From nmav at gnutls.org Thu Sep 1 10:23:00 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 01 Sep 2011 10:23:00 +0200 Subject: gnutls 2.12.10 Message-ID: <4E5F40E4.5080306@gnutls.org> Hello, I've just released gnutls 2.12.10. This is a bugfix release on the 2.12.x branch. * Version 2.12.10 (released 2011-09-01) ** libgnutls: OpenPGP certificate type is not enabled by default. ** libgnutls: Corrected issue in gnutls_record_recv() triggered on encryption or compression error. ** libgnutls: Corrected parsing of XMPP subject alternative names. ** libgnutls: gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure. ** API and ABI modifications: GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.10.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.10.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.10.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.10.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Thu Sep 1 10:42:13 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 01 Sep 2011 10:42:13 +0200 Subject: gnutls 3.0.2 Message-ID: <4E5F4565.6000803@gnutls.org> Hello, I've just released gnutls 3.0.2 It includes bug fixes and few feature additions. * Version 3.0.2 (released 2011-09-01) ** libgnutls: OpenPGP certificate type is not enabled by default. ** libgnutls: Added %NO_EXTENSIONS priority string. ** libgnutls: Corrected issue in gnutls_record_recv() triggered on encryption or compression error. ** libgnutls: Compatibility fixes in CPU ID detection for i386 and old GCC. ** gnutls-cli: Benchmark applications were incorporated with it. ** libgnutls: Corrected parsing of XMPP subject alternative names. ** libgnutls: Allow for out-of-order ChangeCipherSpec message in DTLS. ** libgnutls: gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure. ** API and ABI modifications: GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.2.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.2.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.2.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.2.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.2.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.2.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From ametzler at downhill.at.eu.org Sat Sep 3 09:10:32 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 3 Sep 2011 09:10:32 +0200 Subject: gnutls 3.0.2 In-Reply-To: <4E5F4565.6000803@gnutls.org> References: <4E5F4565.6000803@gnutls.org> Message-ID: <20110903071032.GB3052@downhill.g.la> On 2011-09-01 Nikos Mavrogiannopoulos wrote: > Hello, > I've just released gnutls 3.0.2 It includes bug fixes and few feature > additions. [...] Hello, The tarball contains an incomplete API reference build. ------------------------------------------------------ ametzler at argenau:/tmp/GNUTLS/comp$ diff -NurBp *filelist --- gnutls-3.0.1.filelist 2011-09-03 08:51:23.000000000 +0200 +++ gnutls-3.0.2.filelist 2011-09-03 08:51:23.000000000 +0200 [...] @@ -801,33 +800,7 @@ ./doc/reference/gnutls-overrides.txt ./doc/reference/gnutls-sections.txt ./doc/reference/gnutls.types -./doc/reference/html/api-index-2-10-0.html -./doc/reference/html/api-index-2-12-0.html -./doc/reference/html/api-index-2-4-0.html -./doc/reference/html/api-index-2-6-0.html -./doc/reference/html/api-index-2-8-0.html -./doc/reference/html/api-index-3-0-0.html -./doc/reference/html/api-index-deprecated.html -./doc/reference/html/api-index-full.html -./doc/reference/html/gnutls-abstract.html -./doc/reference/html/gnutls-crypto.html -./doc/reference/html/gnutls.devhelp -./doc/reference/html/gnutls.devhelp2 -./doc/reference/html/gnutls-extra.html ./doc/reference/html/gnutls-gnutls.html -./doc/reference/html/gnutls-openpgp.html -./doc/reference/html/gnutls-openssl.html -./doc/reference/html/gnutls-pkcs11.html -./doc/reference/html/gnutls-pkcs12.html -./doc/reference/html/gnutls-x509.html -./doc/reference/html/home.png -./doc/reference/html/index.html -./doc/reference/html/index.sgml -./doc/reference/html/intro.html -./doc/reference/html/left.png -./doc/reference/html/right.png -./doc/reference/html/style.css -./doc/reference/html/up.png ./doc/reference/Makefile.am ./doc/reference/Makefile.in ./doc/reference/tmpl/abstract.sgml ------------------------------------------------------ cu andreas From nmav at gnutls.org Sat Sep 3 10:58:52 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 03 Sep 2011 10:58:52 +0200 Subject: gnutls 3.0.2 In-Reply-To: <20110903071032.GB3052@downhill.g.la> References: <4E5F4565.6000803@gnutls.org> <20110903071032.GB3052@downhill.g.la> Message-ID: <4E61EC4C.3010507@gnutls.org> On 09/03/2011 09:10 AM, Andreas Metzler wrote: > On 2011-09-01 Nikos Mavrogiannopoulos wrote: >> Hello, >> I've just released gnutls 3.0.2 It includes bug fixes and few feature >> additions. > [...] > Hello, > The tarball contains an incomplete API reference build. > ------------------------------------------------------ > ametzler at argenau:/tmp/GNUTLS/comp$ diff -NurBp *filelist > --- gnutls-3.0.1.filelist 2011-09-03 08:51:23.000000000 +0200 > +++ gnutls-3.0.2.filelist 2011-09-03 08:51:23.000000000 +0200 Couldn't figure out why. I'll make sure the reference is correct in the next release. regards, Nikos From ametzler at downhill.at.eu.org Sat Sep 3 18:32:57 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 3 Sep 2011 18:32:57 +0200 Subject: gnutls pkg-config file does not refer to p11-kit Message-ID: <20110903163257.GB2044@downhill.g.la> Hello, find attached a patch to add p11-kit to gnutls' pkg-config file. (I do not think there is a point in jumping through hoops like we do for zlib, gnutls requires a working p11-kit-1 pkg-config file to build with PKCS#11 support.) The patch is against gnutls_2_12_x, but does apply to master, too if you specify the target file. patch configure.ac < \ /tmp/0001-Add-p11-kit-1-to-gnutls.pc-Requires.private.patch cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-p11-kit-1-to-gnutls.pc-Requires.private.patch Type: text/x-diff Size: 946 bytes Desc: not available URL: From ametzler at downhill.at.eu.org Sat Sep 3 18:58:54 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 3 Sep 2011 18:58:54 +0200 Subject: gnutls_2_12_x git tree does not build (snippet/*) Message-ID: <20110903165854.GC2044@downhill.g.la> Hello, looks like the recent update gnulib patch was incomplete. gnutls_2_12_x does not build anymore: make[4]: Entering directory `/tmp/GNUTLS/gnutls.git/lib/gl' make[4]: *** No rule to make target `../build-aux/snippet/c++defs.h', needed by `c++defs.h'. Stop. make[4]: Leaving directory `/tmp/GNUTLS/gnutls.git/lib/gl' cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From ametzler at downhill.at.eu.org Sat Sep 3 19:01:38 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 3 Sep 2011 19:01:38 +0200 Subject: gnutls_2_12_x git tree does not build (snippet/*) In-Reply-To: <20110903165854.GC2044@downhill.g.la> References: <20110903165854.GC2044@downhill.g.la> Message-ID: <20110903170138.GD2044@downhill.g.la> On 2011-09-03 Andreas Metzler wrote: > Hello, > looks like the recent update gnulib patch was incomplete. > gnutls_2_12_x does not build anymore: > make[4]: Entering directory `/tmp/GNUTLS/gnutls.git/lib/gl' > make[4]: *** No rule to make target `../build-aux/snippet/c++defs.h', > needed by `c++defs.h'. Stop. > make[4]: Leaving directory `/tmp/GNUTLS/gnutls.git/lib/gl' Copying build-aux/snippet from master to lib/build-aux/ in gnutls_2_12_x works around the problem. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From nmav at gnutls.org Sun Sep 4 11:56:02 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 4 Sep 2011 11:56:02 +0200 Subject: gnutls pkg-config file does not refer to p11-kit In-Reply-To: <20110903163257.GB2044@downhill.g.la> References: <20110903163257.GB2044@downhill.g.la> Message-ID: On Sat, Sep 3, 2011 at 6:32 PM, Andreas Metzler wrote: > Hello, > find attached a patch to add p11-kit to gnutls' pkg-config file. Thank you. I've seen however that you add the ".pc" in the first case like: Requires.private: p11-kit-1.pc but later you only add p11-kit-1. Is this intentional? regards, Nikos From nmav at gnutls.org Sun Sep 4 12:06:06 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 04 Sep 2011 12:06:06 +0200 Subject: gnutls_2_12_x git tree does not build (snippet/*) In-Reply-To: <20110903170138.GD2044@downhill.g.la> References: <20110903165854.GC2044@downhill.g.la> <20110903170138.GD2044@downhill.g.la> Message-ID: <4E634D8E.6080508@gnutls.org> On 09/03/2011 07:01 PM, Andreas Metzler wrote: > On 2011-09-03 Andreas Metzler wrote: >> Hello, > >> looks like the recent update gnulib patch was incomplete. >> gnutls_2_12_x does not build anymore: > >> make[4]: Entering directory `/tmp/GNUTLS/gnutls.git/lib/gl' >> make[4]: *** No rule to make target `../build-aux/snippet/c++defs.h', >> needed by `c++defs.h'. Stop. >> make[4]: Leaving directory `/tmp/GNUTLS/gnutls.git/lib/gl' > > Copying build-aux/snippet from master to lib/build-aux/ in > gnutls_2_12_x works around the problem. Thanks. It was left uncommited. Added. regards, Nikos From ametzler at downhill.at.eu.org Sun Sep 4 13:57:33 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 4 Sep 2011 13:57:33 +0200 Subject: gnutls pkg-config file does not refer to p11-kit In-Reply-To: References: <20110903163257.GB2044@downhill.g.la> Message-ID: <20110904115733.GA2064@downhill.g.la> On 2011-09-04 Nikos Mavrogiannopoulos wrote: [...] > Thank you. I've seen however that you add the ".pc" in the first case like: > Requires.private: p11-kit-1.pc > but later you only add p11-kit-1. Is this intentional? [...] No, that is wrong. Thanks for catching that. Both instances should *not* have the .pc suffix. cu andreas From simon at josefsson.org Tue Sep 6 12:16:19 2011 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 06 Sep 2011 12:16:19 +0200 Subject: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled In-Reply-To: (Daniel Stenberg's message of "Tue, 6 Sep 2011 08:50:07 +0200 (CEST)") References: <20110905225222.GA1106@elie> <87sjoajlug.fsf@latte.josefsson.org> Message-ID: <87obyyj7rg.fsf@latte.josefsson.org> Daniel Stenberg writes: > On Tue, 6 Sep 2011, Simon Josefsson wrote: > >>> | $ ls -l /etc/ssl/certs/ca-certificates.crt >>> | -rw-r--r-- 1 root root 0 Sep 2 00:07 /etc/ssl/certs/ca-certificates.crt >>> >>> This is probably a libgnutls bug, but since I haven't pinned it down >>> I'm filing it here. Known problem? >> >> I recall similar problems when I also disabled all CAs on my machine >> long time ago. I suspect some software may be checking the return >> code from the CA loading function, and will treat loading of 0 >> certificates as an error. Please try to track down the code that >> triggers the error message to test this theory. > > I believe it isn't that simple. I think the code that returns the > error in this case can be found here: > > https://github.com/bagder/curl/blob/master/lib/gtls.c#L377 > > ... and it clearly checks for a negative return value for it to be an error. Thanks for the pointer -- I managed to track it down, and installed a patch for it: http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ab782d356200f44736edb687304d5e90438e2185 Some code may have been relying on getting an error when there were no certificate at all, but I think it is saner to report success and no certificates. That is consistent with the documentation as well. Let's hope the change doesn't cause to large problems in practice. /Simon From n.mavrogiannopoulos at gmail.com Tue Sep 6 12:40:16 2011 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Tue, 06 Sep 2011 12:40:16 +0200 Subject: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled In-Reply-To: <87obyyj7rg.fsf@latte.josefsson.org> References: <20110905225222.GA1106@elie> <87sjoajlug.fsf@latte.josefsson.org> <87obyyj7rg.fsf@latte.josefsson.org> Message-ID: <4E65F890.30208@gmail.com> On 09/06/2011 12:16 PM, Simon Josefsson wrote: >>>> | $ ls -l /etc/ssl/certs/ca-certificates.crt >>>> | -rw-r--r-- 1 root root 0 Sep 2 00:07 /etc/ssl/certs/ca-certificates.crt >>>> >>>> This is probably a libgnutls bug, but since I haven't pinned it down >>>> I'm filing it here. Known problem? >>> >>> I recall similar problems when I also disabled all CAs on my machine >>> long time ago. I suspect some software may be checking the return >>> code from the CA loading function, and will treat loading of 0 >>> certificates as an error. Please try to track down the code that >>> triggers the error message to test this theory. >> >> I believe it isn't that simple. I think the code that returns the >> error in this case can be found here: >> >> https://github.com/bagder/curl/blob/master/lib/gtls.c#L377 >> >> ... and it clearly checks for a negative return value for it to be an error. > > Thanks for the pointer -- I managed to track it down, and installed a > patch for it: > http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ab782d356200f44736edb687304d5e90438e2185 This is tricky. How do you distinguish bad pem encoding from zero certificates? In any case I think that gnutls_x509_crt_list_import() should fail on such error, since it was always like that. The fix should be in gnutls_certificate_set_x509_trust_mem() and friends. I'll try to check it out. regards, Nikos From jrnieder at gmail.com Wed Sep 7 02:15:33 2011 From: jrnieder at gmail.com (Jonathan Nieder) Date: Tue, 6 Sep 2011 19:15:33 -0500 Subject: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled In-Reply-To: <87obyyj7rg.fsf@latte.josefsson.org> References: <20110905225222.GA1106@elie> <87sjoajlug.fsf@latte.josefsson.org> <87obyyj7rg.fsf@latte.josefsson.org> Message-ID: <20110907001532.GA16919@elie> reassign 640639 libgnutls26 2.12.10-1 tags 640639 + upstream fixed-upstream quit Simon Josefsson wrote: > Thanks for the pointer -- I managed to track it down, and installed a > patch for it: > > http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ab782d356200f44736edb687304d5e90438e2185 Thanks, Simon! I think that's enough of a fix (i.e., I don't think this is worth working around in curl), so I'm reassigning the bug to track when that gnutls patch makes its way to Debian. Happily, Jonathan From stephen.lynch at smoothwall.net Wed Sep 7 10:57:53 2011 From: stephen.lynch at smoothwall.net (Stephen Lynch) Date: Wed, 7 Sep 2011 09:57:53 +0100 Subject: Documentation correction for GnuTLS 3 Message-ID: The documentation for the function gnutls_certificate_set_x509_trust states that it returns "GNUTLS_E_SUCCESS (0) on success, or a negative error code." It actually returns the return value of gnutls_x509_trust_list_add_cas on success. According to the docs "The number of added elements is returned. ". Regards, -- -- Stephen Lynch Developer stephen.lynch at smoothwall.net Smoothwall Ltd 1 John Charles Way, Leeds, LS12 6QA United Kingdom Telephone:? USA: 1 800 959 3760? Europe: +44 (0) 8701 999500 www.smoothwall.net Smoothwall Limited is registered in England, Company Number: 4298247. This email and any attachments transmitted with it are confidential to the intended recipient(s) and may not be communicated to any other person or published by any means without the permission of Smoothwall Limited.? Any opinions stated in this message are solely those of the author. From cerdeira at co.sapo.pt Wed Sep 7 19:39:36 2011 From: cerdeira at co.sapo.pt (J. Cameijo Cerdeira) Date: Wed, 7 Sep 2011 18:39:36 +0100 Subject: serverhello refused by openssl Message-ID: <201109071839.36621.cerdeira@co.sapo.pt> Hello, I was able to connect to a server (it uses gnu libmicrohttpd) until I've upgraded to gnutls 3.0.2. since then openssl based clients (old versions 0.9.7g and 0.9.8c) started failing with SSL3_GET_SERVER_HELLO:bad packet length. libmicrohttpd uses a "NORMAL" priority string. tried changing that to NORMAL:%COMPAT to no avail. It's probably a bug in openssl but I'd like someone could enlighten me. following is a dump of the negotiation (output of openssl s_client -ssl3 -state -debug -msg -connect): CONNECTED(00000003) SSL_connect:before/connect initialization write to 08192008 [0819BDC0] (102 bytes => 102 (0x66)) 0000 - 16 03 00 00 61 01 00 00-5d 03 00 4e 67 a9 93 a5 ....a...]..Ng... 0010 - cb 74 7e 7b 11 55 60 f7-65 d4 c9 4f bf 0e 70 2c .t~{.U`.e..O..p, 0020 - 43 3d 9b d1 f7 bc a4 33-a5 6f d2 00 00 36 00 39 C=.....3.o...6.9 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./ 0040 - 00 07 00 66 00 05 00 04-00 63 00 62 00 61 00 15 ...f.....c.b.a.. 0050 - 00 12 00 09 00 65 00 64-00 60 00 14 00 11 00 08 .....e.d.`...... 0060 - 00 06 00 03 01 ..... 0066 - >>> SSL 3.0 Handshake [length 0061], ClientHello 01 00 00 5d 03 00 4e 67 a9 93 a5 cb 74 7e 7b 11 55 60 f7 65 d4 c9 4f bf 0e 70 2c 43 3d 9b d1 f7 bc a4 33 a5 6f d2 00 00 36 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 66 00 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00 SSL_connect:SSLv3 write client hello A read from 08192008 [081975B0] (5 bytes => 5 (0x5)) 0000 - 16 03 00 00 4c ....L read from 08192008 [081975B5] (76 bytes => 76 (0x4C)) 0000 - 02 00 00 48 03 00 4e 67-a9 93 85 85 c0 0e d1 86 ...H..Ng........ 0010 - b2 00 6b f1 10 1b 28 d9-68 8c 17 6a 3b 69 97 f5 ..k...(.h..j;i.. 0020 - 91 72 78 48 f2 56 20 6e-13 d4 11 53 8f 89 35 a7 .rxH.V n...S..5. 0030 - 48 43 14 b3 75 ff 06 18-33 8c bd 78 9d 47 62 6a HC..u...3..x.Gbj 0040 - c6 13 a3 29 2a a3 bb 00-35 ...)