From bogus@does.not.exist.com Wed Dec 5 11:32:35 2012 From: bogus@does.not.exist.com () Date: Wed, 05 Dec 2012 10:32:35 -0000 Subject: No subject Message-ID: GNUTLS_BulkCipherAlgorithm gnutls_cipher_get_algo( GNUTLS_STATE state); GNUTLS_KXAlgorithm gnutls_kx_get_algo( GNUTLS_STATE state); GNUTLS_MACAlgorithm gnutls_mac_get_algo( GNUTLS_STATE state); GNUTLS_CompressionMethod gnutls_compression_get_algo( GNUTLS_STATE state); IMHO abbrevations ("algo") are bad in the long run, but in this case it might better to remove the "_algo" part alltogether (only two of the four things are algorithms, the other are 'methods'). It also makes it consistent with the names of gnutls-*-set-priority where "algorithm" isn't used. (Maybe #define the old names to the new ones for a couple of major releases.) From ludo at gnu.org Sat Dec 1 00:55:29 2012 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Sat, 01 Dec 2012 00:55:29 +0100 Subject: Make Guile bindings build-parallel-safe Message-ID: <87pq2u7ij2.fsf@gnu.org> Hello, Commit 330995a fixes guile/src/Makefile.am to be parallel-safe, which it wasn?t during all these years. With recent versions of Guile 2.0, this could lead to segfaults while running the test suite, or unbound variable errors like: throw to `unbound-variable' with args (#f "Unbound variable: ~S" (set-session-certificate-type-priority!) #f) Can you please port it to any relevant branches? Thanks, Ludo?. From n.mavrogiannopoulos at gmail.com Sat Dec 1 11:30:27 2012 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Sat, 01 Dec 2012 11:30:27 +0100 Subject: Make Guile bindings build-parallel-safe In-Reply-To: <87pq2u7ij2.fsf@gnu.org> References: <87pq2u7ij2.fsf@gnu.org> Message-ID: <50B9DC43.7020409@gmail.com> On 12/01/2012 12:55 AM, Ludovic Court?s wrote: > Hello, > > Commit 330995a fixes guile/src/Makefile.am to be parallel-safe, which it > wasn?t during all these years. With recent versions of Guile 2.0, this > could lead to segfaults while running the test suite, or unbound > variable errors like: > > throw to `unbound-variable' with args (#f "Unbound variable: ~S" (set-session-certificate-type-priority!) #f) > Can you please port it to any relevant branches? Thanks I was getting these errors often, but had no idea what it was about. regards, Nikos From alfredo.pironti at inria.fr Mon Dec 10 14:44:35 2012 From: alfredo.pironti at inria.fr (Alfredo Pironti) Date: Mon, 10 Dec 2012 14:44:35 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: References: Message-ID: Hello all, I'm trying to compile GnuTLS on Mac OS X 10.7.5 (with gcc toolchain installed via standard XCode) by cloning from git, and I get some errors, both in the master branch, and in the 3.1.5 tag. However, I can successfully compile, install and run GnuTLS if I start from the released 3.1.5 tarball. More details follow: - Issue: The new clone command "git clone git at gitorious.org:gnutls/ gnutls.git" suggested on the website does not work (Permission denied (publickey).) - Fix: the command "git clone git://gitorious.org/gnutls/gnutls.git" worked for me. - Issue: make bootstrap does not accept configure parameters (e.g. --with-libnettle-prefix, which is essential in my environment.) - Local fix: either alter cfg.mk to add the flag; or run configure manually. Maybe on the website we could instruct the user to run "make autoreconf" and then configure manually? - Issue (minor): when generating manages, "echo -n" is used in the makefile, but -n appears not to be in the "Single Unix Specification", so it display lines beginning with -n (and linefeed terminated) on Mac OS X. I found some info at http://hints.macworld.com/article.php?story=20071106192548833 - Fix: use the printf cited in the link? Or just leave things as they are, because they work after all? - Issue (major): In file ecore_time.c, lines 47, 130, 132,137: references to undeclared '_ecore_time_clock_id', 'CLOCK_MONOTONIC', 'CLOCK_REALTIME' These defines are known to be missing on Mac OS X. With the tarball, (manpages and) this file don't get compiled, so compilation does not fail overall. Unfortunately I don't have a fix for this. Best, Alfredo From nmav at gnutls.org Mon Dec 10 17:30:57 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 10 Dec 2012 17:30:57 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: References: Message-ID: <50C60E41.3030408@gnutls.org> On 12/10/2012 02:44 PM, Alfredo Pironti wrote: > Hello all, > > I'm trying to compile GnuTLS on Mac OS X 10.7.5 (with gcc toolchain > installed via standard XCode) by cloning from git, and I get some > errors, both in the master branch, and in the 3.1.5 tag. However, I > can successfully compile, install and run GnuTLS if I start from the > released 3.1.5 tarball. > > More details follow: > - Issue: The new clone command "git clone > git at gitorious.org:gnutls/ > gnutls.git" suggested on the website does not > work (Permission denied (publickey).) > - Fix: the command "git clone git://gitorious.org/gnutls/gnutls.git" > worked for me. Hello Alfredo, Thanks. It was a typo in the web site. It should be now fixed. > - Issue: make bootstrap does not accept configure parameters (e.g. > --with-libnettle-prefix, which is essential in my environment.) > - Local fix: either alter cfg.mk to add the flag; or run configure > manually. Maybe on the website we could instruct the user to run "make > autoreconf" and then configure manually? Looks better. I've updated the site. > - Issue (minor): when generating manages, "echo -n" is used in the > makefile, but -n appears not to be in the "Single Unix Specification", > so it display lines beginning with -n (and linefeed terminated) on Mac > OS X. I found some info at > http://hints.macworld.com/article.php?story=20071106192548833 > - Fix: use the printf cited in the link? Or just leave things as they > are, because they work after all? I am wondering if we replace with echo "xxx\c" instead, would that cause issues in other systems? In any case the whole generation of manpages/documentation needs a major lifting since it is inefficient (I'm waiting until it is totally intolerable to touch it :) > - Issue (major): In file ecore_time.c, lines 47, 130, 132,137: > references to undeclared '_ecore_time_clock_id', 'CLOCK_MONOTONIC', > 'CLOCK_REALTIME' > These defines are known to be missing on Mac OS X. With the tarball, > (manpages and) this file don't get compiled, so compilation does not > fail overall. Unfortunately I don't have a fix for this. We use the real time clocks in few of the tests, but they should be disabled in systems that don't provide them. Does make check fail on macosx? If yes would a patch like the attached solve the issue? regards, Nikos -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.txt URL: From alfredo.pironti at inria.fr Mon Dec 10 19:44:06 2012 From: alfredo.pironti at inria.fr (Alfredo Pironti) Date: Mon, 10 Dec 2012 19:44:06 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: <50C60E41.3030408@gnutls.org> References: <50C60E41.3030408@gnutls.org> Message-ID: > >> - Issue (minor): when generating manages, "echo -n" is used in the >> makefile, but -n appears not to be in the "Single Unix Specification", >> so it display lines beginning with -n (and linefeed terminated) on Mac >> OS X. I found some info at >> http://hints.macworld.com/article.php?story=20071106192548833 >> - Fix: use the printf cited in the link? Or just leave things as they >> are, because they work after all? > > > I am wondering if we replace with echo "xxx\c" instead, would that > cause issues in other systems? In any case the whole generation of > manpages/documentation needs