults, use the following. >>> */ >>> void set_default_priority (priority_flag flag); >>> >>> gnutls_protocol_t get_protocol_version() throw(); >>> >>> // for resuming sessions >>> void set_data ( const void *session_data, >>> size_t session_data_size); >>> void get_data (void *session_data, >>> size_t * session_data_size); >>> void get_data(gnutls_session_t session, >>> gnutls_datum_t & data); >>> void get_id ( void *session_id, >>> size_t * session_id_size); >>> >>> bool is_resumed () throw(); >>> >>> void set_max_handshake_packet_length ( size_t max) throw(); >>> >>> void clear_credentials() throw(); >>> void set_credentials( class credentials & cred); >>> >>> void set_transport_ptr( gnutls_transport_ptr_t ptr); >>> void set_transport_ptr( gnutls_transport_ptr_t recv_ptr, >>> gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t >>> get_transport_ptr(); >>> void get_transport_ptr(gnutls_transport_ptr_t * recv_ptr, >>> gnutls_transport_ptr_t * send_ptr); >>> >>> void set_transport_lowat (size_t num); >>> void set_transport_push_function( gnutls_push_func >>> push_func); void set_transport_pull_function( gnutls_pull_func >>> pull_func); >>> >>> void set_user_ptr( void* ptr); >>> void *get_user_ptr(); >>> >>> void send_openpgp_key( gnutls_openpgp_key_status_t status); >>> >>> gnutls_credentials_type_t get_auth_type(); >>> gnutls_credentials_type_t get_server_auth_type(); >>> gnutls_credentials_type_t get_client_auth_type(); >>> >>> // informational stuff >>> void set_dh_prime_bits( unsigned int bits); >>> unsigned int get_dh_secret_bits(); >>> unsigned int get_dh_peers_public_bits(); >>> unsigned int get_dh_prime_bits(); >>> void get_dh_group( gnutls_datum_t & gen, gnutls_datum_t & >>> prime); void get_dh_pubkey( gnutls_datum_t & raw_key); >>> void get_rsa_export_pubkey( gnutls_datum& exponent, >>> gnutls_datum& modulus); unsigned int get_rsa_export_modulus_bits(); >>> >>> const gnutls_datum* get_our_certificate(); >>> bool get_peers_certificate(std::vector >>> &out_certs); bool get_peers_certificate(const gnutls_datum_t** >>> certs, unsigned int *certs_size); >>> >>> time_t get_peers_certificate_activation_time(); >>> time_t get_peers_certificate_expiration_time(); >>> void verify_peers_certificate( unsigned int& status); >>> >>> >>> }; >>> >>> class server_session: public session >>> { >>> >>> void set_db_cache_expiration (unsigned int seconds) throw(); >>> void db_remove (); >>> void set_db_retrieve_function ( gnutls_db_retr_func retr_func); >>> void set_db_remove_function ( gnutls_db_remove_func rem_func); >>> void set_db_store_function ( gnutls_db_store_func store_func); >>> void set_db_ptr ( void *ptr); >>> void *get_db_ptr (); >>> >>> // returns true if session is expired >>> bool db_check_entry ( gnutls_datum_t &session_entry); >>> >>> // server side only >>> const char *get_srp_username(); >>> const char *get_psk_username(); >>> >>> void get_server_name (void *data, size_t * data_length, >>> unsigned int *type, unsigned int indx); >>> >>> int rehandshake(); >>> void set_certificate_request( gnutls_certificate_request_t); >>> >>> }; >>> >>> class client_session: public session >>> { >>> void set_server_name (gnutls_server_name_type_t type, >>> const void *name, size_t name_length); >>> >>> bool client_session::get_request_status(); >>> }; >>> >>> >>> class credentials >>> { >>> public: >>> credentials(gnutls_credentials_type_t t) : type(t) { } >>> virtual ~credentials() { } >>> gnutls_credentials_type_t get_type(); >>> protected: >>> friend class session; >>> virtual void* ptr(); >>> gnutls_credentials_type_t type; >>> }; >>> >>> class certificate_credentials: public credentials >>> { >>> public: >>> ~certificate_credentials(); >>> certificate_credentials(); >>> >>> void free_keys (); >>> void free_cas (); >>> void free_ca_names (); >>> void free_crls (); >>> >>> void set_dh_params ( const dh_params ¶ms); >>> void set_rsa_export_params ( const rsa_params& params); >>> void set_verify_flags ( unsigned int flags); >>> void set_verify_limits ( unsigned int max_bits, unsigned >>> int max_depth); >>> >>> void set_x509_trust_file(const char *cafile, >>> gnutls_x509_crt_fmt_t type); void set_x509_trust(const >>> gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type); // FIXME: use >>> classes instead of gnutls_x509_crt_t void set_x509_trust ( >>> gnutls_x509_crt_t * ca_list, int ca_list_size); >>> >>> void set_x509_crl_file( const char *crlfile, >>> gnutls_x509_crt_fmt_t type); void set_x509_crl(const gnutls_datum_t >>> & CRL, gnutls_x509_crt_fmt_t type); void set_x509_crl ( >>> gnutls_x509_crl_t * crl_list, int crl_list_size); >>> >>> void set_x509_key_file(const char *certfile, const char >>> *KEYFILE, gnutls_x509_crt_fmt_t type); void set_x509_key(const >>> gnutls_datum_t & CERT, const gnutls_datum_t & KEY, >>> gnutls_x509_crt_fmt_t type); // FIXME: use classes >>> void set_x509_key ( gnutls_x509_crt_t * cert_list, int >>> cert_list_size, gnutls_x509_privkey_t key); >>> >>> >>> void set_simple_pkcs12_file( const char *pkcs12file, >>> gnutls_x509_crt_fmt_t type, const char *password); >>> >>> protected: >>> void* ptr(); >>> gnutls_certificate_credentials_t cred; >>> }; >>> >>> class certificate_server_credentials: public >>> certificate_credentials { >>> certificate_server_credentials() { } >>> public: >>> void set_retrieve_function( >>> gnutls_certificate_server_retrieve_function* func) throw(); void >>> set_params_function( gnutls_params_function* func) throw(); }; >>> >>> class certificate_client_credentials: public >>> certificate_credentials { >>> public: >>> certificate_client_credentials() { } >>> void set_retrieve_function( >>> gnutls_certificate_client_retrieve_function* func) throw(); }; >>> >>> >>> >>> >>> class anon_server_credentials: public credentials >>> { >>> public: >>> anon_server_credentials(); >>> ~anon_server_credentials(); >>> void set_dh_params ( const dh_params ¶ms); >>> void set_params_function ( gnutls_params_function * func) >>> throw(); protected: >>> gnutls_anon_server_credentials_t cred; >>> }; >>> >>> class anon_client_credentials: public credentials >>> { >>> public: >>> anon_client_credentials(); >>> ~anon_client_credentials(); >>> protected: >>> gnutls_anon_client_credentials_t cred; >>> }; >>> >>> >>> class srp_server_credentials: public credentials >>> { >>> public: >>> srp_server_credentials(); >>> ~srp_server_credentials(); >>> void set_credentials_file (const char *password_file, const >>> char *password_conf_file); void set_credentials_function( >>> gnutls_srp_server_credentials_function *func); protected: >>> void* ptr(); >>> gnutls_srp_server_credentials_t cred; >>> }; >>> >>> class srp_client_credentials: public credentials >>> { >>> public: >>> srp_client_credentials(); >>> ~srp_client_credentials(); >>> void set_credentials (const char *username, const char >>> *password); void set_credentials_function( >>> gnutls_srp_client_credentials_function* func); protected: >>> void* ptr(); >>> gnutls_srp_client_credentials_t cred; >>> }; >>> >>> >>> class psk_server_credentials: public credentials >>> { >>> public: >>> psk_server_credentials(); >>> ~psk_server_credentials(); >>> void set_credentials_file(const char* password_file); >>> void set_credentials_function( >>> gnutls_psk_server_credentials_function* func); void set_dh_params ( >>> const dh_params ¶ms); >>> void set_params_function (gnutls_params_function * func) >>> throw(); protected: >>> void* ptr(); >>> gnutls_psk_server_credentials_t cred; >>> }; >>> >>> class psk_client_credentials: public credentials >>> { >>> public: >>> psk_client_credentials(); >>> ~psk_client_credentials(); >>> void set_credentials (const char *username, const >>> gnutls_datum_t& key, gnutls_psk_key_flags flags); void >>> set_credentials_function( gnutls_psk_client_credentials_function* >>> func); protected: >>> void* ptr(); >>> gnutls_psk_client_credentials_t cred; >>> }; >>> >>> >>> }; /* namespace */ >>> >>> #endif /* GNUTLSXX_H */ >>> >>> >>> ------------------------------------------------------------------- >>> ----- >>> >>> _______________________________________________ >>> Gnutls-dev mailing list >>> Gnutls-dev at gnupg.org >>> http://lists.gnupg.org/mailman/listinfo/gnutls-dev -- Rupert Kittinger-Sereinig Krenngasse 32 A-8010 Graz Austria From nmav at gnutls.org Tue Jun 6 23:37:45 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 6 Jun 2006 23:37:45 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h In-Reply-To: <447F5AA1.401@mur.at> References: <200605310021.32720.n.mavrogiannopoulos@gmail.com> <200606011933.08885.nmav@gnutls.org> <447F5AA1.401@mur.at> Message-ID: <200606062337.46602.nmav@gnutls.org> On Thu 01 Jun 2006 23:22, you wrote: > Hi Nikos, > I have thought a little about decomposing the session class. From the > code I have looked at, all the state information is supposed to be > stored inside the gnutls_session_t. so it would be quite easy to > build a derived class that just acts as a wrapper that adds some more > functions. Hello Rupert, I was quite busy and couldn't check it until today. I like the splitting to classes, but why not use a final class that will inherit from all the above small classes? It looks difficult to properly cast the class for each function. Also you seem to prefer functions instead of member functions. Why is that? I think it's cleaner to see send as a property of the session object rather than a generic operation. I've currently added the C++ interface to the unstable branch. I'll update it again when i find some time... regards, Nikos From rks at mur.at Wed Jun 7 00:38:53 2006 From: rks at mur.at (Rupert Kittinger-Sereinig) Date: Wed, 07 Jun 2006 00:38:53 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h In-Reply-To: <200606062337.46602.nmav@gnutls.org> References: <200605310021.32720.n.mavrogiannopoulos@gmail.com> <200606011933.08885.nmav@gnutls.org> <447F5AA1.401@mur.at> <200606062337.46602.nmav@gnutls.org> Message-ID: <448603FD.2050806@mur.at> Nikos Mavrogiannopoulos schrieb: > On Thu 01 Jun 2006 23:22, you wrote: >> Hi Nikos, >> I have thought a little about decomposing the session class. From the >> code I have looked at, all the state information is supposed to be >> stored inside the gnutls_session_t. so it would be quite easy to >> build a derived class that just acts as a wrapper that adds some more >> functions. > > Hello Rupert, > I was quite busy and couldn't check it until today. > > I like the splitting to classes, but why not use a final class that will > inherit from all the above small classes? It looks difficult to > properly cast the class for each function. > my basic critique was that the session class offers a lot of functionality, but not all of it will make sense for all instances. If you inherit from all the small classes, you will get the union of all functionality, so the interface of the final class will not be different from the initial version, however the object will be much more complicated (probably this would require putting the gnutls_session_t object in a virtual base classe, etc). so the basic idea of my proposal was to deliver only subsets of the functionality. This is somewhat different from the usual way inheritance is used, maybe this is a new design pattern :-) I agree that the casts look complicated. But if they are applied at function boundaries, they may be helpful to structure the code (e.g. separate connection creation from data transmission, etc. > Also you seem to prefer functions instead of member functions. > Why is that? I think it's cleaner to see send as > a property of the session object rather than a generic operation. > Why do you think so? the functions called from main() were just examples to illustrate the idea of creating temporary objects to get suitable subsets of the functionality. However, I do like designs that replace redundant meber functions with one member function and some free functions, if they can be impelmented without friendship. Herb Sutter makes a very good point for this design concept: http://gotw.ca/gotw/084.htm > I've currently added the C++ interface to the unstable branch. I'll > update it again when i find some time... > > regards, > Nikos > Another way to think about a c++ interface: what will be the advantages of using it? I can think of the following: - automatic resource management - more consistent interface (see my last email) - exceptions for error propagation - hide as many enums as possible (virtual functions instead of switch/case, provide handler functions for alerts, etc) the last one is probably the hardest from a design point of view, but also the most rewarding:-) By the way, I switched from openssl to gnutls mainly because I think the gnutls API is much clearer (of course, the documentation is also superior...). regards, Rupert -- Rupert Kittinger-Sereinig Krenngasse 32 A-8010 Graz Austria From nmav at gnutls.org Thu Jun 8 12:56:20 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 8 Jun 2006 12:56:20 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h In-Reply-To: <448603FD.2050806@mur.at> References: <200605310021.32720.n.mavrogiannopoulos@gmail.com> <200606011933.08885.nmav@gnutls.org> <447F5AA1.401@mur.at> <200606062337.46602.nmav@gnutls.org> <448603FD.2050806@mur.at> Message-ID: On 6/7/06, Rupert Kittinger-Sereinig wrote: > Why do you think so? the functions called from main() were just examples > to illustrate the idea of creating temporary objects to get suitable > subsets of the functionality. > However, I do like designs that replace redundant meber functions with > one member function and some free functions, if they can be impelmented > without friendship. In that case it would be hard to avoid friendship since everything depends on the gnutls_session_t. I'll think more about it. Maybe a nice idea would be to split the classes based on the authentication method they support. > Another way to think about a c++ interface: what will be the advantages > of using it? I can think of the following: > - automatic resource management > - more consistent interface (see my last email) > - exceptions for error propagation These were actually the original goals. > - hide as many enums as possible (virtual functions instead of > switch/case, provide handler functions for alerts, etc) > the last one is probably the hardest from a design point of view, but > also the most rewarding:-) Indeed but currently I don't plan to spend much time on it thus I'll focus on the shortest to reach goals. > By the way, I switched from openssl to gnutls mainly because I think the > gnutls API is much clearer (of course, the documentation is also > superior...). Thanks. best regards, Nikos From tb at becket.net Fri Jun 9 02:56:02 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Thu, 08 Jun 2006 17:56:02 -0700 Subject: [gnutls-dev] libgwenhywfar and gnucash Message-ID: Ok, we need your help, and maybe you guys can help us. I am the Debian maintainer for gnucash. gnucash offers a feature to connect to banks, called HBCI, which for supporting banks, allows you to download your financials very conveniently. This is very common in Germany. Debian does this with the aqbanking library. aqbanking uses a portability library called gwenhywfar to, among other things, deal with ssl. gwenhywfar links with openssl. As we know, openssl is not GPL compatible. To get around this, aqbanking and gwenhywfar both contain a special exception to allow linking with openssl. But that's not good enough (and this is verified with the GPL Compliance Lab); *everything* in the gnucash binary