*...5 004c - <<< SSL 3.0 Handshake [length 004c], ServerHello 02 00 00 48 03 00 4e 67 a9 93 85 85 c0 0e d1 86 b2 00 6b f1 10 1b 28 d9 68 8c 17 6a 3b 69 97 f5 91 72 78 48 f2 56 20 6e 13 d4 11 53 8f 89 35 a7 48 43 14 b3 75 ff 06 18 33 8c bd 78 9d 47 62 6a c6 13 a3 29 2a a3 bb 00 35 00 00 00 SSL_connect:error in SSLv3 read server hello B 2249:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet length:s3_clnt.c:743: TIA Jos? Cameijo Cerdeira -- Top 10 reasons to procrastinate: 1) From nmav at gnutls.org Thu Sep 8 00:03:12 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 08 Sep 2011 00:03:12 +0200 Subject: serverhello refused by openssl In-Reply-To: <201109071839.36621.cerdeira@co.sapo.pt> References: <201109071839.36621.cerdeira@co.sapo.pt> Message-ID: <4E67EA20.2090506@gnutls.org> On 09/07/2011 07:39 PM, J. Cameijo Cerdeira wrote: > Hello, I was able to connect to a server (it uses gnu libmicrohttpd) > until I've upgraded to gnutls 3.0.2. since then openssl based clients > (old versions 0.9.7g and 0.9.8c) started failing with > SSL3_GET_SERVER_HELLO:bad packet length. libmicrohttpd uses a > "NORMAL" priority string. tried changing that to NORMAL:%COMPAT to no > avail. It's probably a bug in openssl but I'd like someone could > enlighten me. Thanks for reporting it. Does the attached patch solve the issue? It seems we sent an extension structure of size zero and that particular version of openssl didn't like it. With the patch we do not send a zero size extension structure. regards, Nikos -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.txt URL: From nmav at gnutls.org Thu Sep 8 00:03:38 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 08 Sep 2011 00:03:38 +0200 Subject: Documentation correction for GnuTLS 3 In-Reply-To: References: Message-ID: <4E67EA3A.8010603@gnutls.org> On 09/07/2011 10:57 AM, Stephen Lynch wrote: > The documentation for the function gnutls_certificate_set_x509_trust > states that it returns "GNUTLS_E_SUCCESS (0) on success, or a negative > error code." > It actually returns the return value of gnutls_x509_trust_list_add_cas > on success. According to the docs "The number of added elements is > returned. ". Applied. Thank you for reporting it. regards, Nikos From simon at josefsson.org Thu Sep 8 10:38:58 2011 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 08 Sep 2011 10:38:58 +0200 Subject: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled In-Reply-To: <4E65F890.30208@gmail.com> (Nikos Mavrogiannopoulos's message of "Tue, 06 Sep 2011 12:40:16 +0200") References: <20110905225222.GA1106@elie> <87sjoajlug.fsf@latte.josefsson.org> <87obyyj7rg.fsf@latte.josefsson.org> <4E65F890.30208@gmail.com> Message-ID: <8762l377j1.fsf@latte.josefsson.org> Nikos Mavrogiannopoulos writes: > On 09/06/2011 12:16 PM, Simon Josefsson wrote: > >>>>> | $ ls -l /etc/ssl/certs/ca-certificates.crt >>>>> | -rw-r--r-- 1 root root 0 Sep 2 00:07 /etc/ssl/certs/ca-certificates.crt >>>>> >>>>> This is probably a libgnutls bug, but since I haven't pinned it down >>>>> I'm filing it here. Known problem? >>>> >>>> I recall similar problems when I also disabled all CAs on my machine >>>> long time ago. I suspect some software may be checking the return >>>> code from the CA loading function, and will treat loading of 0 >>>> certificates as an error. Please try to track down the code that >>>> triggers the error message to test this theory. >>> >>> I believe it isn't that simple. I think the code that returns the >>> error in this case can be found here: >>> >>> https://github.com/bagder/curl/blob/master/lib/gtls.c#L377 >>> >>> ... and it clearly checks for a negative return value for it to be an error. >> >> Thanks for the pointer -- I managed to track it down, and installed a >> patch for it: >> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ab782d356200f44736edb687304d5e90438e2185 > > This is tricky. How do you distinguish bad pem encoding from zero > certificates? In any case I think that gnutls_x509_crt_list_import() > should fail on such error, since it was always like that. The fix > should be in gnutls_certificate_set_x509_trust_mem() and friends. I'll > try to check it out. Hm. Yeah. An alternative approach is to just check for the empty string, or possibly whitespace, and then return zero certificates, or otherwise return an error code. Still, maybe it is useful for gnutls_x509_crt_list_import to also support importing zero certificates? /Simon From n.mavrogiannopoulos at gmail.com Thu Sep 8 10:52:15 2011 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Thu, 8 Sep 2011 10:52:15 +0200 Subject: Bug#640639: libcurl: CURLE_SSL_CACERT_BADFILE error when all CAs in ca-certificates disabled In-Reply-To: <8762l377j1.fsf@latte.josefsson.org> References: <20110905225222.GA1106@elie> <87sjoajlug.fsf@latte.josefsson.org> <87obyyj7rg.fsf@latte.josefsson.org> <4E65F890.30208@gmail.com> <8762l377j1.fsf@latte.josefsson.org> Message-ID: On Thu, Sep 8, 2011 at 10:38 AM, Simon Josefsson wrote: >> This is tricky. How do you distinguish bad pem encoding from zero >> certificates? ?In any case I think that gnutls_x509_crt_list_import() >> should fail on such error, since it was always like that. The fix >> should be in gnutls_certificate_set_x509_trust_mem() and friends. I'll >> try to check it out. > Hm. ?Yeah. ?An alternative approach is to just check for the empty > string, or possibly whitespace, and then return zero certificates, or > otherwise return an error code. ?Still, maybe it is useful for > gnutls_x509_crt_list_import to also support importing zero certificates? Could be useful but since it had always been failing on zero certificates, I don't know if it is good to change the semantics. One might rely on the size being non-zero and do a malloc(size*something_else). If size is zero malloc's return value is undefined. regards, Nikos From nmav at gnutls.org Fri Sep 9 17:30:45 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 09 Sep 2011 17:30:45 +0200 Subject: gnutls_handshake trouble with Chrome In-Reply-To: References: Message-ID: <4E6A3125.4010700@gnutls.org> On 09/09/2011 11:24 AM, Thibaut Le Guilly wrote: > Hello, > > I did a Wireshark analyze to compare the behaviour of Chrome vs. Firefox and > cUrl, and Chrome is doing some weird things, like re-sending a "client > hello" after the "server hello done", instead of sending the client key. I > attached the wireshark files, may be it can help you determine if the > problem is Chrome and not GNUtls? Which version of chrome and gnutls do you use? I've tested gnutls-serv (in gnutls 3.0.2) with chromium 13.0 and it seems they are able to communicate. I notice though that chromium makes multiple connections to the server and some of them fail. This looks like some kind of probing of the server to discover its capabilities, but a chromium developer might be more helpful. Do you actually have issues with chromium displaying the correct content? regards, Nikos From nmav at gnutls.org Sat Sep 10 12:42:19 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 10 Sep 2011 12:42:19 +0200 Subject: dropping export ciphersuites Message-ID: <4E6B3F0B.5040905@gnutls.org> Hello, I'm thinking into dropping completely the RSA-EXPORT ciphersuites. These are deliberately weak ciphersuites intended to be used in US-export products in the 90's. Today they serve no purpose. Can somebody come up with any reasons for not removing them? regards, Nikos From neuromancer at dash.za.net Sun Sep 11 06:19:30 2011 From: neuromancer at dash.za.net (Dash Shendy) Date: Sun, 11 Sep 2011 06:19:30 +0200 Subject: dropping export ciphersuites In-Reply-To: References: Message-ID: <4E6C36D2.6050503@dash.za.net> Hi Nikos, I think the only Browser that uses the Export Ciphersuits is IE6, it is also the only browser that still uses (the now obsolete) SSL version 2.0 protocol. Looking at: http://www.w3schools.com/browsers/browsers_explorer.asp Doesn't seem like a lot of people are still using it, and besides if they are they should really upgrade! I think removing support of the Export Ciphersuits is a good idea. Ciao, Dash Shendy http://dash.za.net/?smtpsig gtalk: dash.za.net at gmail.com skype: dashula2006 mopho: (+27) 72 23 75 199 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x1F109B38.asc Type: application/pgp-keys Size: 1887 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From leguilly.thibaut at gmail.com Mon Sep 12 09:32:48 2011 From: leguilly.thibaut at gmail.com (Thibaut Le Guilly) Date: Mon, 12 Sep 2011 09:32:48 +0200 Subject: gnutls_handshake trouble with Chrome In-Reply-To: <4E6A3125.4010700@gnutls.org> References: <4E6A3125.4010700@gnutls.org> Message-ID: Hello, I am using gnutls 2.8.6 and chromium 13.0, and they are in fact able to communicate, but I was worrying about where did this issue was comming from. I will try to find some information about what Chrome is actually doing, and let you know if I find anything. Thank you for your time and your help, Best regards, On Fri, Sep 9, 2011 at 5:30 PM, Nikos Mavrogiannopoulos wrote: > On 09/09/2011 11:24 AM, Thibaut Le Guilly wrote: > >> Hello, >> >> I did a Wireshark analyze to compare the behaviour of Chrome vs. Firefox >> and >> cUrl, and Chrome is doing some weird things, like re-sending a "client >> hello" after the "server hello done", instead of sending the client key. I >> attached the wireshark files, may be it can help you determine if the >> problem is Chrome and not GNUtls? >> > > Which version of chrome and gnutls do you use? I've tested gnutls-serv (in > gnutls 3.0.2) with chromium 13.0 and it seems they are able to communicate. > I notice though that chromium makes multiple connections to the server and > some of them fail. This looks like some kind of probing of the server to > discover its capabilities, but a chromium developer might be more helpful. > Do you actually have issues with chromium displaying the correct content? > > regards, > Nikos > > -- Thibaut Le Guilly -------------- next part -------------- An HTML attachment was scrubbed... URL: From INVALID.NOREPLY at gnu.org Thu Sep 15 21:46:35 2011 From: INVALID.NOREPLY at gnu.org (Frederic Bezies) Date: Thu, 15 Sep 2011 19:46:35 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. Message-ID: <20110915-194634.sv85256.79265@savannah.gnu.org> URL: Summary: GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. Project: GnuTLS Submitted by: fredbezies Submitted on: jeu. 15 sept. 2011 19:46:34 GMT Category: None Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: GNU/Linux _______________________________________________________ Details: Hello. I've reported a bug on gnome bugzilla, having a problem related to google agenda sync with evolution. An error, related to gnutls appeared : "Cannot open calendar: Unexpected HTTP status code 6 returned (Error reading data from TLS socket: The TLS connection was non-properly terminated.)" After doing some search, it turned to be a known bug, already reported on archlinux bugzilla : https://bugs.archlinux.org/task/25733 It has been found - and I verified this by using the patch - that reverting commit 16b552803790c0f1b393b6f143b166429c51e9f2 fix the issue. I attached the patch I used to verify the infos I've read. I'm reporting this issue to your bug tracker, in hope you'll find a way to fix this problem. Thanks. _______________________________________________________ File Attachments: ------------------------------------------------------- Date: jeu. 15 sept. 2011 19:46:34 GMT Name: 0001-Revert-detect-premature-termination-of-connection.patch Size: 720 o By: fredbezies patch fixing issue with evolution sync of google agenda accounts. _______________________________________________________ Reply to this item at: _______________________________________________ Message post? via/par Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 15 23:12:58 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Thu, 15 Sep 2011 21:12:58 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110915-194634.sv85256.79265@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> Message-ID: <20110916-001257.sv707.97670@savannah.gnu.org> Update of sr #107802 (project gnutls): Status: None => Need Info Assigned to: None => nmav _______________________________________________________ Follow-up Comment #1: Hello the fix might solve the problem you see with evolution but I'm not sure it is the correct fix. It might as well be right to fail because the peer abnormally terminated the connection (in TLS one has to terminate a connection by the protocol and not just terminate the TCP layer). Could you provide a tcpdump of the failed TLS session to verify that this is the case? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 10:30:38 2011 From: INVALID.NOREPLY at gnu.org (Frederic Bezies) Date: Fri, 16 Sep 2011 08:30:38 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-001257.sv707.97670@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> Message-ID: <20110916-083038.sv85256.38585@savannah.gnu.org> Follow-up Comment #2, sr #107802 (project gnutls): Ok. Just tell me how to use tcpdump and I will send you infos you're looking after asap. _______________________________________________________ Reply to this item at: _______________________________________________ Message post? via/par Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 10:37:29 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 16 Sep 2011 08:37:29 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-083038.sv85256.38585@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> Message-ID: <20110916-083729.sv0.21608@savannah.gnu.org> Follow-up Comment #3, sr #107802 (project gnutls): Download and use the "wireshark" program. Use it to capture data from the interface that you use to access your e-mail (ethernet or so). Then save the output and attach here. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 11:15:05 2011 From: INVALID.NOREPLY at gnu.org (Frederic Bezies) Date: Fri, 16 Sep 2011 09:15:05 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-083729.sv0.21608@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> <20110916-083729.sv0.21608@savannah.gnu.org> Message-ID: <20110916-091505.sv85256.75937@savannah.gnu.org> Follow-up Comment #4, sr #107802 (project gnutls): Wireshark dump. Try several times to sync my google agenda without being successful. Hope it helps ! (file #23979) _______________________________________________________ Additional Item Attachment: File name: wireshark.out Size:334 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message post? via/par Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 11:59:52 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 16 Sep 2011 09:59:52 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-091505.sv85256.75937@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> <20110916-083729.sv0.21608@savannah.gnu.org> <20110916-091505.sv85256.75937@savannah.gnu.org> Message-ID: <20110916-095951.sv0.35637@savannah.gnu.org> Follow-up Comment #5, sr #107802 (project gnutls): Unfortunately I cannot open this format with wireshark. Could you save it on libpcap format (the first option in save as). _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 12:07:20 2011 From: INVALID.NOREPLY at gnu.org (Frederic Bezies) Date: Fri, 16 Sep 2011 10:07:20 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-095951.sv0.35637@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> <20110916-083729.sv0.21608@savannah.gnu.org> <20110916-091505.sv85256.75937@savannah.gnu.org> <20110916-095951.sv0.35637@savannah.gnu.org> Message-ID: <20110916-100720.sv85256.88164@savannah.gnu.org> Follow-up Comment #6, sr #107802 (project gnutls): I printed all datas in text format. You have to use a text editor to read it. Sorry. I think it was the good option. I hope I could import it and save it in libpcap format. _______________________________________________________ Reply to this item at: _______________________________________________ Message post? via/par Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 12:23:36 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 16 Sep 2011 10:23:36 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-100720.sv85256.88164@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> <20110916-083729.sv0.21608@savannah.gnu.org> <20110916-091505.sv85256.75937@savannah.gnu.org> <20110916-095951.sv0.35637@savannah.gnu.org> <20110916-100720.sv85256.88164@savannah.gnu.org> Message-ID: <20110916-102336.sv0.51473@savannah.gnu.org> Follow-up Comment #7, sr #107802 (project gnutls): Ok the text was enough to see the case. Indeed the server terminated the connection non-properly and this is what gnutls is reporting. This is reported via the GNUTLS_E_PREMATURE_TERMINATION error code (in gnutls 2.x the generic GNUTLS_E_UNEXPECTED_PACKET_LENGTH was used). Maybe you could report this to the evolution developers to report the error only without invalidating the already received data. I know that other libraries just ignore this error, but note that if you ignore it you'll never notice an attack that truncates the data sent by the server. From gnutls side there is not much we can do. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 20:53:59 2011 From: INVALID.NOREPLY at gnu.org (Frederic Bezies) Date: Fri, 16 Sep 2011 18:53:59 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-102336.sv0.51473@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> <20110916-083729.sv0.21608@savannah.gnu.org> <20110916-091505.sv85256.75937@savannah.gnu.org> <20110916-095951.sv0.35637@savannah.gnu.org> <20110916-100720.sv85256.88164@savannah.gnu.org> <20110916-102336.sv0.51473@savannah.gnu.org> Message-ID: <20110916-185359.sv85256.81676@savannah.gnu.org> Follow-up Comment #8, sr #107802 (project gnutls): A little message to say the issue is fixed. It was a bug in glib-networking and it is not longer a problem. https://bugzilla.gnome.org/show_bug.cgi?id=659233 Thanks a lot for your help. _______________________________________________________ Reply to this item at: _______________________________________________ Message post? via/par Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 16 21:04:08 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 16 Sep 2011 19:04:08 +0000 Subject: [sr #107802] GNU TLS 3.0.2 breaks Evolution sync with Google Agenda account. In-Reply-To: <20110916-185359.sv85256.81676@savannah.gnu.org> References: <20110915-194634.sv85256.79265@savannah.gnu.org> <20110916-001257.sv707.97670@savannah.gnu.org> <20110916-083038.sv85256.38585@savannah.gnu.org> <20110916-083729.sv0.21608@savannah.gnu.org> <20110916-091505.sv85256.75937@savannah.gnu.org> <20110916-095951.sv0.35637@savannah.gnu.org> <20110916-100720.sv85256.88164@savannah.gnu.org> <20110916-102336.sv0.51473@savannah.gnu.org> <20110916-185359.sv85256.81676@savannah.gnu.org> Message-ID: <20110916-220408.sv707.87336@savannah.gnu.org> Update of sr #107802 (project gnutls): Status: Need Info => Done Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #9: Thank you for chasing this out. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Sep 17 16:41:54 2011 From: INVALID.NOREPLY at gnu.org (Dan Winship) Date: Sat, 17 Sep 2011 14:41:54 +0000 Subject: [sr #107804] privkey memory leak in server handshake Message-ID: <20110917-144153.sv73763.64603@savannah.gnu.org> URL: Summary: privkey memory leak in server handshake Project: GnuTLS Submitted by: danw Submitted on: Sat 17 Sep 2011 02:41:53 PM GMT Category: None Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: None _______________________________________________________ Details: in auth_cert.c, call_get_cert_callback() passes a newly-allocated gnutls_privkey_t to _gnutls_selected_certs_set(), but later on, _gnutls_selected_certs_deinit() just sets the key to NULL without freeing it. both 2.12 and git master _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Sep 17 18:31:59 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Sep 2011 16:31:59 +0000 Subject: [sr #107804] privkey memory leak in server handshake In-Reply-To: <20110917-144153.sv73763.64603@savannah.gnu.org> References: <20110917-144153.sv73763.64603@savannah.gnu.org> Message-ID: <20110917-193159.sv707.1902@savannah.gnu.org> Update of sr #107804 (project gnutls): Assigned to: None => nmav _______________________________________________________ Follow-up Comment #1: Thank you for the report. Does the attached patch fix the issue for you? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Sep 17 18:32:35 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Sep 2011 16:32:35 +0000 Subject: [sr #107739] GnuTLS 2.10.5 endless loop of mini test on armel In-Reply-To: <20110728-204940.sv707.44686@savannah.gnu.org> References: <20110709-160022.sv20807.97043@savannah.gnu.org> <20110709-160220.sv20807.53455@savannah.gnu.org> <20110713-190459.sv20807.47995@savannah.gnu.org> <20110728-092202.sv0.18946@savannah.gnu.org> <20110728-092718.sv0.97499@savannah.gnu.org> <20110728-190451.sv20807.23906@savannah.gnu.org> <20110728-204940.sv707.44686@savannah.gnu.org> Message-ID: <20110917-193235.sv707.706@savannah.gnu.org> Update of sr #107739 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Sep 17 19:07:47 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Sep 2011 17:07:47 +0000 Subject: [sr #107804] privkey memory leak in server handshake In-Reply-To: <20110917-193159.sv707.1902@savannah.gnu.org> References: <20110917-144153.sv73763.64603@savannah.gnu.org> <20110917-193159.sv707.1902@savannah.gnu.org> Message-ID: <20110917-200747.sv707.79803@savannah.gnu.org> Additional Item Attachment, sr #107804 (project gnutls): File name: patch.txt Size:0 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Sep 17 21:11:22 2011 From: INVALID.NOREPLY at gnu.org (Dan Winship) Date: Sat, 17 Sep 2011 19:11:22 +0000 Subject: [sr #107804] privkey memory leak in server handshake In-Reply-To: <20110917-200747.sv707.79803@savannah.gnu.org> References: <20110917-144153.sv73763.64603@savannah.gnu.org> <20110917-193159.sv707.1902@savannah.gnu.org> <20110917-200747.sv707.79803@savannah.gnu.org> Message-ID: <20110917-191121.sv73763.52856@savannah.gnu.org> Follow-up Comment #2, sr #107804 (project gnutls): yes, that works, although with that out of the way I noticed a second leak; you need to add + gnutls_free (st2.cert.x509); to the GNUTLS_CRT_X509 cleanup at the end of call_get_cert_callback(). (It's freeing the certs, but not the array containing them.) _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sun Sep 18 00:23:16 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Sep 2011 22:23:16 +0000 Subject: [sr #107804] privkey memory leak in server handshake In-Reply-To: <20110917-191121.sv73763.52856@savannah.gnu.org> References: <20110917-144153.sv73763.64603@savannah.gnu.org> <20110917-193159.sv707.1902@savannah.gnu.org> <20110917-200747.sv707.79803@savannah.gnu.org> <20110917-191121.sv73763.52856@savannah.gnu.org> Message-ID: <20110918-012316.sv707.93460@savannah.gnu.org> Update of sr #107804 (project gnutls): Status: None => Done _______________________________________________________ Follow-up Comment #3: Thanks. Should be fixed now in master. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Sun Sep 18 23:27:44 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 18 Sep 2011 23:27:44 +0200 Subject: gnutls 2.12.11 Message-ID: <4E766250.1050205@gnutls.org> Hello, I've just released gnutls 2.12.11. This is a bugfix release on the 2.12.x branch. Version 2.12.11 (released 2011-09-18) ** libgnutls: Memory leak fixes in credentials private key deinitialization. Reported by Dan Winship. ** libgnutls: Allow CA importing of 0 certificates to succeed. Reported by Jonathan Nieder in . ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sun Sep 18 23:56:04 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 18 Sep 2011 23:56:04 +0200 Subject: gnutls 3.0.3 Message-ID: <4E7668F4.1040108@gnutls.org> Hello, I've just released gnutls 3.0.3. It includes bug fixes and few feature additions. * Version 3.0.3 (released 2011-09-18) ** libgnutls: Added gnutls_record_get_discarded() to return the number of discarded records in a DTLS session. ** libgnutls: All functions related to RSA-EXPORT were deprecated. Support for RSA-EXPORT ciphersuites will be ceased in future versions. ** libgnutls: Memory leak fixes in credentials private key deinitialization. Reported by Dan Winship. ** libgnutls: Memory leak fixes in ECC ciphersuites. ** libgnutls: Do not send an empty extension structure in server hello. This affected old implementations that do not support extensions. Reported by J. Cameijo Cerdeira. ** libgnutls: Allow CA importing of 0 certificates to succeed. Reported by Jonathan Nieder in . ** libgnutls: Added support for VIA padlock AES optimizations. (disabled by default) ** libgnutls: Added support for elliptic curves in PKCS #11. ** libgnutls: Added gnutls_pkcs11_privkey_generate() to allow generating a key in a token. ** p11tool: Added generate-rsa, generate-dsa and generate-ecc options to allow generating private keys in the token. ** libgnutls: gnutls_transport_set_lowat dummy macro was removed. ** API and ABI modifications: gnutls_pkcs11_privkey_generate: Added gnutls_pubkey_import_ecc_raw: Added gnutls_pubkey_import_ecc_x962: Added gnutls_pubkey_get_pk_ecc_x962: Added gnutls_record_get_discarded: Added Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.3.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.3.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.3.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.3.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.3.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.3.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From INVALID.NOREPLY at gnu.org Mon Sep 19 00:48:38 2011 From: INVALID.NOREPLY at gnu.org (Marius Schamschula) Date: Sun, 18 Sep 2011 22:48:38 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X Message-ID: <20110918-224837.sv63226.24405@savannah.gnu.org> URL: Summary: Build failure for gnutls >= 3.0.1 under Mac OS X Project: GnuTLS Submitted by: mschamschula Submitted on: Sun 18 Sep 2011 10:48:37 PM GMT Category: None Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: Mac OS _______________________________________________________ Details: The last version of gnutls that I could successfully build under Mac OS X (tested for 10.5.8/PPC, 10.6.8, 10.7.1) was version 3.0.0. As of version 3.0.1, and above, I get the following error: serv.c: In function 'tcp_server': serv.c:1236: warning: cast to pointer from integer of different size In file included from ./../gl/unistd.h:112, from ./../gl/stdlib.h:90, from udp-serv.c:5: ./../gl/getopt.h:197: error: redefinition of 'struct option' make[3]: *** [udp-serv.o] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From ml at smtp.fakessh.eu Mon Sep 19 07:56:16 2011 From: ml at smtp.fakessh.eu (ml at smtp.fakessh.eu) Date: Mon, 19 Sep 2011 07:56:16 +0200 Subject: gnutls 2.12.11 In-Reply-To: <4E766250.1050205@gnutls.org> References: <4E766250.1050205@gnutls.org> Message-ID: <201109190756.26517.ml@smtp.fakessh.eu> Le dimanche 18 septembre 2011 23:27, Nikos Mavrogiannopoulos a ?crit?: > http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 I find myself facing problem in building an rpm I do not manage to pass the test PASS: test-read-file Unconnected socket test... -- ?http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 ?gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From keycpu at gmail.com Mon Sep 19 03:18:55 2011 From: keycpu at gmail.com (key J) Date: Mon, 19 Sep 2011 08:18:55 +0700 Subject: Checking DSA-1024 with TLS 1.0------faile----detail Message-ID: CFLAGS="-O2 -pipe -march=core2 -mtune=generic -msse4.1 " CXXFLAGS="${CFLAGS}" LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -Wl,--as-needed -Wl,-z,now -Wl,--enable-new-dtags -s" glibc 2.14 libtasn1 2.9 readline 6.2.001 zlib 1.2.5 nettle 2.2 $ gcc --version gcc (GCC) 4.6.1 20110819 (prerelease) Copyright (C) 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE ./configure --prefix=/usr --with-zlib --disable-static --disable-guile --disable-valgrind-tests ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- All 6 tests passed ================== make[3]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/safe-renegotiation' make[2]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/safe-renegotiation' Making check in dsa make[2]: Entering directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make testdsa make[3]: Entering directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make[3]: Nothing to be done for `testdsa'. make[3]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make check-TESTS make[3]: Entering directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failure: ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs FAIL: testdsa =================================== 1 of 1 test failed Please report to bug-gnutls at gnu.org =================================== make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests' make: *** [check-recursive] Error 1 ==> ERROR: A failure occurred in check(). Aborting... -------------- next part -------------- An HTML attachment was scrubbed... URL: From keycpu at gmail.com Mon Sep 19 01:38:03 2011 From: keycpu at gmail.com (key J) Date: Mon, 19 Sep 2011 06:38:03 +0700 Subject: Checking DSA-1024 with TLS 1.0 faile Message-ID: make check-TESTS make[3]: Entering directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failure: ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs FAIL: testdsa =================================== 1 of 1 test failed Please report to bug-gnutls at gnu.org =================================== make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests/dsa' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/home/key/build/gnutls/repos/extra-x86_64/src/gnutls-3.0.2/tests' make: *** [check-recursive] Error 1 ==> ERROR: A failure occurred in check(). Aborting... -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 2011-09-19-062624_1280x800_scrot.png Type: image/png Size: 257181 bytes Desc: not available URL: From nmav at gnutls.org Mon Sep 19 17:57:02 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 19 Sep 2011 17:57:02 +0200 Subject: Checking DSA-1024 with TLS 1.0------faile----detail In-Reply-To: References: Message-ID: <4E77664E.6030209@gnutls.org> On 09/19/2011 03:18 AM, key J wrote: > Checking various DSA key sizes > Checking DSA-1024 with TLS 1.0 > Failure: > ../scripts/common.sh: line 25: kill: Failed: arguments must be process or > job IDs > ../scripts/common.sh: line 25: kill: to: arguments must be process or job > IDs > ../scripts/common.sh: line 25: kill: launch: arguments must be process or > job IDs > ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process > or job IDs > ../scripts/common.sh: line 25: kill: server,: arguments must be process or > job IDs > ../scripts/common.sh: line 25: kill: aborting: arguments must be process or > job IDs > ../scripts/common.sh: line 25: kill: test...: arguments must be process or > job IDs Hi, Thank you for the report. Which system is that? Could it be an incompatibility with your /bin/sh? Could you test the script to find a possible point of failure? regards, Nikos From nmav at gnutls.org Mon Sep 19 18:31:26 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 19 Sep 2011 18:31:26 +0200 Subject: gnutls 2.12.11 In-Reply-To: <201109190756.26517.ml@smtp.fakessh.eu> References: <4E766250.1050205@gnutls.org> <201109190756.26517.ml@smtp.fakessh.eu> Message-ID: <4E776E5E.2000608@gnutls.org> On 09/19/2011 07:56 AM, ml at smtp.fakessh.eu wrote: > Le dimanche 18 septembre 2011 23:27, Nikos Mavrogiannopoulos a ?crit : >> http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 > I find myself facing problem in building an rpm > I do not manage to pass the test > PASS: test-read-file > Unconnected socket test... This might be a gnulib issue. Do the tests in tests/ work for you? From derleader at abv.bg Mon Sep 19 21:12:15 2011 From: derleader at abv.bg (derleader mail) Date: Mon, 19 Sep 2011 22:12:15 +0300 (EEST) Subject: Serve many clients with each server thread, and use asynchronous I/O Message-ID: <1360285972.6791.1316459535458.JavaMail.apache@mail22.abv.bg> Hi, I found interesting web site about network performance in different web servers. This is the web page http://www.kegel.com/c10k.html I'm interested is it possible in future versions of GnuTLS to add support in the library to serve many clients with each server thread, and use asynchronous I/O? Or it's already implemented? Regards Peter ----------------------------------------------------------------- 100 ?? ?????. ???-?????? ???????????. Tempobet.com http://bg.tempobet.com/affiliates/3208311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Mon Sep 19 23:35:08 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 19 Sep 2011 23:35:08 +0200 Subject: Serve many clients with each server thread, and use asynchronous I/O In-Reply-To: <1360285972.6791.1316459535458.JavaMail.apache@mail22.abv.bg> References: <1360285972.6791.1316459535458.JavaMail.apache@mail22.abv.bg> Message-ID: <4E77B58C.1040205@gnutls.org> On 09/19/2011 09:12 PM, derleader mail wrote: > I found interesting web site about network performance in different web servers. This is the web page http://www.kegel.com/c10k.html > I'm interested is it possible in future versions of GnuTLS to add support in the library to serve many clients with each server thread, and use asynchronous I/O? > Or it's already implemented? GnuTLS can be used with asynchronous I/O. Check the chapter "Asynchronous operation" in the gnutls manual. http://www.gnu.org/software/gnutls/manual/html_node/TLS-and-DTLS-sessions.html#TLS-and-DTLS-sessions regards, Nikos From INVALID.NOREPLY at gnu.org Mon Sep 19 23:55:24 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Mon, 19 Sep 2011 21:55:24 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110918-224837.sv63226.24405@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> Message-ID: <20110920-005523.sv707.96496@savannah.gnu.org> Update of sr #107806 (project gnutls): Status: None => Need Info Assigned to: None => nmav _______________________________________________________ Follow-up Comment #1: Hi, This looks like a gnulib issue. Could you test if a newer gnulib solves your issue? You'll need to download gnulib from http://www.gnu.org/s/gnulib/ then get into gnutls directory and run $ gnulib-tool --add-import If ./configure && make succeeds I'll update the gnulib in gnutls. Otherwise we'll need to make a bug report to gnulib people. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From ml at smtp.fakessh.eu Tue Sep 20 00:18:15 2011 From: ml at smtp.fakessh.eu (ml at smtp.fakessh.eu) Date: Tue, 20 Sep 2011 00:18:15 +0200 Subject: gnutls 2.12.11 In-Reply-To: <4E77B430.2040000@gnutls.org> References: <4E766250.1050205@gnutls.org> <201109192143.24682.ml@smtp.fakessh.eu> <4E77B430.2040000@gnutls.org> Message-ID: <201109200018.24052.ml@smtp.fakessh.eu> Le lundi 19 septembre 2011 23:29, vous avez ?crit?: > http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 test fail PASS: openpgp-auth Self test `./openpgp-keyring' finished with 0 errors PASS: openpgp-keyring PASS: pgps2kgnu bind: Address already in use server: bind failed Self test `./x509self' finished with 1 errors FAIL: x509self bind: Address already in use server: bind failed Self test `./x509dn' finished with 1 errors FAIL: x509dn bind: Address already in use server: bind failed Self test `./anonself' finished with 1 errors FAIL: anonself bind: Address already in use server: bind failed Self test `./pskself' finished with 1 errors FAIL: pskself bind: Address already in use server: bind failed Self test `./dhepskself' finished with 1 errors FAIL: dhepskself bind: Address already in use server: bind failed Self test `./resume' finished with 1 errors FAIL: resume PASS: setcredcrash bind: Address already in use server: bind failed Self test `./openpgpself' finished with 1 errors FAIL: openpgpself PASS: rfc2253-escape-test =================================== 7 of 45 tests failed Please report to bug-gnutls at gnu.org =================================== make[2]: *** [check-TESTS] Erreur 1 make[2]: quittant le r?pertoire ? /usr/src/redhat/BUILD/gnutls-2.12.11/tests ? make[1]: *** [check-am] Erreur 2 make[1]: quittant le r?pertoire ? /usr/src/redhat/BUILD/gnutls-2.12.11/tests ? make: *** [check-recursive] Erreur 1 erreur: Mauvais status de sortie pour /var/tmp/rpm-tmp.9700 (%check) Erreur de construction de RPM: Mauvais status de sortie pour /var/tmp/rpm-tmp.9700 (%check) -- ?http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 ?gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From ml at smtp.fakessh.eu Tue Sep 20 00:18:15 2011 From: ml at smtp.fakessh.eu (ml at smtp.fakessh.eu) Date: Tue, 20 Sep 2011 00:18:15 +0200 Subject: gnutls 2.12.11 In-Reply-To: <4E77B430.2040000@gnutls.org> References: <4E766250.1050205@gnutls.org> <201109192143.24682.ml@smtp.fakessh.eu> <4E77B430.2040000@gnutls.org> Message-ID: <201109200018.24052.ml@smtp.fakessh.eu> Le lundi 19 septembre 2011 23:29, vous avez ?crit?: > http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 test fail PASS: openpgp-auth Self test `./openpgp-keyring' finished with 0 errors PASS: openpgp-keyring PASS: pgps2kgnu bind: Address already in use server: bind failed Self test `./x509self' finished with 1 errors FAIL: x509self bind: Address already in use server: bind failed Self test `./x509dn' finished with 1 errors FAIL: x509dn bind: Address already in use server: bind failed Self test `./anonself' finished with 1 errors FAIL: anonself bind: Address already in use server: bind failed Self test `./pskself' finished with 1 errors FAIL: pskself bind: Address already in use server: bind failed Self test `./dhepskself' finished with 1 errors FAIL: dhepskself bind: Address already in use server: bind failed Self test `./resume' finished with 1 errors FAIL: resume PASS: setcredcrash bind: Address already in use server: bind failed Self test `./openpgpself' finished with 1 errors FAIL: openpgpself PASS: rfc2253-escape-test =================================== 7 of 45 tests failed Please report to bug-gnutls at gnu.org =================================== make[2]: *** [check-TESTS] Erreur 1 make[2]: quittant le r?pertoire ? /usr/src/redhat/BUILD/gnutls-2.12.11/tests ? make[1]: *** [check-am] Erreur 2 make[1]: quittant le r?pertoire ? /usr/src/redhat/BUILD/gnutls-2.12.11/tests ? make: *** [check-recursive] Erreur 1 erreur: Mauvais status de sortie pour /var/tmp/rpm-tmp.9700 (%check) Erreur de construction de RPM: Mauvais status de sortie pour /var/tmp/rpm-tmp.9700 (%check) -- ?http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 ?gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From buraphalinuxserver at gmail.com Tue Sep 20 00:33:58 2011 From: buraphalinuxserver at gmail.com (Somchai Smythe) Date: Tue, 20 Sep 2011 05:33:58 +0700 Subject: gnutls-3.0.3 testdsa problems, patch Message-ID: Hello, Since gnutls-3.0.X is the supported 'stable', I am trying to build it and use it. But I'm having many problems getting the test-suite to run. I kept getting very confusing errors about kill that were nearly impossible to debug because of all kinds of unconditional '>/dev/null 2>&1' when trying to run 'testdsa' as part of the 'make check'. The quiet builds are popular nowadays, but essentially impossible for idiots like me to debug when they break. Maybe some working 'V=1' mode could be added? Anyway, before my patch I got this: Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failure: ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs After a long night of frustration I realized the problem is that the test server software unconditionally expects me to be using IPV6. I don't have any IPV6 kernel modules loaded and no IPV6 interface configured, but the test sever still tries to listen on ipv6 anyway for '::' (I'm on linux 3.0.4 kernel). This probably incorrect tiny patch (against gnutls-3.0.3 release) fixed that problem for me: --- gnutls-3.0.3/src/serv.c 2011-09-14 03:31:58.000000000 +0700 +++ gnutls-3.0.3.new/src/serv.c 2011-09-20 03:59:30.601338284 +0700 @@ -702,6 +696,9 @@ for (ptr = res; ptr != NULL; ptr = ptr->ai_next) { +#ifndef HAVE_IPV6 + if (ptr->ai_family!