a major lifting since it is inefficient > (I'm waiting until it is totally intolerable to touch it :) The \c way seems to work for me, and to be somehow supported by the various standards. But I can't tell about some other systems. > >> - Issue (major): In file ecore_time.c, lines 47, 130, 132,137: >> references to undeclared '_ecore_time_clock_id', 'CLOCK_MONOTONIC', >> 'CLOCK_REALTIME' >> These defines are known to be missing on Mac OS X. With the tarball, >> (manpages and) this file don't get compiled, so compilation does not >> fail overall. Unfortunately I don't have a fix for this. > > > We use the real time clocks in few of the tests, but they should be > disabled in systems that don't provide them. Does make check fail on > macosx? If yes would a patch like the attached solve the issue? Unfortunately, the patch didn't solve the issue. It seems the problem is compilation of the ecore library, which gets compiled anyway, even if eagain-cli is kept out for macosx. So it seems that either one can compile the ecore library under macosx, or all tests depending on it should be disabled. I don't know which one is easier. make check works from the tarball, as the tests/suite directory is ignored; it fails from the git version, with the same compilation error as above. Best, Alfredo > > regards, > Nikos From simon at josefsson.org Mon Dec 10 22:17:07 2012 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2012 22:17:07 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: (Alfredo Pironti's message of "Mon, 10 Dec 2012 14:44:35 +0100") References: Message-ID: <878v95zjxo.fsf@latte.josefsson.org> Alfredo Pironti writes: > - Issue: make bootstrap does not accept configure parameters (e.g. > --with-libnettle-prefix, which is essential in my environment.) It should, try 'make bootstrap ADDFLAGS=--with-libnettle-prefix=/foo/bar'. > - Issue (minor): when generating manages, "echo -n" is used in the > makefile, but -n appears not to be in the "Single Unix Specification", > so it display lines beginning with -n (and linefeed terminated) on Mac > OS X. I found some info at > http://hints.macworld.com/article.php?story=20071106192548833 It should use something like $(ECHO_N) instead. In which file is this? > - Fix: use the printf cited in the link? Or just leave things as they > are, because they work after all? If 'echo -n' does something different on Mac, does it really work? It probably won't produce the exact same man pages, which seems like a bad thing. So we should probably fix this. > - Issue (major): In file ecore_time.c, lines 47, 130, 132,137: > references to undeclared '_ecore_time_clock_id', 'CLOCK_MONOTONIC', > 'CLOCK_REALTIME' Ecore is only used for self tests, so it could safely be ignored. However there is probably some gnulib module that could be used to deal with clock stuff. > These defines are known to be missing on Mac OS X. With the tarball, > (manpages and) this file don't get compiled, so compilation does not > fail overall. Unfortunately I don't have a fix for this. Does 'make check' work for you? /Simon From alfredo.pironti at inria.fr Tue Dec 11 11:38:12 2012 From: alfredo.pironti at inria.fr (Alfredo Pironti) Date: Tue, 11 Dec 2012 11:38:12 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: <878v95zjxo.fsf@latte.josefsson.org> References: <878v95zjxo.fsf@latte.josefsson.org> Message-ID: On Mon, Dec 10, 2012 at 10:17 PM, Simon Josefsson wrote: > Alfredo Pironti writes: > >> - Issue: make bootstrap does not accept configure parameters (e.g. >> --with-libnettle-prefix, which is essential in my environment.) > > It should, try 'make bootstrap ADDFLAGS=--with-libnettle-prefix=/foo/bar'. Yes, this also works. Just some documentation in the webpage should do. > >> - Issue (minor): when generating manages, "echo -n" is used in the >> makefile, but -n appears not to be in the "Single Unix Specification", >> so it display lines beginning with -n (and linefeed terminated) on Mac >> OS X. I found some info at >> http://hints.macworld.com/article.php?story=20071106192548833 > > It should use something like $(ECHO_N) instead. In which file is this? It's doc/manpages/Makefile.am > >> - Fix: use the printf cited in the link? Or just leave things as they >> are, because they work after all? > > If 'echo -n' does something different on Mac, does it really work? It > probably won't produce the exact same man pages, which seems like a bad > thing. So we should probably fix this. I think these echo instances are mostly used to report status to the user (most of them print dots). So, instead of a line of growing dots, I get many lines of "-n ."; just annoying (if at all), but not crucial. > >> - Issue (major): In file ecore_time.c, lines 47, 130, 132,137: >> references to undeclared '_ecore_time_clock_id', 'CLOCK_MONOTONIC', >> 'CLOCK_REALTIME' > > Ecore is only used for self tests, so it could safely be ignored. > However there is probably some gnulib module that could be used to deal > with clock stuff. OK, I'll locally disable these tests, until a portable library is used (or the current one is configured, if possible) > >> These defines are known to be missing on Mac OS X. With the tarball, >> (manpages and) this file don't get compiled, so compilation does not >> fail overall. Unfortunately I don't have a fix for this. > > Does 'make check' work for you? It works on the distributed tarball, because the tests/suite tests are not run; it fails on the git clone, because these tests are enabled. Alfredo > > /Simon From nmav at gnutls.org Wed Dec 12 19:02:44 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 12 Dec 2012 19:02:44 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: References: <50C60E41.3030408@gnutls.org> Message-ID: <50C8C6C4.30805@gnutls.org> On 12/10/2012 07:44 PM, Alfredo Pironti wrote: >> We use the real time clocks in few of the tests, but they should be >> disabled in systems that don't provide them. Does make check fail on >> macosx? If yes would a patch like the attached solve the issue? > > Unfortunately, the patch didn't solve the issue. It seems the problem > is compilation of the ecore library, which gets compiled anyway, even > if eagain-cli is kept out for macosx. So it seems that either one can > compile the ecore library under macosx, or all tests depending on it > should be disabled. I don't know which one is easier. This patch should disable the ecore library as well so it should be ok. If not please try to trim it to avoid building the things that are not supported in macosx. Let me know of any changes needed in order to apply it. regards, Nikos -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.txt URL: From nmav at gnutls.org Wed Dec 12 23:42:10 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 12 Dec 2012 23:42:10 +0100 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: References: Message-ID: <50C90842.7040305@gnutls.org> On 12/11/2012 09:04 PM, Richard Stallman wrote: > Nikos, when you volunteered to maintain GNUTLS, the GNU Project > entrusted its development to you. Your contributions so far are > appreciated. However, the project GNUTLS does not belong to you. > If you want to stop doing this job, you can. If you want to develop a > fork of GNUTLS under another name, you can, since it is free software. I pretty much regret transferring all rights to FSF, but it seems there is nothing I can do to change that. If I receive a formal request from FSF I'll change the name of gnutls and continue from there. regards, Nikos From eliz at gnu.org Thu Dec 13 04:49:51 2012 From: eliz at gnu.org (Eli Zaretskii) Date: Thu, 13 Dec 2012 05:49:51 