which is GPL'd would need to have that exception. Needless to say, that's a lot of gnome, and long-vanished gnucash developers, and other people who would all need to give permission. Ain't gonna happen. The normal thing to do is simply to link the code in question (gwenhywfar) with gnutls instead of openssl. Supposedly, gnutls is advertised as a drop-in replacement for openssl. But, alas, it ain't. gwenhywfar uses features of openssl that gnutls doesn't support. And this brings me to you all. Can I hook someone from the gnutls team up with someone who knows gwenhywfar, so that gnutls can support what gwenhywfar needs? Thomas PS: Please make sure to keep me on any replies; I am not subscribed to gnutls-dev. From tb at becket.net Fri Jun 9 03:50:57 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Thu, 08 Jun 2006 18:50:57 -0700 Subject: [gnutls-dev] libgwenhywfar and gnucash In-Reply-To: <20060609014546.GC2185@jameswestby.net> (James Westby's message of "Fri, 9 Jun 2006 02:45:47 +0100") References: <20060609014546.GC2185@jameswestby.net> Message-ID: James Westby writes: > So the coverage of the openssl functionality is not that huge. Someone > on this list will be able to tell you better than I can the problems > with porting the above code to gnutls, and the suitability of the > compatibility interface. That would be quite helpful. It may well be that the gwenhywfar upstream can do things on that end that will make it easier too. Perhaps by pulling the cable from both coasts we can meet in the mid-atlantic and get the telegrams moving. > (And good luck with gnucash, it sounds like it's been quite tricky for > you) Tricky how? It's been no particular trouble... From jas at extundo.com Fri Jun 9 11:48:51 2006 From: jas at extundo.com (Simon Josefsson) Date: Fri, 09 Jun 2006 11:48:51 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash References: Message-ID: <877j3q3bi4.fsf@latte.josefsson.org> Thomas Bushnell BSG writes: > Ok, we need your help, and maybe you guys can help us. I'll try! > I am the Debian maintainer for gnucash. gnucash offers a feature to > connect to banks, called HBCI, which for supporting banks, allows you > to download your financials very conveniently. This is very common in > Germany. > > Debian does this with the aqbanking library. aqbanking uses a > portability library called gwenhywfar to, among other things, deal > with ssl. gwenhywfar links with openssl. > > As we know, openssl is not GPL compatible. To get around this, > aqbanking and gwenhywfar both contain a special exception to allow > linking with openssl. > > But that's not good enough (and this is verified with the GPL > Compliance Lab); *everything* in the gnucash binary which is GPL'd > would need to have that exception. Needless to say, that's a lot of > gnome, and long-vanished gnucash developers, and other people who > would all need to give permission. Ain't gonna happen. > > The normal thing to do is simply to link the code in question > (gwenhywfar) with gnutls instead of openssl. Supposedly, gnutls is > advertised as a drop-in replacement for openssl. Where have you seen this? I don't think we advertise the OpenSSL compatibility layer in GnuTLS prominently, and when it is mentioned, it should says that it is unfinished and limited. If you'd tell us where you got this impression, I could try to improve the documentation. The OpenSSL emulation layer in GnuTLS is quite thin, and I wouldn't recommend anyone to use it unless they have a very strong reason to do so. I haven't seen a good reason here yet. > But, alas, it ain't. gwenhywfar uses features of openssl that gnutls > doesn't support. > > And this brings me to you all. Can I hook someone from the gnutls > team up with someone who knows gwenhywfar, so that gnutls can support > what gwenhywfar needs? I'm listening. First I'd like to try to convince you to use the GnuTLS API instead. It will probably be less work than fixing the OpenSSL compatibility layer to do what you want. What do you think? If there is anything in the GnuTLS API that is missing, or some utility function that would help smooth the transition, we can surely do something. /Simon From tb at becket.net Fri Jun 9 18:00:10 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Fri, 09 Jun 2006 09:00:10 -0700 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: <877j3q3bi4.fsf@latte.josefsson.org> (Simon Josefsson's message of "Fri, 09 Jun 2006 11:48:51 +0200") References: <877j3q3bi4.fsf@latte.josefsson.org> Message-ID: Simon Josefsson writes: > Where have you seen this? I don't think we advertise the OpenSSL > compatibility layer in GnuTLS prominently, and when it is mentioned, > it should says that it is unfinished and limited. It's common lore over in Debian-land. :) But then, it's all we have. > If you'd tell us where you got this impression, I could try to improve > the documentation. > > The OpenSSL emulation layer in GnuTLS is quite thin, and I wouldn't > recommend anyone to use it unless they have a very strong reason to do > so. I haven't seen a good reason here yet. Debian has made extremely heavy use of it, because of the noxious license on openssl. We don't have a choice. It's really to the point where we can either drop ssl support from Debian, or use -lgnutls-openssl. And nobody seems to be reporting lots of bugs. ;) This case is a quite unusual one, because gwenhywfar asks for rather more from openssl/crypto than most apps. > I'm listening. First I'd like to try to convince you to use the > GnuTLS API instead. It will probably be less work than fixing the > OpenSSL compatibility layer to do what you want. What do you think? It's not me. It's gwenhywfar. He thinks he's done all he can by giving the openssl-exception to the GPL. The irony, oddly, is that gwenhywfar is billed as a compatibility library. So maybe I can convince him to backend to gnutls also. One thing I think he's worried about is that file formats *must* be compatible for the sake of existing users. Can we guarantee him that? From ametzler at downhill.at.eu.org Fri Jun 9 18:27:25 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Fri, 9 Jun 2006 18:27:25 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: References: <877j3q3bi4.fsf@latte.josefsson.org> Message-ID: <20060609162724.GA2547@downhill.at.eu.org> On 2006-06-09 Thomas Bushnell BSG wrote: > Simon Josefsson writes: [...] > > The OpenSSL emulation layer in GnuTLS is quite thin, and I wouldn't > > recommend anyone to use it unless they have a very strong reason to do > > so. I haven't seen a good reason here yet. > Debian has made extremely heavy use of it, because of the noxious > license on openssl. [...] Are you sure about that? On a quick search I have not found a single major package in Debian using openssl compat. For example openldap2, exim4, cups, samba all do not use the compatibilty layer but the GnuTLS-API. cu andreas -- "See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf, fuhggvat qbja gur juveyvat tha. Neal Stephenson in "Snow Crash" http://downhill.aus.cc/ From tb at becket.net Fri Jun 9 21:34:02 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Fri, 09 Jun 2006 12:34:02 -0700 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: <20060609162724.GA2547@downhill.at.eu.org> (Andreas Metzler's message of "Fri, 9 Jun 2006 18:27:25 +0200") References: <877j3q3bi4.fsf@latte.josefsson.org> <20060609162724.GA2547@downhill.at.eu.org> Message-ID: Andreas Metzler writes: > On 2006-06-09 Thomas Bushnell BSG wrote: >> Simon Josefsson writes: > [...] >> > The OpenSSL emulation layer in GnuTLS is quite thin, and I wouldn't >> > recommend anyone to use it unless they have a very strong reason to do >> > so. I haven't seen a good reason here yet. > >> Debian has made extremely heavy use of