=AF_INET) continue; +#endif /* Print what we are doing. */ { char topbuf[512]; But all it did was let me go to the next crash :-( Now I still get stuck with this: Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Checking server DSA-1024 with client DSA-1024 and TLS 1.0 Checking server DSA-1024 with client DSA-2048 and TLS 1.0 Checking server DSA-1024 with client DSA-3072 and TLS 1.0 Checking DSA-1024 with TLS 1.2 Checking server DSA-1024 with client DSA-1024 and TLS 1.2 Checking server DSA-1024 with client DSA-2048 and TLS 1.2 *** Fatal error: The given DSA key is incompatible with the selected TLS protocol. *** Handshake has failed GnuTLS error: The given DSA key is incompatible with the selected TLS protocol. Failure: Failed connection to a server with a client DSA 2048 key and TLS 1.2! Any hints on what magic is needed to get past this next problem? JGH From buraphalinuxserver at gmail.com Tue Sep 20 00:58:04 2011 From: buraphalinuxserver at gmail.com (Somchai Smythe) Date: Tue, 20 Sep 2011 05:58:04 +0700 Subject: gnutls-3.0.3 testdsa problems, patch Message-ID: Hello again, Ok, I had some daemons that were left over from previous crashed test runs blocking the port. After kill -9 those, with the patch the self-tests pass. However, I think it would be difficult for people to know that from the self-test error messages. JGH From INVALID.NOREPLY at gnu.org Tue Sep 20 02:38:54 2011 From: INVALID.NOREPLY at gnu.org (Marius Schamschula) Date: Tue, 20 Sep 2011 00:38:54 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110920-005523.sv707.96496@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> Message-ID: <20110920-003854.sv63226.26497@savannah.gnu.org> Follow-up Comment #2, sr #107806 (project gnutls): I just pulled gnulib from git. I applied it to gnutls 3.0.2 using gnulib-tool --add-import. Now I get the following failure: make[3]: Entering directory `/private/tmp/gnutls-3.0.2/lib' CCLD libgnutls.la /usr/bin/nm: no name list /usr/bin/nm: no name list ld: duplicate symbol _memxor in /usr/local/lib/libnettle.a(memxor.o) and ../gl/.libs/libgnu.a(memxor.o) collect2: ld returned 1 exit status make[3]: *** [libgnutls.la] Error 1 make[3]: Leaving directory `/private/tmp/gnutls-3.0.2/lib' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/private/tmp/gnutls-3.0.2/lib' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/private/tmp/gnutls-3.0.2' make: *** [all] Error 2 _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From neuromancer at dash.za.net Tue Sep 20 03:06:35 2011 From: neuromancer at dash.za.net (Dash Shendy) Date: Tue, 20 Sep 2011 03:06:35 +0200 Subject: testdsa fails Message-ID: <4E77E71B.2020100@dash.za.net> make[3]: Entering directory `/root/installs/gnutls-3.0.3/tests/dsa' Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failure: ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs FAIL: testdsa =================================== 1 of 1 test failed Please report to bug-gnutls at gnu.org =================================== make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/root/installs/gnutls-3.0.3/tests/dsa' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/root/installs/gnutls-3.0.3/tests/dsa' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/root/installs/gnutls-3.0.3/tests' make: *** [check-recursive] Error 1 Dash Shendy http://dash.za.net/?smtpsig gtalk: dash.za.net at gmail.com skype: dashula2006 mopho: (+27) 72 23 75 199 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x1F109B38.asc Type: application/pgp-keys Size: 1887 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From nmav at gnutls.org Tue Sep 20 12:33:46 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 20 Sep 2011 12:33:46 +0200 Subject: gnutls 2.12.11 In-Reply-To: <201109200018.24052.ml@smtp.fakessh.eu> References: <4E766250.1050205@gnutls.org> <201109192143.24682.ml@smtp.fakessh.eu> <4E77B430.2040000@gnutls.org> <201109200018.24052.ml@smtp.fakessh.eu> Message-ID: On Tue, Sep 20, 2011 at 12:18 AM, ml at smtp.fakessh.eu wrote: > Le lundi 19 septembre 2011 23:29, vous avez ?crit?: >> http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 > test fail > bind: Address already in use > server: bind failed Hi, most probably some of the ports in the range 5550-5559 seem not to be available in your system. The tests use these ports. regards, Nikos From nmav at gnutls.org Tue Sep 20 12:33:46 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 20 Sep 2011 12:33:46 +0200 Subject: gnutls 2.12.11 In-Reply-To: <201109200018.24052.ml@smtp.fakessh.eu> References: <4E766250.1050205@gnutls.org> <201109192143.24682.ml@smtp.fakessh.eu> <4E77B430.2040000@gnutls.org> <201109200018.24052.ml@smtp.fakessh.eu> Message-ID: On Tue, Sep 20, 2011 at 12:18 AM, ml at smtp.fakessh.eu wrote: > Le lundi 19 septembre 2011 23:29, vous avez ?crit?: >> http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.11.tar.bz2 > test fail > bind: Address already in use > server: bind failed Hi, most probably some of the ports in the range 5550-5559 seem not to be available in your system. The tests use these ports. regards, Nikos From INVALID.NOREPLY at gnu.org Tue Sep 20 12:56:17 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Tue, 20 Sep 2011 10:56:17 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110830-165145.sv707.88428@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> Message-ID: <20110920-105617.sv0.28243@savannah.gnu.org> Follow-up Comment #11, sr #107775 (project gnutls): (Sorry for the slow reply) Yeah, the compression fails. _gnutls_send_int() calls _gnutls_encrypt() calls _gnutls_m_plaintext2compressed() calls _gnutls_compress(). However, params->write.compression_state is a NULL pointer, so the first argument to _gnutls_compress() is NULL. Any hint where to look next? Why is this trying to compress something with GNUTLS_COMP_NULL? (gdb) bt #0 _gnutls_compress (handle=0x0, plain=0x8fbf504 " 20", plain_size=460, compressed=0xbffcef28, max_comp_size=18432) at gnutls_compress.c:409 #1 0xb71e199a in _gnutls_m_plaintext2compressed (session=0x8c04570, compressed=0xbffcef64, plaintext=0xbffcef6c, params=0x8fbfd90) at gnutls_compress.c:46 #2 0xb71e2953 in _gnutls_encrypt (session=0x8c04570, headers=0xbffcefef " 26 03 01", headers_size=5, data=0x8fbf504 " 20", data_size=460, ciphertext=0x8df2bb4 "", ciphertext_size=2843, type=GNUTLS_HANDSHAKE, params=0x8fbfd90) at gnutls_cipher.c:109 #3 0xb71df9c7 in _gnutls_send_int (session=0x8c04570, type=GNUTLS_HANDSHAKE, htype=GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, epoch_rel=0, _data=0x8fbf504, data_size=460, mflags=0) at gnutls_record.c:432 #4 0xb71e5a2f in _gnutls_handshake_io_write_flush (session=0x8c04570) at gnutls_buffers.c:655 #5 0xb71e9b6e in _gnutls_send_handshake (session=0x8c04570, bufel=0x8fbeab8, type=GNUTLS_HANDSHAKE_FINISHED) at gnutls_handshake.c:1122 #6 0xb71e8d04 in _gnutls_send_finished (session=0x8c04570, again=0) at gnutls_handshake.c:656 #7 0xb71ecf41 in _gnutls_send_handshake_final (session=0x8c04570, init=1) at gnutls_handshake.c:2594 #8 0xb71edb29 in _gnutls_handshake_common (session=0x8c04570) at gnutls_handshake.c:2816 #9 0xb71ec393 in gnutls_handshake (session=0x8c04570) at gnutls_handshake.c:2336 #10 0xb774c428 in ?? () from /usr/lib/libloudmouth-1.so.0 #11 0xb774df71 in ?? () from /usr/lib/libloudmouth-1.so.0 #12 0xb774e6f9 in ?? () from /usr/lib/libloudmouth-1.so.0 #13 0xb774f0d8 in ?? () from /usr/lib/libloudmouth-1.so.0 #14 0xb76d96ce in ?? () from /usr/lib/libglib-2.0.so.0 #15 0xb7693c4f in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #16 0xb76943b0 in ?? () from /usr/lib/libglib-2.0.so.0 #17 0xb76946da in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #18 0x08052316 in main () (gdb) frame 1 #1 0xb71e199a in _gnutls_m_plaintext2compressed (session=0x8c04570, compressed=0xbffcef64, plaintext=0xbffcef6c, params=0x8fbfd90) at gnutls_compress.c:46 46 size = (gdb) print *params $10 = {epoch = 0, initialized = 1, cipher_algorithm = GNUTLS_CIPHER_NULL, mac_algorithm = GNUTLS_MAC_NULL, compression_algorithm = GNUTLS_COMP_NULL, read = {mac_secret = { data = 0x0, size = 0}, IV = {data = 0x0, size = 0}, key = {data = 0x0, size = 0}, cipher_state = {cipher = {handle = 0x0, encrypt = 0, decrypt = 0, auth = 0, tag = 0, setiv = 0, deinit = 0, tag_size = 0, is_aead = 0}, mac = {algorithm = GNUTLS_MAC_UNKNOWN, key = 0x0, keysize = 0, hash = 0, copy = 0, reset = 0, output = 0, deinit = 0, handle = 0x0}, is_mac = 0, ssl_hmac = 0, tag_size = 0}, compression_state = 0x0, sequence_number = { i = " 00 00 00 00 00 00 00 03"}}, write = {mac_secret = {data = 0x0, size = 0}, IV = { data = 0x0, size = 0}, key = {data = 0x0, size = 0}, cipher_state = {cipher = {handle = 0x0, encrypt = 0, decrypt = 0, auth = 0, tag = 0, setiv = 0, deinit = 0, tag_size = 0, is_aead = 0}, mac = {algorithm = GNUTLS_MAC_UNKNOWN, key = 0x0, keysize = 0, hash = 0, copy = 0, reset = 0, output = 0, deinit = 0, handle = 0x0}, is_mac = 0, ssl_hmac = 0, tag_size = 0}, compression_state = 0x0, sequence_number = { i = " 00 00 00 00 00 00 00 01"}}, usage_cnt = 2} _______________________________________________________ Reply to this item at: _______________________________________________ Nachricht geschickt von/durch Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Tue Sep 20 13:15:12 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Tue, 20 Sep 2011 11:15:12 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110920-105617.sv0.28243@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> Message-ID: <20110920-111512.sv0.84681@savannah.gnu.org> Follow-up Comment #12, sr #107775 (project gnutls): Oh, in _gnutls_encrypt(), cur_record_params has different content than params (which is what is passed to plaintext2compressed). cur_record_params->compression_algorithm == GNUTLS_COMP_DEFLATE while params has GNUTLS_COMP_NULL. Doing "cur_record_params = params;" makes gnutls close the connection, doing "params = cur_record_params;" in _gnutls_encrypt() makes the other end close the connection, but at least the current call to _gnutls_encrypt() doesn't fail in either case. And no, in neither case is an Alert send. :( _______________________________________________________ Reply to this item at: _______________________________________________ Nachricht geschickt von/durch Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Tue Sep 20 15:49:48 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Tue, 20 Sep 2011 13:49:48 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110920-111512.sv0.84681@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> Message-ID: <20110920-134948.sv0.70893@savannah.gnu.org> Follow-up Comment #13, sr #107775 (project gnutls): Really strange. Could you send me a tcpdump capture of that transaction? Is there any way for me to reproduce that? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Tue Sep 20 16:17:09 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 20 Sep 2011 16:17:09 +0200 Subject: gnutls-3.0.3 testdsa problems, patch In-Reply-To: References: Message-ID: On Tue, Sep 20, 2011 at 12:33 AM, Somchai Smythe wrote: > Hello, > Since gnutls-3.0.X is the supported 'stable', I am trying to build it > and use it. ?But I'm having many problems getting the test-suite to > run. > After a long night of frustration I realized the problem is that the > test server software unconditionally expects me to be using IPV6. ?I > don't have any IPV6 kernel modules loaded and no IPV6 interface > configured, but the test sever still tries to listen on ipv6 anyway > for '::' (I'm on linux 3.0.4 kernel). ?This probably incorrect tiny > patch (against gnutls-3.0.3 release) fixed that problem for me: It seems your system reports IPv6 capability but fails when asked. I think I'll incorporate your patch (which looks fine). > But all it did was let me go to the next crash :-( > Now I still get stuck with this: [...] > *** Fatal error: The given DSA key is incompatible with the selected > TLS protocol. > *** Handshake has failed > GnuTLS error: The given DSA key is incompatible with the selected TLS protocol. > Failure: Failed connection to a server with a client DSA 2048 key and TLS 1.2! That's pretty strange because the code isn't system specific and I cannot reproduce it. What is the system you're using? regards, Nikos From nmav at gnutls.org Tue Sep 20 16:23:01 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 20 Sep 2011 16:23:01 +0200 Subject: gnutls-3.0.3 testdsa problems, patch In-Reply-To: References: Message-ID: On Tue, Sep 20, 2011 at 4:17 PM, Nikos Mavrogiannopoulos wrote: >> *** Fatal error: The given DSA key is incompatible with the selected >> TLS protocol. >> *** Handshake has failed >> GnuTLS error: The given DSA key is incompatible with the selected TLS protocol. >> Failure: Failed connection to a server with a client DSA 2048 key and TLS 1.2! > That's pretty strange because the code isn't system specific and I > cannot reproduce it. What is the system you're using? Could you try removing the /dev/null redirections for the failed test and add a "-d 6" parameter to the client and server? regards, Nikos From ametzler at downhill.at.eu.org Tue Sep 20 19:35:57 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Tue, 20 Sep 2011 19:35:57 +0200 Subject: gnutls 3.0.3 In-Reply-To: <4E7668F4.1040108@gnutls.org> References: <4E7668F4.1040108@gnutls.org> Message-ID: <20110920173557.GC2836@downhill.g.la> On 2011-09-18 Nikos Mavrogiannopoulos wrote: > Hello, > I've just released gnutls 3.0.3. It includes bug fixes and few feature > additions. > * Version 3.0.3 (released 2011-09-18) [...] > ** libgnutls: Added support for VIA padlock AES optimizations. > (disabled by default) [...] Again running through the diff... Isn't lib/accelerated/intel/asm/padlock-x86.s copyright assigned to the FSF? cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From nmav at gnutls.org Tue Sep 20 20:26:07 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 20 Sep 2011 20:26:07 +0200 Subject: gnutls 3.0.3 In-Reply-To: <20110920173557.GC2836@downhill.g.la> References: <4E7668F4.1040108@gnutls.org> <20110920173557.GC2836@downhill.g.la> Message-ID: <4E78DABF.50008@gnutls.org> On 09/20/2011 07:35 PM, Andreas Metzler wrote: >> ** libgnutls: Added support for VIA padlock AES optimizations. >> (disabled by default) > [...] > Again running through the diff... Isn't > lib/accelerated/intel/asm/padlock-x86.s copyright assigned to the FSF? No. We distribute them to enhance functionality of gnutls, but they are not a part of it, thus we don't need a copyright assignment. The license and status is discussed in README and license.txt at lib/accelerated/intel. regards, Nikos From toralf.foerster at gmx.de Tue Sep 20 19:51:17 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Tue, 20 Sep 2011 19:51:17 +0200 Subject: GnuTLS internal error in wine test case Message-ID: <201109201951.18237.toralf.foerster@gmx.de> Hello, as reported here http://bugs.winehq.org/show_bug.cgi?id=28449 and here http://bugs.winehq.org/show_bug.cgi?id=28383 there's an GnuTLS crash triggered by an wine test case. Shouldn't this crash happened ? -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From n.mavrogiannopoulos at gmail.com Wed Sep 21 10:19:40 2011 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Wed, 21 Sep 2011 10:19:40 +0200 Subject: alleged attack on TLS Message-ID: There is hype on an alleged attack on the TLS protocol. The authors of the alleged attack took an irresponsible stance by talking to media about an alleged attack without providing any details. I'm not providing any links to them because I don't want to encourage this behavior by providing more publicity. From information gathered here and there it seems the attack is a variation or an implementation of the Bard attack [0]. If you are using GnuTLS and want to prevent such