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <50C90842.7040305@gnutls.org> References: <50C90842.7040305@gnutls.org> Message-ID: <83vcc6obkw.fsf@gnu.org> > Date: Wed, 12 Dec 2012 23:42:10 +0100 > From: Nikos Mavrogiannopoulos > Cc: karl at gnu.org, johns at gnu.org, gnutls-devel at lists.gnutls.org > > On 12/11/2012 09:04 PM, Richard Stallman wrote: > > > Nikos, when you volunteered to maintain GNUTLS, the GNU Project > > entrusted its development to you. Your contributions so far are > > appreciated. However, the project GNUTLS does not belong to you. > > If you want to stop doing this job, you can. If you want to develop a > > fork of GNUTLS under another name, you can, since it is free software. > > I pretty much regret transferring all rights to FSF, but it seems there > is nothing I can do to change that. If I receive a formal request from > FSF I'll change the name of gnutls and continue from there. With all due respect to the involved parties: since you discuss this on a public list, may I ask to please publish the reasons for this schism? It is sad enough to read about such unfortunate incidents in the Free Software movement; doing so without understanding what the heck is going on is too much. TIA From wk at gnupg.org Thu Dec 13 10:01:40 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Dec 2012 10:01:40 +0100 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <83vcc6obkw.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 13 Dec 2012 05:49:51 +0200") References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> Message-ID: <87lid2coln.fsf@vigenere.g10code.de> On Thu, 13 Dec 2012 04:49, eliz at gnu.org said: > With all due respect to the involved parties: since you discuss this > on a public list, may I ask to please publish the reasons for this > schism? It is sad enough to read about such unfortunate incidents in I can't speak for Nikos, but there are pretty obvious reasons knowable to all GNU maintainers. I don't know whether you, as GDB maintainer, are subscribed and follow gnu-prog-discuss at gnu.org. We had a long discussion a year ago about the way the GNU project is managed and first of all about all of the secrecy involved there. The occasion was a request to have at least an open archive of the g-p-d list, so that non-GNU hackers would be able to learn about architectural discussions pertaining to the GNU project. Recently another discussion popped up which again was turned down by Mr. Stallman with his usual habit of, the king has spoken and you have to stop this discussion. This time it was on whether we are allowed to discuss on that still _internal list_ about possible loopholes in the GPL. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From nmav at gnutls.org Thu Dec 13 10:10:38 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 13 Dec 2012 10:10:38 +0100 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <83vcc6obkw.fsf@gnu.org> References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> Message-ID: <50C99B8E.9090204@gnutls.org> On 12/13/2012 04:49 AM, Eli Zaretskii wrote: >> I pretty much regret transferring all rights to FSF, but it seems there >> is nothing I can do to change that. If I receive a formal request from >> FSF I'll change the name of gnutls and continue from there. > With all due respect to the involved parties: since you discuss this > on a public list, may I ask to please publish the reasons for this > schism? It is sad enough to read about such unfortunate incidents in > the Free Software movement; doing so without understanding what the > heck is going on is too much. It may be fair. The main issue is that I'm tired of pretending that I'm participating to a project I am only allowed to contribute code (and not even express a different opinion). All the reasons of quiting however, accumulated through the years of participation. If I can summarized them are: (a) I felt particularly frustrated when FSF (when gnutls started around 2000) was insisting the transfer of the copyright to it, even though I had decided to transfer the copyright to FSFE (this is a very old issue but it had great influence on me as I realized that the transfer of rights was not simply for protection against copyright violations). (b) The feeling of participation in the GNU project is very low, as even expressing a different opinion in the internal mailing lists is hard if not impossible. (c) There is no process for decision making or transparency in GNU. The only existing process I saw is "Stallman said so" (this may not be bad, unless some threshold of disagreement has been reached - but then it is fair to be able to disassociate myself from the project). It is true that I did very little to change any of the above and I may have let quite some people down, but after few discussions in the internal mailing lists, I felt there is a pretty big gap between me and the project (I should distinguish here the GNU hackers from the GNU project). regards, Nikos From wk at gnupg.org Thu Dec 13 10:38:12 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Dec 2012 10:38:12 +0100 Subject: [gnutls-devel] [Richard Stallman] GNUTLS is not going anywhere Message-ID: <87zk1ib8cb.fsf@vigenere.g10code.de> [Forwarded from the old list address] -------------- next part -------------- An embedded message was scrubbed... From: Richard Stallman Subject: GNUTLS is not going anywhere Date: Tue, 11 Dec 2012 15:04:56 -0500 Size: 3741 URL: -------------- next part -------------- -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Dec 13 10:38:54 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Dec 2012 10:38:54 +0100 Subject: [gnutls-devel] [Werner Koch] Re: GNUTLS is not going anywhere Message-ID: <87vcc6b8b5.fsf@vigenere.g10code.de> [Forwarded from the old list address] -------------- next part -------------- An embedded message was scrubbed... From: Werner Koch Subject: Re: GNUTLS is not going anywhere Date: Wed, 12 Dec 2012 20:36:03 +0100 Size: 4332 URL: -------------- next part -------------- -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rms at gnu.org Thu Dec 13 11:12:35 2012 From: rms at gnu.org (Richard Stallman) Date: Thu, 13 Dec 2012 05:12:35 -0500 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <50C90842.7040305@gnutls.org> (message from Nikos Mavrogiannopoulos on Wed, 12 Dec 2012 23:42:10 +0100) References: <50C90842.7040305@gnutls.org> Message-ID: You cannot change the name of GNUTLS. It is not yours. You offered to work on it, and and we entrusted the project to you. If you want to stop, you can stop. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call From juhovh at iki.fi Thu Dec 13 13:12:47 2012 From: juhovh at iki.fi (=?utf-8?Q?Juho_V=C3=A4h=C3=A4-Herttua?=) Date: Thu, 13 Dec 2012 14:12:47 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: References: <50C90842.7040305@gnutls.org> Message-ID: On 13.12.2012, at 12.12, Richard Stallman wrote: > You cannot change the name of GNUTLS. It is not yours. > You offered to work on it, and and we entrusted the project > to you. If you want to stop, you can stop. The solution to this debate seems very simple to me, as a bystander. Nikos has already stated he does not want to work on GNUTLS under FSF, but continues to use the GNUTLS name. FSF should send Nikos a formal announcement (in the name of FSF not just RMS, no offense) of not being allowed to use the name GNUTLS any more. Nikos should start a fork of GNUTLS and operate it under a different name in case he wants to continue working on the project. Nikos can announce his fork on GNUTLS mailing list to make all willing developers to move onto his project. Now we just need to execute this chain of events. As a side note, I find Werner's accusations, as written on his blog, of FSF not defending its rights in case of GnuPG copyright violations very serious. When a copyright holder transfers their rights to FSF they also transfer their rights to defend against copyright violations. I sincerely hope thes goodwill has not been and will not be abused by FSF. However, thank you to all members of this debate of the great work you are doing. Juho From wk at gnupg.org Thu Dec 13 14:42:34 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Dec 2012 14:42:34 +0100 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: ("Juho =?utf-8?Q?V=C3=A4h=C3=A4-Herttua=22's?