it, because of the noxious >> license on openssl. > [...] > > Are you sure about that? On a quick search I have not found a single > major package in Debian using openssl compat. For example openldap2, > exim4, cups, samba all do not use the compatibilty layer but the > GnuTLS-API. lynx and ofx are the ones that come up on my system. I guess that doesn't count as "extremely heavy". It was the standard advice when we became aware of the openssl license problems that developers were advised to link against gnutls-openssl instead of ssl. It is good that this is minimally needed. The real question is not so much whether we have a compat layer, as much as we want gwenhywfar to be usable in GPL'd programs. ;) Thomas From nmav at gnutls.org Sat Jun 10 09:05:52 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 10 Jun 2006 09:05:52 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: References: <877j3q3bi4.fsf@latte.josefsson.org> Message-ID: <200606100905.53110.nmav@gnutls.org> On Fri 09 Jun 2006 18:00, Thomas Bushnell BSG wrote: Hello, > The irony, oddly, is that gwenhywfar is billed as a compatibility > library. So maybe I can convince him to backend to gnutls also. > One thing I think he's worried about is that file formats *must* be > compatible for the sake of existing users. Can we guarantee him > that? What do you mean with file formats? From jw+debian at jameswestby.net Fri Jun 9 04:11:15 2006 From: jw+debian at jameswestby.net (James Westby) Date: Fri, 9 Jun 2006 03:11:15 +0100 Subject: [gnutls-dev] libgwenhywfar and gnucash In-Reply-To: References: <20060609014546.GC2185@jameswestby.net> Message-ID: <20060609021115.GD2185@jameswestby.net> On (08/06/06 18:50), Thomas Bushnell BSG wrote: > > (And good luck with gnucash, it sounds like it's been quite tricky for > > you) > > Tricky how? It's been no particular trouble... My apologies, I just remembered some noise on the lists about it but looking back it was not problems with the package but other things. James -- James Westby jw+debian at jameswestby.net http://jameswestby.net/ From jw+debian at jameswestby.net Fri Jun 9 03:45:47 2006 From: jw+debian at jameswestby.net (James Westby) Date: Fri, 9 Jun 2006 02:45:47 +0100 Subject: [gnutls-dev] libgwenhywfar and gnucash In-Reply-To: References: Message-ID: <20060609014546.GC2185@jameswestby.net> [I replied to your message on debian-devel, and then read this one, but only thought it was highly coincedental until you mentioned gwenhywfar in your follow up. I'm replying on this list as it seems more on topic here] On (08/06/06 18:20), Thomas Bushnell BSG wrote: > James Westby writes: > > Why do you require the same symbols? Have you already written the code > > for libcrypto? If not what does it matter what symbols are provided? > > We need something for gwenhywfar, an existing library which uses > libssl and libcrypto. So you are looking for a replacement for both libssl and libcrypto. gnutls does provide a compatibility interface (built in Debian), but it is not complete. In the gwenhywfar source $ grep -r "//' | sort -u bio.h blowfish.h bn.h conf.h des.h dh.h err.h md5.h objects.h pem.h rand.h ripemd.h rsa.h sha.h ssl.h x509v3.h (16 files) $ find /usr/include/openssl/ | wc -l 69 So the coverage of the openssl functionality is not that huge. Someone on this list will be able to tell you better than I can the problems with porting the above code to gnutls, and the suitability of the compatibility interface. (And good luck with gnucash, it sounds like it's been quite tricky for you) James -- James Westby jw+debian at jameswestby.net http://jameswestby.net/ From tb at becket.net Sat Jun 10 19:31:25 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Sat, 10 Jun 2006 10:31:25 -0700 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: <200606100905.53110.nmav@gnutls.org> (Nikos Mavrogiannopoulos's message of "Sat, 10 Jun 2006 09:05:52 +0200") References: <877j3q3bi4.fsf@latte.josefsson.org> <200606100905.53110.nmav@gnutls.org> Message-ID: Nikos Mavrogiannopoulos writes: > On Fri 09 Jun 2006 18:00, Thomas Bushnell BSG wrote: > > Hello, > >> The irony, oddly, is that gwenhywfar is billed as a compatibility >> library. So maybe I can convince him to backend to gnutls also. >> One thing I think he's worried about is that file formats *must* be >> compatible for the sake of existing users. Can we guarantee him >> that? > > What do you mean with file formats? You'd have to ask Thomas Viehmann. People have files in which their keys are stored, perhaps configuration data, and whatnot. Can I put you in touch with him? About all this, I am very far from expert, and am really trying to get people to start working directly together... :) Thomas From jas at extundo.com Sun Jun 11 08:42:54 2006 From: jas at extundo.com (Simon Josefsson) Date: Sun, 11 Jun 2006 08:42:54 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: (Thomas Bushnell's message of "Fri, 09 Jun 2006 12:34:02 -0700") References: <877j3q3bi4.fsf@latte.josefsson.org> <20060609162724.GA2547@downhill.at.eu.org> Message-ID: <87y7w419ch.fsf@latte.josefsson.org> Thomas Bushnell BSG writes: > Andreas Metzler writes: > >> On 2006-06-09 Thomas Bushnell BSG wrote: >>> Simon Josefsson writes: >> [...] >>> > The OpenSSL emulation layer in GnuTLS is quite thin, and I wouldn't >>> > recommend anyone to use it unless they have a very strong reason to do >>> > so. I haven't seen a good reason here yet. >> >>> Debian has made extremely heavy use of it, because of the noxious >>> license on openssl. >> [...] >> >> Are you sure about that? On a quick search I have not found a single >> major package in Debian using openssl compat. For example openldap2, >> exim4, cups, samba all do not use the compatibilty layer but the >> GnuTLS-API. > > lynx and ofx are the ones that come up on my system. > > I guess that doesn't count as "extremely heavy". It was the standard > advice when we became aware of the openssl license problems that > developers were advised to link against gnutls-openssl instead of > ssl. It is good that this is minimally needed. Right. And given how some parts of the OpenSSL API tend to change over time, I think it will be difficult to implement compatibility layers for all of it. > The real question is not so much whether we have a compat layer, as > much as we want gwenhywfar to be usable in GPL'd programs. ;) Yup. And using the GnuTLS API directly will achieve that. ;-) /Simon From nmav at gnutls.org Sun Jun 11 17:55:41 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 11 Jun 2006 17:55:41 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: References: <200606100905.53110.nmav@gnutls.org> Message-ID: <200606111755.42508.nmav@gnutls.org> On Sat 10 Jun 2006 19:31, Thomas Bushnell BSG wrote: > > What do you mean with file formats? > > You'd have to ask Thomas Viehmann. People have files in which their > keys are stored, perhaps configuration data, and whatnot. Can I put > you in touch with him? > About all this, I am very far from expert, and am really trying to > get people to start working directly together... :) Actually this is something outside our (gnutls') scope. It's up to the libgwenhywfar author to decide to use gnutls, not ours. If he decides so we could help him in case he has questions or so. Until then I don't think there is something we can do. regards, Nikos From tb at becket.net Mon Jun 12 02:49:00 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Sun, 11 Jun 2006 17:49:00 -0700 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: <87y7w419ch.fsf@latte.josefsson.org> (Simon Josefsson's message of "Sun, 11 Jun 2006 08:42:54 +0200") References: <877j3q3bi4.fsf@latte.josefsson.org> <20060609162724.GA2547@downhill.at.eu.org> <87y7w419ch.fsf@latte.josefsson.org> Message-ID: Simon Josefsson writes: > Right. And given how some parts of the OpenSSL API tend to change > over time, I think it will be difficult to implement compatibility > layers for all of it. > >> The real question is not so much whether we have a compat layer, as >> much as we want gwenhywfar to be usable in GPL'd programs. ;) > > Yup. And using the GnuTLS API directly will achieve that. ;-) Will you help the gwenhywfar author in this task? From tb at becket.net Mon Jun 12 02:48:08 2006 From: tb at becket.net (Thomas Bushnell BSG) Date: Sun, 11 Jun 2006 17:48:08 -0700 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: <200606111755.42508.nmav@gnutls.org> (Nikos Mavrogiannopoulos's message of "Sun, 11 Jun 2006 17:55:41 +0200") References: <200606100905.53110.nmav@gnutls.org> <200606111755.42508.nmav@gnutls.org> Message-ID: Nikos Mavrogiannopoulos writes: > On Sat 10 Jun 2006 19:31, Thomas Bushnell BSG wrote: > >> > What do you mean with file formats? >> >> You'd have to ask Thomas Viehmann. People have files in which their >> keys are stored, perhaps configuration data, and whatnot. Can I put >> you in touch with him? >> About all this, I am very far from expert, and am really trying to >> get people to start working directly together... :) > > Actually this is something outside our (gnutls') scope. It's up to the > libgwenhywfar author to decide to use gnutls, not ours. If he decides > so we could help him in case he has questions or so. Until then I don't > think there is something we can do. Ok, what we have is a foolish impasse, and I want/hope/plead that *someone* will lift a finger to help out. The gwenhywfar author thinks that by granting the openssl license exception he's done all he needs to. you think that by doing nothing, you've done all you need to. and, meanwhile, everybody loses. can you please decide that helping the gwenhywfar people with this is worth the effort, will help free software and free software users? Please?? Thomas From jas at extundo.com Mon Jun 12 09:33:37 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 12 Jun 2006 09:33:37 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: (Thomas Bushnell's message of "Sun, 11 Jun 2006 17:49:00 -0700") References: <877j3q3bi4.fsf@latte.josefsson.org> <20060609162724.GA2547@downhill.at.eu.org> <87y7w419ch.fsf@latte.josefsson.org> Message-ID: <87pshe25gu.fsf@latte.josefsson.org> Thomas Bushnell BSG writes: > Simon Josefsson writes: > >> Right. And given how some parts of the OpenSSL API tend to change >> over time, I think it will be difficult to implement compatibility >> layers for all of it. >> >>> The real question is not so much whether we have a compat layer, as >>> much as we want gwenhywfar to be usable in GPL'd programs. ;) >> >> Yup. And using the GnuTLS API directly will achieve that. ;-) > > Will you help the gwenhywfar author in this task? Sure! (time permitting [1]) Start by reading the GnuTLS manual: http://www.gnu.org/software/gnutls/manual/html_node/index.html and especially the examples in chapter 7. The reference API manual may be useful too: http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html Let us know (preferably on the list) if you have any problems or need some extended API. /Simon [1] Contracting me through my company will get you full attention, of course. From nmav at gnutls.org Mon Jun 12 12:47:53 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 12 Jun 2006 12:47:53 +0200 Subject: [gnutls-dev] Re: libgwenhywfar and gnucash In-Reply-To: References: <200606100905.53110.nmav@gnutls.org> <200606111755.42508.nmav@gnutls.org> Message-ID: On 6/12/06, Thomas Bushnell BSG wrote: > The gwenhywfar author thinks that by granting the openssl license > exception he's done all he needs to. you think that by doing nothing, > you've done all you need to. But this is up to him to decide. Each author decides what's best for his project. If you think that his decision harms, due to license incompatibility, your or any other project, you'd better contact him directly. We can barely help on this matter. regards, Nikos From jas at extundo.com Mon Jun 12 15:19:57 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 12 Jun 2006 15:19:57 +0200 Subject: [gnutls-dev] Development branch open, daily snapshots Message-ID: <87ver6tssi.fsf@latte.josefsson.org> We've branched off the stable 1.4.x branch from the CVS trunk, the branch tag is 'gnutls_1_4_x'. The CVS trunk is now the next development series, 1.5.x, that will lead to the next stable release, 1.6.0. We'll continue to make release on the 1.4.x branch, to fix any security problems or to improve the most recent additions (TLS/IA, TLS-PSK, etc). We'll hopefully be able to make releases on the 1.2.x branch to fix security problems. We don't have resources to maintain the 1.0.x branch. We're collecting things to do for 1.5, and they currently include: - C++ interface - Continue move to a crypto-library independent backend including crypto hardware support (currently stalled because we don't have the resources to work on it) - Perl bindings? - Datagram-TLS support? - Implement the draft-salowey-tls-ticket TLS extension? If you can think of something more, please mention it. If you'd like to work on, or sponsor something, we're interested. I've also improved the daily snapshot build script. You can now find daily snapshots for all currently supported branches, see: http://josefsson.org/daily/gnutls-1.2/ - Old stable 1.2.x branch http://josefsson.org/daily/gnutls-1.4/ - New stable 1.4.x branch http://josefsson.org/daily/gnutls/ - Current development branch (1.5.x) Please test the daily builds! If there's anything wrong with them, you'll have to tell us, so we can fix it before the next release. /Simon From ametzler at downhill.at.eu.org Fri Jun 16 13:19:50 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Fri, 16 Jun 2006 13:19:50 +0200 Subject: [gnutls-dev] Compiler warnings on 64bit archs Message-ID: <20060616111950.GA9894@downhill.aus.cc> Hej, building gnutls 1.4.0 (or 1.2.11) on a 64bit arch (amd64, ia64, ...) triggers a couple of cast warnings: ------------------------ gnutls_buffers.c:268: warning: cast from pointer to integer of different size gnutls_buffers.c:704: warning: cast from pointer to integer of different size auth_cert.c:1436: warning: passing argument 1 of '_gnutls_write_uint16' makes integer from pointer without a cast gnutls_openssl.c:283: warning: cast to pointer from integer of different size gnutls_openssl.c:290: warning: cast to pointer from integer of different size gnutls_openssl.c:301: warning: cast to pointer from integer of different size gnutls_openssl.c:880: warning: cast from pointer to integer of different size gnutls_openssl.c:892: warning: cast to pointer from integer of different size serv.c:954: warning: cast to pointer from integer of different size cli.c:831: warning: cast to pointer from integer of different size psk.gaa:28: warning: assignment makes integer from pointer without a cast tls_test.c:270: warning: cast to pointer from integer of different size ex-cert-select.c:154: warning: cast to pointer from integer of different size ex-client1.c:52: warning: cast to pointer from integer of different size ex-client2.c:60: warning: cast to pointer from integer of different size ex-client-resume.c:57: warning: cast to pointer from integer of different size ex-serv1.c:132: warning: cast to pointer from integer of different size ex-serv-anon.c:117: warning: cast to pointer from integer of different size ex-serv-export.c:177: warning: cast to pointer from integer of different size ex-serv-pgp.c:136: warning: cast to pointer from integer of different size ex-client-srp.c:68: warning: cast to pointer from integer of different size ex-serv-srp.c:121: warning: cast to pointer from