attacks you can do the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables them by default, but because of compatibility issues with broken peers they are often disabled) This will ensure that if the peer supports those protocols the attack will not be applicable. If the peer does not support them you'll be vulnerable to Bard-type of attacks. If this is a problem for you then: * Disable SSL 3.0 and TLS 1.0 Datagram TLS 1.0 is not vulnerable to this attack. regards, Nikos [0]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf From nmav at gnutls.org Wed Sep 21 10:23:18 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 21 Sep 2011 10:23:18 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: <201109201951.18237.toralf.foerster@gmx.de> References: <201109201951.18237.toralf.foerster@gmx.de> Message-ID: 2011/9/20 Toralf F?rster : > Hello, > as reported here http://bugs.winehq.org/show_bug.cgi?id=28449 and here > http://bugs.winehq.org/show_bug.cgi?id=28383 there's an GnuTLS crash triggered > by an wine test case. > Shouldn't this crash happened ? I don't know what is the test case that fails. Is there a way for me to reproduce it? Could it be related to the discussion in: http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html#Interoperability regards, Nikos From toralf.foerster at gmx.de Wed Sep 21 11:01:49 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Wed, 21 Sep 2011 11:01:49 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: References: <201109201951.18237.toralf.foerster@gmx.de> Message-ID: <201109211101.51038.toralf.foerster@gmx.de> Nikos Mavrogiannopoulos wrote at 10:23:18 > I don't know what is the test case that fails. Is there a way for me > to reproduce it? Could it be related to the discussion in: Of course: git clone git://source.winehq.org/git/wine.git wine-git cd wine-git ./configure make cd dlls/secur32/tests/ rm schannel.ok make test > Could it be related to the discussion in: > http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html#I > nteroperability I dunno - sry. -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From derleader at abv.bg Wed Sep 21 13:05:04 2011 From: derleader at abv.bg (derleader mail) Date: Wed, 21 Sep 2011 14:05:04 +0300 (EEST) Subject: compilation error Message-ID: <900347306.65546.1316603104832.JavaMail.apache@mail22.abv.bg> Hi, When I tried to compile GnuTLS on Ubuntu this error came up: CC version-etc.lo CC version-etc-fsf.lo CC asnprintf.lo CC frexp.lo CC frexpl.lo CC ftell.lo CC ftello.lo ftello.c: In function 'rpl_ftello': ftello.c:45: error: 'fp_' undeclared (first use in this function) ftello.c:45: error: (Each undeclared identifier is reported only once ftello.c:45: error: for each function it appears in.) ftello.c:45: error: '_IOWRT' undeclared (first use in this function) make[4]: *** [ftello.lo] Error 1 make[4]: Leaving directory `/home/rcbandit/Desktop/gnutls-3.0.3/gl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/rcbandit/Desktop/gnutls-3.0.3/gl' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/rcbandit/Desktop/gnutls-3.0.3/gl' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/rcbandit/Desktop/gnutls-3.0.3' make: *** [all] Error 2 rcbandit at ubuntu:~/Desktop/gnutls-3.0.3$ Any idea how to fix it? Regards ----------------------------------------------------------------- 100 ?? ?????. ???-?????? ???????????. Tempobet.com http://bg.tempobet.com/affiliates/3208311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Wed Sep 21 14:28:09 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 21 Sep 2011 14:28:09 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: <201109211101.51038.toralf.foerster@gmx.de> References: <201109201951.18237.toralf.foerster@gmx.de> <201109211101.51038.toralf.foerster@gmx.de> Message-ID: 2011/9/21 Toralf F?rster : >> I don't know what is the test case that fails. Is there a way for me >> to reproduce it? Could it be related to the discussion in: > Of course: > git clone git://source.winehq.org/git/wine.git wine-git > cd wine-git > ./configure > make > cd dlls/secur32/tests/ > rm schannel.ok > make test I don't think I can help. What am I supposed to check? What is this test actually testing? Is there a small gnutls program that could help me to reproduce any failure? regards, Nikos From simon at josefsson.org Wed Sep 21 15:44:03 2011 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 21 Sep 2011 15:44:03 +0200 Subject: testdsa fails In-Reply-To: <4E77E71B.2020100@dash.za.net> (Dash Shendy's message of "Tue, 20 Sep 2011 03:06:35 +0200") References: <4E77E71B.2020100@dash.za.net> Message-ID: <87pqiuxb6k.fsf@latte.josefsson.org> Dash Shendy writes: > make[3]: Entering directory `/root/installs/gnutls-3.0.3/tests/dsa' > Checking various DSA key sizes > Checking DSA-1024 with TLS 1.0 > Failure: > ../scripts/common.sh: line 25: kill: Failed: arguments must be process > or job IDs > ../scripts/common.sh: line 25: kill: to: arguments must be process or > job IDs > ../scripts/common.sh: line 25: kill: launch: arguments must be process > or job IDs > ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be > process or job IDs > ../scripts/common.sh: line 25: kill: server,: arguments must be process > or job IDs > ../scripts/common.sh: line 25: kill: aborting: arguments must be process > or job IDs > ../scripts/common.sh: line 25: kill: test...: arguments must be process > or job IDs > FAIL: testdsa What operating system and /bin/sh implementation is this? /Simon From INVALID.NOREPLY at gnu.org Wed Sep 21 16:00:34 2011 From: INVALID.NOREPLY at gnu.org (Simon Josefsson) Date: Wed, 21 Sep 2011 14:00:34 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110920-003854.sv63226.26497@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> <20110920-003854.sv63226.26497@savannah.gnu.org> Message-ID: <20110921-140033.sv7213.74553@savannah.gnu.org> Follow-up Comment #3, sr #107806 (project gnutls): I updated gnulib files to the latest version, it should be safe to do so and it has some other improvements. Maybe you can try building from git? Or wait for the next release. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 21 16:00:55 2011 From: INVALID.NOREPLY at gnu.org (Simon Josefsson) Date: Wed, 21 Sep 2011 14:00:55 +0000 Subject: [sr #107804] privkey memory leak in server handshake In-Reply-To: <20110918-012316.sv707.93460@savannah.gnu.org> References: <20110917-144153.sv73763.64603@savannah.gnu.org> <20110917-193159.sv707.1902@savannah.gnu.org> <20110917-200747.sv707.79803@savannah.gnu.org> <20110917-191121.sv73763.52856@savannah.gnu.org> <20110918-012316.sv707.93460@savannah.gnu.org> Message-ID: <20110921-140055.sv7213.41525@savannah.gnu.org> Update of sr #107804 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From toralf.foerster at gmx.de Wed Sep 21 17:07:50 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Wed, 21 Sep 2011 17:07:50 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: References: <201109201951.18237.toralf.foerster@gmx.de> <201109211101.51038.toralf.foerster@gmx.de> Message-ID: <201109211707.51310.toralf.foerster@gmx.de> Nikos Mavrogiannopoulos wrote at 14:28:09 > I don't think I can help. What am I supposed to check? What is this > test actually testing? Well, here is s hint http://bugs.winehq.org/show_bug.cgi?id=28383#c5 which test actually failes. > Is there a small gnutls program that could help > me to reproduce any failure? I do not have such a nifty small program. -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From ametzler at downhill.at.eu.org Wed Sep 21 18:59:38 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Wed, 21 Sep 2011 18:59:38 +0200 Subject: gnutls 3.0.3 In-Reply-To: <4E78DABF.50008@gnutls.org> References: <4E7668F4.1040108@gnutls.org> <20110920173557.GC2836@downhill.g.la> <4E78DABF.50008@gnutls.org> Message-ID: <20110921165938.GA2712@downhill.g.la> On 2011-09-20 Nikos Mavrogiannopoulos wrote: > On 09/20/2011 07:35 PM, Andreas Metzler wrote: > >>** libgnutls: Added support for VIA padlock AES optimizations. > >>(disabled by default) > >[...] > >Again running through the diff... Isn't > >lib/accelerated/intel/asm/padlock-x86.s copyright assigned to the FSF? > No. We distribute them to enhance functionality of gnutls, but they > are not a part of it, thus we don't need a copyright assignment. The > license and status is discussed in README and license.txt at > lib/accelerated/intel. Thank you for the confirmation, I will update debian/copyright accordingly. cu andreas From snackypants at gmail.com Wed Sep 21 19:43:31 2011 From: snackypants at gmail.com (Chris Palmer) Date: Wed, 21 Sep 2011 10:43:31 -0700 Subject: alleged attack on TLS In-Reply-To: References: Message-ID: On Wed, Sep 21, 2011 at 1:19 AM, Nikos Mavrogiannopoulos wrote: > From information gathered here > and there it seems the attack is a variation or an implementation of > the Bard attack [0]. The BEAST developers say that they were inspired by Dai, not Bard. FWIW. > If you are using GnuTLS and want to prevent such > attacks you can do the following: > * Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables > them by default, but because of compatibility issues with broken peers > they are often disabled) You can also use a non-CBC cipher suite, like RC4. -- "These days, though, you have to be pretty technical before you can even aspire to crudeness." ? William Gibson From nmav at gnutls.org Wed Sep 21 19:50:35 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 21 Sep 2011 19:50:35 +0200 Subject: alleged attack on TLS In-Reply-To: References: Message-ID: <4E7A23EB.8040605@gnutls.org> On 09/21/2011 07:43 PM, Chris Palmer wrote: >> If you are using GnuTLS and want to prevent such attacks you can do >> the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled >> (gnutls enables them by default, but because of compatibility >> issues with broken peers they are often disabled) > You can also use a non-CBC cipher suite, like RC4. Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are known for RC4 in TLS, I don't know if switching to it is a real solution. regards, Nikos From snackypants at gmail.com Wed Sep 21 20:06:02 2011 From: snackypants at gmail.com (Chris Palmer) Date: Wed, 21 Sep 2011 11:06:02 -0700 Subject: alleged attack on TLS In-Reply-To: <4E7A23EB.8040605@gnutls.org> References: <4E7A23EB.8040605@gnutls.org> Message-ID: On Wed, Sep 21, 2011 at 10:50 AM, Nikos Mavrogiannopoulos wrote: > Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are > known for RC4 in TLS, I don't know if switching to it is a real solution. Well, we know AES-CBC has at least the one weakness (although BEAST's applicability to real attack scenarios may be arguable). Anyway, Google uses RC4 for performance reasons, and it's by no means the weak link in the chain. As long as it's not something blatantly broken like RC4-40, the cipher suite is never the weak link in the chain... -- "These days, though, you have to be pretty technical before you can even aspire to crudeness." ? William Gibson From INVALID.NOREPLY at gnu.org Thu Sep 22 01:48:44 2011 From: INVALID.NOREPLY at gnu.org (Marius Schamschula) Date: Wed, 21 Sep 2011 23:48:44 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110921-140033.sv7213.74553@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> <20110920-003854.sv63226.26497@savannah.gnu.org> <20110921-140033.sv7213.74553@savannah.gnu.org> Message-ID: <20110921-234843.sv63226.16101@savannah.gnu.org> Follow-up Comment #4, sr #107806 (project gnutls): I just pulled the latest gnutls git sources. Unfortunately, I get the original compile error _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From austinenglish at gmail.com Wed Sep 21 22:26:27 2011 From: austinenglish at gmail.com (Austin English) Date: Wed, 21 Sep 2011 13:26:27 -0700 Subject: GnuTLS internal error in wine test case In-Reply-To: <201109211707.51310.toralf.foerster@gmx.de> References: <201109201951.18237.toralf.foerster@gmx.de> <201109211101.51038.toralf.foerster@gmx.de> <201109211707.51310.toralf.foerster@gmx.de> Message-ID: 2011/9/21 Toralf F?rster : > > Nikos Mavrogiannopoulos wrote at 14:28:09 >> I don't think I can help. What am I supposed to check? What is this >> test actually testing? > Well, here is s hint http://bugs.winehq.org/show_bug.cgi?id=28383#c5 which > test actually failes. > >> Is there a small gnutls program that could help >> me to reproduce any failure? > I do not have such a nifty small program. If you don't want to build wine, but have a binary installed, I can get you a small win32 executable showing the same problem. I don't know that code well enough to get you a standalone C testcase, though. -- -Austin From nmav at gnutls.org Thu Sep 22 09:51:10 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 22 Sep 2011 09:51:10 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: References: <201109201951.18237.toralf.foerster@gmx.de> <201109211101.51038.toralf.foerster@gmx.de> <201109211707.51310.toralf.foerster@gmx.de> Message-ID: 2011/9/21 Austin English : >>> Is there a small gnutls program that could help >>> me to reproduce any failure? >> I do not have such a nifty small program. > If you don't want to build wine, but have a binary installed, I can > get you a small win32 executable showing the same problem. > I don't know that code well enough to get you a standalone C testcase, though. My problem is that I don't know what the test is actually supposed to check for, thus verifying if it is correct is impossible. For me would be best if someone could also link that test with the actual usage of gnutls. I'm not very familiar with the windows apis. regards, Nikos From buraphalinuxserver at gmail.com Thu Sep 22 12:10:44 2011 From: buraphalinuxserver at gmail.com (Somchai Smythe) Date: Thu, 22 Sep 2011 17:10:44 +0700 Subject: gnutls-3.0.3 testdsa problems, patch In-Reply-To: References:

Message-ID: Hello, Some processes were holding the sockets open. These processes were from pervious crashes from my early patch attempts that were bad. After I did 'kill -9' on all of those, then with my patch all tests pass and the build appears to work fine. Without the patch I get this: $./testdsa Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failed to launch a gnutls-serv server ! Failure: ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs $ I did modify the testdsa (attached) to remove the redirections of output to /dev/null, but it did not change the output of the test in the case where the patch was not applied. With the patch applied and the modified testdsa, I get a lot of output I don't really understand (attached). JGH On 9/20/11, Nikos Mavrogiannopoulos wrote: > On Tue, Sep 20, 2011 at 4:17 PM, Nikos Mavrogiannopoulos > wrote: > >>> *** Fatal error: The given DSA key is incompatible with the selected >>> TLS protocol. >>> *** Handshake has failed >>> GnuTLS error: The given DSA key is incompatible with the selected TLS >>> protocol. >>> Failure: Failed connection to a server with a client DSA 2048 key and TLS >>> 1.2! >> That's pretty strange because the code isn't system specific and I >> cannot reproduce it. What is the system you're using? > > Could you try removing the /dev/null redirections for the failed test > and add a "-d 6" parameter to the client and server? > > regards, > Nikos > -------------- next part -------------- A non-text attachment was scrubbed... Name: rezz Type: application/octet-stream Size: 117052 bytes Desc: not available URL: From INVALID.NOREPLY at gnu.org Thu Sep 22 12:46:09 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Thu, 22 Sep 2011 10:46:09 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110920-134948.sv0.70893@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> Message-ID: <20110922-104609.sv0.38706@savannah.gnu.org> Follow-up Comment #14, sr #107775 (project gnutls): Attached are pcap files for vanilla gnutls 3.0.3 (before the bug fix where a negative value was assigned to a unsigned variable, but the error we are looking into now happens before that) and two version of my ugly and apparently wrong attempt to fix this. I also did trace of 'gnutls-cli 217.10.10.194 --port 5223', exported them as text and diff't it to vanilla gnutls. mcabber proposes DEFLATE while gnutls-cli doesn't and mcabber sends a cert_type extension while gnutls_cli instead sends a server_name extension. Can one somehow make gnutls-cli to propose deflate, too? (file #24008, file #24009, file #24010, file #24011) _______________________________________________________ Additional Item Attachment: File name: vanilla-gnutls.pcap Size:6 KB File name: cur_params=params.pcap Size:7 KB File name: params=cur_params.pcap Size:7 KB File name: patch Size:1 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Thu Sep 22 13:01:51 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 22 Sep 2011 13:01:51 +0200 Subject: gnutls-3.0.3 testdsa problems, patch In-Reply-To: References:

Message-ID: On Thu, Sep 22, 2011 at 12:10 PM, Somchai Smythe wrote: > Hello, > ? ?Some processes were holding the sockets open. ?These processes > were from pervious crashes from my early patch attempts that were bad. > ?After I did 'kill -9' on all of those, then with my patch all tests > pass and the build appears to work fine. Thank you for the feedback. Your patch will be included in the next release. regards, Nikos From INVALID.NOREPLY at gnu.org Thu Sep 22 13:19:38 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Thu, 22 Sep 2011 11:19:38 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110922-104609.sv0.38706@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> Message-ID: <20110922-111937.sv0.55962@savannah.gnu.org> Follow-up Comment #15, sr #107775 (project gnutls): Use gnutls-cli --priority NORMAL:+COMP-DEFLATE. Does your patch fix the issue for you? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 22 13:43:56 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Thu, 22 Sep 2011 11:43:56 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110922-111937.sv0.55962@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> <20110922-111937.sv0.55962@savannah.gnu.org> Message-ID: <20110922-114356.sv0.23245@savannah.gnu.org> Follow-up Comment #16, sr #107775 (project gnutls): Nope, the patch didn't really work, the current packet is send fine, but stuff still fails shortly thereafter (one of the cases was local connection close without an alert, the other was the remote closing the connection without an alert). Thanks for the --priority hint, that hits the same problem on the affected box. Attached is the output of ' gnutls-cli 217.10.10.194 --port 5223 --priority NORMAL:+COMP-DEFLATE --debug 1000' ('1000' is just "some large value"). (file #24012) _______________________________________________________ Additional Item Attachment: File name: debug_output Size:9 KB _______________________________________________________ Reply to this item at: _______________________________________________ Nachricht geschickt von/durch Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 22 13:56:32 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Thu, 22 Sep 2011 11:56:32 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110922-114356.sv0.23245@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> <20110922-111937.sv0.55962@savannah.gnu.org> <20110922-114356.sv0.23245@savannah.gnu.org> Message-ID: <20110922-115632.sv0.56547@savannah.gnu.org> Follow-up Comment #17, sr #107775 (project gnutls): I see. It seems the (de)compression code is not working properly in 3.0.x. Consider disabling it temporarily until the next release. I attach a quick fix in case compression is crucial for you, but I need to verify there are no side-effects. (file #24013) _______________________________________________________ Additional Item Attachment: File name: patch.txt Size:1 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From ml at smtp.fakessh.eu Thu Sep 22 17:04:57 2011 From: ml at smtp.fakessh.eu (ml at smtp.fakessh.eu) Date: Thu, 22 Sep 2011 17:04:57 +0200 Subject: build failed gnutls via git Message-ID: <201109221705.06349.ml@smtp.fakessh.eu> hello list after you try to build gnutls via git. I failed because of package dependencies of autoconf that I can not solve the in my rpm distribution system please provide a simple solution all testimonials are welcome -- ?http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 ?gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From ametzler at downhill.at.eu.org Thu Sep 22 19:35:48 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Thu, 22 Sep 2011 19:35:48 +0200 Subject: gnutls 2.12.11 fails to build (guile docs) Message-ID: <20110922173548.GA3014@downhill.g.la> Hello, gnutls 2.12.11 triggers a hidden error: ------------------------------------------ Making all in doc make[3]: Entering directory `/tmp/GNUTLS/gnutls-2.12.11/doc' /usr/bin/make -C ../guile/src built-sources && \ GUILE_AUTO_COMPILE=0 /usr/bin/guile -L ../guile/modules -l "./extract-guile-c-doc.scm" \ -e '(apply main (cdr (command-line)))' \ -- "../guile/src/core.c" "gcc -E" "-I.. -I.. -I../lib/includes -I../lib/includes -I../libextra/includes -I../guile/src -I../guile/src " \ > "core.c.texi" make[4]: Entering directory `/tmp/GNUTLS/gnutls-2.12.11/guile/src' GUILE_AUTO_COMPILE=0 /usr/bin/guile -L ../../guile/modules make-enum-map.scm > enum-map.i.c [...] make[4]: Leaving directory `/tmp/GNUTLS/gnutls-2.12.11/guile/src' extracting Texinfo doc from `../guile/src/core.c'... Backtrace: In unknown file: ?: 0* [parse-documentation-item " loca"] ?: 1* (letrec ((read-strings #)) (let* (# #) (if # # #))) In ../guile/modules/system/documentation/c-snarf.scm: 103: 2 (let* (# #) (if # # #)) In unknown file: ... ?: 3 [scm-error misc-error #f "~A ~S" ("invalid documentation item" "loca") #f] : In procedure scm-error in expression (scm-error (quote misc-error) #f ...): : invalid documentation item "loca" make[3]: *** [core.c.texi] Error 1 ------------------------------------------ The issue was present in earlier version of gnutls (I also see this with 2.10.5 and 2.12.0) but is triggered only now, since core.c in the tarball is newer than the included copy of core.c.texi: (SID)ametzler at argenau:/tmp/GNUTLS/gnutls-2.12.11$ find -name core.c* -ls 13928651 24 -rw-r--r-- 1 ametzler ametzler 24236 Apr 8 13:02 ./doc/core.c.texi 13929236 88 -rw-r--r-- 1 ametzler ametzler 85050 Sep 18 00:16 ./guile/src/core.c This is with gcc 4.6.1-11 and guile 1.8.8+1-6 on Debian/sid. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From INVALID.NOREPLY at gnu.org Fri Sep 23 11:28:59 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 23 Sep 2011 09:28:59 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110922-115632.sv0.56547@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> <20110922-111937.sv0.55962@savannah.gnu.org> <20110922-114356.sv0.23245@savannah.gnu.org> <20110922-115632.sv0.56547@savannah.gnu.org> Message-ID: <20110923-092859.sv0.14920@savannah.gnu.org> Follow-up Comment #18, sr #107775 (project gnutls): With that patch applied ontop of latest git master, I can successfully connect, thanks. However, after ~2 seconds, the following happens: Program received signal SIGSEGV, Segmentation fault. 0xb7c18e1a in ?? () from /lib/libc.so.6 (gdb) bt full #0 0xb7c18e1a in ?? () from /lib/libc.so.6 No symbol table info available. #1 0xb7c1c37d in free () from /lib/libc.so.6 No symbol table info available. #2 0xb7a4a080 in remove_front (buf=0x8116b6c) at gnutls_mbuffers.c:224 bufel = 0x830f348 #3 0xb7a4a12e in _mbuffer_head_remove_bytes (buf=0x8116b6c, bytes=6549) at gnutls_mbuffers.c:257 left = 0 bufel = 0x830f348 next = 0x0 ret = 0 #4 0xb7a4721b in _gnutls_recv_in_buffers (session=0x81163e0, type=GNUTLS_APPLICATION_DATA, htype=4294967295) at gnutls_record.c:1003 packet_sequence = 0x82b1138 ciphertext = 0x830f381 "?307?300r205 37bY244!]yC316 71263#f0?336374wa9-274360302#215246i304 at Ww325 71 37352377_331361357241H217tK227177274 24221376307331370337276wx257371273364277E370?375355/`^t205T261 32351367c270~315373325333 22376 16 31215245343367227 33336/374317 36261`<237247iM264X360252 31373257 67371271P301323 26I203'a216 32 62264347_177w272B367274r215177217331Kghe316?St 01271>,0T,r347371221232 65275225367306L375u}207t244372[ 26W264374 34 01376D365330t 37"... bufel = 0x830f348 decrypted = 0x830ab10 ret = 8886 empty_packet = 0 record_params = 0x82b10b8 record_state = 0x82b10cc record = {header_size = 5, version = " 03 01", sequence = { i = " 00 00 00 00 00 00 00"}, length = 6544, packet_size = 6549, type = GNUTLS_APPLICATION_DATA, epoch = 0, v2 = 0} #5 0xb7a477aa in _gnutls_recv_int (session=0x81163e0, type=GNUTLS_APPLICATION_DATA, ---Type to continue, or q to quit--- htype=4294967295, data=0xbfffeddc " 02", data_size=1023, seq=0x0) at gnutls_record.c:1165 ret = 0 #6 0xb7a478a3 in gnutls_record_recv (session=0x81163e0, data=0xbfffeddc, data_size=1023) at gnutls_record.c:1238 No locals. #7 0xb7fb279f in ?? () from /usr/lib/libloudmouth-1.so.0 No symbol table info available. #8 0xb7fb41f7 in ?? () from /usr/lib/libloudmouth-1.so.0 No symbol table info available. #9 0xb7f3f6ce in ?? () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #10 0xb7ef9c4f in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #11 0xb7efa3b0 in ?? () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #12 0xb7efa6da in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 No symbol table info available. #13 0x08052316 in main () No symbol table info available. _______________________________________________________ Reply to this item at: _______________________________________________ Nachricht geschickt von/durch Savannah http://savannah.gnu.org/ From neuromancer at dash.za.net Fri Sep 23 11:32:14 2011 From: neuromancer at dash.za.net (Dash Shendy) Date: Fri, 23 Sep 2011 11:32:14 +0200 Subject: testdsa fails In-Reply-To: <87pqiuxb6k.fsf@latte.josefsson.org> References: <4E77E71B.2020100@dash.za.net> <87pqiuxb6k.fsf@latte.josefsson.org> Message-ID: <4E7C521E.1080503@dash.za.net> Hi Simon, Apologies for late reply. OS: Fedora Core 14 SH: GNU bash, version 4.1.7(1)-release-(i386-redhat-linux-gnu) Dash Shendy http://dash.za.net/?smtpsig gtalk: dash.za.net at gmail.com skype: dashula2006 mopho: (+27) 72 23 75 199 -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x1F109B38.asc Type: application/pgp-keys Size: 1887 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From INVALID.NOREPLY at gnu.org Fri Sep 23 11:43:55 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 23 Sep 2011 09:43:55 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110923-092859.sv0.14920@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> <20110922-111937.sv0.55962@savannah.gnu.org> <20110922-114356.sv0.23245@savannah.gnu.org> <20110922-115632.sv0.56547@savannah.gnu.org> <20110923-092859.sv0.14920@savannah.gnu.org> Message-ID: <20110923-124355.sv707.26365@savannah.gnu.org> Follow-up Comment #19, sr #107775 (project gnutls): Could you check the latest master without the patch? I've solved the problem differently (the patch wasn't entirely correct). _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 23 14:13:14 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Fri, 23 Sep 2011 12:13:14 +0000 Subject: [sr #107785] gnutls_sign_func called with hash size of 20 bytes In-Reply-To: <20110829-233143.sv707.76764@savannah.gnu.org> References: <20110829-133316.sv79827.56778@savannah.gnu.org> <20110829-134109.sv79827.17998@savannah.gnu.org> <20110829-142440.sv0.60552@savannah.gnu.org> <20110829-185359.sv79827.62866@savannah.gnu.org> <20110829-232625.sv707.44182@savannah.gnu.org> <20110829-233143.sv707.76764@savannah.gnu.org> Message-ID: <20110923-121314.sv79827.86415@savannah.gnu.org> Follow-up Comment #6, sr #107785 (project gnutls): I have solve the problem by determine the HASH algorithm from the HASH size. That is not optimal but it works. But I would be very sorrow if you depreciated the gnutls_sign_callback_set, that would force me to write a pkcs#11 interface for MS Cert Store so I can get access to the certificates. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 23 14:18:28 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 23 Sep 2011 12:18:28 +0000 Subject: [sr #107785] gnutls_sign_func called with hash size of 20 bytes In-Reply-To: <20110923-121314.sv79827.86415@savannah.gnu.org> References: <20110829-133316.sv79827.56778@savannah.gnu.org> <20110829-134109.sv79827.17998@savannah.gnu.org> <20110829-142440.sv0.60552@savannah.gnu.org> <20110829-185359.sv79827.62866@savannah.gnu.org> <20110829-232625.sv707.44182@savannah.gnu.org> <20110829-233143.sv707.76764@savannah.gnu.org> <20110923-121314.sv79827.86415@savannah.gnu.org> Message-ID: <20110923-151828.sv707.37037@savannah.gnu.org> Follow-up Comment #7, sr #107785 (project gnutls): gnutls_sign_callback_set() isn't going to be removed anytime soon. Your solution would work fine if you stick to SSL 3.0 up to TLS 1.1. In TLS 1.2 you'll have issues so make sure you disable it. Unrelated to that, making a small generic pkcs#11 interface for the MS cert store would actually be a great service. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From bhc at insight.dk Fri Sep 23 14:16:09 2011 From: bhc at insight.dk (=?utf-8?B?QmrDuHJuIENocmlzdGVuc2Vu?=) Date: Fri, 23 Sep 2011 14:16:09 +0200 Subject: [sr #107785] gnutls_sign_func called with hash size of 20 bytes Message-ID: <83D596805E41464EB382DFEEB6232D5487E38D@shelob.Insight.local> I have got it working with TLS1.2 also by determine the Hash Algorithm by the size of the Hash. The PKCS#11 interface for MS Cert store would be nice but I am not sure I have the skills to make the pkcs#11 function to the MS Crypto Api. /bhc -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:INVALID.NOREPLY at gnu.org] Sent: 23. september 2011 14:18 To: Nikos Mavrogiannopoulos; Bj?rn Christensen; gnutls-devel at gnu.org Subject: [sr #107785] gnutls_sign_func called with hash size of 20 bytes Follow-up Comment #7, sr #107785 (project gnutls): gnutls_sign_callback_set() isn't going to be removed anytime soon. Your solution would work fine if you stick to SSL 3.0 up to TLS 1.1. In TLS 1.2 you'll have issues so make sure you disable it. Unrelated to that, making a small generic pkcs#11 interface for the MS cert store would actually be a great service. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 23 14:23:33 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Fri, 23 Sep 2011 12:23:33 +0000 Subject: [sr #107815] Building GntTLS 3.0.2 on AIX Message-ID: <20110923-122332.sv79827.94059@savannah.gnu.org> URL: Summary: Building GntTLS 3.0.2 on AIX Project: GnuTLS Submitted by: cybear Submitted on: Fri Sep 23 12:23:32 2011 Category: Core library Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: None _______________________________________________________ Details: I am build with --disable-openpgp-authentication and it seems that in gnutls_pcert.c not all the openpgp code are covered by the #ifdef ENABLE_OPENPGP. line 221 to 358 should also be covered but a #ifdef ENABLE_OPENPGP and the file nettle/egd.c uses AF_LOCAL which is not defined on AIX, They recomend that one use AF_UNIX instead. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Fri Sep 23 14:30:28 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 23 Sep 2011 14:30:28 +0200 Subject: [sr #107785] gnutls_sign_func called with hash size of 20 bytes In-Reply-To: <83D596805E41464EB382DFEEB6232D5487E38D@shelob.Insight.local> References: <83D596805E41464EB382DFEEB6232D5487E38D@shelob.Insight.local> Message-ID: <4E7C7BE4.6070908@gnutls.org> On 09/23/2011 02:16 PM, Bj?rn Christensen wrote: > I have got it working with TLS1.2 also by determine the Hash Algorithm by the size of the Hash. In TLS 1.2 truncated hashes are allowed. Thus you'll not be able to distinguish between SHA256 truncated to 20 bytes from SHA1. This is not a common case (I suppose no-one uses it) but it is allowed. regards, Nikos From toralf.foerster at gmx.de Fri Sep 23 16:45:56 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Fri, 23 Sep 2011 16:45:56 +0200 Subject: net-libs/gnutls-3.0.3 failed test case DSA Message-ID: <201109231645.57989.toralf.foerster@gmx.de> Hello, today I tried to emerge der Gentoo the GnuTLS version 3.0.3. However the test phases failed here at an x86 - 32bit system: ... Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Failure: ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs FAIL: testdsa =================================== 1 of 1 test failed Please report to bug-gnutls at gnu.org ... Do you need more info ? -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From INVALID.NOREPLY at gnu.org Fri Sep 23 17:30:39 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 23 Sep 2011 15:30:39 +0000 Subject: [sr #107815] Building GntTLS 3.0.2 on AIX In-Reply-To: <20110923-122332.sv79827.94059@savannah.gnu.org> References: <20110923-122332.sv79827.94059@savannah.gnu.org> Message-ID: <20110923-183038.sv707.58755@savannah.gnu.org> Update of sr #107815 (project gnutls): Status: None => Done Assigned to: None => nmav Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #1: I've committed an update to address those issues. Thanks. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From toralf.foerster at gmx.de Fri Sep 23 18:40:26 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Fri, 23 Sep 2011 18:40:26 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: References: <201109201951.18237.toralf.foerster@gmx.de>

Message-ID: <201109231840.27828.toralf.foerster@gmx.de> Nikos Mavrogiannopoulos wrote at 09:51:10 > My problem is that I don't know what the test is actually supposed to > check for, thus verifying if it is correct is impossible. For me would > be best if someone could also link that test with the actual usage of > gnutls. I'm not very familiar with the windows apis. > FWIW the current version 3.0.3 works much better, - and now wine also detects that there's an error : ../../../tools/runtest -q -P wine -M secur32.dll -T ../../.. -p secur32_test.exe.so schannel.c && touch schannel.ok GnuTLS error: An unexpected TLS packet was received. GnuTLS error: A TLS fatal alert has been received. schannel.c:748: Test failed: DecryptMessage failed: 80090304 -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From nmav at gnutls.org Fri Sep 23 19:06:38 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 23 Sep 2011 19:06:38 +0200 Subject: net-libs/gnutls-3.0.3 failed test case DSA In-Reply-To: <201109231645.57989.toralf.foerster@gmx.de> References: <201109231645.57989.toralf.foerster@gmx.de> Message-ID: <4E7CBC9E.1080604@gnutls.org> On 09/23/2011 04:45 PM, Toralf F?rster wrote: > Hello, > > today I tried to emerge der Gentoo the GnuTLS version 3.0.3. However the test phases failed here at an x86 - 32bit system: > ... > Checking various DSA key sizes > Checking DSA-1024 with TLS 1.0 > Failure: > ../scripts/common.sh: line 25: kill: Failed: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: launch: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: server,: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: aborting: arguments must be process or job IDs > ../scripts/common.sh: line 25: kill: test...: arguments must be process or job IDs > FAIL: testdsa Does the proposed patch in: http://lists.gnu.org/archive/html/gnutls-devel/2011-09/msg00051.html solve the issue for you? regards, Nikos From toralf.foerster at gmx.de Fri Sep 23 20:11:58 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Fri, 23 Sep 2011 20:11:58 +0200 Subject: net-libs/gnutls-3.0.3 failed test case DSA In-Reply-To: <4E7CBC9E.1080604@gnutls.org> References: <201109231645.57989.toralf.foerster@gmx.de> <4E7CBC9E.1080604@gnutls.org> Message-ID: <201109232011.59242.toralf.foerster@gmx.de> Nikos Mavrogiannopoulos wrote at 19:06:38 > Does the proposed patch in: > http://lists.gnu.org/archive/html/gnutls-devel/2011-09/msg00051.html > > solve the issue for you? yes :-) -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 From INVALID.NOREPLY at gnu.org Sat Sep 24 23:05:41 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Sat, 24 Sep 2011 21:05:41 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110923-124355.sv707.26365@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> <20110922-111937.sv0.55962@savannah.gnu.org> <20110922-114356.sv0.23245@savannah.gnu.org> <20110922-115632.sv0.56547@savannah.gnu.org> <20110923-092859.sv0.14920@savannah.gnu.org> <20110923-124355.sv707.26365@savannah.gnu.org> Message-ID: <20110924-210541.sv0.69167@savannah.gnu.org> Follow-up Comment #20, sr #107775 (project gnutls): Thanks, that seems to fix all my problems for good. _______________________________________________________ Reply to this item at: _______________________________________________ Nachricht geschickt von/durch Savannah http://savannah.gnu.org/ From toralf.foerster at gmx.de Sun Sep 25 12:52:32 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Sun, 25 Sep 2011 12:52:32 +0200 Subject: GnuTLS 3.0.3 - new warnigns with gcc 4.5.1 Message-ID: <201109251252.33842.toralf.foerster@gmx.de> Hello, today I switched from my gentoo's compiler gcc 4.4.5 to 4.5.1. Now there's a (probably false ?) new gcc warning for the gnutls package : * QA Notice: Package triggers severe warnings which indicate that it * may exhibit random runtime failures. * aes-padlock.c:173:5: warning: implicit declaration of function '_gnutls_cpuid' * aes-x86.c:129:3: warning: implicit declaration of function '_gnutls_cpuid' I attached to whole build log -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -------------- next part -------------- A non-text attachment was scrubbed... Name: net-libs:gnutls-3.0.3:20110925-103735.log Type: text/x-log Size: 252294 bytes Desc: not available URL: From nmav at gnutls.org Sun Sep 25 18:22:28 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 25 Sep 2011 18:22:28 +0200 Subject: GnuTLS 3.0.3 - new warnigns with gcc 4.5.1 In-Reply-To: <201109251252.33842.toralf.foerster@gmx.de> References: <201109251252.33842.toralf.foerster@gmx.de> Message-ID: <4E7F5544.9050209@gnutls.org> On 09/25/2011 12:52 PM, Toralf F?rster wrote: > Hello, > > today I switched from my gentoo's compiler gcc 4.4.5 to 4.5.1. > Now there's a (probably false ?) new gcc warning for the gnutls package : > * QA Notice: Package triggers severe warnings which indicate that it > * may exhibit random runtime failures. Do you mean the warnings in stream.c and read-packet.c? I've fixed them. They on debugging code, not normally enabled. > * aes-padlock.c:173:5: warning: implicit declaration of function > '_gnutls_cpuid' > * aes-x86.c:129:3: warning: implicit declaration of function '_gnutls_cpuid' I've fixed it in master. Thank you! Nikos From nmav at gnutls.org Sun Sep 25 18:24:47 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 25 Sep 2011 18:24:47 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: <201109231840.27828.toralf.foerster@gmx.de> References: <201109201951.18237.toralf.foerster@gmx.de>