= message of "Thu, 13 Dec 2012 14:12:47 +0200") References: <50C90842.7040305@gnutls.org> Message-ID: <87k3smax11.fsf@vigenere.g10code.de> On Thu, 13 Dec 2012 13:12, juhovh at iki.fi said: > As a side note, I find Werner's accusations, as written on his blog, > of FSF not defending its rights in case of GnuPG copyright violations A reason here might be that the FSF does not want to get involved into non-US legal affairs. I can't know for sure; I have never seen any documents they may have exchanged in a license infringement case. But that is all off-topic and not related to gnutls. gnu-misc-discuss at gnu.org is probably better suited for such a topic. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From martin at martinpaljak.net Thu Dec 13 16:31:02 2012 From: martin at martinpaljak.net (Martin Paljak) Date: Thu, 13 Dec 2012 17:31:02 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <87k3smax11.fsf@vigenere.g10code.de> References: <50C90842.7040305@gnutls.org> <87k3smax11.fsf@vigenere.g10code.de> Message-ID: Hello, On Thu, Dec 13, 2012 at 3:42 PM, Werner Koch wrote: > On Thu, 13 Dec 2012 13:12, juhovh at iki.fi said: > >> As a side note, I find Werner's accusations, as written on his blog, >> of FSF not defending its rights in case of GnuPG copyright violations > > A reason here might be that the FSF does not want to get involved into > non-US legal affairs. I can't know for sure; I have never seen any > documents they may have exchanged in a license infringement case. Just a last OT notice (as I don't want to subscribe to another mailing list): FYI, I've had excellent experience with FSFE and Malcolm Bain in particular in (L)GPL issues. I don't really know the relation of FSF vs FSFE but maybe that's something that should be explained and explored? Martin From eliz at gnu.org Thu Dec 13 18:47:33 2012 From: eliz at gnu.org (Eli Zaretskii) Date: Thu, 13 Dec 2012 19:47:33 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <50C99B8E.9090204@gnutls.org> References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> <50C99B8E.9090204@gnutls.org> Message-ID: <83mwxhond6.fsf@gnu.org> > Date: Thu, 13 Dec 2012 10:10:38 +0100 > From: Nikos Mavrogiannopoulos > CC: rms at gnu.org, karl at gnu.org, johns at gnu.org, > gnutls-devel at lists.gnutls.org > > (a) I felt particularly frustrated when FSF (when gnutls started > around 2000) was insisting the transfer of the copyright to it, even > though I had decided to transfer the copyright to FSFE (this is a very > old issue but it had great influence on me as I realized that the > transfer of rights was not simply for protection against copyright > violations). > (b) The feeling of participation in the GNU project is very low, as even > expressing a different opinion in the internal mailing lists is hard if > not impossible. > (c) There is no process for decision making or transparency in GNU. > The only existing process I saw is "Stallman said so" > (this may not be bad, unless some threshold of disagreement has been > reached - but then it is fair to be able to disassociate myself from the > project). > > It is true that I did very little to change any of the above and I may > have let quite some people down, but after few discussions in the > internal mailing lists, I felt there is a pretty big gap between me and > the project (I should distinguish here the GNU hackers from the GNU > project). Thank you. I'm still sad, but at least now I know more about why. From eliz at gnu.org Thu Dec 13 18:52:39 2012 From: eliz at gnu.org (Eli Zaretskii) Date: Thu, 13 Dec 2012 19:52:39 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <87lid2coln.fsf@vigenere.g10code.de> References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> <87lid2coln.fsf@vigenere.g10code.de> Message-ID: <83lid1on4o.fsf@gnu.org> > From: Werner Koch > Cc: Nikos Mavrogiannopoulos , karl at gnu.org, gnutls-devel at lists.gnutls.org, rms at gnu.org, johns at gnu.org > Organisation: g10 Code GmbH > Date: Thu, 13 Dec 2012 10:01:40 +0100 > > I can't speak for Nikos, but there are pretty obvious reasons knowable > to all GNU maintainers. I doubt that "obvious" and "knowable to all" are appropriate here, since you explain below the relevant discussions were closed. > I don't know whether you, as GDB maintainer, are subscribed and > follow gnu-prog-discuss at gnu.org. I'm not. Being subscribed there is a privilege, not an obligation. > We had a long discussion a year ago about the way the GNU project is > managed and first of all about all of the secrecy involved there. > The occasion was a request to have at least an open archive of the > g-p-d list, so that non-GNU hackers would be able to learn about > architectural discussions pertaining to the GNU project. Recently > another discussion popped up which again was turned down by > Mr. Stallman with his usual habit of, the king has spoken and you > have to stop this discussion. This time it was on whether we are > allowed to discuss on that still _internal list_ about possible > loopholes in the GPL. Sorry, but since these were closed discussions, I really cannot say anything intelligent about them. I'm surprised that you expect me to know their contents somehow. Anyway, Nikos answered my question directly, for which I'm grateful. From rms at gnu.org Thu Dec 13 19:15:20 2012 From: rms at gnu.org (Richard Stallman) Date: Thu, 13 Dec 2012 13:15:20 -0500 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <83vcc6obkw.fsf@gnu.org> (message from Eli Zaretskii on Thu, 13 Dec 2012 05:49:51 +0200) References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> Message-ID: I know only what we have all read, plus the fact that the package has other contributors and another official GNU maintainer. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call From eliz at gnu.org Thu Dec 13 19:20:44 2012 From: eliz at gnu.org (Eli Zaretskii) Date: Thu, 13 Dec 2012 20:20:44 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> Message-ID: <83fw39oltv.fsf@gnu.org> > Date: Thu, 13 Dec 2012 13:15:20 -0500 > From: Richard Stallman > CC: nmav at gnutls.org, karl at gnu.org, johns at gnu.org, > gnutls-devel at lists.gnutls.org > > I know only what we have all read, plus the fact that the package > has other contributors and another official GNU maintainer. There must have been something lately that was the last straw. There always is. From wk at gnupg.org Thu Dec 13 22:09:36 2012 From: wk at gnupg.org (Werner Koch) Date: Thu, 13 Dec 2012 22:09:36 +0100 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <83lid1on4o.