From jas at extundo.com Wed May 3 12:24:02 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 03 May 2006 12:24:02 +0200 Subject: [gnutls-dev] GnuTLS Summer of Code Message-ID: <871wvbxv7h.fsf@latte.josefsson.org> Hi all! Just to let you know that GnuTLS participate in Google's summer of code: http://code.google.com/soc/ You can earn USD 4500 for working on a project in GnuTLS! The projects Nikos and I thought of are listed at: http://www.gnu.org/software/soc-projects/ideas.html#gnutls We are open to hear about other neat ideas, even if you are not volunteering to be either mentor or student. Cheers, Simon From jas at extundo.com Sun May 7 17:22:51 2006 From: jas at extundo.com (Simon Josefsson) Date: Sun, 07 May 2006 17:22:51 +0200 Subject: [gnutls-dev] Libtasn1 0.3.3 Message-ID: <87irohg8qc.fsf@latte.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by GNU Shishi to handle Kerberos V5 packets. Version 0.3.3 (2006-05-07) - Add some 'const' to prototypes. - Remove some 'unsigned' keywords. - Corrected asn1_der_coding() bug introduced when it became reentrant. Now it produces correct encodings. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.2MB): ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.3.tar.gz http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.3.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.3.tar.gz.sig http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.3.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2006-08-14] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2006-08-14] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 93f1250e203af66072dd6de7aa2611414afc90cf libtasn1-0.3.3.tar.gz f17ba9a563149ae7b6c35f797ceeb187a6ac24f7 libtasn1-0.3.3.tar.gz.sig 7650faac293c0b71701d89c3d7e4a2c79ab29bcf21f54e810784c96d libtasn1-0.3.3.tar.gz 9aebbf6b058c58832e1ec6377fadb76533bc3bdb911d48a2c4c78759 libtasn1-0.3.3.tar.gz.sig Enjoy, Fabio, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 421 bytes Desc: not available URL: From satyam_kkd at hyd.hellosoft.com Mon May 8 07:28:14 2006 From: satyam_kkd at hyd.hellosoft.com (satyakumar) Date: Mon, 08 May 2006 10:58:14 +0530 Subject: [gnutls-dev] gnutls-1.4.0 Message-ID: <445ED6EE.4010603@hyd.hellosoft.com> Hi, I am using the gnutls version 1.4.0, How to enable client-authentication support during handshake. What are the corresponding API's. Regards, Satyakumar The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail immediately and permanently delete the message and any attachments. From jas at extundo.com Wed May 10 17:14:07 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 10 May 2006 17:14:07 +0200 Subject: [gnutls-dev] Re: gnutls-1.4.0 In-Reply-To: <445ED6EE.4010603@hyd.hellosoft.com> (satyakumar's message of "Mon, 08 May 2006 10:58:14 +0530") References: <445ED6EE.4010603@hyd.hellosoft.com> Message-ID: <87vesdap4w.fsf@latte.josefsson.org> satyakumar writes: > Hi, > I am using the gnutls version 1.4.0, How to enable > client-authentication support during handshake. > What are the corresponding API's. Hi! The manual contains example code for a client-authenticated session, for X.509 one reference would be: http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support In general, allocate a X.509 credential structure, and set the private key and CA certificates using gnutls_certificate_set_x509_key_file and gnutls_certificate_set_x509_trust_file respectively. /Simon From jas at extundo.com Wed May 10 19:15:50 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 10 May 2006 19:15:50 +0200 Subject: [gnutls-dev] Libtasn1 0.3.4 Message-ID: <87ejz1aji1.fsf@latte.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by GNU Shishi to handle Kerberos V5 packets. Version 0.3.4 (released 2006-05-10) - Really fix encodings. - Add new self test, tests/Test_encoding.c. - Self tests are ran under valgrind, if it is available. - We test for the -Wno-pointer-sign parameter before using it. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.2MB): ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.4.tar.gz http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.4.