<201109231840.27828.toralf.foerster@gmx.de> Message-ID: <4E7F55CF.7080604@gnutls.org> On 09/23/2011 06:40 PM, Toralf F?rster wrote: > > Nikos Mavrogiannopoulos wrote at 09:51:10 >> My problem is that I don't know what the test is actually supposed to >> check for, thus verifying if it is correct is impossible. For me would >> be best if someone could also link that test with the actual usage of >> gnutls. I'm not very familiar with the windows apis. >> > FWIW the current version 3.0.3 works much better, - and now wine also detects that there's an error : > > ../../../tools/runtest -q -P wine -M secur32.dll -T ../../.. -p secur32_test.exe.so schannel.c&& touch schannel.ok > GnuTLS error: An unexpected TLS packet was received. > GnuTLS error: A TLS fatal alert has been received. > schannel.c:748: Test failed: DecryptMessage failed: 80090304 Does it do a localhost connection? If yes, then if I'm provided the capture (in a format wireshark can read), I could provide some hints to someone who knows what the code does, of what could be possibly wrong. regards, Nikos From INVALID.NOREPLY at gnu.org Sun Sep 25 19:41:14 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sun, 25 Sep 2011 17:41:14 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110921-234843.sv63226.16101@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> <20110920-003854.sv63226.26497@savannah.gnu.org> <20110921-140033.sv7213.74553@savannah.gnu.org> <20110921-234843.sv63226.16101@savannah.gnu.org> Message-ID: <20110925-204114.sv707.88114@savannah.gnu.org> Follow-up Comment #5, sr #107806 (project gnutls): Does the attached patch solve the issue? (file #24021) _______________________________________________________ Additional Item Attachment: File name: patch.txt Size:0 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sun Sep 25 22:17:18 2011 From: INVALID.NOREPLY at gnu.org (Marius Schamschula) Date: Sun, 25 Sep 2011 20:17:18 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110925-204114.sv707.88114@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> <20110920-003854.sv63226.26497@savannah.gnu.org> <20110921-140033.sv7213.74553@savannah.gnu.org> <20110921-234843.sv63226.16101@savannah.gnu.org> <20110925-204114.sv707.88114@savannah.gnu.org> Message-ID: <20110925-201718.sv63226.28785@savannah.gnu.org> Follow-up Comment #6, sr #107806 (project gnutls): Indeed, this helps! The same patch also needs to be applied to src/benchmark.c and doc/examples/ex-pkcs11-list.c _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From toralf.foerster at gmx.de Mon Sep 26 10:55:44 2011 From: toralf.foerster at gmx.de (Toralf =?utf-8?q?F=C3=B6rster?=) Date: Mon, 26 Sep 2011 10:55:44 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: <4E7F55CF.7080604@gnutls.org> References: <201109201951.18237.toralf.foerster@gmx.de> <201109231840.27828.toralf.foerster@gmx.de> <4E7F55CF.7080604@gnutls.org> Message-ID: <201109261055.44672.toralf.foerster@gmx.de> Nikos Mavrogiannopoulos wrote at 18:24:47 > Does it do a localhost connection? If yes, then if I'm provided the > capture (in a format wireshark can read), I could provide some hints to > someone who knows what the code does, of what could be possibly wrong. It connects an internet server but nevertheless I attached the sniffed stream (with wireshark) -- MfG/Sincerely Toralf F?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -------------- next part -------------- A non-text attachment was scrubbed... Name: schannel.pcap Type: application/octet-stream Size: 4400 bytes Desc: not available URL: From simon at josefsson.org Mon Sep 26 10:58:57 2011 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 26 Sep 2011 10:58:57 +0200 Subject: gnutls 2.12.11 fails to build (guile docs) In-Reply-To: <20110922173548.GA3014@downhill.g.la> (Andreas Metzler's message of "Thu, 22 Sep 2011 19:35:48 +0200") References: <20110922173548.GA3014@downhill.g.la> Message-ID: <87y5xb4r3i.fsf@latte.josefsson.org> Andreas Metzler writes: > Hello, > > gnutls 2.12.11 triggers a hidden error: Thanks for the report. Ludo, do you have any ideas? Is there a problem with the documentation parser? Maybe we changed some header file and it now fails to parse it properly, understanding what part of the header file it is would help. /Simon > > ------------------------------------------ > Making all in doc > make[3]: Entering directory `/tmp/GNUTLS/gnutls-2.12.11/doc' > /usr/bin/make -C ../guile/src built-sources && \ > GUILE_AUTO_COMPILE=0 /usr/bin/guile -L ../guile/modules -l "./extract-guile-c-doc.scm" \ > -e '(apply main (cdr (command-line)))' \ > -- "../guile/src/core.c" "gcc -E" "-I.. -I.. -I../lib/includes -I../lib/includes -I../libextra/includes -I../guile/src -I../guile/src " \ > > "core.c.texi" > make[4]: Entering directory `/tmp/GNUTLS/gnutls-2.12.11/guile/src' > GUILE_AUTO_COMPILE=0 /usr/bin/guile -L ../../guile/modules make-enum-map.scm > enum-map.i.c > [...] > make[4]: Leaving directory `/tmp/GNUTLS/gnutls-2.12.11/guile/src' > extracting Texinfo doc from `../guile/src/core.c'... Backtrace: > In unknown file: > ?: 0* [parse-documentation-item " loca"] > ?: 1* (letrec ((read-strings #)) (let* (# #) (if # # #))) > In ../guile/modules/system/documentation/c-snarf.scm: > 103: 2 (let* (# #) (if # # #)) > In unknown file: > ... > ?: 3 [scm-error misc-error #f "~A ~S" ("invalid documentation item" "loca") #f] > > : In procedure scm-error in expression (scm-error (quote misc-error) #f ...): > : invalid documentation item "loca" > make[3]: *** [core.c.texi] Error 1 > ------------------------------------------ > > The issue was present in earlier version of gnutls (I also see this > with 2.10.5 and 2.12.0) but is triggered only now, since core.c in > the tarball is newer than the included copy of core.c.texi: > > (SID)ametzler at argenau:/tmp/GNUTLS/gnutls-2.12.11$ find -name core.c* > -ls > 13928651 24 -rw-r--r-- 1 ametzler ametzler 24236 Apr 8 13:02 > ./doc/core.c.texi > 13929236 88 -rw-r--r-- 1 ametzler ametzler 85050 Sep 18 00:16 > ./guile/src/core.c > > This is with gcc 4.6.1-11 and guile 1.8.8+1-6 on Debian/sid. > > cu andreas From nmav at gnutls.org Mon Sep 26 11:43:19 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 26 Sep 2011 11:43:19 +0200 Subject: GnuTLS internal error in wine test case In-Reply-To: <201109261055.44672.toralf.foerster@gmx.de> References: <201109201951.18237.toralf.foerster@gmx.de> <201109231840.27828.toralf.foerster@gmx.de> <4E7F55CF.7080604@gnutls.org> <201109261055.44672.toralf.foerster@gmx.de> Message-ID: 2011/9/26 Toralf F?rster : >> Does it do a localhost connection? If yes, then if I'm provided the >> capture (in a format wireshark can read), I could provide some hints to >> someone who knows what the code does, of what could be possibly wrong. > It connects an internet server but nevertheless I attached the sniffed stream > (with wireshark) Interesting. The handshake is completed successfully but the data exchanged are not encrypted! I see in the capture that the TLS application data packet contains the TLS headers and plaintext data (an HTTP get request). That's why the peer responds with an alert. He would expect encrypted data instead. It might be something in pEncryptMessage() or in its usage but I'm not familiar with the API to provide more info. regards, Nikos From INVALID.NOREPLY at gnu.org Mon Sep 26 14:33:28 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Mon, 26 Sep 2011 12:33:28 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110925-201718.sv63226.28785@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> <20110920-003854.sv63226.26497@savannah.gnu.org> <20110921-140033.sv7213.74553@savannah.gnu.org> <20110921-234843.sv63226.16101@savannah.gnu.org> <20110925-204114.sv707.88114@savannah.gnu.org> <20110925-201718.sv63226.28785@savannah.gnu.org> Message-ID: <20110926-123328.sv0.54448@savannah.gnu.org> Follow-up Comment #7, sr #107806 (project gnutls): Thanks. I'll apply them. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From ludo at gnu.org Mon Sep 26 16:46:30 2011 From: ludo at gnu.org (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Mon, 26 Sep 2011 16:46:30 +0200 Subject: gnutls 2.12.11 fails to build (guile docs) In-Reply-To: <87y5xb4r3i.fsf@latte.josefsson.org> (Simon Josefsson's message of "Mon, 26 Sep 2011 10:58:57 +0200") References: <20110922173548.GA3014@downhill.g.la> <87y5xb4r3i.fsf@latte.josefsson.org> Message-ID: <87wrcv2wft.fsf@gnu.org> Hi Simon, Thanks for the heads-up. :-) Simon Josefsson skribis: > Andreas Metzler writes: > >> Hello, >> >> gnutls 2.12.11 triggers a hidden error: > > Thanks for the report. Ludo, do you have any ideas? Is there a problem > with the documentation parser? I believe this is fixed by commit 6f52cd7b4980378b8007b064e06caade3f036998 (Sun Feb 27 23:57:54 2011), which apparently didn?t make it in 2.x. Andreas: could you check and report back? Thanks, Ludo?. From ametzler at downhill.at.eu.org Mon Sep 26 19:42:41 2011 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Mon, 26 Sep 2011 19:42:41 +0200 Subject: gnutls 2.12.11 fails to build (guile docs) In-Reply-To: <87wrcv2wft.fsf@gnu.org> References: <20110922173548.GA3014@downhill.g.la> <87y5xb4r3i.fsf@latte.josefsson.org> <87wrcv2wft.fsf@gnu.org> Message-ID: <20110926174241.GB3107@downhill.g.la> On 2011-09-26 Ludovic Court?s wrote: > Simon Josefsson skribis: [...] > > Thanks for the report. Ludo, do you have any ideas? Is there a problem > > with the documentation parser? > I believe this is fixed by commit > 6f52cd7b4980378b8007b064e06caade3f036998 (Sun Feb 27 23:57:54 2011), > which apparently didn?t make it in 2.x. > Andreas: could you check and report back? [...] The patch applies cleanly and fixes the issues. Thank you very much. cu andreas From simon at josefsson.org Tue Sep 27 10:11:01 2011 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 27 Sep 2011 10:11:01 +0200 Subject: gnutls 2.12.11 fails to build (guile docs) In-Reply-To: <20110926174241.GB3107@downhill.g.la> (Andreas Metzler's message of "Mon, 26 Sep 2011 19:42:41 +0200") References: <20110922173548.GA3014@downhill.g.la> <87y5xb4r3i.fsf@latte.josefsson.org> <87wrcv2wft.fsf@gnu.org> <20110926174241.GB3107@downhill.g.la> Message-ID: <87ipoe4d7u.fsf@latte.josefsson.org> Andreas Metzler writes: > On 2011-09-26 Ludovic Court?s wrote: >> Simon Josefsson skribis: > [...] >> > Thanks for the report. Ludo, do you have any ideas? Is there a problem >> > with the documentation parser? > >> I believe this is fixed by commit >> 6f52cd7b4980378b8007b064e06caade3f036998 (Sun Feb 27 23:57:54 2011), >> which apparently didn?t make it in 2.x. > >> Andreas: could you check and report back? > [...] > > The patch applies cleanly and fixes the issues. Thank you very much. I backported it to the 2.12 branch. /Simon From INVALID.NOREPLY at gnu.org Wed Sep 28 14:54:31 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Wed, 28 Sep 2011 12:54:31 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX Message-ID: <20110928-125430.sv79827.62919@savannah.gnu.org> URL: Summary: Testing 3.0.2 on AIX Project: GnuTLS Submitted by: cybear Submitted on: Wed Sep 28 12:54:30 2011 Category: Core library Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Operating System: None _______________________________________________________ Details: I have the following problem and I cannot understand what is going wrong: I have the following entries in my log file: RPCSECURE: thread 258 : READ: -1 returned from d, errno=2 gerrno=0 RPCSECURE: thread 258 : ASSERT: gnutls_buffers.c:275 If I look at gnutls_buffers.c at line 255 where the first statment get written, I have the pull_func return -1 from socket d, the opsys error is 2 and the internale error no is 0. in gnutls_buffers.c line 247 the internale errno get cleared (session->internals.errnum) when the pull_func returns -1 the get_errno(session) get called on line 253, the get_errno returns either the internal errno if not 0 else it calls the errno_func which for AIX is system_errno and system_errno from system.c line 82 returns errno (which we from the log statement knows is 2). How can I end up with errno=2 and gerrno (internals.errnum) =0 ? /bhc PS: I can see that the problem I reportede where AIX recv returns -1 but forgets to set errno have been fixed in the system_errno function (thank you) _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 15:23:11 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Wed, 28 Sep 2011 13:23:11 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-125430.sv79827.62919@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> Message-ID: <20110928-132311.sv0.16882@savannah.gnu.org> Follow-up Comment #1, sr #107822 (project gnutls): What does the errno=2 mean in AIX? In Linux it is ENOENT, which could mean that the connection is closed, or you're using an invalid file descriptor. About your question, I don't really understand. The gerrno (internals.errnum) is only set if you use the gnutls_transport_set_errno() function. Otherwise only the system errno is used. Thus having gerrno=0 and errno!=0 is quite normal. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 15:57:23 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Wed, 28 Sep 2011 13:57:23 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-132311.sv0.16882@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> Message-ID: <20110928-135723.sv79827.24851@savannah.gnu.org> Follow-up Comment #2, sr #107822 (project gnutls): errono=2 also means ENOENT on AIX and it makes no sense, at least IBM manuals does not list ENOENT as an error code from recv. When gnutls_init is called it calls gnutls_transport_set_errno_function() with the default system_errno() function which can be found in system.c line 82. The system_errno() functions just returns opsys errno. Have I completly misunderstood the way it works? I am also trying to find out what ENOENT means from revc! I have googled it and there are some suggestions that one should treats it as EAGAIN. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 16:04:51 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Wed, 28 Sep 2011 14:04:51 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-135723.sv79827.24851@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> Message-ID: <20110928-140451.sv0.84588@savannah.gnu.org> Follow-up Comment #3, sr #107822 (project gnutls): You are correct it is the how system_errno() works. I also see that in: http://comments.gmane.org/gmane.network.ssh.libssh2.devel/4946 It seems some common buggy code is shared among these systems. If you put an if (errno==ENOENT) errno=EAGAIN; in system_errno() does it fix the error for you? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 18:24:08 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Wed, 28 Sep 2011 16:24:08 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-140451.sv0.84588@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> Message-ID: <20110928-162408.sv79827.98884@savannah.gnu.org> Follow-up Comment #4, sr #107822 (project gnutls): I will try that but since I was not sure I understood the mechanics I postponed it. I thought that the ENOENT were cleared somewhere else since the internale errno was 0. Anyway I will try and see if the suggested change will solve my problem. /bhc _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 18:57:46 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Wed, 28 Sep 2011 16:57:46 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-162408.sv79827.98884@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> Message-ID: <20110928-165745.sv79827.49308@savannah.gnu.org> Follow-up Comment #5, sr #107822 (project gnutls): I changed system.c int system_errno (gnutls_transport_ptr_t ptr) { #if defined(_AIX) || defined(AIX) if (errno == 0 || errno == ENOENT) errno = EAGAIN; #endif return errno; } And I think it brought me further, now I got an assertion. Assertion failed: keysize >= AES_MIN_KEY_SIZE, file aes-set-encrypt-key.c, line 57 and a core dump. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 22:29:00 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Wed, 28 Sep 2011 20:29:00 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-165745.sv79827.49308@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> Message-ID: <20110928-232900.sv707.53794@savannah.gnu.org> Follow-up Comment #6, sr #107822 (project gnutls): Ouch, this can be hardly related with the modification. Could it be a memory corruption? The failure is within the handshake. Could you provide a stack trace, via valgrind or a debugger? (preferably valgrind) _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 22:29:08 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Wed, 28 Sep 2011 20:29:08 +0000 Subject: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X In-Reply-To: <20110926-123328.sv0.54448@savannah.gnu.org> References: <20110918-224837.sv63226.24405@savannah.gnu.org> <20110920-005523.sv707.96496@savannah.gnu.org> <20110920-003854.sv63226.26497@savannah.gnu.org> <20110921-140033.sv7213.74553@savannah.gnu.org> <20110921-234843.sv63226.16101@savannah.gnu.org> <20110925-204114.sv707.88114@savannah.gnu.org> <20110925-201718.sv63226.28785@savannah.gnu.org> <20110926-123328.sv0.54448@savannah.gnu.org> Message-ID: <20110928-232908.sv707.46934@savannah.gnu.org> Update of sr #107806 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 22:29:26 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Wed, 28 Sep 2011 20:29:26 +0000 Subject: [sr #107775] GnuTLS 3.0.0 causes segfault In-Reply-To: <20110924-210541.sv0.69167@savannah.gnu.org> References: <20110815-032626.sv84482.99672@savannah.gnu.org> <20110815-093149.sv707.10582@savannah.gnu.org> <20110815-195401.sv84482.82513@savannah.gnu.org> <20110815-232339.sv707.32450@savannah.gnu.org> <20110816-185337.sv84482.71177@savannah.gnu.org> <20110817-000646.sv707.69169@savannah.gnu.org> <20110817-084652.sv20807.15870@savannah.gnu.org> <20110822-075644.sv0.20175@savannah.gnu.org> <20110822-144143.sv707.3951@savannah.gnu.org> <20110830-115940.sv0.36111@savannah.gnu.org> <20110830-165145.sv707.88428@savannah.gnu.org> <20110920-105617.sv0.28243@savannah.gnu.org> <20110920-111512.sv0.84681@savannah.gnu.org> <20110920-134948.sv0.70893@savannah.gnu.org> <20110922-104609.sv0.38706@savannah.gnu.org> <20110922-111937.sv0.55962@savannah.gnu.org> <20110922-114356.sv0.23245@savannah.gnu.org> <20110922-115632.sv0.56547@savannah.gnu.org> <20110923-092859.sv0.14920@savannah.gnu.org> <20110923-124355.sv707.26365@savannah.gnu.org> <20110924-210541.sv0.69167@savannah.gnu.org> Message-ID: <20110928-232926.sv707.81391@savannah.gnu.org> Update of sr #107775 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Wed Sep 28 22:29:46 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Wed, 28 Sep 2011 20:29:46 +0000 Subject: [sr #107769] GnuTLS 2.12.7 problems on AIX In-Reply-To: <20110811-235404.sv707.83260@savannah.gnu.org> References: <20110809-075353.sv0.48851@savannah.gnu.org> <20110809-075423.sv0.44506@savannah.gnu.org> <20110811-235404.sv707.83260@savannah.gnu.org> Message-ID: <20110928-232946.sv707.44156@savannah.gnu.org> Update of sr #107769 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 29 09:50:06 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Thu, 29 Sep 2011 07:50:06 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110928-232900.sv707.53794@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> Message-ID: <20110929-075006.sv79827.50491@savannah.gnu.org> Follow-up Comment #7, sr #107822 (project gnutls): I have attached a log file. Client and Server both put entries into it. Thread 258 is the client and thread 515 is the server. I have some ASSERT from gnutls_db but I think that is just because it does not find a saved session. This logfile have been capture with TLS-VER1.2 disable There is an assertion from gnutls_hash_int.c:55 which looks worrying. Can you see more from the log file. /bhc (file #24044) _______________________________________________________ Additional Item Attachment: File name: conga.log Size:35 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 29 12:47:05 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Thu, 29 Sep 2011 10:47:05 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110929-075006.sv79827.50491@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> Message-ID: <20110929-104705.sv79827.7753@savannah.gnu.org> Follow-up Comment #8, sr #107822 (project gnutls): I have added a log file from linux where it works. On AIX after the SERVER HELLO have been queue there is a CHANGE CIPHER SPEC. Not a CERTIFICATE as on linux (file #24047) _______________________________________________________ Additional Item Attachment: File name: congalinux.log Size:81 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 29 15:51:04 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Thu, 29 Sep 2011 13:51:04 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110929-104705.sv79827.7753@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> Message-ID: <20110929-135104.sv79827.16087@savannah.gnu.org> Follow-up Comment #9, sr #107822 (project gnutls): Here is the stack on the server pthread_kill : libpthread.a-.text-1 _p_raise : libpthread.a-.text-1 raise : libc.a-.text-1 abort : libc.a-.text-1 __assert_c99 : libc.a-.text-1 nettle_aes_set_encrypt_key : aes-set-encrypt-key.o aes_bidi_setkey : cipher.o wrap_nettle_cipher_setkey : cipher.o _gnutls_cipher_init : gnutls_cipher_int.o _gnutls_auth_cipher_init : gnutls_cipher_int.o _gnutls_init_record_state : gnutls_constate.o _gnutls_epoch_set_keys : gnutls_constate.o _gnutls_write_connection_state_init : gnutls_constate.o _gnutls_send_handshake_final : gnutls_handshake.o _gnutls_handshake_common : gnutls_handshake.o gnutls_handshake : gnutls_handshake.o I can inspect variable at the different stack levels! but I do not know what to look for. It seems to me like it is trying to resume a connection, but this a new connection. /bhc _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Thu Sep 29 18:22:06 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Thu, 29 Sep 2011 16:22:06 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110929-135104.sv79827.16087@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> Message-ID: <20110929-192206.sv707.39913@savannah.gnu.org> Follow-up Comment #10, sr #107822 (project gnutls): Nettle complains because the size of the AES keys provided is invalid. That's not expected. What are the values put to _gnutls_set_keys(), key_size, hash_size and IV_size? The assertion that you mention at: gnutls_hash_int.c:55 is indeed worrying because _gnutls_mac_is_ok() is called in _gnutls_epoch_set_keys() at gnutls_constate.c which would have ensured that it is not called with random data. I'd suggest that would single-step _gnutls_epoch_set_keys() and find out where the values of the cipher algorithms and lengths go out of range. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From bhc at insight.dk Thu Sep 29 18:26:05 2011 From: bhc at insight.dk (=?utf-8?B?QmrDuHJuIENocmlzdGVuc2Vu?=) Date: Thu, 29 Sep 2011 18:26:05 +0200 Subject: [sr #107822] Testing 3.0.2 on AIX Message-ID: <83D596805E41464EB382DFEEB6232D5487E399@shelob.Insight.local> I have the debugger stopped at the SIGABRT. This are the variables in _gnutls_epoch_set_keys, when calling _gnutls_init_record_state at line 440 of gnutls_constate.c To me it look ok? But then again I am not an expert. /bhc session 0x202154d8 -> { ... } ver 0 ret 0 params 0x2021b1b8 -> { ... } params 0x2021b1b8 *(params) { 1, 0, 4 /* GNUTLS_CIPHER_AES_128_CBC */, 6 /* GNUTLS_MAC_SHA256 */, 1 /* GNUTLS_COMP_NULL */, { ... }, { ... }, 0 } epoch 1 initialized 0 cipher_algorithm 4 /* GNUTLS_CIPHER_AES_128_CBC */ mac_algorithm 6 /* GNUTLS_MAC_SHA256 */ compression_algorithm 1 /* GNUTLS_COMP_NULL */ read { { ... }, { ... }, { ... }, { ... }, 0x2021a3a8 -> { ... }, { ... } } write { { ... }, { ... }, { ... }, { ... }, 0x00000000 -> { ... }, { ... } } usage_cnt 0 comp_algo 1 /* GNUTLS_COMP_NULL */ mac_algo 6 /* GNUTLS_MAC_SHA256 */ cipher_algo 4 /* GNUTLS_CIPHER_AES_128_CBC */ export_flag 0 key_size 16 IV_size 16 hash_size 32 epoch 1 -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:INVALID.NOREPLY at gnu.org] Sent: 29. september 2011 18:22 To: Nikos Mavrogiannopoulos; Bj?rn Christensen; gnutls-devel at gnu.org Subject: [sr #107822] Testing 3.0.2 on AIX Follow-up Comment #10, sr #107822 (project gnutls): Nettle complains because the size of the AES keys provided is invalid. That's not expected. What are the values put to _gnutls_set_keys(), key_size, hash_size and IV_size? The assertion that you mention at: gnutls_hash_int.c:55 is indeed worrying because _gnutls_mac_is_ok() is called in _gnutls_epoch_set_keys() at gnutls_constate.c which would have ensured that it is not called with random data. I'd suggest that would single-step _gnutls_epoch_set_keys() and find out where the values of the cipher algorithms and lengths go out of range. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From bhc at insight.dk Thu Sep 29 18:33:05 2011 From: bhc at insight.dk (=?utf-8?B?QmrDuHJuIENocmlzdGVuc2Vu?=) Date: Thu, 29 Sep 2011 18:33:05 +0200 Subject: [sr #107822] Testing 3.0.2 on AIX Message-ID: <83D596805E41464EB382DFEEB6232D5487E39A@shelob.Insight.local> Hello Nikos Sorry once again! You are getting this in small bits. ret = _gnutls_init_record_state (params, ver, 0, ¶ms->write); in line 440 of gnutls_constate.c the params->write seems empty. Causing the key to be null further up(down) the call stack params 0x2021b1b8 -> { ... } params 0x2021b1b8 *(params) { 1, 0, 4 /* GNUTLS_CIPHER_AES_128_CBC */, 6 /* GNUTLS_MAC_SHA256 */, 1 /* GNUTLS_COMP_NULL */, { ... }, { ... }, 0 } epoch 1 initialized 0 cipher_algorithm 4 /* GNUTLS_CIPHER_AES_128_CBC */ mac_algorithm 6 /* GNUTLS_MAC_SHA256 */ compression_algorithm 1 /* GNUTLS_COMP_NULL */ read { { ... }, { ... }, { ... }, { ... }, 0x2021a3a8 -> { ... }, { ... } } mac_secret { " !?\x4?.?\f?M?(?\x1aK?", 32 } IV { " !?a", 16 } key { " \x1d { ... } sequence_number { "" } write { { ... }, { ... }, { ... }, { ... }, 0x00000000 -> { ... }, { ... } } mac_secret { NULL, 0 } IV { NULL, 0 } key { NULL, 0 } cipher_state { { ... }, { ... }, 0, 0, 0 } compression_state 0x00000000 -> { ... } sequence_number { "" } usage_cnt 0 /bhc -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:INVALID.NOREPLY at gnu.org] Sent: 29. september 2011 18:22 To: Nikos Mavrogiannopoulos; Bj?rn Christensen; gnutls-devel at gnu.org Subject: [sr #107822] Testing 3.0.2 on AIX Follow-up Comment #10, sr #107822 (project gnutls): Nettle complains because the size of the AES keys provided is invalid. That's not expected. What are the values put to _gnutls_set_keys(), key_size, hash_size and IV_size? The assertion that you mention at: gnutls_hash_int.c:55 is indeed worrying because _gnutls_mac_is_ok() is called in _gnutls_epoch_set_keys() at gnutls_constate.c which would have ensured that it is not called with random data. I'd suggest that would single-step _gnutls_epoch_set_keys() and find out where the values of the cipher algorithms and lengths go out of range. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Fri Sep 30 00:17:50 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 30 Sep 2011 00:17:50 +0200 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <83D596805E41464EB382DFEEB6232D5487E39A@shelob.Insight.local> References: <83D596805E41464EB382DFEEB6232D5487E39A@shelob.Insight.local> Message-ID: <4E84EE8E.5070202@gnutls.org> On 09/29/2011 06:33 PM, Bj?rn Christensen wrote: > Hello Nikos > > > Sorry once again! You are getting this in small bits. > ret = _gnutls_init_record_state (params, ver, 0,¶ms->write); in line 440 of gnutls_constate.c > > the params->write seems empty. Hi, Both params->write and params->read are set in _gnutls_set_keys(). Could you check why they are not both set there? Could it be a compiler optimization that sets both client_write and server_write to the same value? regards, Nikos From INVALID.NOREPLY at gnu.org Fri Sep 30 09:56:23 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Fri, 30 Sep 2011 07:56:23 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110929-192206.sv707.39913@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> <20110929-192206.sv707.39913@savannah.gnu.org> Message-ID: <20110930-075623.sv79827.28701@savannah.gnu.org> Follow-up Comment #11, sr #107822 (project gnutls): I think I have identified the problem! session->internals.resumed end up being 1 and RESUME_FALSE is -1 and RESUME_TRUE is 0 The declaration of session->internals.resumed in gnutls_int.h line 669 is: int resumed:1; that will hold 0 or 1 not negative 1. what is the suggested fix changing RESUME_FALSE to 1? /bhc _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 30 10:20:23 2011 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Fri, 30 Sep 2011 08:20:23 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110930-075623.sv79827.28701@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> <20110929-192206.sv707.39913@savannah.gnu.org> <20110930-075623.sv79827.28701@savannah.gnu.org> Message-ID: <20110930-082023.sv0.57421@savannah.gnu.org> Follow-up Comment #12, sr #107822 (project gnutls): In that case also change: int resumed:1 -> unsigned int resumed:1. Which compiler are you using? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From bhc at insight.dk Fri Sep 30 10:17:59 2011 From: bhc at insight.dk (=?utf-8?B?QmrDuHJuIENocmlzdGVuc2Vu?=) Date: Fri, 30 Sep 2011 10:17:59 +0200 Subject: [sr #107822] Testing 3.0.2 on AIX Message-ID: <83D596805E41464EB382DFEEB6232D5487E39F@shelob.Insight.local> On AIX I am using xlc. But changing to unsigned int resumed:1; would also require that RESUME_FALSE get changed to 1. I think for a one bit signed int variable 0 and -1 are the correct values. -2*N-1 .. ?1+2*N-1 /bhc -----Original Message----- From: anonymous [mailto:INVALID.NOREPLY at gnu.org] Sent: 30. september 2011 10:20 To: Nikos Mavrogiannopoulos; Bj?rn Christensen; gnutls-devel at gnu.org Subject: [sr #107822] Testing 3.0.2 on AIX Follow-up Comment #12, sr #107822 (project gnutls): In that case also change: int resumed:1 -> unsigned int resumed:1. Which compiler are you using? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 30 12:15:56 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Fri, 30 Sep 2011 10:15:56 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110930-082023.sv0.57421@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> <20110929-192206.sv707.39913@savannah.gnu.org> <20110930-075623.sv79827.28701@savannah.gnu.org> <20110930-082023.sv0.57421@savannah.gnu.org> Message-ID: <20110930-101556.sv79827.50138@savannah.gnu.org> Follow-up Comment #13, sr #107822 (project gnutls): If I could choose I would try to program more defensive! First I would define RESUME_FALSE 0 because that is what I would expect from 0==1. Also that would if calloc'ed buffer is used default would be not resuming. Then I would make all comparisons session->internals.resumed == RESUME_FALSE or session->internals.resumed != RESUME_FALSE agains the value defined as 0. In your case RESUME_TRUE, if suggested above RESUME_FALSE. In K&R they state that the behaviour of bit fields are implementation specefic. (Code Defensive) Does that make any sense? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnu.org Fri Sep 30 12:25:44 2011 From: nmav at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 30 Sep 2011 12:25:44 +0200 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110930-101556.sv79827.50138@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> <20110929-192206.sv707.39913@savannah.gnu.org> <20110930-075623.sv79827.28701@savannah.gnu.org> <20110930-082023.sv0.57421@savannah.gnu.org> <20110930-101556.sv79827.50138@savannah.gnu.org> Message-ID: 2011/9/30 Bj?rn Christensen : > If I could choose I would try to program more defensive! > First I would define RESUME_FALSE 0 because that is what I would expect from > 0==1. > Also that would if calloc'ed buffer is used default would be not resuming. > Then I would make all comparisons session->internals.resumed == RESUME_FALSE > or session->internals.resumed != RESUME_FALSE I'm thinking of rewriting this part. I don't like it either. regards, Nikos From INVALID.NOREPLY at gnu.org Fri Sep 30 14:49:21 2011 From: INVALID.NOREPLY at gnu.org (=?UTF-8?B?QmrDuHJu?= Christensen) Date: Fri, 30 Sep 2011 12:49:21 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110930-101556.sv79827.50138@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> <20110929-192206.sv707.39913@savannah.gnu.org> <20110930-075623.sv79827.28701@savannah.gnu.org> <20110930-082023.sv0.57421@savannah.gnu.org> <20110930-101556.sv79827.50138@savannah.gnu.org> Message-ID: <20110930-124921.sv79827.49719@savannah.gnu.org> Follow-up Comment #14, sr #107822 (project gnutls): I did a simpel change #define RESUME_FALSE 1 and that got me further but not all the way. I have attached a log file and now it is not trying to resume an empty session but now it fails during validation of the client certificate. Any suggestions? (file #24054) _______________________________________________________ Additional Item Attachment: File name: congaRESUMEfix.log Size:33 KB _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Fri Sep 30 16:00:11 2011 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Fri, 30 Sep 2011 14:00:11 +0000 Subject: [sr #107822] Testing 3.0.2 on AIX In-Reply-To: <20110930-124921.sv79827.49719@savannah.gnu.org> References: <20110928-125430.sv79827.62919@savannah.gnu.org> <20110928-132311.sv0.16882@savannah.gnu.org> <20110928-135723.sv79827.24851@savannah.gnu.org> <20110928-140451.sv0.84588@savannah.gnu.org> <20110928-162408.sv79827.98884@savannah.gnu.org> <20110928-165745.sv79827.49308@savannah.gnu.org> <20110928-232900.sv707.53794@savannah.gnu.org> <20110929-075006.sv79827.50491@savannah.gnu.org> <20110929-104705.sv79827.7753@savannah.gnu.org> <20110929-135104.sv79827.16087@savannah.gnu.org> <20110929-192206.sv707.39913@savannah.gnu.org> <20110930-075623.sv79827.28701@savannah.gnu.org> <20110930-082023.sv0.57421@savannah.gnu.org> <20110930-101556.sv79827.50138@savannah.gnu.org> <20110930-124921.sv79827.49719@savannah.gnu.org> Message-ID: <20110930-170011.sv707.80734@savannah.gnu.org> Follow-up Comment #15, sr #107822 (project gnutls): This looks like a parsing error. Does certtool work on this platform? If yes, have you called gnutls_global_init()? _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/