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 13 Dec 2012 19:52:39 +0200") References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> <87lid2coln.fsf@vigenere.g10code.de> <83lid1on4o.fsf@gnu.org> Message-ID: <87ip85acbz.fsf@vigenere.g10code.de> On Thu, 13 Dec 2012 18:52, eliz at gnu.org said: >> I can't speak for Nikos, but there are pretty obvious reasons knowable >> to all GNU maintainers. > > I doubt that "obvious" and "knowable to all" are appropriate here, > since you explain below the relevant discussions were closed. I wrote "knowable to all GNU maintainers". > I'm not. Being subscribed there is a privilege, not an obligation. GNU maintainers are expected to be subscribed to gnu-prog-discuss; well at least to the read-only gnu-prog list. > Sorry, but since these were closed discussions, I really cannot say > anything intelligent about them. I'm surprised that you expect me to > know their contents somehow. It is yet another example of the GNU project's management deficit that not all maintainers are aware of that list. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rms at gnu.org Fri Dec 14 04:00:08 2012 From: rms at gnu.org (Richard Stallman) Date: Thu, 13 Dec 2012 22:00:08 -0500 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: (message from Martin Paljak on Thu, 13 Dec 2012 17:31:02 +0200) References: <50C90842.7040305@gnutls.org> <87k3smax11.fsf@vigenere.g10code.de> Message-ID: We have staff for GPL enforcement, and they do their best, but there are so many violations that they can't take action on all. I will investigate what happened with the GPG violation in Europe. The FSF and FSFE are sister organizations. We made an agreement about cooperation, which gives the FSF the job of holding of copyright for GNU packages; FSFE cannot do this. However, FSFE can work with us to address violations in Europe and we would be glad to do this. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call From nmav at gnutls.org Fri Dec 14 09:39:22 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 14 Dec 2012 09:39:22 +0100 Subject: [gnutls-devel] gnutls is moving In-Reply-To: <20121213181411.GA3723@downhill.g.la> References: <50C5CF8E.6090100@gnutls.org> <20121213181411.GA3723@downhill.g.la> Message-ID: On Thu, Dec 13, 2012 at 7:14 PM, Andreas Metzler wrote: > [...] >> - help-gnutls -> gnutls-help at lists.gnutls.org >> - gnutls-devel -> gnutls-devel at lists.gnutls.org >> - gnutls-commit -> gnutls-commits at lists.gnutls.org > [...] > > Hello, > The DNS setup for lists.gnutls.org is broken, one of the nameservers > returns NXDOMAIN: [...] > Host lists.gnutls.org. not found: 3(NXDOMAIN) Hello Andreas, Do you still have this issue? I just tried and I get: $ host lists.gnutls.org. dns3.easydns.ca. lists.gnutls.org has address 217.69.76.57 lists.gnutls.org mail is handled by 0 mx.easymail.ca. It could have been a temporary issue... regards, Nikos From eliz at gnu.org Fri Dec 14 14:18:27 2012 From: eliz at gnu.org (Eli Zaretskii) Date: Fri, 14 Dec 2012 15:18:27 +0200 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <87ip85acbz.fsf@vigenere.g10code.de> References: <50C90842.7040305@gnutls.org> <83vcc6obkw.fsf@gnu.org> <87lid2coln.fsf@vigenere.g10code.de> <83lid1on4o.fsf@gnu.org> <87ip85acbz.fsf@vigenere.g10code.de> Message-ID: <831uesojq4.fsf@gnu.org> > From: Werner Koch > Cc: nmav at gnutls.org, karl at gnu.org, gnutls-devel at lists.gnutls.org, rms at gnu.org, johns at gnu.org > Organisation: g10 Code GmbH > Date: Thu, 13 Dec 2012 22:09:36 +0100 > > On Thu, 13 Dec 2012 18:52, eliz at gnu.org said: > > >> I can't speak for Nikos, but there are pretty obvious reasons knowable > >> to all GNU maintainers. > > > > I doubt that "obvious" and "knowable to all" are appropriate here, > > since you explain below the relevant discussions were closed. > > I wrote "knowable to all GNU maintainers". Yes, that's what I meant. > > I'm not. Being subscribed there is a privilege, not an obligation. > > GNU maintainers are expected to be subscribed to gnu-prog-discuss; well > at least to the read-only gnu-prog list. > > > Sorry, but since these were closed discussions, I really cannot say > > anything intelligent about them. I'm surprised that you expect me to > > know their contents somehow. > > It is yet another example of the GNU project's management deficit that > not all maintainers are aware of that list. I don't know how you arrive at that conclusion. For the record: they suggested to subscribe me, I said no thanks. End of story. If this is evidence about something or someone, it's about me, not about the GNU project. From alfredo.pironti at inria.fr Fri Dec 14 16:25:30 2012 From: alfredo.pironti at inria.fr (Alfredo Pironti) Date: Fri, 14 Dec 2012 16:25:30 +0100 Subject: [gnutls-devel] Problems compiling from git on Mac OS X In-Reply-To: <50C8C6C4.30805@gnutls.org> References: <50C60E41.3030408@gnutls.org> <50C8C6C4.30805@gnutls.org> Message-ID: > This patch should disable the ecore library as well so it should be ok. > If not please try to trim it to avoid building the things that are not > supported in macosx. Let me know of any changes needed in order to apply it. Thank you. This patch works fine. Best, Alfredo > > regards, > Nikos > > > > From ametzler at downhill.at.eu.org Fri Dec 14 18:59:56 2012 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Fri, 14 Dec 2012 18:59:56 +0100 Subject: [gnutls-devel] gnutls is moving In-Reply-To: References: <50C5CF8E.6090100@gnutls.org> <20121213181411.GA3723@downhill.g.la> Message-ID: <20121214175956.GA3149@downhill.g.la> On 2012-12-14 Nikos Mavrogiannopoulos wrote: > On Thu, Dec 13, 2012 at 7:14 PM, Andreas Metzler >> Host lists.gnutls.org. not found: 3(NXDOMAIN) > Hello Andreas, > Do you still have this issue? [...] > It could have been a temporary issue... Hello, It seems to be fixed now. thanks, cu andreas From home_pw at msn.com Sat Dec 15 08:14:00 2012 From: home_pw at msn.com (Peter Williams) Date: Sat, 15 Dec 2012 07:14:00 +0000 Subject: [gnutls-devel] =?utf-8?q?GNUTLS_is_not_going_anywhere?= Message-ID: the claim of trust relationship to control folks seems suspect. The exploitation of usury obligations (entrusting), as a means of curtailing freedom of people, is somewhat contentious. Free software without free people is about as bogus as all men are born free - since we all know that they can still be constitutionally enslaved 1s after birth (if black, colored, or non-white etc). Even if you discard slavery, rules can be practised by millions of folks, now 70-80 years old- so discrimination perfects almost the same effect. Sent from Windows Mail From: Richard Stallman Sent: ?December? ?13?, ?2012 ?3?:?23? ?AM To: Nikos Mavrogiannopoulos CC: karl at gnu.org, johns at gnu.org, gnutls-devel at lists.gnutls.org Subject: Re: [gnutls-devel] GNUTLS is not going anywhere You cannot change the name of GNUTLS. It is not yours. You offered to work on it, and and we entrusted the project to you. If you want to stop, you can stop. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call _______________________________________________ Gnutls-devel mailing list Gnutls-devel at lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From INVALID.NOREPLY at gnu.org Sat Dec 15 11:15:37 2012 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 15 Dec 2012 10:15:37 +0000 Subject: [gnutls-devel] [sr #108206] certtool --generate-request error handling In-Reply-To: <20121213-064336.sv89344.47694@savannah.gnu.org> References: <20121213-064336.sv89344.47694@savannah.gnu.org> Message-ID: <20121215-121537.sv707.63699@savannah.gnu.org> Update of sr #108206 (project gnutls): Status: None => Done Assigned to: None => nmav _______________________________________________________ Follow-up Comment #1: Thanks for the suggestion. I've committed a fix which will be included in the next release. _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From rms at gnu.org Sat Dec 15 20:46:57 2012 From: rms at gnu.org (Richard Stallman) Date: Sat, 15 Dec 2012 14:46:57 -0500 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: (message from Peter Williams on Sat, 15 Dec 2012 07:14:00 +0000) References: Message-ID: The exploitation of usury obligations (entrusting), as a means of curtailing freedom of people, is somewhat contentious. I agree with you. GNUTLS is free software, so anyone who has a copy is free to develop it and redistribute it under the free licenses it uses. We decided at the outset, based on our principles, not to try to control how other people use it or develop it. We make some decisions about how to do things within the GNU Project, but that does not impose control over anyone in particular, since nobody has to participate. People can change and use GNUTLS outside the GNU Project. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call From INVALID.NOREPLY at gnu.org Sat Dec 15 23:59:26 2012 From: INVALID.NOREPLY at gnu.org (Daniel Black) Date: Sat, 15 Dec 2012 22:59:26 +0000 Subject: [gnutls-devel] [sr #108206] certtool --generate-request error handling In-Reply-To: <20121215-121537.sv707.63699@savannah.gnu.org> References: <20121213-064336.sv89344.47694@savannah.gnu.org> <20121215-121537.sv707.63699@savannah.gnu.org> Message-ID: <20121215-225926.sv89344.53053@savannah.gnu.org> Follow-up Comment #2, sr #108206 (project gnutls): thanks for the fix. Much appreciated. https://gitorious.org/gnutls/gnutls/commit/cd390b7632c032adeead5926ccf484d204203133/diffs/e1b658a4ef4762b66c23f6fc1967f29c67e60257 Daniel (to become less of a failed certtool user) _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From johns at fsf.org Sat Dec 15 00:48:39 2012 From: johns at fsf.org (John Sullivan) Date: Fri, 14 Dec 2012 18:48:39 -0500 Subject: [gnutls-devel] GNUTLS is not going anywhere In-Reply-To: <87k3smax11.fsf@vigenere.g10code.de> (Werner Koch's message of "Thu, 13 Dec 2012 14:42:34 +0100") References: <50C90842.7040305@gnutls.org> <87k3smax11.fsf@vigenere.g10code.de> Message-ID: <87hanlkvu5.fsf@myles.home.wjsullivan.net> (Resending so it makes it to the list; I wasn't subscribed the first time.) Werner Koch writes: > On Thu, 13 Dec 2012 13:12, juhovh at iki.fi said: > >> As a side note, I find Werner's accusations, as written on his blog, >> of FSF not defending its rights in case of GnuPG copyright violations > > A reason here might be that the FSF does not want to get involved into > non-US legal affairs. I can't know for sure; I have never seen any > documents they may have exchanged in a license infringement case. But > that is all off-topic and not related to gnutls. > gnu-misc-discuss at gnu.org is probably better suited for such a topic. > We do get involved outside the US. A quick and dirty survey of our cases both open and resolved turned up Germany, France, UK, Canada, and Singapore. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at . From martin at martin.st Mon Dec 17 23:32:50 2012 From: martin at martin.st (Martin Storsjo) Date: Tue, 18 Dec 2012 00:32:50 +0200 Subject: [gnutls-devel] [PATCH] Fix docs for gnutls_transport_set_pull_timeout_function Message-ID: <1355783570-84249-1-git-send-email-martin@martin.st> The timeout function returns int, not ssize_t. --- lib/system_override.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/system_override.c b/lib/system_override.c index df8c094..20d2ada 100644 --- a/lib/system_override.c +++ b/lib/system_override.c @@ -97,7 +97,7 @@ gnutls_transport_set_pull_function (gnutls_session_t session, * The callback function is used in DTLS only. * * @gnutls_pull_timeout_func is of the form, - * ssize_t (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); + * int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); * * Since: 3.0 **/ -- 1.7.9.4 From nmav at gnutls.org Tue Dec 18 10:25:12 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 18 Dec 2012 11:25:12 +0200 Subject: [gnutls-devel] [PATCH] Fix docs for gnutls_transport_set_pull_timeout_function In-Reply-To: <1355783570-84249-1-git-send-email-martin@martin.st> References: <1355783570-84249-1-git-send-email-martin@martin.st> Message-ID: Applied. Thanks. On Tue, Dec 18, 2012 at 12:32 AM, Martin Storsjo wrote: > The timeout function returns int, not ssize_t. > --- > lib/system_override.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/system_override.c b/lib/system_override.c > index df8c094..20d2ada 100644 > --- a/lib/system_override.c > +++ b/lib/system_override.c > @@ -97,7 +97,7 @@ gnutls_transport_set_pull_function (gnutls_session_t session, > * The callback function is used in DTLS only. > * > * @gnutls_pull_timeout_func is of the form, > - * ssize_t (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); > + * int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); > * > * Since: 3.0 > **/ > -- > 1.7.9.4 > > > _______________________________________________ > Gnutls-devel mailing list > Gnutls-devel at lists.gnutls.org > http://lists.gnupg.org/mailman/listinfo/gnutls-devel From ametzler at downhill.at.eu.org Tue Dec 18 19:42:57 2012 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Tue, 18 Dec 2012 19:42:57 +0100 Subject: [gnutls-devel] gnutls is moving In-Reply-To: References: <50C5CF8E.6090100@gnutls.org> <20121213181411.GA3723@downhill.g.la> Message-ID: <20121218184257.GC3643@downhill.g.la> On 2012-12-14 Nikos Mavrogiannopoulos wrote: > On Thu, Dec 13, 2012 at 7:14 PM, Andreas Metzler > wrote: [...] > > Host lists.gnutls.org. not found: 3(NXDOMAIN) > Hello Andreas, > Do you still have this issue? I just tried and I get: > $ host lists.gnutls.org. dns3.easydns.ca. > lists.gnutls.org has address 217.69.76.57 > lists.gnutls.org mail is handled by 0 mx.easymail.ca. It just happened again: Using domain server: Name: dns3.easydns.ca. Address: 64.68.196.10#53 Aliases: Host lists.gnutls.org. not found: 3(NXDOMAIN) cu andreas From martin at martin.st Thu Dec 20 00:20:00 2012 From: martin at martin.st (Martin Storsjo) Date: Thu, 20 Dec 2012 01:20:00 +0200 Subject: [gnutls-devel] [PATCH] Don't match further SRTP profiles after one match has been found Message-ID: <1355959200-47906-1-git-send-email-martin@martin.st> This makes SRTP profile matching more straightforward and intuitive, when the first matching SRTP profile will be the one selected, not the last one as before. --- This makes the client's profile list order decide which one is chosen if multiple profiles match. Alternatively, the server could select the profile depending on the order of its own list, but that would be slightly more complicated. --- lib/ext/srtp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c index 95d7a3f..8474aa8 100644 --- a/lib/ext/srtp.c +++ b/lib/ext/srtp.c @@ -208,12 +208,14 @@ _gnutls_srtp_recv_params (gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } + priv->selected_profile = 0; + while (len > 0) { DECR_LEN (data_size, 2); profile = _gnutls_read_uint16 (p); - for (i = 0; i < priv->profiles_size;i++) + for (i = 0; i < priv->profiles_size && priv->selected_profile == 0; i++) { if (priv->profiles[i] == profile) { -- 1.7.9.4 From nmav at gnutls.org Thu Dec 20 09:49:56 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 20 Dec 2012 10:49:56 +0200 Subject: [gnutls-devel] Unable to connect to https server using wget/curl with gnutls (or openssl) In-Reply-To: <87pq25sqfc.fsf@samograd.ca> References: <87pq25sqfc.fsf@samograd.ca> Message-ID: On Wed, Dec 19, 2012 at 11:05 PM, Burton Samograd wrote: > Hello, > > I am having problems connecting to an HTTPS server using gnutls through > wget, curl and emacs. I have contacted the company and they claim that > it must be a problem with my SSL