From simon at josefsson.org  Sun Jan  2 10:36:27 2011
From: simon at josefsson.org (Simon Josefsson)
Date: Sun, 02 Jan 2011 10:36:27 +0100
Subject: configure -- braindead failure message
In-Reply-To: <20101231003540.GA21298@bsls.de> (Heiko Berges's message of "Fri, 
	31 Dec 2010 00:35:41 +0000")
References: <20101231003540.GA21298@bsls.de>
Message-ID: <87ipy76410.fsf@latte.josefsson.org>

Heiko Berges <gnubug at bsls.de> writes:

> Hi,
>
> I'd expect that at least GNU people themself would know how to use
> autoconf, espacially how to design the tests and errormessages in 
> a way so they resamble the problem:
>
> # (blahblah)
> # | #include <gcrypt.h>
> # | int
> # | main ()
> # | {
> # | enum gcry_cipher_algos i = GCRY_CIPHER_CAMELLIA128
> # |   ;
> # |   return 0;
> # | }
> # configure:7485: result: no
> # configure:7516: error:
> # ***
> # *** libgcrypt was not found. You may want to get it from
> # *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/  
> # ***
>
> Wrong.
>
> # $ libgcrypt-config --version
> # 1.2.0
>
> Too old, probably.  Doesn't know about CAMELLIA, in fact.   But I
> will never know, if you use a new feature to test for the existence 
> of library.

I've changed the error message to say:

***  
*** Libgcrypt v1.4.0 or later was not found. You may want to get it from
*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
***

If we can do anything more to improve the situation, please tell us.

/Simon



From jos at kuijpersvof.nl  Sat Jan  8 12:22:32 2011
From: jos at kuijpersvof.nl (Jos Kuijpers)
Date: Sat, 8 Jan 2011 12:22:32 +0100
Subject: SIGPIPE from gnutls_bye on closed socket, error handling
Message-ID: <010201cbaf26$57c334e0$07499ea0$@kuijpersvof.nl>

Folks,

Since a week, I am having serious problems with the GnuTLS library
concerning the gnutls_bye():

I am writing a binding between gnutls and ObjFW
(https://www.webkeks.org/objfw) => https://webkeks.org/hg/objgnutls/
When an attempt to reading from the socket failed, and results in a closed
socket (because of a malicious client, or lost network connection, etc),
the close method of the object gets called. This method then will call
gnutls_bye, socket close and gnutls_deinit.

There is the problem. Gnutls_bye sends data. When the socket is broken, and
gnutls_bye is called, my program DIES: SIGPIPE.
I am very disappointed about this. Catching signals in a library is
not-done.

Is there a way to get proper error handling done in this case? Can this be
added? The library is unstable now, because a closed socket exits the
server,
which is a very bad thing.


With kind regards,

Jos






From rks at mur.at  Sat Jan  8 13:14:55 2011
From: rks at mur.at (Rupert Kittinger-Sereinig)
Date: Sat, 08 Jan 2011 13:14:55 +0100
Subject: SIGPIPE from gnutls_bye on closed socket, error handling
In-Reply-To: <010201cbaf26$57c334e0$07499ea0$@kuijpersvof.nl>
References: <010201cbaf26$57c334e0$07499ea0$@kuijpersvof.nl>
Message-ID: <4D28553F.5050209@mur.at>

Jos Kuijpers wrote:
> Folks,
> 
> Since a week, I am having serious problems with the GnuTLS library
> concerning the gnutls_bye():
> 
> I am writing a binding between gnutls and ObjFW
> (https://www.webkeks.org/objfw) => https://webkeks.org/hg/objgnutls/
> When an attempt to reading from the socket failed, and results in a closed
> socket (because of a malicious client, or lost network connection, etc),
> the close method of the object gets called. This method then will call
> gnutls_bye, socket close and gnutls_deinit.
> 
> There is the problem. Gnutls_bye sends data. When the socket is broken, and
> gnutls_bye is called, my program DIES: SIGPIPE.
> I am very disappointed about this. Catching signals in a library is
> not-done.
> 
> Is there a way to get proper error handling done in this case? Can this be
> added? The library is unstable now, because a closed socket exits the
> server,
> which is a very bad thing.
> 
> 
> With kind regards,
> 
> Jos
> 

Hi Jos,

you can (and should) "turn off" this signal in the main application,
e.g. with sigaction().