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.4.tar.gz.sig http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.4.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2006-08-14] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2006-08-14] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 9429bbedd4bd7e94b9119c2ef36522bfd55a676d libtasn1-0.3.4.tar.gz fe32c9eae8222eb23bc3f7e6c59b8969b954b6e6 libtasn1-0.3.4.tar.gz.sig 3d567071a984e75aa1aae152c1f7e59ec99b64b2d9c1d8c0c3e7e3f0 libtasn1-0.3.4.tar.gz 08cfa2d87ba3374095b82654253c0692dae780452dd546b291da97dc libtasn1-0.3.4.tar.gz.sig Enjoy, Fabio, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Thu May 11 18:05:06 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 11 May 2006 18:05:06 +0200 Subject: [gnutls-dev] GnuTLS 1.2.11 - final maintainance release of 1.2 branch Message-ID: <87k68sczt9.fsf@latte.josefsson.org> We are pleased to announce the availability of GnuTLS version 1.2.11, the (most likely) last release on the successful 1.2 branch. Expect the 1.4.0 release later today or tomorrow, which will be the new stable branch. The goal of this release was to produce a GnuTLS 1.2 release that builds with the most recent libtasn1 releases. There aren't many other changes, but see below for the details. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. Noteworthy changes since version 1.2.10: - The function gnutls_x509_crt_to_xml is not supported any more, and return an internal error. The reason is that the function called internal libtasn1 functions which are no longer exported from libtasn1. - Updated libtasn1 requirement to 0.3.4 and refreshed internal mintiasn1. - Updated gnulib compatibility files. - Fixed _gnutls_x509_get_raw_crt_expiration_time and _gnutls_x509_get_raw_crt_activation_time to return (time_t)-1 on errors. - API and ABI modifications: No changes since last version. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources: http://josefsson.org/gnutls/releases/gnutls-1.2.11.tar.bz2 (2.7MB) ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.2.11.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.2.11.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.2.11.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: 1280R/B565716F 2002-05-05 [expires: 2006-02-28] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the build reports for various platforms: http://josefsson.org/autobuild-logs/gnutls.html Here are the SHA-1 and SHA-224 checksums: 4d5167091c72f994ed97e1406ae886f3c2757d49 gnutls-1.2.11.tar.bz2 6658e951da94fe4303eb95375d22276656fe4661 gnutls-1.2.11.tar.bz2.sig 31799140787c70c64c078bd73ec7ce8896a42d6d5b8890204c01236f gnutls-1.2.11.tar.bz2 04fec8dff8f3299af9b7a9092e9452d5bb2fe0400e9b218a1a1f0973 gnutls-1.2.11.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From rafaelbuitre at yahoo.it Mon May 15 12:23:29 2006 From: rafaelbuitre at yahoo.it (Rafael Martin) Date: Mon, 15 May 2006 10:23:29 +0000 (UTC) Subject: [gnutls-dev] Problem with passphrase (opencdk-0.5.8) Message-ID: Hi, I create a pair of keys using opencdk libraries: cdk_keygen_new(&hd); cdk_keygen_set_algo_info(hd, 0, CDK_PK_RSA, key_len); cdk_keygen_set_name (hd, name); cdk_keygen_set_expire_date (hd, 0, 864000); cdk_keygen_set_passphrase (hd, "a"); cdk_keygen_start (hd); cdk_keygen_save (hd, "file.pub", "file.priv"); and then I import the private key in gnupg: gpg --import file.priv The import works fine but, when I try to use that key (e.g. to sign): gpg -u file --sign something Gnupg ask me for the passphrase and SURPRISE!!! it doesn't accept the one I've set (in this case 'a') Any idea? On my opinion the problem seems to occure when saving the key to file but I couldn't solve it. Thanks, Rafael From jas at extundo.com Mon May 15 22:09:07 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 15 May 2006 22:09:07 +0200 Subject: [gnutls-dev] Re: Problem with passphrase (opencdk-0.5.8) In-Reply-To: (Rafael Martin's message of "Mon, 15 May 2006 10:23:29 +0000 (UTC)") References: Message-ID: <87psif59uk.fsf@latte.josefsson.org> Rafael Martin writes: > Hi, > > I create a pair of keys using opencdk libraries: > > cdk_keygen_new(&hd); > cdk_keygen_set_algo_info(hd, 0, CDK_PK_RSA, key_len); > cdk_keygen_set_name (hd, name); > cdk_keygen_set_expire_date (hd, 0, 864000); > cdk_keygen_set_passphrase (hd, "a"); > cdk_keygen_start (hd); > cdk_keygen_save (hd, "file.pub", "file.priv"); > > and then I import the private key in gnupg: > > gpg --import file.priv > > The import works fine but, when I try to use that key (e.g. to sign): > > gpg -u file --sign something > > Gnupg ask me for the passphrase and SURPRISE!!! it doesn't accept the one I've > set (in this case 'a') > > Any idea? On my opinion the problem seems to occure when saving the > key to file but I couldn't solve it. Hi Rafael. I'm afraid I don't have any idea. If nobody else answer this, and if GPGME can do what you want, may I suggest trying GPGME instead? OpenCDK is not actively maintained anymore, and I'm not sure where we are going with the OpenPGP support in GnuTLS. /Simon From nmav at gnutls.org Mon May 15 20:40:43 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 15 May 2006 20:40:43 +0200 Subject: [gnutls-dev] Problem with passphrase (opencdk-0.5.8) In-Reply-To: References: Message-ID: <200605152040.43830.nmav@gnutls.org> On Mon 15 May 2006 12:23, Rafael Martin wrote: > Hi, > > I create a pair of keys using opencdk libraries: > > cdk_keygen_new(&hd); > cdk_keygen_set_algo_info(hd, 0, CDK_PK_RSA, key_len); > cdk_keygen_set_name (hd, name); > cdk_keygen_set_expire_date (hd, 0, 864000); > cdk_keygen_set_passphrase (hd, "a"); > cdk_keygen_start (hd); > cdk_keygen_save (hd, "file.pub", "file.priv"); [...] > Gnupg ask me for the passphrase and SURPRISE!!! it doesn't accept the > one I've set (in this case 'a') Hmmm opencdk and the openpgp part of gnutls are unmaintained for quite long time and I don't think this gonna change soon. So on that you're on your own to check the internals. You might try sending mail to Timo but I don't know whether he supports opencdk any more. regards, Nikos From jas at extundo.com Mon May 15 22:39:40 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 15 May 2006 22:39:40 +0200 Subject: [gnutls-dev] GnuTLS 1.4.0 Message-ID: <87odxz58fn.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.4.0, the first stable release of what used to be the 1.3.x development branch. We recommend everyone to upgrade to this version. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. Noteworthy improvements over the 1.2.x branch: ** Support for TLS Inner application (TLS/IA). This is per draft-funk-tls-inner-application-extension-01, and is compatible with the recent -02 version too. The TLS/IA API is still experimental. ** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. ** New APIs to access the TLS Pseudo-Random-Function (PRF) and the client and server random fields in a session. This is primarily intended for when GnuTLS is used as a component in other authentication protocols, such as the EAP mechanism PEAP and TTLS. ** The session resumption data are now system independent. ** GnuTLS is now easier to port to Windows through mingw32. ** Error messages are now translated using GNU Gettext. ** Documentation improvements, including more discussion of the GnuTLS internals. ** New function to set a X.509 private key and certificate pairs, and/or CRLs, from an PKCS#12 file. ** Build improvements on many platforms, including 64-bit fixes. ...and the general set of cleanups and improvements. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources (3.2MB): http://josefsson.org/gnutls/releases/gnutls-1.4.0.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.4.0.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.4.0.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.4.0.