implementation, so I am looking into > it. I would like to not that this problem is not specific to gnutls; I > have built a version of curl that uses only libssl (openssl) and I still > have problems connecting to their server. > > Starting from the beginning, when I try to connect to their server using > wget I get a 'Unable to establish SSL connection':: > =================================================================================== > > Looking further I used gnutls-cli: > =================================================================================== > ~ $ gnutls-cli -d 4 demoweb.efxnow.com > I found that "A TLS packet with unexpected length was recieved." could > also mean that the other side forcibly closed the connection. It most probably mean that their implementation doesn't understand extensions or so. > Finally with gnutls-cli-debug: > > =================================================================================== > ~ $ gnutls-cli-debug -d 4 demoweb.efxnow.com This should have been less verbose. > Checking whether %COMPAT is required... yes It means that you should use gnutls-cli --priority NORMAL:%COMPAT in order to connect to this server. This server probably cannot parse random padding or so. This is common in custom new implementations. regards, Nikos From martin at martin.st Thu Dec 20 10:54:09 2012 From: martin at martin.st (=?ISO-8859-15?Q?Martin_Storsj=F6?=) Date: Thu, 20 Dec 2012 11:54:09 +0200 (EET) Subject: [gnutls-devel] [PATCH] Don't match further SRTP profiles after one match has been found In-Reply-To: <1355959200-47906-1-git-send-email-martin@martin.st> References: <1355959200-47906-1-git-send-email-martin@martin.st> Message-ID: On Thu, 20 Dec 2012, Martin Storsjo wrote: > This makes SRTP profile matching more straightforward and intuitive, > when the first matching SRTP profile will be the one selected, not > the last one as before. > > --- > > This makes the client's profile list order decide which one is chosen > if multiple profiles match. Alternatively, the server could select > the profile depending on the order of its own list, but that would be > slightly more complicated. FWIW, OpenSSL seems to do it the other way around - the server picks the one with the highest priority according to its own list, regardless of the order sent by the client. // Martin From martin at martin.st Thu Dec 20 11:21:25 2012 From: martin at martin.st (Martin Storsjo) Date: Thu, 20 Dec 2012 12:21:25 +0200 Subject: [gnutls-devel] [PATCH] Pick the matching SRTP profile with the highest priority according to the server Message-ID: <1355998885-54406-1-git-send-email-martin@martin.st> --- This is the alternative way of matching, similar to how OpenSSL seems to do it. Now the order of profile suggestions from the client doesn't matter, only the order of profiles at the server. Nikos, you can choose which version you think makes more sense, I don't really have too much of an opinion about it. Currently, the code picks the last one to match which isn't too good though. --- lib/ext/srtp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c index 95d7a3f..026663d 100644 --- a/lib/ext/srtp.c +++ b/lib/ext/srtp.c @@ -173,7 +173,7 @@ static int _gnutls_srtp_recv_params (gnutls_session_t session, const uint8_t *data, size_t _data_size) { - unsigned int i; + unsigned int i, match_index; int ret; const uint8_t *p = data; int len; @@ -208,6 +208,8 @@ _gnutls_srtp_recv_params (gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } + priv->selected_profile = 0; + while (len > 0) { DECR_LEN (data_size, 2); @@ -217,7 +219,11 @@ _gnutls_srtp_recv_params (gnutls_session_t session, { if (priv->profiles[i] == profile) { - priv->selected_profile = profile; + if (priv->selected_profile == 0 || i < match_index) + { + priv->selected_profile = profile; + match_index = i; + } break; } } -- 1.7.9.4 From tim.ruehsen at gmx.de Thu Dec 20 13:01:59 2012 From: tim.ruehsen at gmx.de (Tim Ruehsen) Date: Thu, 20 Dec 2012 13:01:59 +0100 Subject: [gnutls-devel] Unable to connect to https server using wget/curl with gnutls (or openssl) In-Reply-To: References: <87pq25sqfc.fsf@samograd.ca> Message-ID: <201212201301.59936.tim.ruehsen@gmx.de> > > Hello, > > > > I am having problems connecting to an HTTPS server using gnutls through > > wget, curl and emacs. I have contacted the company and they claim that > > it must be a problem with my SSL implementation, so I am looking into > > it. I would like to not that this problem is not specific to gnutls; I > > have built a version of curl that uses only libssl (openssl) and I still > > have problems connecting to their server. > > > > Starting from the beginning, when I try to connect to their server using > > wget I get a 'Unable to establish SSL connection':: > > ========================================================================= > > ========== > > > > Looking further I used gnutls-cli: > > ========================================================================= > > ========== ~ $ gnutls-cli -d 4 demoweb.efxnow.com > > I found that "A TLS packet with unexpected length was recieved." could > > also mean that the other side forcibly closed the connection. > > It most probably mean that their implementation doesn't understand > extensions or so. > > > Finally with gnutls-cli-debug: > > > > ========================================================================= > > ========== ~ $ gnutls-cli-debug -d 4 demoweb.efxnow.com > > This should have been less verbose. > > > Checking whether %COMPAT is required... yes > > It means that you should use gnutls-cli --priority NORMAL:%COMPAT in > order to connect to this server. This server probably cannot parse > random padding or so. This is common in custom new implementations. You would need NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0 in this case. Wget --secure-protocol=SSLv3 is broken at the moment. I send will send a patch. Meanwhile it would work with Mget, see https://github.com/rockdaboot/mget. Regards, Tim R?hsen From martin at martin.st Thu Dec 20 14:03:40 2012 From: martin at martin.st (Martin Storsjo) Date: Thu, 20 Dec 2012 15:03:40 +0200 Subject: [gnutls-devel] [PATCH] Fix the parameter name to gnutls_key_generate Message-ID: <1356008620-90810-1-git-send-email-martin@martin.st> --- lib/crypto-api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 3bf2efe..74916d2 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -517,7 +517,7 @@ gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, * created key. * @key_size: The number of bytes of the key. * - * Generates a random key of @key_bytes size. + * Generates a random key of @key_size bytes. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an * error code. -- 1.7.9.4 From nmav at gnutls.org Fri Dec 21 00:17:24 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 21 Dec 2012 01:17:24 +0200 Subject: [gnutls-devel] [PATCH] Fix the parameter name to gnutls_key_generate In-Reply-To: <1356008620-90810-1-git-send-email-martin@martin.st> References: <1356008620-90810-1-git-send-email-martin@martin.st> Message-ID: Thanks, applied! On Thu, Dec 20, 2012 at 3:03 PM, Martin Storsjo wrote: > --- > lib/crypto-api.