integer of different size anonself.c:113: warning: cast to pointer from integer of different size anonself.c:290: warning: cast to pointer from integer of different size pskself.c:116: warning: cast to pointer from integer of different size pskself.c:284: warning: cast to pointer from integer of different size dhepskself.c:125: warning: cast to pointer from integer of different size dhepskself.c:316: warning: cast to pointer from integer of different size tlsia.c:170: warning: cast to pointer from integer of different size tlsia.c:459: warning: cast to pointer from integer of different size resume.c:137: warning: cast to pointer from integer of different size resume.c:363: warning: cast to pointer from integer of different size ------------------------ The stuff is caused by casting pointers [1] to and from int. cu andreas [1] either gnutls_transport_ptr_t (i.e. void *) or pointers to opaque (i.e unsigned char) -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. (c) Jasper Ffforde From jas at extundo.com Fri Jun 16 18:06:10 2006 From: jas at extundo.com (Simon Josefsson) Date: Fri, 16 Jun 2006 18:06:10 +0200 Subject: [gnutls-dev] Re: Compiler warnings on 64bit archs In-Reply-To: <20060616111950.GA9894@downhill.aus.cc> (Andreas Metzler's message of "Fri, 16 Jun 2006 13:19:50 +0200") References: <20060616111950.GA9894@downhill.aus.cc> Message-ID: <87ver1axvx.fsf@latte.josefsson.org> Andreas Metzler writes: > Hej, > > building gnutls 1.4.0 (or 1.2.11) on a 64bit arch (amd64, ia64, ...) > triggers a couple of cast warnings: Thanks! Patches to fix these problems are always appreciated. > ------------------------ > gnutls_buffers.c:268: warning: cast from pointer to integer of different size > gnutls_buffers.c:704: warning: cast from pointer to integer of different size ... Storing integers within pointers is safe, isn't it? Compare: http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html How large is 'int' on your platform? How large is 'void*'? > auth_cert.c:1436: warning: passing argument 1 of '_gnutls_write_uint16' makes integer from pointer without a cast This looks like a pure bug to me. Nikos? I didn't go through all warnings. If we resolve these, we can move on to the others. Chances are that fixing these may fix some of the others too. /Simon From nmav at gnutls.org Fri Jun 16 18:16:45 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 16 Jun 2006 18:16:45 +0200 Subject: [gnutls-dev] Re: Compiler warnings on 64bit archs In-Reply-To: <87ver1axvx.fsf@latte.josefsson.org> References: <20060616111950.GA9894@downhill.aus.cc> <87ver1axvx.fsf@latte.josefsson.org> Message-ID: <200606161816.45834.nmav@gnutls.org> On Fri 16 Jun 2006 18:06, Simon Josefsson wrote: > > auth_cert.c:1436: warning: passing argument 1 of > > '_gnutls_write_uint16' makes integer from pointer without a cast > This looks like a pure bug to me. Nikos? Ouch. Yes indeed it is a bug. I'll commit a fix. From ametzler at downhill.at.eu.org Fri Jun 16 19:59:18 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Fri, 16 Jun 2006 19:59:18 +0200 Subject: [gnutls-dev] Re: Compiler warnings on 64bit archs In-Reply-To: <87ver1axvx.fsf@latte.josefsson.org> References: <20060616111950.GA9894@downhill.aus.cc> <87ver1axvx.fsf@latte.josefsson.org> Message-ID: <20060616175918.GA3141@downhill.aus.cc> On 2006-06-16 Simon Josefsson wrote: > Andreas Metzler writes: >> building gnutls 1.4.0 (or 1.2.11) on a 64bit arch (amd64, ia64, ...) >> triggers a couple of cast warnings: > Thanks! Patches to fix these problems are always appreciated. This is out of my league, I just was pointed to these warning as something that *might* be a real bug. >> ------------------------ >> gnutls_buffers.c:268: warning: cast from pointer to integer of different size >> gnutls_buffers.c:704: warning: cast from pointer to integer of different size > ... > Storing integers within pointers is safe, isn't it? Compare: > http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html I did not know this page. ;-) The problem is that on some systems you need to do this: p = (void*) (long) 42; i = (int) (long) p; On my ix86 system the glib macros look like this /usr/lib/glib-2.0/include/glibconfig.h #define GPOINTER_TO_INT(p) ((gint) (p)) #define GINT_TO_POINTER(i) ((gpointer) (i)) However on alpha, ia64 and am64 #define GPOINTER_TO_INT(p) ((gint) (glong) (p)) #define GINT_TO_POINTER(i) ((gpointer) (glong) (i)) With the respective types defined (identical on all four platforms) in /usr/include/glib-2.0/glib/gtypes.h: typedef void* gpointer; typedef int gint; typedef long glong; The arch-dependend file is generated by ./configure.in using ----------------------- AC_CHECK_SIZEOF(long) AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(void *) [...] case $ac_cv_sizeof_void_p in $ac_cv_sizeof_int) glib_gpi_cast='' glib_gpui_cast='' ;; $ac_cv_sizeof_long) glib_gpi_cast='(glong)' glib_gpui_cast='(gulong)' ;; *) glib_unknown_void_p=yes ;; esac [...] #define GPOINTER_TO_INT(p) ((gint) ${glib_gpi_cast} (p)) #define GPOINTER_TO_UINT(p) ((guint) ${glib_gpui_cast} (p)) #define GINT_TO_POINTER(i) ((gpointer) ${glib_gpi_cast} (i)) #define GUINT_TO_POINTER(u) ((gpointer) ${glib_gpui_cast} (u)) ------------------------ I guess gnutls would need to use a similar approach. FWIW I just ran a short test, this patch ------------------ --- gnutls_buffers.c.orig 2006-06-16 17:50:33.000000000 +0000 +++ gnutls_buffers.c 2006-06-16 17:52:18.000000000 +0000 @@ -265,7 +265,7 @@ { if (session->internals._gnutls_pull_func == NULL) - i = recv ((int) fd, &ptr[sizeOfPtr - left], left, flags); + i = recv ((int) (long) fd, &ptr[sizeOfPtr - left], left, flags); else i = session->internals._gnutls_pull_func (fd, &ptr[sizeOfPtr - @@ -701,7 +701,7 @@ { if (session->internals._gnutls_push_func == NULL) - i = send ((int) fd, &ptr[n - left], left, 0); + i = send ((int) (long) fd, &ptr[n - left], left, 0); else i = session->internals._gnutls_push_func (fd, &ptr[n - left], left); ------------------ indeed gets rid of the two warnings for this file on ia64 (but breaks on i386 of course). > How large is 'int' on your platform? How large is 'void*'? According to ./configure in the respective buildlogs http://buildd.debian.org/build.php?pkg=gnutls13 alpha, ia64, amd64 checking size of unsigned long... 8 checking size of unsigned int... 4 checking size of unsigned char*... 8 thanks, cu andreas -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. (c) Jasper Ffforde From satyam_kkd at hyd.hellosoft.com Wed Jun 21 15:06:06 2006 From: satyam_kkd at hyd.hellosoft.com (satyakumar) Date: Wed, 21 Jun 2006 18:36:06 +0530 Subject: [gnutls-dev] GNUTLS windows version Message-ID: <4499443E.9060004@hyd.hellosoft.com> Hi, Is there any GNUTLS libraries ,for windows version, available. Regards, Satyakumar The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail immediately and permanently delete the message and any attachments. From jas at extundo.com Wed Jun 21 17:38:42 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 21 Jun 2006 17:38:42 +0200 Subject: [gnutls-dev] Re: GNUTLS windows version In-Reply-To: <4499443E.9060004@hyd.hellosoft.com> (satyakumar's message of "Wed, 21 Jun 2006 18:36:06 +0530") References: <4499443E.9060004@hyd.hellosoft.com> Message-ID: <87bqsm34e5.fsf@latte.josefsson.org> satyakumar writes: > Hi, > Is there any GNUTLS libraries ,for windows version, available. Hi. GnuTLS should build under Cygwin and MinGW, possibly with minor modifications. Try the daily builds of 1.5.x for best results. Hopefully, I'll be able to provide a Windows .EXE installer of GnuTLS libraries and related tools in a not too distant future. If you, or anyone else, wishes to pre-test the installer on various Windows environments, let me know. /Simon From ametzler at