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2006-08-14] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2006-08-14] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 71c2df8072796592bb20910f3554923b4178b352 gnutls-1.4.0.tar.bz2 bcad99905bd6d3865282518f6d8293ebfba4f288 gnutls-1.4.0.tar.bz2.sig 8d1e4e94730f864ecfc0b71b87ee30a9b7bf5bedae894a7afe4e7549 gnutls-1.4.0.tar.bz2 5a0d767465a45fe24ba662b85d5d4c9b163629ecef46aa6393b9ab2f gnutls-1.4.0.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From rafaelbuitre at yahoo.it Tue May 16 09:27:59 2006 From: rafaelbuitre at yahoo.it (Rafael Martin) Date: Tue, 16 May 2006 07:27:59 +0000 (UTC) Subject: [gnutls-dev] Re: Problem with passphrase (opencdk-0.5.8) References: <87psif59uk.fsf@latte.josefsson.org> Message-ID: Simon Josefsson extundo.com> writes: > > Hi Rafael. I'm afraid I don't have any idea. If nobody else answer > this, and if GPGME can do what you want, may I suggest trying GPGME > instead? OpenCDK is not actively maintained anymore, and I'm not sure > where we are going with the OpenPGP support in GnuTLS. > Hi Simon, thanks for answering. Do you know GPGME has a function similar to the one in OPENCDK: static int seckey_to_sexp( gcry_sexp_t * r_skey, cdk_pkt_seckey_t sk ) I need to get the sexp from the secret key. Regards, Rafael From jas at extundo.com Tue May 16 10:50:08 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 16 May 2006 10:50:08 +0200 Subject: [gnutls-dev] Re: Problem with passphrase (opencdk-0.5.8) In-Reply-To: (Rafael Martin's message of "Tue, 16 May 2006 07:27:59 +0000 (UTC)") References: <87psif59uk.fsf@latte.josefsson.org> Message-ID: <877j4m5p6n.fsf@latte.josefsson.org> Rafael Martin writes: > Simon Josefsson extundo.com> writes: >> >> Hi Rafael. I'm afraid I don't have any idea. If nobody else answer >> this, and if GPGME can do what you want, may I suggest trying GPGME >> instead? OpenCDK is not actively maintained anymore, and I'm not sure >> where we are going with the OpenPGP support in GnuTLS. >> > > Hi Simon, > thanks for answering. Do you know GPGME has a function similar to the one in > OPENCDK: > > static int > seckey_to_sexp( gcry_sexp_t * r_skey, cdk_pkt_seckey_t sk ) > > > I need to get the sexp from the secret key. I'm not that familiar with GPGME, but there are no hits for "sexp" in the GPGME manual, so I would assume the answer is no. But I don't know for sure. Maybe it is possible to extract in another format that is simple to convert to sexp's. Good luck, Simon From sauthess at gmail.com Sun May 21 15:25:06 2006 From: sauthess at gmail.com (authesserre samuel) Date: Sun, 21 May 2006 15:25:06 +0200 Subject: [gnutls-dev] Question about DTLS Message-ID: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> hi, I would like to know if DTLS extension is always in program development. I read a post dated of the May 7, 2005 which speaks about the implementation of DTSL but I haven't seen others.... If development is in progress I propose my help. I work on Ethereal project about SSL/TLS and DTLS so I have realize a DTLS dissector based on OpenSSL project but It contains errors (I will correct those which I would find and post in openssl dev mail list because at this time my dissector contains the same errors to work ;) ) and I want to be able to test interoperability .... It's why I offer my help (the others reasons it's I want to use DTLS and rfc 4347 has been released ;) ) best regards, -- ++++++++++++++++++++++++++ + Authesserre Samuel + + 12 rue de la d?fense passive+ + 14000 CAEN + + FRANCE + + 06-27-28-13-32 + + sauthess at gmail.com + ++++++++++++++++++++++++++ From jas at extundo.com Sun May 21 17:45:42 2006 From: jas at extundo.com (Simon Josefsson) Date: Sun, 21 May 2006 17:45:42 +0200 Subject: [gnutls-dev] Re: Question about DTLS In-Reply-To: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> (authesserre samuel's message of "Sun, 21 May 2006 15:25:06 +0200") References: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> Message-ID: <87y7wvcrfd.fsf@latte.josefsson.org> "authesserre samuel" writes: > hi, > > I would like to know if DTLS extension is always in program development. > I read a post dated of the May 7, 2005 which speaks about the > implementation of DTSL but I