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/crypto-api.c b/lib/crypto-api.c > index 3bf2efe..74916d2 100644 > --- a/lib/crypto-api.c > +++ b/lib/crypto-api.c > @@ -517,7 +517,7 @@ gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, > * created key. > * @key_size: The number of bytes of the key. > * > - * Generates a random key of @key_bytes size. > + * Generates a random key of @key_size bytes. > * > * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an > * error code. > -- > 1.7.9.4 > > > _______________________________________________ > Gnutls-devel mailing list > Gnutls-devel at lists.gnutls.org > http://lists.gnupg.org/mailman/listinfo/gnutls-devel From nmav at gnutls.org Fri Dec 21 00:20:32 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 21 Dec 2012 01:20:32 +0200 Subject: [gnutls-devel] [PATCH] Don't match further SRTP profiles after one match has been found In-Reply-To: References: <1355959200-47906-1-git-send-email-martin@martin.st> Message-ID: On Thu, Dec 20, 2012 at 11:54 AM, Martin Storsj? wrote: >> This makes SRTP profile matching more straightforward and intuitive, >> when the first matching SRTP profile will be the one selected, not >> the last one as before. > FWIW, OpenSSL seems to do it the other way around - the server picks the one > with the highest priority according to its own list, regardless of the order > sent by the client. In TLS typically the client sets the priorities. However in gnutls there is a server_precedence options to allow the server to select. You may have both ways by checking the variable session->internals.priorities.server_precedence. regards, Nikos From nmav at gnutls.org Fri Dec 21 00:27:41 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 21 Dec 2012 01:27:41 +0200 Subject: [gnutls-devel] [PATCH] Pick the matching SRTP profile with the highest priority according to the server In-Reply-To: <1355998885-54406-1-git-send-email-martin@martin.st> References: <1355998885-54406-1-git-send-email-martin@martin.st> Message-ID: On Thu, Dec 20, 2012 at 12:21 PM, Martin Storsjo wrote: > --- > > This is the alternative way of matching, similar to how OpenSSL seems > to do it. Now the order of profile suggestions from the client doesn't > matter, only the order of profiles at the server. > > Nikos, you can choose which version you think makes more sense, I > don't really have too much of an opinion about it. Currently, the > code picks the last one to match which isn't too good though. Hey Martin, I've now applied the first version. If you send an updated to account for server precedence I'll update it. regards, Nikos From nmav at gnutls.org Fri Dec 21 10:48:55 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 21 Dec 2012 11:48:55 +0200 Subject: [gnutls-devel] [gnutls-help] gnutls is moving In-Reply-To: <20121221011931.GA69236@redoubt.spodhuis.org> References: <50C5CF8E.6090100@gnutls.org> <50C60F37.6080605@gnutls.org> <20121221011931.GA69236@redoubt.spodhuis.org> Message-ID: On Fri, Dec 21, 2012 at 3:19 AM, Phil Pennock wrote: > On 2012-12-10 at 17:35 +0100, Nikos Mavrogiannopoulos wrote: >> Unfortunately not. I'll send more details on this list in the next days. > > This incident has made Linux Weekly News. If any of the GnuTLS devs are > not LWN subscribers, ping me and I'll send you a SubscriberLink so you > can see the article (and comments) now, instead of next week when the > article is opened to the general public. Hello Phil, Thanks that's a nice article. The reason I've not sent any updates is because there is some negotiation going on, that hopefully will prevent any fork of the project. More about it when it is complete (one way or an other). regards, Nikos From martin at martin.st Fri Dec 21 10:58:37 2012 From: martin at martin.st (=?ISO-8859-15?Q?Martin_Storsj=F6?=) Date: Fri, 21 Dec 2012 11:58:37 +0200 (EET) Subject: [gnutls-devel] [PATCH] Don't match further SRTP profiles after one match has been found In-Reply-To: References: <1355959200-47906-1-git-send-email-martin@martin.st> Message-ID: On Fri, 21 Dec 2012, Nikos Mavrogiannopoulos wrote: > On Thu, Dec 20, 2012 at 11:54 AM, Martin Storsj? wrote: >>> This makes SRTP profile matching more straightforward and intuitive, >>> when the first matching SRTP profile will be the one selected, not >>> the last one as before. >> FWIW, OpenSSL seems to do it the other way around - the server picks the one >> with the highest priority according to its own list, regardless of the order >> sent by the client. > > In TLS typically the client sets the priorities. However in gnutls > there is a server_precedence options to allow the server to select. > You may have both ways by checking the variable > session->internals.priorities.server_precedence. Right - I don't think it will be necessary to make this configurable here though. // Martin From kikuchi at lepidum.co.jp Fri Dec 28 12:03:43 2012 From: kikuchi at lepidum.co.jp (KIKUCHI Masashi) Date: Fri, 28 Dec 2012 20:03:43 +0900 Subject: [gnutls-devel] RSAES-PKCS1-v1_5 incompatible behavior Message-ID: <50DD7C8F.9020806@lepidum.co.jp> Hello, I sent this mail to bugs at gnutls.org yesterday but I received following error message. So, I re-send it to this ML. > You need to subscribe in order to post to this mailing list. > > http://lists.gnutls.org/mailman/listinfo/gnutls-devel GnuTLS server randomly sends illformed 'public-key-encrypted' data. RSAES-PKCS1-v1_5(RFC2437 7.2.1 Encryption operation) says: > 2. Convert the encoded message EM to an integer message > representative m: m = OS2IP (EM) > > 3. Apply the RSAEP encryption primitive (Section 5.1.1) to the public > key (n, e) and the message representative m to produce an integer > ciphertext representative c: c = RSAEP ((n, e), m) > > 4. Convert the ciphertext representative c to a ciphertext C of > length k octets: C = I2OSP (c, k) The implementation in GnuTLS uses "length m" instead of "length k". When the leading byte of "m" is zero, these two length does not match. http://git.savannah.gnu.org/cgit/gnutls.git/tree/lib/nettle/pk.c?id=gnutls_3_1_5#n224 This results illformed 'public-key-encrypted' data and random handshake failure. Next, the implementation of decryption conversely uses "length C" instead of "length k" and does not check RSAES-PKCS1-V1_5-DECRYPT Step 1: > 1. If the length of the ciphertext C is not k octets, output > "decryption error" and stop. http://git.savannah.gnu.org/cgit/gnutls.git/tree/lib/nettle/pk.c?id=gnutls_3_1_5#n270 This results in hiding the former bug when client and server are both GnuTLS. There are same problems in sign/verify functions. To reproduce this handshake failure, use GnuTLS client and OpenSSL server and run many handshakes (> 256 times). This is OpenSSL log message when GnuTLS sends wrong signature. > 3075704456:error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length:rsa_sign.c:175: > 3075704456:error:1408807B:SSL routines:SSL3_GET_CERT_VERIFY:bad signature:s3_srvr.c:3049: Regards, From nmav at gnutls.org Fri Dec 28 13:18:17 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 28 Dec 2012 14:18:17 +0200 Subject: [gnutls-devel] RSAES-PKCS1-v1_5 incompatible behavior In-Reply-To: <50DD7C8F.9020806@lepidum.co.jp> References: <50DD7C8F.9020806@lepidum.co.jp> Message-ID: On Fri, Dec 28, 2012 at 1:03 PM, KIKUCHI Masashi wrote: > Hello, > > I sent this mail to bugs at gnutls.org yesterday but I received following > error message. So, I re-send it to this ML. >> You need to subscribe in order to post to this mailing list. It seems I need to tweak some settings in the ML. > GnuTLS server randomly sends illformed 'public-key-encrypted' data. [...] > The implementation in GnuTLS uses "length m" instead of "length k". > When the leading byte of "m" is zero, these two length does not match. > http://git.savannah.gnu.org/cgit/gnutls.git/tree/lib/nettle/pk.c?id=gnutls_3_1_5#n224 I've committed this patch which should solve that issue. I'll check it further after holidays. https://gitorious.org/gnutls/gnutls/commit/7730c6cba3e4d5e1d2c4acf3f433125910635a6e Thank you for reporting that. regards, Nikos