However, if you do not know this, you should probably read some basic
book about system and network programming.


Regards,
Rupert



-- 
Rupert Kittinger-Sereinig <rks at mur.at>
Krenngasse 32
A-8010 Graz
Austria




From nmav at gnutls.org  Tue Jan 11 17:39:24 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Tue, 11 Jan 2011 17:39:24 +0100
Subject: GnuTLS 2.11.6
In-Reply-To: <201012262207.29146.Arfrever.FTA@gmail.com>
References: <87lj41vl33.fsf@latte.josefsson.org>
	<201012262207.29146.Arfrever.FTA@gmail.com>
Message-ID: <4D2C87BC.3000002@gnutls.org>

On 12/26/2010 10:06 PM, Arfrever Frehtes Taifersar Arahesis wrote:
> Absence of tests/suite directory in the distributed tarballs causes failure of automake:
> 
> $ automake
> ...
> configure.ac:190: the top level
> configure.ac:296: required file `tests/suite/Makefile.in' not found
> $ echo $?
> 1
> 
> Users/packagers might want to make custom changes in a Makefile.am and need to run automake.
> Can this problem be fixed?

I have added this file.


regards,
Nikos





From nmav at gnutls.org  Sat Jan 15 14:08:43 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 15 Jan 2011 14:08:43 +0100
Subject: GnuTLS does not build on OS X 10.6 due to incompatibility with
 snprintf macro
In-Reply-To: <EAF78B3B-649C-4BCE-A06E-D95228D67DB4@gmail.com>
References: <EAF78B3B-649C-4BCE-A06E-D95228D67DB4@gmail.com>
Message-ID: <4D319C5B.4010300@gnutls.org>

On 12/29/2010 05:26 AM, Camillo Lugaresi wrote:
> Code built with gcc on Mac OS X 10.6 uses the object size checking feature of gcc by default (<http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html>). This involves redefining several functions as macros; one of these functions is snprintf:
> 
> 	#define snprintf(str, len, ...) \
>  	 __builtin___snprintf_chk (str, len, 0, __darwin_obsz(str), __VA_ARGS__)
> 
> The usage of snprintf in src/serv.c in gnutls-2.10.4 is not compatible with that macro. serv.c attempts to use a macro (tmp2) that expands into two different arguments:
> 
> 	#define tmp2 &http_buffer[strlen(http_buffer)], len-strlen(http_buffer)
> 
> 	snprintf (tmp2, "%.2X", sesid[i]);
> 
> Due to how nested macro evaluation works, the snprintf macro sees tmp2 as a single argument, and copies it into __darwin_obsz(); then, when tmp2 is expanded, __darwin_obsz has two arguments, but it is only defined for one, and the result is a compilation error.
> One way to work around this issue might be to define _FORTIFY_SOURCE=0 so that the snprintf macro is not defined, or simply doing an #undef snprintf for that file, but it seems safer and more portable to split tmp2 into two macros. I append a patch that does so.

Hi,
 I've applied a fix in the repository. Thank you for reporting that.

regards,
Nikos



From xuelei.fan at oracle.com  Wed Jan 19 02:18:01 2011
From: xuelei.fan at oracle.com (Xuelei Fan)
Date: Wed, 19 Jan 2011 09:18:01 +0800
Subject: TLS 1.2 for GnuTLS test server
Message-ID: <4D363BC9.9060204@oracle.com>

The GnuTLS test server, http://www.gnu.org/software/gnutls/server.html,
states that it supports TLS 1.2.

However, when I try to connect the test server with Microsoft IE 8 and
Java client in TLS 1.2, the TLS handshaking is failed to negotiate TLS
1.2 protocol. It seems that highest TLS version is TLS 1.1.

Is there any configuration issue in TLS test server?

Thanks for any feedback.

Regards,
Xuelei