downhill.at.eu.org Sat Jun 24 14:09:11 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 24 Jun 2006 14:09:11 +0200 Subject: [gnutls-dev] Re: Compiler warnings on 64bit archs In-Reply-To: <20060616175918.GA3141@downhill.aus.cc> References: <20060616111950.GA9894@downhill.aus.cc> <87ver1axvx.fsf@latte.josefsson.org> <20060616175918.GA3141@downhill.aus.cc> Message-ID: <20060624120910.GA14075@downhill.aus.cc> On 2006-06-16 Andreas Metzler wrote: > On 2006-06-16 Simon Josefsson wrote: >> Andreas Metzler writes: [...] >>> ------------------------ >>> gnutls_buffers.c:268: warning: cast from pointer to integer of different size >>> gnutls_buffers.c:704: warning: cast from pointer to integer of different size >> ... >> Storing integers within pointers is safe, isn't it? Compare: >> http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html > I did not know this page. ;-) > > The problem is that on some systems you need to do this: > p = (void*) (long) 42; > i = (int) (long) p; > [...] Attached a small prrof of concept patch showing how this could be done, eliminating the warnings for gnutls_buffers.c. I have put the macros in gnutls.h, it might be better to not make them part of the GnuTLS API, though. cu andreas -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. (c) Jasper Ffforde -------------- next part -------------- diff -Nur gnutls13-1.4.0-2/configure.in gnutls13-1.4.0/configure.in --- gnutls13-1.4.0-2/configure.in 2006-05-11 13:20:09.000000000 +0200 +++ gnutls13-1.4.0/configure.in 2006-06-24 14:08:42.914407736 +0200 @@ -182,6 +182,21 @@ AC_CHECK_SIZEOF(unsigned long, 4) AC_CHECK_SIZEOF(unsigned int, 4) +# for strong ints in pointers without warnings +AC_CHECK_SIZEOF(long) +AC_CHECK_SIZEOF(int) +AC_CHECK_SIZEOF(void *) + +AC_SUBST(CAST_INT_AND_POINTER) +case $ac_cv_sizeof_void_p in + $ac_cv_sizeof_int) + CAST_INT_AND_POINTER='' + ;; + $ac_cv_sizeof_long) + CAST_INT_AND_POINTER='(long)' + ;; +esac + # For some systems we know that we have ld_version scripts. # Use it then as default. have_ld_version_script=no diff -Nur gnutls13-1.4.0-2/includes/gnutls/gnutls.h.in gnutls13-1.4.0/includes/gnutls/gnutls.h.in --- gnutls13-1.4.0-2/includes/gnutls/gnutls.h.in 2006-05-05 11:07:42.000000000 +0200 +++ gnutls13-1.4.0/includes/gnutls/gnutls.h.in 2006-06-24 14:08:10.124392576 +0200 @@ -1161,6 +1161,10 @@ #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 +/* helper macros */ +#define GNUTLS_POINTER_TO_INT(p) ((int) @CAST_INT_AND_POINTER@ (p)) +#define GNUTLS_INT_TO_POINTER(i) ((void*) @CAST_INT_AND_POINTER@ (i)) + #ifdef __cplusplus } #endif diff -Nur gnutls13-1.4.0-2/lib/gnutls_buffers.c gnutls13-1.4.0/lib/gnutls_buffers.c --- gnutls13-1.4.0-2/lib/gnutls_buffers.c 2006-03-08 11:44:59.000000000 +0100 +++ gnutls13-1.4.0/lib/gnutls_buffers.c 2006-06-24 14:08:10.131391512 +0200 @@ -265,7 +265,7 @@ { if (session->internals._gnutls_pull_func == NULL) - i = recv ((int) fd, &ptr[sizeOfPtr - left], left, flags); + i = recv (GNUTLS_POINTER_TO_INT(fd), &ptr[sizeOfPtr - left], left, flags); else i = session->internals._gnutls_pull_func (fd, &ptr[sizeOfPtr - @@ -701,7 +701,7 @@ { if (session->internals._gnutls_push_func == NULL) - i = send ((int) fd, &ptr[n - left], left, 0); + i = send (GNUTLS_POINTER_TO_INT(fd), &ptr[n - left], left, 0); else i = session->internals._gnutls_push_func (fd, &ptr[n - left], left); From ametzler at downhill.at.eu.org Sun Jun 25 09:47:21 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 25 Jun 2006 09:47:21 +0200 Subject: [gnutls-dev] gnutls pkg-config files Message-ID: <20060625074721.GA4439@downhill.aus.cc> Hej, Since release 0.18 pkg-config supports Libs.private and Requires.private to support a) static linking b) dynamic linking on platforms that require direct linking of all dependencies[1] afaiui this should do the trick: ---------------------- diff -ur gnutls13-1.4.0.org/lib/gnutls.pc.in gnutls-1.4.0/lib/gnutls.pc.in --- gnutls13-1.4.0.org/lib/gnutls.pc.in 2005-05-26 17:21:37.000000000 +0200 +++ gnutls-1.4.0/lib/gnutls.pc.in 2006-06-24 18:10:38.000000000 +0200 @@ -19,4 +19,5 @@ Description: Transport Security Layer implementation for the GNU system Version: @VERSION@ Libs: -L${libdir} -lgnutls +Libs.private: @LIBGNUTLS_LIBS@ Cflags: -I${includedir} diff -ur gnutls13-1.4.0.org/libextra/gnutls-extra.pc.in gnutls-1.4.0/libextra/gnutls-extra.pc.in --- gnutls13-1.4.0.org/libextra/gnutls-extra.pc.in 2005-05-26 17:16:58.000000000 +0200 +++ gnutls-1.4.0/libextra/gnutls-extra.pc.in 2006-06-25 09:35:53.758199856 +0200 @@ -20,4 +20,5 @@ Requires: gnutls Version: @VERSION@ Libs: -L${libdir} -lgnutls-extra +Libs.private: @LIBGNUTLS_EXTRA_LIBS@ Cflags: -I${includedir} ---------------------- thanks, cu andreas [1] On such platforms you'd need -ltasn1 -lz -lgcrypt -lnsl -lgpg-error -lgnutls for dynamic linking instead of just -lgnutls. -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. (c) Jasper Ffforde From jas at extundo.com Mon Jun 26 11:09:01 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 26 Jun 2006 11:09:01 +0200 Subject: [gnutls-dev] Re: gnutls pkg-config files In-Reply-To: <20060625074721.GA4439@downhill.aus.cc> (Andreas Metzler's message of "Sun, 25 Jun 2006 09:47:21 +0200") References: <20060625074721.GA4439@downhill.aus.cc> Message-ID: <87hd28xp02.fsf@latte.josefsson.org> Andreas Metzler writes: > Hej, > Since release 0.18 pkg-config supports Libs.private and > Requires.private to support > a) static linking > b) dynamic linking on platforms that require direct linking of all > dependencies[1] Hi! I've installed this. Thanks, Simon > afaiui this should do the trick: > ---------------------- > diff -ur gnutls13-1.4.0.org/lib/gnutls.pc.in gnutls-1.4.0/lib/gnutls.pc.in > --- gnutls13-1.4.0.org/lib/gnutls.pc.in 2005-05-26 17:21:37.000000000 +0200 > +++ gnutls-1.4.0/lib/gnutls.pc.in 2006-06-24 18:10:38.000000000 +0200 > @@ -19,4 +19,5 @@ > Description: Transport Security Layer implementation for the GNU system > Version: @VERSION@ > Libs: -L${libdir} -lgnutls > +Libs.private: @LIBGNUTLS_LIBS@ > Cflags: -I${includedir} > diff -ur gnutls13-1.4.0.org/libextra/gnutls-extra.pc.in gnutls-1.4.0/libextra/gnutls-extra.pc.in > --- gnutls13-1.4.0.org/libextra/gnutls-extra.pc.in 2005-05-26 17:16:58.000000000 +0200 > +++ gnutls-1.4.0/libextra/gnutls-extra.pc.in 2006-06-25 09:35:53.758199856 +0200 > @@ -20,4 +20,5 @@ > Requires: gnutls > Version: @VERSION@ > Libs: -L${libdir} -lgnutls-extra > +Libs.private: @LIBGNUTLS_EXTRA_LIBS@ > Cflags: -I${includedir} > ---------------------- > > thanks, cu andreas > > [1] On such platforms you'd need > -ltasn1 -lz -lgcrypt -lnsl -lgpg-error -lgnutls for dynamic linking > instead of just -lgnutls. > -- > The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal > vision of the emperor's, and its inclusion in this work does not constitute > tacit approval by the author or the publisher for any such projects, > howsoever undertaken. (c) Jasper Ffforde From jas at extundo.com Tue Jun 27 11:00:03 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 27 Jun 2006 11:00:03 +0200 Subject: [gnutls-dev] Libtasn1 0.3.5 Message-ID: <87odwfvur0.fsf@latte.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by GNU Shishi to handle Kerberos V5 packets. Version 0.3.5 (2006-06-27) - Fix asn1_octet_der to handle writes of zero-length buffers, before it did not write the ASN.1 length for a zero-length buffer. This caused ASN.1 encodings to be incorrect on 64-bit platforms. - Add self test that attempt to trigger the above bug. - Fix test of -Wno-pointer-sign. - Improve cross-compilation to MinGW by using AC_LIBTOOL_WIN32_DLL. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.2MB): http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.5.tar.gz Here are GPG detached signatures using key 0xB565716F: http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.5.