haven't seen others.... Hi. As far as I'm aware, nobody is actively working on DTLS for GnuTLS. It is a large project, and may involve changing critical parts of GnuTLS, so it will have to be done on the next experimental branch 1.5, or possibly as a completely separate project external to gnutls (i.e., gnudtls). > If development is in progress I propose my help. > > I work on Ethereal project about SSL/TLS and DTLS so I have realize a > DTLS dissector based on OpenSSL project but It contains errors (I will > correct those which I would find and post in openssl dev mail list > because at this time my dissector contains the same errors to work ;) > ) and I want to be able to test interoperability .... > > It's why I offer my help (the others reasons it's I want to use DTLS > and rfc 4347 has been released ;) ) Thank you! If you want to start working on it, just go ahead. If you need help doing it, and can sponsor it financially, or know someone who might, I'd be interested in doing the work. /Simon From sauthess at gmail.com Sun May 21 18:50:49 2006 From: sauthess at gmail.com (authesserre samuel) Date: Sun, 21 May 2006 18:50:49 +0200 Subject: [gnutls-dev] Re: Question about DTLS In-Reply-To: <87y7wvcrfd.fsf@latte.josefsson.org> References: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> <87y7wvcrfd.fsf@latte.josefsson.org> Message-ID: <9987fc7b0605210950y48de631cu779cd546e56ccb3a@mail.gmail.com> hi, Thanks for your answer. I had understood in the post that the work would be important due to TCP part that is not separate clearly.... My free time is the only contribution I can do (but if a company heard us ..... ;) ) I'm sure that I'm not the only person interested by this project (the openssl DTLS development is a proof that I say is true) I will start by looking in gnutls source code to see what is reusable directly without any modification (the goal of DTLS is to reuse maximum of TLS source code) and if it's possible (if it isn't a enormous project and if I have enough time) I will start a gnudtls project ;) Samuel On 5/21/06, Simon Josefsson wrote: > "authesserre samuel" writes: > > > hi, > > > > I would like to know if DTLS extension is always in program development. > > I read a post dated of the May 7, 2005 which speaks about the > > implementation of DTSL but I haven't seen others.... > > Hi. As far as I'm aware, nobody is actively working on DTLS for > GnuTLS. It is a large project, and may involve changing critical > parts of GnuTLS, so it will have to be done on the next experimental > branch 1.5, or possibly as a completely separate project external to > gnutls (i.e., gnudtls). > > > If development is in progress I propose my help. > > > > I work on Ethereal project about SSL/TLS and DTLS so I have realize a > > DTLS dissector based on OpenSSL project but It contains errors (I will > > correct those which I would find and post in openssl dev mail list > > because at this time my dissector contains the same errors to work ;) > > ) and I want to be able to test interoperability .... > > > > It's why I offer my help (the others reasons it's I want to use DTLS > > and rfc 4347 has been released ;) ) > > Thank you! If you want to start working on it, just go ahead. If you > need help doing it, and can sponsor it financially, or know someone > who might, I'd be interested in doing the work. > > /Simon > -- ++++++++++++++++++++++++++ + Authesserre Samuel + + 12 rue de la d?fense passive+ + 14000 CAEN + + FRANCE + + 06-27-28-13-32 + + sauthess at gmail.com + ++++++++++++++++++++++++++ From jas at extundo.com Sun May 21 20:17:24 2006 From: jas at extundo.com (Simon Josefsson) Date: Sun, 21 May 2006 20:17:24 +0200 Subject: [gnutls-dev] Re: Question about DTLS In-Reply-To: <9987fc7b0605210950y48de631cu779cd546e56ccb3a@mail.gmail.com> (authesserre samuel's message of "Sun, 21 May 2006 18:50:49 +0200") References: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> <87y7wvcrfd.fsf@latte.josefsson.org> <9987fc7b0605210950y48de631cu779cd546e56ccb3a@mail.gmail.com> Message-ID: <87psi7ckej.fsf@latte.josefsson.org> "authesserre samuel" writes: > hi, > > Thanks for your answer. > I had understood in the post that the work would be important due to > TCP part that is not separate clearly.... > My free time is the only contribution I can do (but if a company heard > us ..... ;) ) > I'm sure that I'm not the only person interested by this project (the > openssl DTLS development is a proof that I say is true) Yup. > I will start by looking in gnutls source code to see what is > reusable directly without any modification (the goal of DTLS is to > reuse maximum of TLS source code) and if it's possible (if it isn't > a enormous project and if I have enough time) I will start a gnudtls > project ;) Personally, I think integrating it into gnutls would be best. Code duplication in two projects, gnutls+gnudtls, would be quite bad and un-maintainable. But I haven't looked at DTLS too much, perhaps the protocols differ too much to fit gnutls' design. /Simon > Samuel > > On 5/21/06, Simon Josefsson wrote: >> "authesserre samuel" writes: >> >> > hi, >> > >> > I would like to know if DTLS extension is always in program development. >> > I read a post dated of the May 7, 2005 which speaks about the >> > implementation of DTSL but I haven't seen others.... >> >> Hi. As far as I'm aware, nobody is actively working on DTLS for >> GnuTLS. It is a large project, and may involve changing critical >> parts of GnuTLS, so it will have to be done on the next experimental >> branch 1.5, or possibly as a completely separate project external to >> gnutls (i.e., gnudtls). >> >> > If development is in progress I propose my help. >> > >> > I work on Ethereal project about SSL/TLS and DTLS so I have realize a >> > DTLS dissector based on OpenSSL project but It contains errors (I will >> > correct those which I would find and post in openssl dev mail list >> > because at this time my dissector contains the same errors to work ;) >> > ) and I want to be able to test interoperability .... >> > >> > It's why I offer my help (the others reasons it's I want to use DTLS >> > and rfc 4347 has been released ;) ) >> >> Thank you! If you want to start working on it, just go ahead. If you >> need help doing it, and can sponsor it financially, or know someone >> who might, I'd be interested in doing the work. >> >> /Simon >> > > > -- > ++++++++++++++++++++++++++ > + Authesserre Samuel + > + 12 rue de la d?fense passive+ > + 14000 CAEN + > + FRANCE + > + 06-27-28-13-32 + > + sauthess at gmail.com + > ++++++++++++++++++++++++++ From sauthess at gmail.com Sun May 21 20:57:39 2006 From: sauthess at gmail.com (authesserre samuel) Date: Sun, 21 May 2006 20:57:39 +0200 Subject: [gnutls-dev] Re: Question about DTLS In-Reply-To: <87psi7ckej.fsf@latte.josefsson.org> References: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> <87y7wvcrfd.fsf@latte.josefsson.org> <9987fc7b0605210950y48de631cu779cd546e56ccb3a@mail.gmail.com> <87psi7ckej.fsf@latte.josefsson.org> Message-ID: <9987fc7b0605211157k8a53199jf74a0ef2f271bb36@mail.gmail.com> I know DTLS protocol but nothing about gnutls implementation (I started to read documentation).... I said that without any reflexion... DTLS rfc is long of 25 pages because it's a TLS diff and was made in the idea of TLS code reuse so it's problably the best choice (integrated in gnutls). that's why I have said that the first thing I will look it's the TCP implementation (because I think that's the principal problem integration) regards, Samuel On 5/21/06, Simon Josefsson wrote: > "authesserre samuel" writes: > > > hi, > > > > Thanks for your answer. > > I had understood in the post that the work would be important due to > > TCP part that is not separate clearly.... > > My free time is the only contribution I can do (but if a company heard > > us ..... ;) ) > > I'm sure that I'm not the only person interested by this project (the > > openssl DTLS development is a proof that I say is true) > > Yup. > > > I will start by looking in gnutls source code to see what is > > reusable directly without any modification (the goal of DTLS is to > > reuse maximum of TLS source code) and if it's possible (if it isn't > > a enormous project and if I have enough time) I will start a gnudtls > > project ;) > > Personally, I think integrating it into gnutls would be best. Code > duplication in two projects, gnutls+gnudtls, would be quite bad and > un-maintainable. But I haven't looked at DTLS too much, perhaps the > protocols differ too much to fit gnutls' design. > > /Simon > > > Samuel > > > > On 5/21/06, Simon Josefsson wrote: > >> "authesserre samuel" writes: > >> > >> > hi, > >> > > >> > I would like to know if DTLS extension is always in program development. > >> > I read a post dated of the May 7, 2005 which speaks about the > >> > implementation of DTSL but I haven't seen others.... > >> > >> Hi. As far as I'm aware, nobody is actively working on DTLS for > >> GnuTLS. It is a large project, and may involve changing critical > >> parts of GnuTLS, so it will have to be done on the next experimental > >> branch 1.5, or possibly as a completely separate project external to > >> gnutls (i.e., gnudtls). > >> > >> > If development is in progress I propose my help. > >> > > >> > I work on Ethereal project about SSL/TLS and DTLS so I have realize a > >> > DTLS dissector based on OpenSSL project but It contains errors (I will > >> > correct those which I would find and post in openssl dev mail list > >> > because at this time my dissector contains the same errors to work ;) > >> > ) and I want to be able to test interoperability .... > >> > > >> > It's why I offer my help (the others reasons it's I want to use DTLS > >> > and rfc 4347 has been released ;) ) > >> > >> Thank you! If you want to start working on it, just go ahead. If you > >> need help doing it, and can sponsor it financially, or know someone > >> who might, I'd be interested in doing the work. > >> > >> /Simon > >> > > > > > > -- > > ++++++++++++++++++++++++++ > > + Authesserre Samuel + > > + 12 rue de la d?fense passive+ > > + 14000 CAEN + > > + FRANCE + > > + 06-27-28-13-32 + > > + sauthess at gmail.com + > > ++++++++++++++++++++++++++ > -- ++++++++++++++++++++++++++ + Authesserre Samuel + + 12 rue de la d?fense passive+ + 14000 CAEN + + FRANCE + + 06-27-28-13-32 + + sauthess at gmail.com + ++++++++++++++++++++++++++ From jas at extundo.com Mon May 22 13:57:15 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 22 May 2006 13:57:15 +0200 Subject: [gnutls-dev] Re: Question about DTLS In-Reply-To: <9987fc7b0605211157k8a53199jf74a0ef2f271bb36@mail.gmail.com> (authesserre samuel's message of "Sun, 21 May 2006 20:57:39 +0200") References: <9987fc7b0605210625m51966fa1m178978115ee35a7@mail.gmail.com> <87y7wvcrfd.fsf@latte.josefsson.org> <9987fc7b0605210950y48de631cu779cd546e56ccb3a@mail.gmail.com> <87psi7ckej.fsf@latte.josefsson.org> <9987fc7b0605211157k8a53199jf74a0ef2f271bb36@mail.gmail.com> Message-ID: <87d5e6clwk.fsf@latte.josefsson.org> "authesserre samuel" writes: > I know DTLS protocol but nothing about gnutls implementation (I > started to read documentation).... I said that without any > reflexion... > DTLS rfc is long of 25 pages because it's a TLS diff and was made in > the idea of TLS code reuse so it's problably the best choice > (integrated in gnutls). > > that's why I have said that the first thing I will look it's the TCP > implementation (because I think that's the principal problem > integration) Sounds like a good idea. The code may need to be re-factored to be useful for DTLS, and that will require good knowledge of GnuTLS internals. But it should be possible for someone to learn about it. You may want to read the manual on the internal architecture: http://www.gnu.org/software/gnutls/manual/html_node/Internal-architecture-of-GnuTLS.html Good luck, Simon > regards, > > Samuel > > On 5/21/06, Simon Josefsson wrote: >> "authesserre samuel" writes: >> >> > hi, >> > >> > Thanks for your answer. >> > I had understood in the post that the work would be important due to >> > TCP part that is not separate clearly.... >> > My free time is the only