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2006-08-14] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2006-08-14] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: b2e4bc705a971e2835e149bb6d456a1fddf50d7e libtasn1-0.3.5.tar.gz f84ce6b3bdaefc2b6e1c7bac33a1562c07881af2 libtasn1-0.3.5.tar.gz.sig bed2d3244e32c25b95b0dc25e5cdfebc7c25a5c92f907a6b49858c2e libtasn1-0.3.5.tar.gz efd6031fe7ec2a86af57130aaef4ef942f2fdd2d74f3b2ba5e669afd libtasn1-0.3.5.tar.gz.sig Enjoy, Fabio, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Tue Jun 27 12:07:56 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 27 Jun 2006 12:07:56 +0200 Subject: [gnutls-dev] Re: Compiler warnings on 64bit archs In-Reply-To: <20060624120910.GA14075@downhill.aus.cc> (Andreas Metzler's message of "Sat, 24 Jun 2006 14:09:11 +0200") References: <20060616111950.GA9894@downhill.aus.cc> <87ver1axvx.fsf@latte.josefsson.org> <20060616175918.GA3141@downhill.aus.cc> <20060624120910.GA14075@downhill.aus.cc> Message-ID: <87bqsex66b.fsf@latte.josefsson.org> Andreas Metzler writes: > On 2006-06-16 Andreas Metzler wrote: >> On 2006-06-16 Simon Josefsson wrote: >>> Andreas Metzler writes: > [...] >>>> ------------------------ >>>> gnutls_buffers.c:268: warning: cast from pointer to integer of different size >>>> gnutls_buffers.c:704: warning: cast from pointer to integer of different size >>> ... > >>> Storing integers within pointers is safe, isn't it? Compare: >>> http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html > >> I did not know this page. ;-) >> >> The problem is that on some systems you need to do this: >> p = (void*) (long) 42; >> i = (int) (long) p; >> > [...] > > Attached a small prrof of concept patch showing how this could be > done, eliminating the warnings for gnutls_buffers.c. I have put the > macros in gnutls.h, it might be better to not make them part of the > GnuTLS API, though. Thanks for looking into this. I've installed the following patch. Could you test the 2006-06-28 (or later) daily snapshot to see if it works for you? Index: configure.in =================================================================== RCS file: /cvs/gnutls/gnutls/configure.in,v retrieving revision 2.428 diff -u -p -r2.428 configure.in --- configure.in 22 Jun 2006 11:54:43 -0000 2.428 +++ configure.in 27 Jun 2006 10:05:44 -0000 @@ -200,6 +200,20 @@ AC_MSG_RESULT([*** AC_CHECK_SIZEOF(unsigned long, 4) AC_CHECK_SIZEOF(unsigned int, 4) +# For storing integers in pointers without warnings +# http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc +AC_CHECK_SIZEOF(long) +AC_CHECK_SIZEOF(int) +case $ac_cv_sizeof_void_p in + $ac_cv_sizeof_long) + AC_DEFINE(GNUTLS_POINTER_TO_INT_CAST, [(long)], + [Additional cast to bring void* to a type castable to int.]) + ;; + *) + AC_DEFINE(GNUTLS_POINTER_TO_INT_CAST, []) + ;; +esac + # For some systems we know that we have ld_version scripts. # Use it then as default. have_ld_version_script=no Index: lib/gnutls_buffers.c =================================================================== RCS file: /cvs/gnutls/gnutls/lib/gnutls_buffers.c,v retrieving revision 2.126 diff -u -p -r2.126 gnutls_buffers.c --- lib/gnutls_buffers.c 15 Dec 2005 13:24:29 -0000 2.126 +++ lib/gnutls_buffers.c 27 Jun 2006 10:05:44 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation + * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation * * Author: Nikos Mavroyanopoulos * @@ -77,6 +77,8 @@ RET (int err) # include #endif +#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_)) + /* Buffers received packets of type APPLICATION DATA and * HANDSHAKE DATA. */ @@ -265,7 +267,8 @@ _gnutls_read (gnutls_session_t session, { if (session->internals._gnutls_pull_func == NULL) - i = recv ((int) fd, &ptr[sizeOfPtr - left], left, flags); + i = recv (GNUTLS_POINTER_TO_INT(fd), &ptr[sizeOfPtr - left], + left, flags); else i = session->internals._gnutls_pull_func (fd, &ptr[sizeOfPtr - @@ -701,7 +704,7 @@ _gnutls_io_write_buffered (gnutls_sessio { if (session->internals._gnutls_push_func == NULL) - i = send ((int) fd, &ptr[n - left], left, 0); + i = send (GNUTLS_POINTER_TO_INT(fd), &ptr[n - left], left, 0); else i = session->internals._gnutls_push_func (fd, &ptr[n - left], left); From ametzler at downhill.at.eu.org Wed Jun 28 20:28:08 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Wed, 28 Jun 2006 20:28:08 +0200 Subject: [gnutls-dev] Re: Compiler warnings on 64bit archs In-Reply-To: <87bqsex66b.fsf@latte.josefsson.org> References: <20060616111950.GA9894@downhill.aus.cc> <87ver1axvx.fsf@latte.josefsson.org> <20060616175918.GA3141@downhill.aus.cc> <20060624120910.GA14075@downhill.aus.cc> <87bqsex66b.fsf@latte.josefsson.org> Message-ID: <20060628182808.GA20098@downhill.aus.cc> On 2006-06-27 Simon Josefsson wrote: > Andreas Metzler writes: [...] >> Attached a small prrof of concept patch showing how this could be >> done, eliminating the warnings for gnutls_buffers.c. [...] > Thanks for looking into this. I've installed the following patch. > Could you test the 2006-06-28 (or later) daily snapshot to see if it > works for you? [...] > --- configure.in 22 Jun 2006 11:54:43 -0000 2.428 > +++ configure.in 27 Jun 2006 10:05:44 -0000 [...] > +# For storing integers in pointers without warnings > +# http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc > +AC_CHECK_SIZEOF(long) > +AC_CHECK_SIZEOF(int) > +case $ac_cv_sizeof_void_p in > + $ac_cv_sizeof_long) > + AC_DEFINE(GNUTLS_POINTER_TO_INT_CAST, [(long)], > + [Additional cast to bring void* to a type castable to int.]) > + ;; > + *) > + AC_DEFINE(GNUTLS_POINTER_TO_INT_CAST, []) > + ;; > +esac [...] > --- lib/gnutls_buffers.c 15 Dec 2005 13:24:29 -0000 2.126 > +++ lib/gnutls_buffers.c 27 Jun 2006 10:05:44 -0000 [...] > +#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_)) > + [...] > - i = recv ((int) fd, &ptr[sizeOfPtr - left], left, flags); > + i = recv (GNUTLS_POINTER_TO_INT(fd), &ptr[sizeOfPtr - left], > + left, flags); After adding the missing AC_CHECK_SIZEOF(void *), this indeed works. So how would you like to have the 19 [1] occurences of this issue fixed, is there a central header file GNUTLS_POINTER_TO_INT can be thrown into (besides gnutls.h)? thanks, cu andreas [1] in gnutls-20060628.tar.gz: gnutls_openssl.c:283: warning: cast to pointer from integer of different size gnutls_openssl.c:290: warning: cast to pointer from integer of different size gnutls_openssl.c:301: warning: cast to pointer from integer of different size gnutls_openssl.c:880: warning: cast from pointer to integer of different size gnutls_openssl.c:892: warning: cast to pointer from integer of different size serv.c:954: warning: cast to pointer from integer of different size cli.c:831: warning: cast to pointer from integer of different size psk.gaa:28: warning: assignment makes integer from pointer without a cast tls_test.c:270: warning: cast to pointer from integer of different size ex-cert-select.c:156: warning: cast to pointer from integer of different size ex-client1.c:54: warning: cast to pointer from integer of different size ex-client2.c:62: warning: cast to pointer from integer of different size ex-client-resume.c:61: warning: cast to pointer from integer of different size ex-serv1.c:134: warning: cast to pointer from integer of different size ex-serv-anon.c:119: warning: cast to pointer from integer of different size ex-serv-export.c:179: warning: cast to pointer from integer of different size ex-serv-pgp.c:138: warning: cast to pointer from integer of different size ex-client-srp.c:72: warning: cast to pointer from integer of different size ex-serv-srp.c:123: warning: cast to pointer from integer of different size -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken. (c) Jasper Ffforde