contribution I can do (but if a company heard >> > us ..... ;) ) >> > I'm sure that I'm not the only person interested by this project (the >> > openssl DTLS development is a proof that I say is true) >> >> Yup. >> >> > I will start by looking in gnutls source code to see what is >> > reusable directly without any modification (the goal of DTLS is to >> > reuse maximum of TLS source code) and if it's possible (if it isn't >> > a enormous project and if I have enough time) I will start a gnudtls >> > project ;) >> >> Personally, I think integrating it into gnutls would be best. Code >> duplication in two projects, gnutls+gnudtls, would be quite bad and >> un-maintainable. But I haven't looked at DTLS too much, perhaps the >> protocols differ too much to fit gnutls' design. >> >> /Simon >> >> > Samuel >> > >> > On 5/21/06, Simon Josefsson wrote: >> >> "authesserre samuel" writes: >> >> >> >> > hi, >> >> > >> >> > I would like to know if DTLS extension is always in program development. >> >> > I read a post dated of the May 7, 2005 which speaks about the >> >> > implementation of DTSL but I haven't seen others.... >> >> >> >> Hi. As far as I'm aware, nobody is actively working on DTLS for >> >> GnuTLS. It is a large project, and may involve changing critical >> >> parts of GnuTLS, so it will have to be done on the next experimental >> >> branch 1.5, or possibly as a completely separate project external to >> >> gnutls (i.e., gnudtls). >> >> >> >> > If development is in progress I propose my help. >> >> > >> >> > I work on Ethereal project about SSL/TLS and DTLS so I have realize a >> >> > DTLS dissector based on OpenSSL project but It contains errors (I will >> >> > correct those which I would find and post in openssl dev mail list >> >> > because at this time my dissector contains the same errors to work ;) >> >> > ) and I want to be able to test interoperability .... >> >> > >> >> > It's why I offer my help (the others reasons it's I want to use DTLS >> >> > and rfc 4347 has been released ;) ) >> >> >> >> Thank you! If you want to start working on it, just go ahead. If you >> >> need help doing it, and can sponsor it financially, or know someone >> >> who might, I'd be interested in doing the work. >> >> >> >> /Simon >> >> >> > >> > >> > -- >> > ++++++++++++++++++++++++++ >> > + Authesserre Samuel + >> > + 12 rue de la d?fense passive+ >> > + 14000 CAEN + >> > + FRANCE + >> > + 06-27-28-13-32 + >> > + sauthess at gmail.com + >> > ++++++++++++++++++++++++++ >> > > > -- > ++++++++++++++++++++++++++ > + Authesserre Samuel + > + 12 rue de la d?fense passive+ > + 14000 CAEN + > + FRANCE + > + 06-27-28-13-32 + > + sauthess at gmail.com + > ++++++++++++++++++++++++++ From nmav at gnutls.org Wed May 31 00:22:24 2006 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 31 May 2006 00:22:24 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h Message-ID: <200605310022.24136.nmav@gnutls.org> Hello, I was thinking for quite a long time for a c++ wrapper interface to gnutls API. The goal was to allow exceptions and for a simpler api (with the functions within the classes) when c++ is used. In case you program in c++ i include the wrapper for gnutls.h header for preview and comments. regards, Nikos -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutlsxx.h Type: text/x-c++hdr Size: 12422 bytes Desc: not available URL: From n.mavrogiannopoulos at gmail.com Wed May 31 00:21:32 2006 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Wed, 31 May 2006 00:21:32 +0200 Subject: [gnutls-dev] c++ interface to gnutls.h Message-ID: <200605310021.32720.n.mavrogiannopoulos@gmail.com> Hello, I was thinking for quite a long time for a c++ wrapper interface to gnutls API. The goal was to allow exceptions and for a simpler api (with the functions within the classes) when c++ is used. In case you program in c++ i include the wrapper for gnutls.h header for preview and comments. regards, Nikos -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutlsxx.h Type: text/x-c++hdr Size: 12422 bytes Desc: not available URL: