From gnutls-devel at lists.gnutls.org Mon Apr 1 07:25:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 05:25:56 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: Hm, I have missed that tests/suite does not run for release builds. Still imho the handling of missing test deps seems to be incongruent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965#note_155898213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:13:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:13:09 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: Indeed we are inconsistent. The "policy" of skipping tests when missing applications was kind of since the beginning. However, I was aware of cases where we missed tests during rebuild of images (e.g., because something went out of the minimal system). So you are right, though I think we should re-consider this policy, so maybe an issue to reconsider the exit 77 blanket policy may be more appropriate. I'll open one. About this specific fix, how is it triggered? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965#note_155917471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:16:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:16:23 +0000 Subject: [gnutls-devel] GnuTLS | Reconsider policy of skipping tests (#746) References: Message-ID: New Issue was created. Issue 746: https://gitlab.com/gnutls/gnutls/issues/746 Author: Nikos Mavrogiannopoulos Assignee: Currently we can skip tests in testsuite if dependent applications are not installed. That may have the effect that when new images are added in the CI, or during the rebuild of new images some components no longer get included, we will not detect the testing regression. As such I'd like to propose to not skip tests on missing applications, but rather to make them configurable via configure.ac. We could also differentiate the policy between - tests/suite (which is run only during CI) - tests/ (which is run on installed systems and CI) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:16:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:16:39 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: I've opened #746 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965#note_155918354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:18:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:18:25 +0000 Subject: [gnutls-devel] GnuTLS | Reconsidering use of VLAs and alloca() (#684) In-Reply-To: References: Message-ID: I'm adding the 3_6_x flag to remove the alloca in guile/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_155918790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:19:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:19:37 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#744) In-Reply-To: References: Message-ID: Done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/744#note_155919072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:19:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:19:38 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#744) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #744: https://gitlab.com/gnutls/gnutls/issues/744 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:21:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:21:20 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from julian.klode@canonical.com): spurious (?) failure: gnutls 3.6.5 FAIL tls13/post-handshake-with-cert (exit status: 1) (#652) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #652: https://gitlab.com/gnutls/gnutls/issues/652 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:28:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:28:07 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Unfortunately the `libgnu_gpl` linking is not an option because the library is supposed to be lgpl. How can one reproduce that issue? The CI doesn't seem to catch it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_155921684 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:29:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:29:52 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: I think adding the upstream as remote is the less error prone; on personal forks there is not much incentive to keep an up-to-date master so we may not be able to rely on it being recent or even existing at all. @rockdaboot what do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_155922192 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:38:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:38:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: I wonder why the LGTM pipelines did not start on this MR. Is your fork up-to-date? Other than that it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_155926603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 09:39:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 07:39:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Merge Request !966 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/966 Project:Branches: ametzler/gnutls:tmp-ametzler-gcc9-build-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 10:09:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 08:09:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Back at Hamburg, didn't really get much sleep the last nights... (so don't bash me for any nonsense ;-)) Adding upstream as remote is a very good idea. Assuming that a MR is to be merged into upstream master (which it normally is) we could even rebase the current branch on upstream/master (if it fails - also good). On success we should have a defined state for signature checking. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_155936513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 10:48:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 08:48:23 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: @Hubert Please attach your config.log. And could you test if you use `../gl/libgnu.la` as last in the list for `libgnutls_la_LIBADD` (without adding libgnu_gpl.la) ? @Nikos It would only happen when inet_pton() is missing in system libraries. But in that case we also have `rpl_inet_pton()` in `../gl/libgnu.la`. So adding libgnu_gpl.la shouldn't make a difference - except the order of files for `libgnutls_la_LIBADD` matters. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_155953744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 11:20:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 09:20:44 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: @simo5 I made a few changes to `check_if_signed` with using upstream as remote. But also found and fixed a small issue with `set -e` and `grep`. Could you review / test ? [check_if_signed](/uploads/dbfd310a3a4901a6763696efd06b68e0/check_if_signed) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_155967303 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 11:33:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 09:33:00 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: This happens when trying to build [rtmp](http://repo.or.cz/rtmpdump.git) and link it with gnutls. But it happens only with the released tarball, using git checkout from here with the dreaded bootstrap step works fine, always has. So I think there is something wrong with the tarball only , gl/inet_pton.c is definitely not inside, only in gl/tests/, is that correct at all? I've also checked with nm + ar, and inet_pton is missing in the final libgnutls.a, no such string, with or without rpl_ in front .. I'm currently at work and don't have much time, but I will try to produce something ... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_155973549 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 12:46:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 10:46:51 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Here's config.log from gnutls with tarball 3.6.7 [config_gnutls.log.gz](/uploads/39697acfddb2b1dfa0131f4d5b15c34f/config_gnutls.log.gz) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156001077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 12:48:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 10:48:22 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: @rockdaboot you re-added `set -e` and that would make `if test $? -ne 0; then` non-functional. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156001529 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 13:50:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 11:50:10 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Here's logfile from trying to build rtmp with it. [ab-suite.install.rtmp.log.gz](/uploads/bb8b79827085244d020f4a59f0c14c43/ab-suite.install.rtmp.log.gz) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156024971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 13:58:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 11:58:31 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 14:45:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 12:45:12 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: I did now what Tim said: `sed -i 's|libgnutls_extras.la|& ../gl/libgnu.la|' lib/Makefile.am` `rm -f configure` `do_autoreconf` and that compiles but resulting lib still has: `$ nm libgnutls.a | grep pton` ` U rpl_inet_pton` ` U rpl_inet_pton` `me at host /trunk/local64/lib` while it should have (a working compile from git): `$ nm libgnutls.a | grep pton` `inet_pton.o:` ` U __imp_inet_pton` `0000000000000000 T rpl_inet_pton` ` U rpl_inet_pton` ` U rpl_inet_pton` `me at host /trunk/local64/lib` Attaching log from gnutls compile.[config_gnutls_tim.log.gz](/uploads/0651ad85b941964e4eb123da41b45e7e/config_gnutls_tim.log.gz) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156049932 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 14:45:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 12:45:58 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Please ignore the `libgnu_gpl.la` workaround, it only works for static builds and was me being confused with the different gnulib sub-directories. I don't have the logs at hand, but I'm cross-compiling with mingw and a simple test program is enough to trigger the issue: ```c #include int main(int argc, char *argv[]) { (void)argc; (void)argv; gnutls_global_init (); gnutls_global_deinit (); return 0; } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156050566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 14:49:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 12:49:23 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: > gl/inet_pton.c is definitely not inside [the tarball] It really isn't there - that seems to be the problem. And building the tarball manually here (make dist) *has* it included. ``` # official tarball $ tar tvf /tmp/gnutls-3.6.7.tar.xz|grep pton -rw-r--r-- 0/0 6907 2019-01-11 07:40 gnutls-3.6.7/src/gl/inet_pton.c -rw-r--r-- 0/0 2195 2019-01-11 07:40 gnutls-3.6.7/m4/inet_pton.m4 -rw-r--r-- 0/0 6907 2019-01-11 07:40 gnutls-3.6.7/gl/tests/inet_pton.c -rw-r--r-- 0/0 1752 2019-01-11 07:40 gnutls-3.6.7/gl/tests/test-inet_pton.c # my tarball $ tar tvf gnutls-3.6.7.tar.xz|grep pton -rw-r--r-- 0/0 2195 2019-01-02 09:58 gnutls-3.6.7/m4/inet_pton.m4 -rw-r--r-- 0/0 6907 2019-01-02 09:58 gnutls-3.6.7/src/gl/inet_pton.c -rw-r--r-- 0/0 6907 2019-02-08 14:54 gnutls-3.6.7/gl/inet_pton.c -rw-r--r-- 0/0 1752 2019-01-02 09:58 gnutls-3.6.7/gl/tests/test-inet_pton.c ``` @nmav How and where did you generate the official release tarball ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156052171 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 14:55:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 12:55:56 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: I see, sorry. It came from 'master' and @simo5 should just test if it works for him (the `if test $? -ne 0; then` isn't in there, or is it ?). If it works in general I take the changes to the MR (with `set -e`). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156055133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:19:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:19:01 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: I do not know either, it is up to date: ``` ametzler@:gnutls-ametzler-gitlab$ git show --format=format:'commit %h parent %p: %s' | head -n1 commit 3cf274b86 parent 7a748528e: Fix link errors with gcc-9 ametzler@:gnutls-ametzler-gitlab$ git show --format=format:'commit %h parent %p: %s' 7a748528e | head -n1 commit 7a748528e parent ea46e149b: doc update [ci skip] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156064977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:23:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:23:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on tests/suite/Makefile.am: > ecore/src/lib/eina_unicode.c ecore/src/lib/eina_ustrbuf.c \ > ecore/src/lib/eina_ustringshare.c ecore/src/lib/eina_value.c > > +libecore_la_LIBADD = -ldl Why not `$(LIBDL)` here ? Better if we avoid hard-coding library names... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156067233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:25:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:25:33 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos @nmav wrote: > Indeed we are inconsistent. [...] So you are right, though I think we should re-consider this policy, so maybe an issue to reconsider the exit 77 blanket policy may be more appropriate. I'll open one. Thank you. I suggest we should close this merge request. Whatever results #746 will yield, it probably will make this MR superfluous. > About this specific fix, how is it triggered? Nothing special, just a regular build from GIT featuring ```make check``` without having *expect* installed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965#note_156068263 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:25:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:25:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: > I wonder why the LGTM pipelines did not start on this MR. Wild guess: Code didn't change (just the build environment/setup). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156068401 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:48:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:48:21 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: Merge Request !965 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/965 Project:Branches: ametzler/gnutls:tmp-ametzler-test-error-on-missing-expect to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:49:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:49:46 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: There was nothing special other than `make dist`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156081432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 15:52:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 13:52:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: @ametzler Maybe you know how to install gcc-9 in parallel to gcc-8 in Debian unstable ? Or are you using a chroot or container for testing ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156083114 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 16:28:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 14:28:13 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: But obviously something went wrong. Since we have the inet_pton module for `gl/` in bootstrap.conf, there should be a `gl/inet_pton.c` there right after `./bootstrap`. Please test it - there should be an easy explanation. In any case the tarball should be regenerated, currently it is simply broken. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156101510 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 16:37:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 14:37:34 +0000 Subject: [gnutls-devel] GnuTLS | release automation (#702) In-Reply-To: References: Message-ID: Can't we already start a runner only if a commit tag is set ? If not, we can make up our `doc-dist.Fedora` runner to upload the tarball incl. hash somewhere only if on master+commit is tagged+success. We could do anything in this case, like generating and sending announcement emails. Not sure what the Gitlab release stuff gives us (didn't look at it thoroughly), just saying that all the pieces are there and we should just use them for automated releases. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/702#note_156107232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 18:10:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 16:10:22 +0000 Subject: [gnutls-devel] GnuTLS | WIP: pkcs11: decline client auth if RSA-PSS cannot be performed by the PKCS#11 token where certificate comes from (!967) References: Message-ID: New Merge Request !967 https://gitlab.com/gnutls/gnutls/merge_requests/967 Branches: tmp-client-auth-decline to master Author: Daiki Ueno Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario (@mention me if you need reply), Tim R?hsen, Andreas Metzler, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki, GnuTLS devel mailing list and GnuTLS bot In TLS 1.3, the client shall decline authentication request by sending a Certificate message with no certificate, immediately followed by Finished. This should also be the case when the server sends a Certificate Request with only RSA-PSS in signature_schemes and the client doesn't have a PKCS#11 token capable of RSA-PSS. I'm marking this WIP until we come up with how to test this in the CI. Fixes #730. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/967 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 18:41:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 16:41:34 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: I do not think we should rebase to upstream in a test. GitLab already checks if a rebase is needed. I'll proceed adding a remote and see how that works. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156151371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 18:51:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 16:51:22 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/suite/Makefile.am: > ecore/src/lib/eina_unicode.c ecore/src/lib/eina_ustrbuf.c \ > ecore/src/lib/eina_ustringshare.c ecore/src/lib/eina_value.c > > +libecore_la_LIBADD = -ldl Good point, it just does not work me. (libtool or automake is too smart and reorders the arguments in a wrong way.) I will take another look at this next weekend. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156153932 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 18:53:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 16:53:46 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Ok please check now. With the current script in this merge request the tests pass properly. I intentionally did not rebase on lastest master to check the script does the right thing when master is ahead and it seems to do the right thing. I will restart the pipeline if no other changes are requested. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156154558 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 18:59:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 16:59:34 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: Tim R?hsen @rockdaboot wrote > @ametzler Maybe you know how to install gcc-9 in parallel to gcc-8 in Debian unstable ? Or are you using a chroot or container for testing ? Yes and no. You can additionally install gcc-9/g++-9 from experimental (```apt-get install -t experimental g++-9```) and both -8 and -9 should work. However the helper libraries, including libstdc++6, are not co-installable but you need the newer versions for gcc-9/g++-9. So you end up with using some parts built from gcc-9 source even when using gcc-8. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156156257 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 20:04:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 18:04:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on devel/check_if_signed: > #!/usr/bin/env bash > > -set -e > +# MRs have the contirbutor git tree as the only remote > +# Add ggnutls gitlab upstream tree as remote so we can compare against a proper minor typo here: ggnutls -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156171367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 20:07:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 18:07:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on devel/check_if_signed: > -fi > - > # create list of commits of the current branch > -commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME) > +commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..) > +if [ -z "$commits" ]; then > + echo "Couldn't find any commits to check" > + exit 1 > +fi > > # check if author's email matches email in 'Signed-off-by' > for hash in $commits; do > author=$(git log --format='%ae' ${hash}^\!) > signed=$(git log --format='%b' ${hash}^\! | grep -i "Signed-off-by:") > - if test $? -ne 0; then > + echo "Checking commit $hash from Author $author an Signed-off-by: $signed" typo: 'an' -> 'and' -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156171840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 20:22:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 18:22:19 +0000 Subject: [gnutls-devel] GnuTLS | release automation (#702) In-Reply-To: References: Message-ID: We already generate the windows DLLs using gitlab's CI when a tag is set, so yes it is possible. What the release is giving you is an interface to list releases with list of changes. It looks like a plus but indeed we may not need it. What I see could be automated here is: 1. release tarball is prepared 2. release tarball is gpg signed 3. release tarball and signature is uploaded somewhere 4. web site is updated with new release (new manual + news entry) 5. announcement via email 6. announcement via twitter 2,3 and 5 seem difficult to me, with hardest being 2 as the builder will need to access the release gpg keys. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/702#note_156175758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 1 20:41:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 01 Apr 2019 18:41:29 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: It looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_156180075 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 09:01:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 07:01:24 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Merge Request !964 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/964 Project:Branches: simo5/gnutls:check_if_signed to gnutls/gnutls:master Author: Simo Sorce Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 09:02:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 07:02:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: All discussions on Merge Request !964 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/964 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 09:19:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 07:19:09 +0000 Subject: [gnutls-devel] GnuTLS | release automation (#702) In-Reply-To: References: Message-ID: > with hardest being 2 as the builder will need to access the release gpg keys Well, yes. By no means should you put your private key outside your 100% trusted zone. You have a web server running under your control (or trusted by you) ? Then you could set up a small service that takes a file and returns the signature file created with your gpg private key. Consider creating a separate gpg key just for signing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/702#note_156298458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 09:30:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 07:30:33 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: > You can additionally install gcc-9/g++-9 from experimental ... Thanks, this tries to remove all i386 packages here... I will set up a pure amd64 docker :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_156310022 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 11:35:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 09:35:58 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Merge Request !964 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/964 Project:Branches: simo5/gnutls:check_if_signed to gnutls/gnutls:master Author: Simo Sorce Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 11:36:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 09:36:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix check_if_signed (!964) In-Reply-To: References: Message-ID: Merge Request !964 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/964 Project:Branches: simo5/gnutls:check_if_signed to gnutls/gnutls:master Author: Simo Sorce Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 17:25:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 15:25:42 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Certainly, that's a bug but I'm not sure that this warrants a new release, as it affects only windows. @schmidthubert can you work-around the issue [by using the pre-built windows DLLs](https://www.gnutls.org/download.html ) or using the git code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156517947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 17:32:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 15:32:01 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: We are also running into this issue. Tried downgrading to 3.4, but a nettle configure check failed (missing `nettle_cnd_memcpy`). > I'm not sure that this warrants a new release, as it affects only windows. Is Windows not an officially supported platform? Prebuilt binaries are not an option for us, unfortunately. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156520421 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 19:00:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 17:00:55 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: I'm not sure if I understand: 1) this is not a "Windows" tarball and 2) surely many others use the tarball to build other packages for other distros? For me personally it's not a big deal, I mostly use git master anyway. But [MABS](https://github.com/jb-alvarado/media-autobuild_suite) users try to build a mostly static ffmpeg.exe. And we switched to the tarball because git with the bootstrap step on a 2-4 core CPU takes like an hour too build under heavy CPU load, and master changes very frequently. So it was just recently decided to use the tarball which takes much less time. Certainly MABS will stick with 3.6.6 for now if the 3.6.7 tarball isn't fixed, no big deal I think. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156547828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 20:10:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 18:10:41 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Of course windows is supported platform, that's why we have the prebuild binaries. Anyway, I've regenerated the tarball and placed it as [3.6.7.1.tar.xz together with its signature](ftp://ftp.gnupg.org/gcrypt/gnutls/v3.6/). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156609349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 20:10:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 18:10:42 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #745: https://gitlab.com/gnutls/gnutls/issues/745 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 20:10:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 18:10:44 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Reassigned Issue 745 https://gitlab.com/gnutls/gnutls/issues/745 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 20:10:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 18:10:58 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 20:11:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 18:11:50 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: You will need nettle 3.4.1 or later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156612274 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 21:16:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 02 Apr 2019 19:16:51 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Thanks for 3.6.7.1 :thumbsup: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_156669874 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 11:55:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 09:55:40 +0000 Subject: [gnutls-devel] GnuTLS | Improve the gnutls_aead_cipher documentation (#716) In-Reply-To: References: Message-ID: @cryptomilk This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/716#note_156916625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 11:55:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 09:55:40 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#747) References: Message-ID: New Issue was created. Issue 747: https://gitlab.com/gnutls/gnutls/issues/747 Author: GnuTLS bot Assignee: The following issues require labels: - [ ] [Improve the gnutls_aead_cipher documentation](https://gitlab.com/gnutls/gnutls/issues/716) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 12:02:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 10:02:24 +0000 Subject: [gnutls-devel] GnuTLS | Improve the gnutls_aead_cipher documentation (#716) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #716: https://gitlab.com/gnutls/gnutls/issues/716 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 12:02:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 10:02:35 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#747) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #747: https://gitlab.com/gnutls/gnutls/issues/747 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 12:02:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 10:02:24 +0000 Subject: [gnutls-devel] GnuTLS | Improve the gnutls_aead_cipher documentation (#716) In-Reply-To: References: Message-ID: This has already been resolved. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/716#note_156920599 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 12:59:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 10:59:50 +0000 Subject: [gnutls-devel] GnuTLS | Reconsidering use of VLAs and alloca() (#684) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 15:53:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 13:53:42 +0000 Subject: [gnutls-devel] GnuTLS | [3.6.7] Impossible to override install location of Guile bindings (#748) References: Message-ID: New Issue was created. Issue 748: https://gitlab.com/gnutls/gnutls/issues/748 Author: Marius Bakke Assignee: Since !957 I am no longer able to override the install location of Guile bindings. That is, `pkg-config --variable=sitedir guile-2.2` does the wrong thing on my system. It "hard codes" the sitedir to `/usr/share/guile/site/2.2`, but I can only install to `/opt/gnutls/share/guile/site/2.2`. Can 640a330749c3a4531b511964a045468d76fffd25 be reverted, or perhaps there is a better approach? @alonbl thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 16:28:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 14:28:30 +0000 Subject: [gnutls-devel] GnuTLS | [3.6.7] Impossible to override install location of Guile bindings (#748) In-Reply-To: References: Message-ID: Hi! Your use case is installing gnutls guile files into non-standard location, right? Guile is installed on root filesystem while gnutls is installed at opt, I just wounder what is the use case. I will make a fresh patch to support this properly. Thanks! Alon -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/748#note_157038945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 17:00:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 15:00:10 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Ping. GSoC is keeping me busy these days, but I'm not done with this. I plan to continue work and finish this on mid April. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_157055228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 17:13:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 15:13:08 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Thanks for the update. Are there any open questions or something that blocks you? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_157070039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 17:56:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 15:56:40 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) References: Message-ID: New Merge Request !968 https://gitlab.com/gnutls/gnutls/merge_requests/968 Project:Branches: alonbl/gnutls:guile to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: guile has three settings acquired from system: * GUILE_SITE * GUILE_SITE_CCACHE * GUILE_EXTENSION The =guile-2.2 m4 macro provides all settings for build to use as default, while allowing to override each. Resolves: #748 Signed-off-by: Alon Bar-Lev -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 17:57:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 15:57:48 +0000 Subject: [gnutls-devel] GnuTLS | [3.6.7] Impossible to override install location of Guile bindings (#748) In-Reply-To: References: Message-ID: @mbakke can you please check !968? It should fix the way build manages gnutls locations -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/748#note_157087307 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 18:45:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 16:45:23 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: The release tarball contains >=guile-2.2 m4 macro, however, in CI machines are creating the distribution with older guile (or so I guess), so build fails. I added workaround for this to be removed when the >=guile-2.2 m4 macro will be available at all machines or distribution tarball created once for all builds. This does not affect the users as the m4 macro which is provided in recent releases is good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_157103816 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 20:02:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 03 Apr 2019 18:02:56 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: ping @rockdaboot -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157127277 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 09:52:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 07:52:08 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/x509/ocsp.c: > uint8_t cdn_hash[MAX_HASH_SIZE]; > size_t t, hash_len; > > + if (resp == NULL) { > + ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR); At this point, please just return directly. AFAICS, the return value should be GNUTLS_E_INVALID_REQUEST for invalid input params. ``` if (resp == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157269285 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 10:00:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 08:00:38 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/x509/ocsp.c: > time_t rtime, vtime, ntime, now; > int ret; > > + if (resp == NULL) { This is an internal function, so I am not sure what the policy for input param checks is (@nmav). Also a general question to @nmav: Shouldn't we check input params of *all* exposed functions as a general rule ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157272145 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 10:02:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 08:02:29 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: @prof\_david Please increase your CI timeout to 2h and restart the failed test. You can find the value in 'Settings/CI-CD/General Pipelines'. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157272790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 10:08:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 08:08:28 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: Is the 3.6.7.1 an official release? It is a bit confusing with an tarball available, but no announcement, changelog or git tag. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_157274945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 10:22:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 08:22:17 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: These situations are always confusing. Since just the tarball has been updated from exactly the same sources, the git tag stays at 3.6.7 and the changelog doesn't change. Just overwriting the broken tarball with a new one is discouraged/disliked by many people as well. But an announcement would reduce confusion. A complete irregular 3.6.7.1 release would be the cleanest way. Other projects do stuff like that in such cases. As I will do in my projects in such future situations (I already ran into the same problem and solved it similar to how @nmav did - also with some confusion as the users side). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_157280063 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 10:57:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 08:57:26 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: A new release is useful for anyone using automated fetching of tags for updates. Likewise, a tarball with a different checksum looks like a download error at best, potentially a security breach - something that needs to be investigated either way. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_157322003 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 15:25:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 13:25:18 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Elta Koepp commented on a discussion on lib/x509/ocsp.c: > uint8_t cdn_hash[MAX_HASH_SIZE]; > size_t t, hash_len; > > + if (resp == NULL) { > + ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR); @rockdaboot Done! Thanks, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157432148 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 15:26:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 13:26:38 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Elta Koepp commented on a discussion: sorry, done, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157432772 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 15:32:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 04 Apr 2019 13:32:04 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Elta Koepp commented on a discussion on lib/x509/ocsp.c: > time_t rtime, vtime, ntime, now; > int ret; > > + if (resp == NULL) { @rockdaboot , this is a internal function and checked, ```c static int _ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp, gnutls_x509_crt_t signercert, unsigned int *verify, unsigned int flags) { ... SKIP if (resp == NULL || signercert == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } ... SKIP ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157435252 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 09:35:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 07:35:36 +0000 Subject: [gnutls-devel] GnuTLS | Provide a configuration file (#587) In-Reply-To: References: Message-ID: Reassigned Issue 587 https://gitlab.com/gnutls/gnutls/issues/587 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 09:35:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 07:35:42 +0000 Subject: [gnutls-devel] GnuTLS | Provide a configuration file (#587) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 11:11:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 09:11:43 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on lib/x509/ocsp.c: > time_t rtime, vtime, ntime, now; > int ret; > > + if (resp == NULL) { Sometimes there is a check, sometimes not. Just would like to know what the general policy is here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157756196 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 11:14:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 09:14:10 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on lib/x509/ocsp.c: > size_t t, hash_len; > > if (resp == NULL) { > - ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR); > + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); Why not just `return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);` here ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157757305 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 11:22:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 09:22:09 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: @mbakke can you please review/test? Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_157760683 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 11:24:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 09:24:23 +0000 Subject: [gnutls-devel] GnuTLS | dtls-repro-20170915 test fails regularly on sparc (#499) In-Reply-To: References: Message-ID: Hi @nmav, Can you please help us find out the root cause of test failure on sparc? In recent version the list grows in time, I need to sort it out, however, I do not fully understand the tests. FAIL: tls11-check-rollback-val FAIL: resume-dtls FAIL: tls13/post-handshake-with-cert-ticket FAIL: srp FAIL: tls12-resume-psk FAIL: tls12-resume-anon FAIL: dtls-repro-20170915 Please see these[1][2] for additional information, I cannot reproduce on x64, probably platform specific. I am sure @DerDakon will be happy to provide any additional information you may require. Thanks! Alon [1] https://bugs.gentoo.org/show_bug.cgi?id=654918 [2] https://bugs.gentoo.org/show_bug.cgi?id=682572 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/499#note_157761668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 12:15:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 10:15:39 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Elta Koepp commented on a discussion on lib/x509/ocsp.c: > size_t t, hash_len; > > if (resp == NULL) { > - ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR); > + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); Ugh, Oh, Thanks, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157784735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 14:57:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 12:57:32 +0000 Subject: [gnutls-devel] GnuTLS | dtls-repro-20170915 test fails regularly on sparc (#499) In-Reply-To: References: Message-ID: Can you attach the log files, or better help create a CI environment to reproduce these? [we currenly have a CI which has mips,arm, but no sparc](https://gitlab.com/gnutls/build-images/blob/master/docker-debian-cross/Dockerfile). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/499#note_157846525 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 15:17:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 13:17:12 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Before merging, could you please rebase into one single commit ? The procedure is simple: ``` git rebase -i HEAD~3 # your editor starts, in line 2+3 replace 'pick' with 'f' and save the changes git push --force-with-lease ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157854837 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 15:33:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 13:33:22 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: I have a problem in the rebase ``` git rebase -i HEAD~3 Cannot rebase: You have unstaged changes. Please commit or stash them. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157860769 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 15:36:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 13:36:34 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: You have unstaged changes, show them with `git diff`. If want to add it to the latest commit, use `git commit --amend -a` (instead -a you can also use a list of files). If you want to work on it later do `git stash` and make your rebase (and push). At any time you can get your changes back from the stash with `git stash pop`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157862027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 15:49:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 13:49:24 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Thanks Tim, again i have problem in the push command, I going to close this PR and send new PR, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_157867112 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 15:49:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 13:49:27 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Merge Request !963 was closed by Elta Koepp Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/963 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 16:06:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 14:06:31 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) References: Message-ID: New Merge Request !969 https://gitlab.com/gnutls/gnutls/merge_requests/969 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [Y] Commits have `Signed-off-by:` with name/author being identical to the commit author * [Y] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 16:18:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 14:18:48 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) In-Reply-To: References: Message-ID: You didn't sign your commit. To fix it: `git commit -s --amend; git push --force-with-lease`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969#note_157881867 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 16:58:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 14:58:07 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) In-Reply-To: References: Message-ID: @rockdaboot I found my issue, i was unable to push because branch it was protected, i have question, i can add my name to THANKS file? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969#note_157900952 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 17:13:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 15:13:50 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) In-Reply-To: References: Message-ID: No, wrong place. We auto-generate the `AUTHORS` file for inclusion in the tarball with every release. You will appear there as well. The `THANKS` should be changed to just hold a link to the AUTHORS file. It is totally outdated - even I am not mentioned in there (having 180+ commits). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969#note_157908629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 17:25:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 15:25:23 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) In-Reply-To: References: Message-ID: Ok, This account gitlab is fake, Thank you for being patient, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969#note_157914512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 18:35:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 16:35:52 +0000 Subject: [gnutls-devel] GnuTLS | cert auth: reject auth if no signature algorithm is usable in TLS 1.3 (!967) In-Reply-To: References: Message-ID: Reviewer's checklist: * [x] Any issues marked for closing are addressed * [x] There is a test suite reasonably covering new functionality or modifications * [x] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [x] No obvious mistakes in the code The issue marked to be addressed mention downgrade to TLS1.2, but I agree it is sufficient to decline authentication if there is no usable key. I liked the solution used to test this by wrapping softhsm. I did not mark the documentation checkbox because I'm not sure if further documentation is needed. LGTM, r+ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/967#note_157943800 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 18:36:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 16:36:02 +0000 Subject: [gnutls-devel] GnuTLS | cert auth: reject auth if no signature algorithm is usable in TLS 1.3 (!967) In-Reply-To: References: Message-ID: Merge Request !967 was approved by Anderson Sasaki Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/967 Branches: tmp-client-auth-decline to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/967 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 20:07:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 18:07:04 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) In-Reply-To: References: Message-ID: Merge Request !969 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/969 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 20:07:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 05 Apr 2019 18:07:13 +0000 Subject: [gnutls-devel] GnuTLS | [OSCP] Fix : null pointer resp (!969) In-Reply-To: References: Message-ID: Merge Request !969 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/969 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 6 07:57:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 06 Apr 2019 05:57:32 +0000 Subject: [gnutls-devel] coverage | include fips-mode tests into coverage (!4) References: Message-ID: New Merge Request !4 https://gitlab.com/gnutls/coverage/merge_requests/4 Branches: tmp-include-fips to master Author: Nikos Mavrogiannopoulos Assignee: Signed-off-by: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/coverage/merge_requests/4 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 6 08:36:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 06 Apr 2019 06:36:25 +0000 Subject: [gnutls-devel] GnuTLS | nettle: include config.h before checking for definitions (!970) References: Message-ID: New Merge Request !970 https://gitlab.com/gnutls/gnutls/merge_requests/970 Branches: tmp-cmac-cfb8-fix to master Author: Nikos Mavrogiannopoulos Assignee: This makes sure that we don't include the internal backport if compiled with a version of nettle that includes that code. That was found during the xts.c review. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/970 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 6 14:35:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 06 Apr 2019 12:35:21 +0000 Subject: [gnutls-devel] GnuTLS | nettle: include config.h before checking for definitions (!970) In-Reply-To: References: Message-ID: Merge Request !970 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/970 Branches: tmp-cmac-cfb8-fix to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/970 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 6 14:36:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 06 Apr 2019 12:36:40 +0000 Subject: [gnutls-devel] GnuTLS | nettle: include config.h before checking for definitions (!970) In-Reply-To: References: Message-ID: Merge Request !970 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/970 Branches: tmp-cmac-cfb8-fix to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/970 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 6 19:13:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 06 Apr 2019 17:13:13 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) References: Message-ID: New Issue was created. Issue 749: https://gitlab.com/gnutls/gnutls/issues/749 Author: Javier Jard?n Assignee: Hi, trying to update gnutls and our automated tools has found a problem with the update: https://gitlab.com/freedesktop-sdk/freedesktop-sdk/merge_requests/1130#note_154680665 Can you confirm is actually a false positive? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 09:45:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 07:45:29 +0000 Subject: [gnutls-devel] GnuTLS | cert auth: reject auth if no signature algorithm is usable in TLS 1.3 (!967) In-Reply-To: References: Message-ID: Thank you for the review. I am merging this with a minor change that adds a missing `dlclose()` in the mock module. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/967#note_158163216 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 09:46:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 07:46:15 +0000 Subject: [gnutls-devel] GnuTLS | cert auth: reject auth if no signature algorithm is usable in TLS 1.3 (!967) In-Reply-To: References: Message-ID: Merge Request !967 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/967 Branches: tmp-client-auth-decline to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/967 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 09:46:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 07:46:15 +0000 Subject: [gnutls-devel] GnuTLS | gnutls client should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA (#730) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #730: https://gitlab.com/gnutls/gnutls/issues/730 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 11:44:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 09:44:51 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: *Something* seems to be wrong here. `_gnutls_utf8_to_ucs2()` is an internal function, but being exported (for what reason ? mistake ?). The new param to the function technically correctly triggers an ABI issue (why didn't we see it in our CI ?). But semantically this shouldn't be an issue. @nmav Could you take a look into the .map file. Maybe you remember why `_gnutls_utf8_to_ucs2()` is configured as 'global'. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749#note_158169456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 11:56:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 09:56:53 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: We export several internal functions for the purpose of unit testing under a special tag. These are not in the public headers nor documented, thus should not be considered as part of the api,abi -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749#note_158170117 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 11:59:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 09:59:32 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: Everything exported with the _gnutls prefix falls into that category -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749#note_158170265 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 12:39:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 10:39:36 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: Could you make exporting them depend on some --debug config switch? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749#note_158172827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 12:53:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 10:53:41 +0000 Subject: [gnutls-devel] GnuTLS | dtls-repro-20170915 test fails regularly on sparc (#499) In-Reply-To: References: Message-ID: @DerDakon can you please provide the information? Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/499#note_158173694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 13:02:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 11:02:40 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: No because they are tested on every compilation. You can ignore the GNUTLS_PRIVATE_3_4 tag, or rely on gnutls' ABI/API checks (use abi-compliance-checker atm). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749#note_158174218 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 13:04:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 11:04:21 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] (!971) References: Message-ID: New Merge Request !971 https://gitlab.com/gnutls/gnutls/merge_requests/971 Branches: tmp-include-unit-testing-doc to master Author: Nikos Mavrogiannopoulos Assignee: This documents how internal functions can be unit tested. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 13:04:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 11:04:31 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: Reassigned Issue 749 https://gitlab.com/gnutls/gnutls/issues/749 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 13:17:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 11:17:05 +0000 Subject: [gnutls-devel] GnuTLS | dtls-repro-20170915 test fails regularly on sparc (#499) In-Reply-To: References: Message-ID: The logfiles are attached to the Gentoo bugs, I don't have any additional information. Please not that at least the DTLS repro test fails on both hppa and sparc, which _may_ indicate an endianess error as both are big endian. I'll be happy to test any patches. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/499#note_158175100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 14:11:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 12:11:26 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: I added suppression for checking `_gnutls_` prefix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749#note_158178895 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 14:41:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 12:41:59 +0000 Subject: [gnutls-devel] GnuTLS | WIP: use libabigail for tracking ABI changes (!972) References: Message-ID: New Merge Request !972 https://gitlab.com/gnutls/gnutls/merge_requests/972 Project:Branches: nmav/gnutls:tmp-abigail to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignee: This switches to libabigail for tracking ABI changes. It has backwards compatibility with the output format, allowing us for faster runs, without compiling multiple versions of the lib, and it also has more verbose checking than abi-compliance-checker. Its only disadvantage was the lack of nice html output, but this we were not using anyway. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests (manual tests were done instead) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 16:47:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 14:47:32 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] (!971) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on CONTRIBUTING.md: > * ```gnutls_credentials_``` for the credentials structures > * ```gnutls_global_``` for the global structures handling > > +All exported API functions must be listed in libgnutls.map, IMO, that leading comma is wrong here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/971#note_158191203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 16:47:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 14:47:44 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] (!971) In-Reply-To: References: Message-ID: Merge Request !971 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/971 Branches: tmp-include-unit-testing-doc to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 16:50:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 14:50:54 +0000 Subject: [gnutls-devel] GnuTLS | Possible ABI break between 3.6.6 and 3.6.7 (#749) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #749: https://gitlab.com/gnutls/gnutls/issues/749 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 18:17:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 16:17:45 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] (!971) In-Reply-To: References: Message-ID: All discussions on Merge Request !971 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/971 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 18:17:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 16:17:44 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] (!971) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on CONTRIBUTING.md: > * ```gnutls_credentials_``` for the credentials structures > * ```gnutls_global_``` for the global structures handling > > +All exported API functions must be listed in libgnutls.map, Thanks, removed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/971#note_158199038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 7 18:23:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 07 Apr 2019 16:23:00 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: document unit testing method of internal functions [ci skip] (!971) In-Reply-To: References: Message-ID: Merge Request !971 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/971 Branches: tmp-include-unit-testing-doc to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 13:22:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 11:22:24 +0000 Subject: [gnutls-devel] GnuTLS | gnutls client should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA (#730) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 15:31:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 13:31:38 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: @alonbl while running distcheck with the existing version (before this MR), or after I get: ``` make[4]: Entering directory '/home/nmavrogi/cvs/gnutls-nmav/gnutls-3.6.7/_build/sub/guile' make[4]: Nothing to be done for 'install-exec-am'. /usr/bin/mkdir -p '/usr/share/guile/site/2.0/gnutls' /usr/bin/mkdir: cannot create directory '/usr/share/guile/site/2.0/gnutls': Permission denied make[4]: *** [Makefile:1723: install-dist_guilemodulesubDATA] Error 1 ``` something seems wrong. Unfortunately the CI passes, as CI processes run as root. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_158452384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 15:34:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 13:34:36 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Interesting! I will check this out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_158453728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 19:58:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 17:58:07 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) References: Message-ID: New Merge Request !973 https://gitlab.com/gnutls/gnutls/merge_requests/973 Project:Branches: alonbl/gnutls:tests to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: Resolves make distcheck issue -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 20:03:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 18:03:14 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Requires !973 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_158563151 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 20:52:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 18:52:00 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: Cross compile fails because of environment error? ``` checking for a sed that does not truncate output... (cached) /usr/bin/sed checking for ld used by ccache aarch64-linux-gnu-gcc... ../configure: line 48043: /usr/bin/sed: No such file or directory ../configure: line 49984: /usr/bin/sed: No such file or directory ../configure: line 51548: /usr/bin/sed: No such file or directory ../configure: line 51554: /usr/bin/sed: No such file or directory checking whether the ccache aarch64-linux-gnu-gcc linker (/usr/aarch64-linux-gnu/bin/ld) supports shared libraries... ../configure: line 52327: /usr/bin/grep: No such file or directory ../configure: line 52469: /usr/bin/grep: No such file or directory no ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158577364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 20:57:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 18:57:26 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: I guess this is caused by loading some cache? ``` configure: loading cache ../cache/config.cache ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158578870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 21:07:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 19:07:14 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: @nmav should be fixed now, please check it out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_158581465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 21:08:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 19:08:48 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: @nmav please merge this and rebase !968 on top for `make distcheck` to pass. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158581768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 21:38:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 08 Apr 2019 19:38:52 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: @alonbl In case you are impatient: Change line 10 of `.gitlab-ci.yml` to ``` key: "$CI_JOB_NAME-ver9" ``` That would start from a new cache. It looks like that on Debian /usr/bin/grep moved to /bin/grep, same with sed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158600652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 07:03:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 05:03:03 +0000 Subject: [gnutls-devel] GnuTLS | ci: refresh the cache due to failures in debian (!974) References: Message-ID: New Merge Request !974 https://gitlab.com/gnutls/gnutls/merge_requests/974 Project:Branches: alonbl/gnutls:ci to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 07:04:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 05:04:13 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: @rockdaboot I've done this in !974 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158687011 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 07:35:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 05:35:21 +0000 Subject: [gnutls-devel] GnuTLS | ci: refresh the cache due to failures in debian (!974) In-Reply-To: References: Message-ID: Merge Request !974 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/974 Project:Branches: alonbl/gnutls:ci to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 08:02:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 06:02:27 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Works for me, thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_158695426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 08:22:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 06:22:46 +0000 Subject: [gnutls-devel] GnuTLS | ci: refresh the cache due to failures in debian (!974) In-Reply-To: References: Message-ID: Merge Request !974 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/974 Project:Branches: alonbl/gnutls:ci to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 08:45:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 06:45:10 +0000 Subject: [gnutls-devel] GnuTLS | Support Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (#738) In-Reply-To: References: Message-ID: Issue was closed by acharintsev Issue #738: https://gitlab.com/gnutls/gnutls/issues/738 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 09:08:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 07:08:16 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: Merge Request !973 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/973 Project:Branches: alonbl/gnutls:tests to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 09:10:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 07:10:50 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: The change is good (suing *.tmp names). But I still wonder why distcheck fails... those .tmpl/.tmp2 files stay only if the test fails. What is the explanation here ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158711796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 09:17:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 07:17:42 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: The distcheck perform make clean and also uninstall to see there are no leftovers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158713930 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 09:37:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 07:37:35 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: Yes, but a working test would *not* leave those files. So I wonder if the test failed (or exited) somehow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_158722356 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 10:04:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 08:04:57 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: Merge Request !973 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/973 Project:Branches: alonbl/gnutls:tests to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 12:22:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 10:22:20 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) References: Message-ID: New Merge Request !975 https://gitlab.com/gnutls/gnutls/merge_requests/975 Branches: tmp-check-even to master Author: Tim R?hsen Assignee: Pass the CI if syncing repos. In this case both master branches are 'even' - which should not result in a failed CI runner. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 16:04:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 14:04:26 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: I can confirm this works for me if I pass all of `--with-guile-site-dir`, `--with-guile-site-cache`, and `--with-guile-extensions`. Prior to 3.6.7 I did not have to pass either, though. Would it be possible to have site-cache and guile-extensions default to `$guile_site_dir/../../../lib/guile/$guile_effective_version/{site-ccache,extensions}`? That would make packaging somewhat easier (not having to account for the Guile version). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_158937118 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 16:18:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 14:18:48 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) References: Message-ID: New Merge Request !976 https://gitlab.com/gnutls/gnutls/merge_requests/976 Project:Branches: mbakke/gnutls:autoopts_guix to gnutls/gnutls:master Author: Marius Bakke Assignee: This allows `make dist` to complete on "weird" distributions such as Nix or Guix. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 17:04:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 15:04:09 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on devel/check_if_signed: > # create list of commits of the current branch > commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..) > if [ -z "$commits" ]; then > - echo "Couldn't find any commits to check" > - exit 1 > + # OK if both branches are 'even' > + git diff --quiet $CI_MERGE_REQUEST_TARGET_BRANCH_NAME.. && exit 0 Is there a case where this is legitimately zero diff in a non-master branch? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975#note_158986432 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 17:15:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 15:15:49 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) In-Reply-To: References: Message-ID: Not sure. Better have this fallback, just in case. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975#note_158997168 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 17:16:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 15:16:57 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) In-Reply-To: References: Message-ID: Well it could. E.g. creating a branch from master and then pushing to another cloned Gitlab repo. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975#note_158998086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 17:55:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 15:55:58 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: @mbakke I have tried to strictly follow the guile.m4 patterns. The macro defines distinct variable to be used by application: ``` GUILE_SITE GUILE_SITE_CCACHE GUILE_EXTENSION ``` There is no default, there is no convention, there is no fallback nor assumption, all are taken from guile package using pkg-config (in recent version) or by executing guile (in older version). I do not think gnutls should make any assumption of the structure if upstream does not. The version component within the path is important only if you install the files into guile directories, as if you install it in custom location you need to configure guile to search in that location in any case. I would have understood if the pattern of guile.m4 was to detect all available guile packages installed in the system and use all to build the package, however, only one is installed. This means that a package such as gnutls cannot be *easily* installed while supporting multiple versions. So I do not think that the version component is required for custom location. However, you can use the guile macros in order to have this easily, by using something like: ``` ... --with-guile-site-dir='/opt/share/guile/$(GUILE_EFFECTIVE_VERSION)' \ --with-guile-site-cache='$(guilemoduledir)/site-ccache' \ --with-guile-extensions='$(guilemoduledir)/extensions' \ ... ``` What do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_159013347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 18:17:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 16:17:17 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: cleanup files (!973) In-Reply-To: References: Message-ID: @rockdaboot I have no good answer why it happened, I was focused in having the guile working as fast as I could. As every checkdist is taking me ages on my poor machine, I do not want to try and reproduce. In any case, having make clean working properly is also good :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/973#note_159019889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 19:06:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 17:06:58 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Prior to c0ccabfa594801eb441abbb4d4b24cae17cef691, `./configure --prefix=/opt/gnutls` did the Right Thing out of the box. I think `--prefix` should have a higher priority than whatever Guiles install location happens to be. Is retaining the previous behaviour an option? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_159053038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 19:21:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 17:21:49 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: The previous settings were incorrect, as for people that have system guile with custom locations, gnutls guessed the wrong locations. I understand that it was good for you as you install files in custom location, but per use of system guile it introduced inconsistency. What do you think about: ``` --with-guile-site-dir='$$(datarootdir)/guile/site/$$(GUILE_EFFECTIVE_VERSION)' \ --with-guile-site-ccache-dir='$$(libdir)/guile/$$(GUILE_EFFECTIVE_VERSION)/site-ccache' \ --with-guile-extension-dir='$$(libdir)/guile/$$(GUILE_EFFECTIVE_VERSION)/extensions' \ ``` It should provide you with the same locations you had when gnutls guessed the locations, and still initialize the locations correctly based on guile.m4 detections. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_159057383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 19:38:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 17:38:48 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: I can confirm that the above flags works for me. Thank you for the quick response(s)! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_159062141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 20:14:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 18:14:39 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: @mbakke thanks! @nmav I think this is ready now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_159070994 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 21:00:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 19:00:30 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) In-Reply-To: References: Message-ID: All discussions on Merge Request !975 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/975 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 21:00:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 19:00:39 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) In-Reply-To: References: Message-ID: Merge Request !975 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/975 Branches: tmp-check-even to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 21:04:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 09 Apr 2019 19:04:08 +0000 Subject: [gnutls-devel] GnuTLS | Pass CI commit check if branches are 'even' (!975) In-Reply-To: References: Message-ID: Merge Request !975 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/975 Branches: tmp-check-even to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 09:20:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 07:20:35 +0000 Subject: [gnutls-devel] GnuTLS | [Question] gnutls-cli has proxy option supported? (#750) References: Message-ID: New Issue was created. Issue 750: https://gitlab.com/gnutls/gnutls/issues/750 Author: yamatakau08 Assignee: Does gnutls-cli have proxy option like the following of openssl? `$ openssl s_client -proxy proxy.host.com:10080 -connect smtp.gmail.com:465` If gnutls-cli has the proxy options, could you teach how to set the proxy option? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:32:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:32:53 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Reassigned Merge Request 968 https://gitlab.com/gnutls/gnutls/merge_requests/968 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:32:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:32:57 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:33:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:33:05 +0000 Subject: [gnutls-devel] GnuTLS | [3.6.7] Impossible to override install location of Guile bindings (#748) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:34:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:34:25 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Merge Request !968 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/968 Project:Branches: alonbl/gnutls:guile to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:35:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:35:00 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968#note_159280322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:35:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:35:17 +0000 Subject: [gnutls-devel] GnuTLS | [3.6.7] Impossible to override install location of Guile bindings (#748) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #748: https://gitlab.com/gnutls/gnutls/issues/748 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 10:35:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 08:35:18 +0000 Subject: [gnutls-devel] GnuTLS | build: allow override guile system location (!968) In-Reply-To: References: Message-ID: Merge Request !968 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/968 Project:Branches: alonbl/gnutls:guile to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 11:37:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 09:37:50 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 (!977) References: Message-ID: New Merge Request !977 https://gitlab.com/gnutls/gnutls/merge_requests/977 Branches: tmp-fix-pha-pkcs11-test to master Author: Daiki Ueno Assignee: This fixes a race condition in a test, introduced by !967. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 14:35:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 12:35:36 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) References: Message-ID: New Issue was created. Issue 751: https://gitlab.com/gnutls/gnutls/issues/751 Author: J_ Ali Harlow Assignee: ## Description of problem: gnutls-cli v3.6.7.1 fails when built using mingw (works with v3.5.19) ## Version of gnutls used: 3.6.7.1 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Built locally ## How reproducible: Steps to Reproduce: * Build gnutls using spec file attached * Run gnutls-cli -d 3 www.google.co.uk ## Actual results: Processed 0 CA certificate(s). Resolving 'www.google.co.uk:443'... Connecting to '216.58.212.99:443'... |<2>| Initializing needed PKCS #11 modules |<2>| p11: Initializing module: p11-kit-trust |<2>| p11: No login requested. |<3>| p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE |<3>| p11 attrs: CKA_TRUSTED |<3>| p11 attrs: CKA_CERTIFICATE_CATEGORY=CA |<3>| ASSERT: ../../lib/pkcs11.c[find_multi_objs_cb]:3101 |<2>| added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list |<2>| Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256) |<2>| Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256) |<2>| Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) |<2>| Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) |<2>| Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) |<2>| Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) |<2>| Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) |<2>| Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) |<2>| Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) |<2>| Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) |<2>| Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) |<2>| Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) |<2>| Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) |<2>| Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) |<2>| Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) |<2>| Advertizing version 3.4 |<2>| Advertizing version 3.3 |<2>| Advertizing version 3.2 |<2>| Advertizing version 3.1 |<2>| HSK[0000000000530320]: sent server name: 'www.google.co.uk' |<3>| ASSERT: ../../lib/buffers.c[_gnutls_writev_emu]:464 |<2>| WRITE: -1 returned from 000000000022eae0, errno: 0 |<3>| ASSERT: ../../lib/buffers.c[errno_to_gerr]:230 |<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722 |<3>| ASSERT: ../../lib/handshake.c[handshake_client]:2973 *** Fatal error: Error in the push function. |<3>| ASSERT: ../../lib/buffers.c[_gnutls_writev_emu]:464 |<2>| WRITE: -1 returned from 000000000022eae0, errno: 0 |<3>| ASSERT: ../../lib/buffers.c[errno_to_gerr]:230 |<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722 |<3>| ASSERT: ../../lib/record.c[_gnutls_send_tlen_int]:574 Could not connect to 216.58.212.99:443: Bad file descriptor ## Expected results: Processed 0 CA certificate(s). Resolving 'www.google.co.uk'... Connecting to '216.58.206.67:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `C=US,ST=California,L=Mountain View,O=Google LLC,CN=www.google.co.uk', issuer `C=US,O=Google Trust Services,CN=Google Internet Authority G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2019-03-01 09:34:53 UTC', expires `2019-05-24 09:25:00 UTC', SHA-1 fingerprint `9da50c1e55eac98d35f2fdd72cdb1f75d21c25cd' Public Key ID: e0128e3442a67b393f7f59a6648bd67cf087fd13 Public key's random art: +--[ RSA 2048]----+ | o | |+ | |o o . . | | + = o . | |. = o . S | | . o . + o E | | o * O o . | | oo B + o . | | ... . . ... | +-----------------+ - Certificate[1] info: - subject `C=US,O=Google Trust Services,CN=Google Internet Authority G3', issuer `OU=GlobalSign Root CA - R2,O=GlobalSign,CN=GlobalSign', RSA key 2048 bits, signed using RSA-SHA256, activated `2017-06-15 00:00:42 UTC', expires `2021-12-15 00:00:42 UTC', SHA-1 fingerprint `eeacbd0cb452819577911e1e6203db262f84a318' - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. *** Handshake has failed GnuTLS error: Error in the certificate. ## Analysis See attached debug session and note in particular the value of hd passed to socket_open2() and the value of fd passed to _gnutls_writev_emu(). Clearly the correct value of fd should be hd->fd rather than hd itself, but I don't know enough about the internals of gnutls to hazard a guess as to where this should be occurring. [mingw-gnutls.spec](/uploads/1d8457da791daeb7447f9635c0ed4c2c/mingw-gnutls.spec)[gnutls.typescript](/uploads/88bd736c65168b279078badaff765afb/gnutls.typescript)[debug-session.txt](/uploads/1b9d5f8b6ef0c250972c98a787fdd3b3/debug-session.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:10:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:10:39 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: Do the [pre-compiled binaries](https://www.gnutls.org/download.html) fail as well? They are compiled with mingw and tested using wine, but I am not sure if a similar test case is run in windows. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159395549 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:11:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:11:59 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 (!977) In-Reply-To: References: Message-ID: Merge Request !977 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/977 Branches: tmp-fix-pha-pkcs11-test to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:12:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:12:13 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 (!977) In-Reply-To: References: Message-ID: Reassigned Merge Request 977 https://gitlab.com/gnutls/gnutls/merge_requests/977 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:12:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:12:10 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 (!977) In-Reply-To: References: Message-ID: LGTM, Verified that the race is no longer there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/977#note_159396143 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:12:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:12:23 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 (!977) In-Reply-To: References: Message-ID: Merge Request !977 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/977 Branches: tmp-fix-pha-pkcs11-test to master Author: Daiki Ueno Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:28:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:28:14 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: It looks like the writev() functionality is triggered, but in socket_open2() we don't set a wrapper for it: ``` gnutls_transport_set_push_function(hd->session, wrap_push); gnutls_transport_set_pull_function(hd->session, wrap_pull); gnutls_transport_set_pull_timeout_function(hd->session, wrap_pull_timeout_func); gnutls_transport_set_ptr(hd->session, hd); ``` The `gnutls_transport_set_vec_push_function()` etc should also be set when using `hd` instead of an `fd`. Can't did further into it, have RL issues right now... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159403240 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:44:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 13:44:26 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: J_ Ali Harlow commented on a discussion: Yes, the pre-compiled binaries also fail. Output as follows: |<3>| ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:322 |<1>| There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft Root Authority. |<3>| ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:322 |<1>| There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority. |<3>| ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3897 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3947 |<3>| ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3897 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3947 |<3>| ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3897 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3947 |<3>| ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3897 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3947 |<3>| ASSERT: common.c[_gnutls_x509_get_raw_field2]:1570 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3897 |<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3947 |<3>| ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:322 |<1>| There was a non-CA certificate in the trusted list: CN=Root Agency. |<5>| REC[0000000000592f00]: Allocating epoch #0 |<2>| added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list |<5>| REC[0000000000592f00]: Allocating epoch #1 |<4>| HSK[0000000000592f00]: Adv. version: 3.3 |<2>| Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256) |<2>| Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256) |<2>| Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) |<2>| Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) |<2>| Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) |<2>| Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) |<2>| Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) |<2>| Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) |<2>| Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) |<2>| Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) |<2>| Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) |<2>| Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) |<2>| Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) |<2>| Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) |<2>| Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) |<2>| Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) |<2>| Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) |<2>| Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) |<4>| EXT[0000000000592f00]: Preparing extension (OCSP Status Request/5) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension OCSP Status Request/5 (5 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Client Certificate Type/19) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Server Certificate Type/20) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Supported Groups/10) for 'client hello' |<4>| EXT[0000000000592f00]: Sent group SECP256R1 (0x17) |<4>| EXT[0000000000592f00]: Sent group SECP384R1 (0x18) |<4>| EXT[0000000000592f00]: Sent group SECP521R1 (0x19) |<4>| EXT[0000000000592f00]: Sent group X25519 (0x1d) |<4>| EXT[0000000000592f00]: Sent group FFDHE2048 (0x100) |<4>| EXT[0000000000592f00]: Sent group FFDHE3072 (0x101) |<4>| EXT[0000000000592f00]: Sent group FFDHE4096 (0x102) |<4>| EXT[0000000000592f00]: Sent group FFDHE6144 (0x103) |<4>| EXT[0000000000592f00]: Sent group FFDHE8192 (0x104) |<4>| EXT[0000000000592f00]: Sending extension Supported Groups/10 (20 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Supported EC Point Formats/11) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension Supported EC Point Formats/11 (2 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (SRP/12) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Signature Algorithms/13) for 'client hello' |<4>| EXT[0000000000592f00]: sent signature algo (4.1) RSA-SHA256 |<4>| EXT[0000000000592f00]: sent signature algo (8.9) RSA-PSS-SHA256 |<4>| EXT[0000000000592f00]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256 |<4>| EXT[0000000000592f00]: sent signature algo (4.3) ECDSA-SHA256 |<4>| EXT[0000000000592f00]: sent signature algo (8.7) EdDSA-Ed25519 |<4>| EXT[0000000000592f00]: sent signature algo (5.1) RSA-SHA384 |<4>| EXT[0000000000592f00]: sent signature algo (8.10) RSA-PSS-SHA384 |<4>| EXT[0000000000592f00]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384 |<4>| EXT[0000000000592f00]: sent signature algo (5.3) ECDSA-SHA384 |<4>| EXT[0000000000592f00]: sent signature algo (6.1) RSA-SHA512 |<4>| EXT[0000000000592f00]: sent signature algo (8.11) RSA-PSS-SHA512 |<4>| EXT[0000000000592f00]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512 |<4>| EXT[0000000000592f00]: sent signature algo (6.3) ECDSA-SHA512 |<4>| EXT[0000000000592f00]: sent signature algo (2.1) RSA-SHA1 |<4>| EXT[0000000000592f00]: sent signature algo (2.3) ECDSA-SHA1 |<4>| EXT[0000000000592f00]: Sending extension Signature Algorithms/13 (32 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (SRTP/14) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Heartbeat/15) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (ALPN/16) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Encrypt-then-MAC/22) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension Encrypt-then-MAC/22 (0 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Extended Master Secret/23) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension Extended Master Secret/23 (0 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Session Ticket/35) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension Session Ticket/35 (0 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Key Share/51) for 'client hello' |<4>| EXT[0000000000592f00]: sending key share for SECP256R1 |<4>| EXT[0000000000592f00]: sending key share for X25519 |<4>| EXT[0000000000592f00]: Sending extension Key Share/51 (107 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Supported Versions/43) for 'client hello' |<2>| Advertizing version 3.4 |<2>| Advertizing version 3.3 |<2>| Advertizing version 3.2 |<2>| Advertizing version 3.1 |<4>| EXT[0000000000592f00]: Sending extension Supported Versions/43 (9 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Post Handshake Auth/49) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Safe Renegotiation/65281) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension Safe Renegotiation/65281 (1 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Server Name Indication/0) for 'client hello' |<2>| HSK[0000000000592f00]: sent server name: 'www.google.co.uk' |<4>| EXT[0000000000592f00]: Sending extension Server Name Indication/0 (21 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Cookie/44) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Early Data/42) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (PSK Key Exchange Modes/45) for 'Processed 28 CA certificate(s). Resolving 'www.google.co.uk:443'... Connecting to '216.58.212.99:443'... client hello' |<4>| EXT[0000000000592f00]: Sending extension PSK Key Exchange Modes/45 (3 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Record Size Limit/28) for 'client hello' |<4>| EXT[0000000000592f00]: Sending extension Record Size Limit/28 (2 bytes) |<4>| EXT[0000000000592f00]: Preparing extension (Maximum Record Size/1) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (ClientHello Padding/21) for 'client hello' |<4>| EXT[0000000000592f00]: Preparing extension (Pre Shared Key/41) for 'client hello' |<4>| HSK[0000000000592f00]: CLIENT HELLO was queued [357 bytes] |<5>| REC[0000000000592f00]: Preparing Packet Handshake(22) with length: 357 and min pad: 0 |<5>| REC[0000000000592f00]: Sent Packet[1] Handshake(22) in epoch 0 and length: 362 |<3>| ASSERT: buffers.c[_gnutls_writev_emu]:464 |<2>| WRITE: -1 returned from 000000000022eae0, errno: 0 |<3>| ASSERT: buffers.c[errno_to_gerr]:230 |<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:722 |<3>| ASSERT: handshake.c[handshake_client]:2973 *** Fatal error: Error in the push function. |<5>| REC: Sending Alert[2|80] - Internal error |<3>| ASSERT: buffers.c[_gnutls_writev_emu]:464 |<2>| WRITE: -1 returned from 000000000022eae0, errno: 0 |<3>| ASSERT: buffers.c[errno_to_gerr]:230 |<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:722 |<3>| ASSERT: record.c[_gnutls_send_tlen_int]:574 |<5>| REC[0000000000592f00]: Start of epoch cleanup |<5>| REC[0000000000592f00]: End of epoch cleanup |<5>| REC[0000000000592f00]: Epoch #0 freed |<5>| REC[0000000000592f00]: Epoch #1 freed Could not connect to 216.58.212.99:443: Bad file descriptor -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159410866 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 17:25:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 15:25:31 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) References: Message-ID: New Issue was created. Issue 752: https://gitlab.com/gnutls/gnutls/issues/752 Author: Tim R?hsen Assignee: ``` ./lib/state.c:#ifdef HAVE_WRITEV ./lib/system.h:#define HAVE_WRITEV ``` But `./configure` doesn't check for writev(). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 17:57:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 15:57:34 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: @j_ali I pushed the branch `tmp-wrap-vec-push` that (in theory) could solve this. Can you test it ? If not, maybe you can apply the attached patch to your code and test ? [0001-Wrap-vec-push-function-in-src-socket.c.patch](/uploads/3aa7dda799d0fc403d102387d6d70f81/0001-Wrap-vec-push-function-in-src-socket.c.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159479604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 18:53:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 16:53:31 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: J_ Ali Harlow commented on a discussion: @rockdaboot No, I'm afraid it still fails. With the extra information you have provided, however, I can see that what is happening is that do_handshake() is calling set_read_funcs() which is setting the push function to system_write() thus socket_open2()'s call to gnutls_transport_set_push_function() is not effective. It's interesting to note that the implementation of gnutls_transport_set_push_function() and gnutls_transport_set_vec_push_function() appear to suggest that only one of these two functions should need to be called. To be clear, by the time gnutls_handshake() is called, session->internals->push_func is set to system_write and session->internals->vec_push_func is NULL. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159501095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 19:12:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 17:12:08 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: @j\_ali You are right. From what I see in src/, the solution could be to add `socket_st *hd = ptr;` to the system_*() implementations and call the I/O functions with hd->fd. And in `system_recv_timeout()` replace `fd` with `hd->fd`. Could you test those changes ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159505798 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 19:57:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 17:57:53 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: The job has timed out. @mbakke you need to go to settings -> ci/cd and increase the timeout in the general pipelines menu of your forked project and restart the failed CI job. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976#note_159516599 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 19:59:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 17:59:20 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Merge Request !976 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/976 Project:Branches: mbakke/gnutls:autoopts_guix to gnutls/gnutls:master Author: Marius Bakke Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 19:59:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 17:59:30 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Reassigned Merge Request 976 https://gitlab.com/gnutls/gnutls/merge_requests/976 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 19:59:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 17:59:35 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 19:59:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 17:59:16 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Other than that it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976#note_159516885 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 21:41:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 19:41:37 +0000 Subject: [gnutls-devel] GnuTLS | dtls-repro-20170915 test fails regularly on sparc (#499) In-Reply-To: References: Message-ID: Both hppa and sparc fail dtls-repro-20170915 and srp tests. [test-suite.log of sparc](/uploads/1ae09a426002fb7d842f4a03c47bace6/test-suite.log) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/499#note_159543532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 22:17:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 10 Apr 2019 20:17:49 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: J_ Ali Harlow commented on a discussion: Yes, that appears to fix the issue I was seeing. No idea if it breaks anything else. I attach the patch I used plus the resulting output. I had to hack the tests to avoid a clash with the static do_handshake() and the extern declaration in socket.h (now in scope because I had to include socket.h in common.h). I'm sure there's a cleaner way to do it. [gnutls-3.6.7-col-751.patch](/uploads/aac15836b0ce2c2a2a9a2e9c636bc7ce/gnutls-3.6.7-col-751.patch)[gnutls.out](/uploads/f39bc5597db5d62e5ef926cd4ea4bb3b/gnutls.out) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159551760 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 09:50:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 07:50:18 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: Thanks ! I applied some cleanups and pushed it to branch `tmp-mingw-fix`. If it looks good to you, I create a MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159666543 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 12:02:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 10:02:09 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: J_ Ali Harlow commented on a discussion: I'm afraid not. do_handshake() is still causing conflicting types. Build log attached.[gnutls.typescript](/uploads/8c2a51adb2a93d253977cc4bcddb165e/gnutls.typescript) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159723315 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 15:08:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 13:08:30 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: I've changed the code to allow callers to hook `GNUTLS_HANDSHAKE_CLIENT_HELLO`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_159810224 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 16:31:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 14:31:40 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/894 was reviewed by Jakub Jelen -- Jakub Jelen started a new discussion on tests/tls13/prf-early.c: > +/* > + * Copyright (C) 2015-2018 Red Hat, Inc. 2019 should be here? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 18:25:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 16:25:10 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) References: Message-ID: New Merge Request !8 https://gitlab.com/gnutls/libtasn1/merge_requests/8 Project:Branches: mgorse/libtasn1:master to gnutls/libtasn1:master Author: Mike Gorse Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 20:17:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 18:17:53 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: Sorry, just got your message (as email). It is 8h old. I force-pushed 5h before to fix the conflict. Not sure if you tested that or the first (broken) one. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159966198 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 20:25:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 18:25:26 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: J_ Ali Harlow commented on a discussion: I tested 718a1137. I'll test 20f993ac tomorrow. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_159967739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 20:26:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 11 Apr 2019 18:26:37 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Hi, thank you for that. Could you add in the description what does this address, and if that's a bug include a reproducer for it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_159967991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 15:38:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 13:38:55 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: All discussions on Merge Request !894 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/894 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 15:49:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 13:49:26 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 16:03:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 14:03:16 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: HAVE_WRITEV seems to be defined in system.h -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160282604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 19:16:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 17:16:07 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: Sorry, expected it in `config.h`. Anything against adding writev to AC_CHECK_FUNCS, or - as we do in wget2 - check for sys/uio.h (and then assume writev() exists). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160372814 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 19:19:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 17:19:03 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: If `sys/uio.h` exists, we can also assume that `struct iovec` exist. Could make the configure code a cleaner. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160373403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 19:23:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 17:23:50 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: We use @DEFINE_IOVEC_T@ `lib/includes/gnutls/gnutls.h.in`. This seems bad to me - it makes the tarball being dependent on the environment of the creating system/OS. On other systems, this assumption will be wrong and the tarball build will break. We should badly avoid this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160374414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 20:25:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 18:25:31 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: The writev is code since forever, I do not much reason in detecting it. Unless of course there is an OS that we target that does not have it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160387341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 21:03:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 19:03:17 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Merge Request !966 was unapproved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/966 Project:Branches: ametzler/gnutls:tmp-ametzler-gcc9-build-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 21:09:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 19:09:34 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 21:46:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 19:46:43 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: About the define iov macro it includes a system header, similarly for time_t. What issue do you have in mind? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160403700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 22:12:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 12 Apr 2019 20:12:49 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: For example, on a modern Linux `DEFINE_IOVEC_T` ends up as `#include typedef struct iovec giovec_t;`. This is written into gnutls.h and put into the tarball. Now, someone downloads the tarball and unpacks on a system that has no sys/uio.h (e.g. native Windows). Result is a build failure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160409847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 07:16:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 05:16:56 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: Isn't gnutls.h auto-generated? It will be generated for the target system not the release system. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160486869 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 08:43:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 06:43:31 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: +1 Is the LIB prefix rule for items in `lib/`? That's the root subdir for the library. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_160490470 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 11:10:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 09:10:36 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: J_ Ali Harlow commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/751#note_160498764 20f993ac now tested and works. Many thanks, @rockdaboot -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_160498764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 11:31:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 09:31:58 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) References: Message-ID: New Merge Request !978 https://gitlab.com/gnutls/gnutls/merge_requests/978 Branches: tmp-mingw-fix to master Author: Tim R?hsen Assignee: Fixes #751 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [x] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 11:33:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 09:33:19 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: Thank you, @j\_ali. MR created. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751#note_160500152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 11:36:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 09:36:03 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: You are absolutely right. Sorry for the wave :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752#note_160500347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 11:36:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 09:36:04 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #752: https://gitlab.com/gnutls/gnutls/issues/752 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 12:10:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 13 Apr 2019 10:10:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) In-Reply-To: References: Message-ID: This pull request **fixes 1 alert** when merging 20f993aca3c08a779cd350bf2093d01a6309a32e into ac4123e416d2a29eaec9e7ea8ac0d984f23dcf9c - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-9900034b5ce9a105b9151d46a9ee172a234eddef) **fixed alerts:** * 1 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978#note_160502600 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 10:48:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 08:48:50 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: Right. The pattern is something like PROJECT_PATH_FILENAME_H. That way you have no conflict when including same header file names from different paths. Stupid example: including 'src/utils.h' and 'lib/utils.h' and 'utils.h' from another project would not result in header guard conflicts. You can simply merge this. I will add all the other header files at some point... just didn't find time so far, too many other "urgent" things pop up currently. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_160577814 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 14:17:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 12:17:33 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/suite/Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_160592739 > ecore/src/lib/eina_unicode.c ecore/src/lib/eina_ustrbuf.c \ > ecore/src/lib/eina_ustringshare.c ecore/src/lib/eina_value.c > > +libecore_la_LIBADD = -ldl Well, yes this is really due to libtool reordering arguments, and afaict cannot be fixed properly on the GnuTLS side. I have therefore dropped this part of the patch. It should not be a real issue since this part of tests/suite is a not part of the releases and because CI does not run with these strange ./configure arguments either. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_160592739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 14:18:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 12:18:26 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: I have dropped test/suite patch (see discussion). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_160592881 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 17:24:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 15:24:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Merge Request !966 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/966 Project:Branches: ametzler/gnutls:tmp-ametzler-gcc9-build-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 17:25:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 15:25:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: All discussions on Merge Request !966 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/966 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 17:25:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 15:25:33 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Merge Request !966 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/966 Project:Branches: ametzler/gnutls:tmp-ametzler-gcc9-build-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 14 17:25:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 14 Apr 2019 15:25:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) In-Reply-To: References: Message-ID: Thank you ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966#note_160607604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutls server should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA (#731) In-Reply-To: References: Message-ID: @ansasaki This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/731#note_160669979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:53 +0000 Subject: [gnutls-devel] GnuTLS | certtool --generate-self-signed interactive mode spews infinite text when confronted with EOF (#729) In-Reply-To: References: Message-ID: @dkg This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/729#note_160669984 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:54 +0000 Subject: [gnutls-devel] GnuTLS | Legacy algorithms are not supported for PKCS#12 files (#725) In-Reply-To: References: Message-ID: @tomato42 This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/725#note_160669986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:54 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#753) References: Message-ID: New Issue was created. Issue 753: https://gitlab.com/gnutls/gnutls/issues/753 Author: GnuTLS bot Assignee: The following issues require labels: - [ ] [gnutls server should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA](https://gitlab.com/gnutls/gnutls/issues/731) - [ ] [certtool --generate-self-signed interactive mode spews infinite text when confronted with EOF](https://gitlab.com/gnutls/gnutls/issues/729) - [ ] [gnutls_idna_map() hostname conversion vulnerability](https://gitlab.com/gnutls/gnutls/issues/720) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/753 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:54 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: @tomato42 This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722#note_160669989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:54 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #722: https://gitlab.com/gnutls/gnutls/issues/722 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 06:47:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 04:47:54 +0000 Subject: [gnutls-devel] GnuTLS | Legacy algorithms are not supported for PKCS#12 files (#725) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #725: https://gitlab.com/gnutls/gnutls/issues/725 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 08:13:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 06:13:16 +0000 Subject: [gnutls-devel] GnuTLS | certtool --generate-self-signed interactive mode spews infinite text when confronted with EOF (#729) In-Reply-To: References: Message-ID: Adding it to backlog list as a nice to have feature. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/729#note_160681897 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 08:14:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 06:14:44 +0000 Subject: [gnutls-devel] GnuTLS | gnutls server should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA (#731) In-Reply-To: References: Message-ID: Adding it to the list of bugs for the 3.6.x series. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/731#note_160682194 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 08:15:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 06:15:00 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#753) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #753: https://gitlab.com/gnutls/gnutls/issues/753 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/753 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 08:17:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 06:17:38 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: I understand, however that is introducing a new project-wide guideline which was not up to now. I think it makes sense documenting it first, otherwise if we merge it as is, we follow different guidelines per directory with no "official" rule. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_160682692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 08:24:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 06:24:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) In-Reply-To: References: Message-ID: Merge Request !978 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/978 Branches: tmp-mingw-fix to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 08:24:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 06:24:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) In-Reply-To: References: Message-ID: LGTM. I wonder if there is some way to test gnutls-cli in windows. We have sanity tests to catch issues like that in bash scripts in tests/, but these do not run in windows. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978#note_160684067 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 09:46:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 07:46:22 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) References: Message-ID: New Merge Request !979 https://gitlab.com/gnutls/gnutls/merge_requests/979 Project:Branches: bmwiedemann/gnutls:certs to gnutls/gnutls:master Author: Bernhard M. Wiedemann Assignee: Extend test cert to 2049-05-27 instead of expiring in 2024-02-29 This update did not trigger y2038 bugs on 32-bit systems. Without this patch, one test fails after 2024: doit:124: rsa pss key: gnutls_x509_crt_verify_data2 | FAIL x509sign-verify (exit status: 1) Background: As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future. The usual offset is +15 years, because that is how long I expect some software will be used in some places. This showed up failing tests in our package build. See https://reproducible-builds.org/ for why this matters. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [X] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Note: I used certtool -u to create the new cert, but am unsure why it is 2 lines shorter than the old one. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 09:49:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 07:49:35 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Hi, thanks for that. Which tests fail? What about (1) making the cert never expire (use the no-well defined expiration 99991231235959Z), or (2) use datefudge with the tests that use it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160709495 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 10:03:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 08:03:56 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: > Which tests fail? ``` doit:124: rsa pss key: gnutls_x509_crt_verify_data2 | FAIL x509sign-verify ``` > What about making the cert never expire? I tried to set expiration to 1000y in the future and it refused to generate a cert: ```bash cat cert.cfg expiration_date = "9999-12-31 23:59:59" certtool --template cert.cfg --load-ca-privkey ca3_key.pem --load-ca-certificate ca3_cert.pem --load-certificate server_ca3_rsa_pss.pem ... -u Generating a signed certificate... Activation/Expiration time. set_expiration: ASN1 parser: Element was not found. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160714942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 10:23:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 08:23:19 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Unfortunately update cert does not work because it has to switch the type of the field (Generalized vs UTCTime). The cert has to be regenerated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160729301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 11:05:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 09:05:05 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: I tried with ``` cat cert.cfg dn = C=GR expiration_date = "9999-12-31 23:59:59" certtool ... --sign-params=RSA-PSS --key-type rsa-pss --salt-size=32 -c ``` But the resulting cert looks different from the old one: ```diff - Subject Public Key Algorithm: RSA-PSS + Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) - Parameters: - Hash Algorithm: SHA256 - Salt Length: 32 @@ -41,61 +38,60 @@ Signature Algorithm: RSA-PSS-SHA256 Salt Length: 32 ``` Can you give me the correct command to regenerate? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160754399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 11:20:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 09:20:34 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: The other thing, I was wondering: why does it work with `expiration_days = 11000` but not with `expiration_days = 12000` with the same error as with 9999? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160760960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 11:22:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 09:22:50 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: deadline is 2049-12-31 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160761872 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 13:26:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 11:26:33 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160814768 > _mbuffer_xfree(&bufel); > return ret; > } > + /* If we are sending a PSK, generate early secrets here. > + * This cannot be done in pre_shared_key.c, because it > + * relies on transcript hash of a Client Hello. */ > + if (type == GNUTLS_HANDSHAKE_CLIENT_HELLO && shouldn't this be guarded to run only under TLS1.3? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160814768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 13:35:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 11:35:59 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160819254 > _mbuffer_xfree(&bufel); > return ret; > } > + /* If we are sending a PSK, generate early secrets here. > + * This cannot be done in pre_shared_key.c, because it > + * relies on transcript hash of a Client Hello. */ > + if (type == GNUTLS_HANDSHAKE_CLIENT_HELLO && The problem is that the client hasn't decided the version yet at this point and `security_parameters.pversion` is set to TLS 1.2. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160819254 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 13:48:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 11:48:19 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/prf.c: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160825573 > } > > +/** > + * gnutls_prf_early: > + * @session: is a #gnutls_session_t type. > + * @label_size: length of the @label variable. > + * @label: label used in PRF computation, typically a short string. > + * @context_size: length of the @extra variable. > + * @context: optional extra data to seed the PRF with. > + * @outsize: size of pre-allocated output buffer to hold the output. > + * @out: pre-allocated buffer to hold the generated data. > + * > + * This function is similar to gnutls_prf_rfc5705(), but only works in > + * TLS 1.3 or later to export early keying material. > + * > + * Note that the keying material is only available after the If this function is only useful in a hook function of a specific message, would it make sense to have its own hook, and thus being calculated and stored only for applications that need it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160825573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 14:37:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 12:37:06 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate RSA-PSS certificates from RSA keys (!980) References: Message-ID: New Merge Request !980 https://gitlab.com/gnutls/gnutls/merge_requests/980 Branches: tmp-rsa-pss-cert-fix to master Author: Nikos Mavrogiannopoulos Assignee: When generating certificates it was not possible to generate an RSA-PSS certificate from an RSA key (common scenario). This fixes the certificate generation to include such a method. Ironically there was a test for this scenario but the test was limited to checking that the combination of certtool parameters succeeded; modified the test to check the textual expression of the certificate for the RSA-PSS indicators. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 14:40:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 12:40:48 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Actually it was not possible to generate an RSA-PSS certificate from an RSA key. You have to use the RSA-PSS formatted key (server_ca3_rsa_pss2_key_pem). I've opened a merge request to actually bring that feature (generate RSA-PSS cert from RSA key below). https://gitlab.com/gnutls/gnutls/merge_requests/980 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_160858818 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 15:11:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 13:11:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) In-Reply-To: References: Message-ID: Reassigned Merge Request 978 https://gitlab.com/gnutls/gnutls/merge_requests/978 Assignee changed to Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 15:44:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 13:44:13 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/prf.c: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160899365 > } > > +/** > + * gnutls_prf_early: > + * @session: is a #gnutls_session_t type. > + * @label_size: length of the @label variable. > + * @label: label used in PRF computation, typically a short string. > + * @context_size: length of the @extra variable. > + * @context: optional extra data to seed the PRF with. > + * @outsize: size of pre-allocated output buffer to hold the output. > + * @out: pre-allocated buffer to hold the generated data. > + * > + * This function is similar to gnutls_prf_rfc5705(), but only works in > + * TLS 1.3 or later to export early keying material. > + * > + * Note that the keying material is only available after the Certainly we can, but I am not sure if it's worth it, as it could only save one call of HKDF-Expand. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_160899365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 17:35:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 15:35:19 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_verify_data2 calls fail erroneously with GNUTLS_E_INVALID_REQUEST when GNUTLS_VERIFY_DISABLE_CA_SIGN flag is set (#754) References: Message-ID: New Issue was created. Issue 754: https://gitlab.com/gnutls/gnutls/issues/754 Author: Ken Assignee: ## Description of problem: When calling gnutls_pubkey_verify_data2 with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag set, GNUTLS_E_INVALID_REQUEST is asserted due to an erroneous comparison of the OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA define (previously defined as GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA in gnutls_pubkey_flags_t) with the gnutls_certificate_verify_flags passed to the function. This occurs when the bitwise AND comparison of the gnutls_certificate_verify_flags against OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA returns '1', as the GNUTLS_VERIFY_DISABLE_CA_SIGN gnutls_certificate_verify_flag and the deprecated GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA gnutls_pubkey_flag share the least significant bit of flags. The bug was introduced in version 3.4.2 with this specific commit: https://gitlab.com/gnutls/gnutls/commit/0422a67eb0935e1dd96d602445ee179ef9dd993d I assume the OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA define was added to maintain backwards compatibility with the old calling of gnutls_pubkey_verify_data2 that utilized gnutls_pubkey_flags_t. Looking at internal gnutls calls of gnutls_pubkey_verify_data2, I don't see any call where this would be necessary any more. Perhaps this comparison is deprecated as well and could be removed? gnutls_pubkey_verify_hash2 has the same comparison and the same issue might be present there as well, though I have not tested this. ## Version of gnutls used: Tested in 3.6.7, issue is not present in versions prior to 3.4.2. ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) N/A, built directly from gnutls source. ## How reproducible: Steps to Reproduce: * Call gnutls_pubkey_verify_data2 with a valid signature and the GNUTLS_VERIFY_DISABLE_CA_SIGN flag set ## Actual results: gnutls_pubkey_verify_data2 asserts GNUTLS_E_INVALID_REQUEST ## Expected results: gnutls_pubkey_verify_data2 returns 0 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/754 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 18:24:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 16:24:57 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) References: Message-ID: New Merge Request !981 https://gitlab.com/gnutls/gnutls/merge_requests/981 Project:Branches: kmiller/gnutls:master to gnutls/gnutls:master Author: Ken Assignee: `gnutls_certificate_verify_flags` comparisons in lib/pubkey.c against deprecated `OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA` define (previously `GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA`) break functions `gnutls_pubkey_verify_data2` and `gnutls_pubkey_verify_hash2` when `GNUTLS_VERIFY_DISABLE_CA_SIGN` `gnutls_certificate_verify_flags` is set. The supplementary comparison against `OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA` has been removed in favor of the exclusive comparison against `GNUTLS_VERIFY_USE_TLS1_RSA` `gnutls_certificate_verify_flags` due to the old value no longer being referenced in internal gnutls calling of these two functions and also having been replaced by the latter flag. Reference: gnutls/gnutls#754 ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 19:07:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 17:07:50 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/972 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161002117 > @sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS > > +LIBGNUTLS_SONAME=30 > We also hard-code explicitly the SONAME version to ensure no accidental SONAME bumps happen. Is this really necessary? I thought that SONAME is part of ABI and abidiff is able to detect the change. -- Daiki Ueno started a new discussion on Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161002118 > +ABICHECK_COMMON = --no-added-syms > +abi-check: lib/libgnutls.la libdane/libgnutls-dane.la > + @for file in $$(eval echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \ Is `eval` necessary? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 19:08:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 17:08:18 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: Other than those nits, it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161002227 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 21:07:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 19:07:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) In-Reply-To: References: Message-ID: "Bash scripts, these do not run on windows" can be 'fixed' by using pure C code !? We should keep this in mind, but that another issue(s). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978#note_161040626 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 21:08:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 19:08:02 +0000 Subject: [gnutls-devel] GnuTLS | Fix WIN32 custom push/pull functions (!978) In-Reply-To: References: Message-ID: Merge Request !978 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/978 Branches: tmp-mingw-fix to master Author: Tim R?hsen Assignee: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 21:08:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 15 Apr 2019 19:08:02 +0000 Subject: [gnutls-devel] GnuTLS | Regression in 3.6 when built with mingw (#751) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #751: https://gitlab.com/gnutls/gnutls/issues/751 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 10:42:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 08:42:31 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161209142 > @echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS > @sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS > > +LIBGNUTLS_SONAME=30 Didn't know about it, indeed abidiff catches a soname change even without it. Removed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161209142 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 10:42:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 08:42:42 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on Makefile.am: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161209215 > + false; \ > + fi > + @abidiff libdane/.libs/libgnutls-dane.so.$(LIBDANE_SONAME) $(LIBDANE_ABI_LAST_FILE); if test $$? != 0;then \ > + echo "*********************************************************"; \ > + echo "libgnutls-dane ABI has changed; use 'make-files-update' "; \ > + echo "and use 'git diff' to check correctness before committing"; \ > + echo "*********************************************************"; \ > + false; \ > + fi > + @echo "********************************" > + @echo "Current release matches ABI dump" > + @echo "********************************" > + > +ABICHECK_COMMON = --no-added-syms > +abi-check: lib/libgnutls.la libdane/libgnutls-dane.la > + @for file in $$(eval echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \ It seems not. Removed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972#note_161209215 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 10:42:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 08:42:43 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: All discussions on Merge Request !972 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/972 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 10:44:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 08:44:20 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: All discussions on Merge Request !894 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/894 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 12:40:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 10:40:33 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate RSA-PSS certificates from RSA keys (!980) In-Reply-To: References: Message-ID: @rockdaboot any idea why the CI builds suddenly started failing today? ``` ./bootstrap.conf: line 79: /builds/common/gnulib/gnulib-tool: No such file or directory ``` @ueno reported it initially, but it now happens everywhere. Bootstrap seems to fail to find gnulib-tool, however the images were not updated since last week. I've rebuild all CI images and the same effect remains. I've deleted everything and rebuild, but still the same. If I download the image with ``` podman run -ti registry.gitlab.com/gnutls/build-images:buildenv-f29 /bin/bash # ls -al /builds/common/gnulib/gnulib-tool -rwxr-xr-x. 1 root root 265582 Apr 7 13:40 /builds/common/gnulib/gnulib-tool ``` everything seems to work. I can even bootstrap. It feels like black magic. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/980#note_161273534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 12:43:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 10:43:11 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate RSA-PSS certificates from RSA keys (!980) In-Reply-To: References: Message-ID: CI fails for Wget2 as well without anything changed: ``` $ cp -a /builds/common/gnulib . cp: can't stat '/builds/common/gnulib': No such file or directory ``` Yesterday it worked, images haven't been rebuilt, now it fails with the above error. Something at gitlab. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/980#note_161276242 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 13:01:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 11:01:11 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: Merge Request !972 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/972 Project:Branches: nmav/gnutls:tmp-abigail to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 14:21:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 12:21:05 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: yes, they are generated by `openssl pkcs12 -nomac` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722#note_161346739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 14:21:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 12:21:05 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: Issue was reopened by Hubert Kario (@mention me if you need reply) Issue 722: https://gitlab.com/gnutls/gnutls/issues/722 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 14:24:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 12:24:57 +0000 Subject: [gnutls-devel] GnuTLS | Legacy algorithms are not supported for PKCS#12 files (#725) In-Reply-To: References: Message-ID: ah, sorry, meant `certtool`, not `certutil` at the very least, it's about documenting the algorithms that are not implemented but it's primarily about ensuring that users have ability to read old files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/725#note_161348521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 16 14:35:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 16 Apr 2019 12:35:30 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: copy vendor query attributes when listing privkeys (!982) References: Message-ID: New Merge Request !982 https://gitlab.com/gnutls/gnutls/merge_requests/982 Branches: tmp-p11tool-pin to master Author: Daiki Ueno Assignee: When using `p11tool --list-private-keys` with "pin-value" attribute it still requires PIN supplied through GNUTLS_PIN. This fixes that by copying the vendor query attribute from the origianl URL, though it's a bit ugly. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 17 15:47:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 17 Apr 2019 13:47:19 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: @tomato42 I understand. This is however a low level tool, and it can generate lots of structures which we may not be able to read. I do not think it should be our goal to generate everything that a low-level or testing tool can output. My question was whether these files are used by applications in practice outside custom setups. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722#note_161770186 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 14:30:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 12:30:21 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: I don't know, but the thing is that openssl is able to handle them. So most likely you won't even receive bugs when GnuTLS is unable to import them, because users will just be directed to use OpenSSL to "unpack" the PKCS#12 file and then use pem files with GnuTLS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722#note_162123751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 18:50:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 16:50:25 +0000 Subject: [gnutls-devel] GnuTLS | doc: Add documentation for GNUTLS_CERT_IGNORE (!983) References: Message-ID: New Merge Request !983 https://gitlab.com/gnutls/gnutls/merge_requests/983 Project:Branches: ametzler/gnutls:tmp-ametzler-doc-GNUTLS_CERT_IGNORE to gnutls/gnutls:master Author: Andreas Metzler Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Original discussion on https://lists.gnutls.org/pipermail/gnutls-help/2019-April/004520.html Andreas Metzler asked > GNUTLS_CERT_IGNORE is part of gnutls_certificate_request_t and used in some examples but seems to be undocumented. Is this done by purpose or is this an oversight? > I guess that gnutls_certificate_server_set_request( ... , GNUTLS_CERT_IGNORE) is equivalent to not invoking gnutls_certificate_server_set_request() at all. Nikos replied > That is right. If you have some suggestion on where to document it, please send an MR (hopefully the CI issue will be addressed soon). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:13:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:13:18 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Merge Request !979 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/979 Project:Branches: bmwiedemann/gnutls:certs to gnutls/gnutls:master Author: Bernhard M_ Wiedemann Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:14:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:14:07 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Solution is not ideal, but looks to push the problem enough forward in the future. LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_162276745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:14:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:14:09 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Reassigned Merge Request 979 https://gitlab.com/gnutls/gnutls/merge_requests/979 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:15:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:15:00 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:15:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:15:23 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Merge Request !979 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/979 Project:Branches: bmwiedemann/gnutls:certs to gnutls/gnutls:master Author: Bernhard M_ Wiedemann Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:15:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:15:36 +0000 Subject: [gnutls-devel] GnuTLS | Extend test cert to 2049-05-27 (!979) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/979#note_162277066 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:16:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:16:16 +0000 Subject: [gnutls-devel] GnuTLS | doc: Add documentation for GNUTLS_CERT_IGNORE (!983) In-Reply-To: References: Message-ID: Merge Request !983 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/983 Project:Branches: ametzler/gnutls:tmp-ametzler-doc-GNUTLS_CERT_IGNORE to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:16:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:16:33 +0000 Subject: [gnutls-devel] GnuTLS | doc: Add documentation for GNUTLS_CERT_IGNORE (!983) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/983#note_162277310 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:16:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:16:35 +0000 Subject: [gnutls-devel] GnuTLS | doc: Add documentation for GNUTLS_CERT_IGNORE (!983) In-Reply-To: References: Message-ID: Merge Request !983 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/983 Project:Branches: ametzler/gnutls:tmp-ametzler-doc-GNUTLS_CERT_IGNORE to gnutls/gnutls:master Author: Andreas Metzler Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:17:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:17:02 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: ping @mbakke -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976#note_162277383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:39:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:39:15 +0000 Subject: [gnutls-devel] GnuTLS | Use libabigail for tracking ABI changes (!972) In-Reply-To: References: Message-ID: Merge Request !972 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/972 Project:Branches: nmav/gnutls:tmp-abigail to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:50:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:50:20 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: While we could leave it in the backlog as something that documents the difference with openssl, I do not think that's a good approach. Indeed the openssl tool allows to create files without a MAC, however that alone should not be a reason for us to try to duplicate this functionality. If there was additional data, i.e., that this is a format used in practice, or this format is generally used for a specific use case, it would make more sense. Without that, I think we should close this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722#note_162283883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:50:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:50:20 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #722: https://gitlab.com/gnutls/gnutls/issues/722 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 20:54:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 18:54:00 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Merge Request !894 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/894 Branches: tmp-early-exporter to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 21:24:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 19:24:14 +0000 Subject: [gnutls-devel] GnuTLS | [Question] gnutls-cli has proxy option supported? (#750) In-Reply-To: References: Message-ID: No there is no proxy option -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/750#note_162290403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 21:31:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 18 Apr 2019 19:31:19 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Any idea how I can avoid this error on mips? > ERROR: ld.so: object 'datefudge.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_162291695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 02:33:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 00:33:49 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Whoops, sorry for dropping the ball here. @nmav thanks for the detailed instructions, I increased the timeout and all is good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976#note_162361145 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 06:49:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 04:49:01 +0000 Subject: [gnutls-devel] GnuTLS | [Question] gnutls-cli has proxy option supported? (#750) In-Reply-To: References: Message-ID: Thank you for the answer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/750#note_162379475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 06:49:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 04:49:02 +0000 Subject: [gnutls-devel] GnuTLS | [Question] gnutls-cli has proxy option supported? (#750) In-Reply-To: References: Message-ID: Issue was closed by yamatakau08 Issue #750: https://gitlab.com/gnutls/gnutls/issues/750 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 07:22:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 05:22:38 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: OK, obviously `LD_PRELOAD` doesn't work with binfmt_misc binary and `check_for_datefudge` function doesn't help either because it checks against the host executable (`date`). I'm going to skip cross-compiling case. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894#note_162382786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 23:19:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 21:19:27 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Merge Request !894 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/894 Branches: tmp-early-exporter to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 23:19:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 21:19:28 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_prf_rfc5705() API not exposed by command line utilities (#736) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #736: https://gitlab.com/gnutls/gnutls/issues/736 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 23:19:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 19 Apr 2019 21:19:28 +0000 Subject: [gnutls-devel] GnuTLS | add API to get access to early exporter (#329) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #329: https://gitlab.com/gnutls/gnutls/issues/329 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/329 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 09:23:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Apr 2019 07:23:48 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: copy vendor query attributes when listing privkeys (!982) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 09:23:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Apr 2019 07:23:44 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: copy vendor query attributes when listing privkeys (!982) In-Reply-To: References: Message-ID: Reassigned Merge Request 982 https://gitlab.com/gnutls/gnutls/merge_requests/982 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 09:24:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Apr 2019 07:24:31 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: copy vendor query attributes when listing privkeys (!982) In-Reply-To: References: Message-ID: Merge Request !982 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/982 Branches: tmp-p11tool-pin to master Author: Daiki Ueno Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 09:24:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Apr 2019 07:24:36 +0000 Subject: [gnutls-devel] GnuTLS | p11tool: copy vendor query attributes when listing privkeys (!982) In-Reply-To: References: Message-ID: Merge Request !982 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/982 Branches: tmp-p11tool-pin to master Author: Daiki Ueno Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 09:25:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Apr 2019 07:25:02 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Merge Request !976 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/976 Project:Branches: mbakke/gnutls:autoopts_guix to gnutls/gnutls:master Author: Marius Bakke Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 09:27:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 20 Apr 2019 07:27:49 +0000 Subject: [gnutls-devel] GnuTLS | Makefile.am: Don't assume autoopts-config returns a single dash. (!976) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/976#note_162607300 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 07:55:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 05:55:24 +0000 Subject: [gnutls-devel] GnuTLS | set_read_funcs() breaks I/O on Windows (#757) References: Message-ID: New Issue was created. Issue 757: https://gitlab.com/gnutls/gnutls/issues/757 Author: LRN Assignee: ## Description of problem: GnuTLS code calls `set_read_funcs()` at some points. On non-Windows platforms that function is a no-op. On Windows it replaces session push and pull functions with `system_write()` and `system_read()`. This means that even if the client code (such as GnuTLS's own `socket_open2()`) calls `gnutls_transport_set_push_function()` to set some custom push function, GnuTLS will later set it back to the defaults. Because `socket_open2()` also sets the transport ptr as a pointer to a custom struct that holds, among other things, the socket descriptor, using `system_*()` functions with that ptr leads to EBADF errors. ## Version of gnutls used: 3.6.6 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Myself ## How reproducible: Steps to Reproduce: * Build GnuTLS with MinGW * run `gnutls-cli google.com` ## Actual results: ``` *** Fatal error: Error in the push function. Could not connect to 74.125.131.101:443: Bad file descriptor ``` ## Expected results: Something else. ## Also It should be noted that `gnutls_init()` will also set session push and pull functions to `system_write()` and `system_read()`. At first glance it doesn't make sense for GnuTLS to do that *again* later on. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/757 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 08:35:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 06:35:58 +0000 Subject: [gnutls-devel] GnuTLS | HAVE_WRITEV checked in code, but never defined (#752) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 08:38:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 06:38:49 +0000 Subject: [gnutls-devel] GnuTLS | set_read_funcs() breaks I/O on Windows (#757) In-Reply-To: References: Message-ID: Could this be an issue addressed by https://gitlab.com/gnutls/gnutls/merge_requests/978 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/757#note_163639916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 09:18:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 07:18:17 +0000 Subject: [gnutls-devel] GnuTLS | set_read_funcs() breaks I/O on Windows (#757) In-Reply-To: References: Message-ID: Yeah, that seems to fix the issue (i'll need to apply this and rebuild to actually test this, will try that today), by virtue of making `system_write()` and `system_read()` do what `wrap_push()` and `wrap_pull()` do. I.e. both sets of functions now treat `gnutls_transport_ptr_t` as `socket_st`, and grab the file descriptor from there. This should work - as long as no one needs to use `gnutls_transport_set_[push|pull]_function()` for anything other than a glorified `send()/recv()` wrapper that takes a `socket_st`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/757#note_163650985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 11:56:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 09:56:14 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from lrn1986): DEFAULT_TRUST_STORE_FILE relocation (#732) In-Reply-To: References: Message-ID: Wrote a simple patch [0001-W32-relocatable-DEFAULT_TRUST_STORE_FILE.patch](/uploads/9464537d241c2cf7b2051c83e6083d00/0001-W32-relocatable-DEFAULT_TRUST_STORE_FILE.patch), which works for me. If anyone ever gets around to making this a supported feature, this can be used as a starting point, at least (for example, GnuTLS might have other paths that can be configured and hardcoded into the binaries, these might need relocation too; and the relocation function would need to be put into some kind of utility library section of the source code). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/732#note_163719873 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 14:14:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 12:14:11 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate RSA-PSS certificates from RSA keys (!980) In-Reply-To: References: Message-ID: Merge Request !980 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/980 Branches: tmp-rsa-pss-cert-fix to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 15:43:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 13:43:35 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: @nmav this is ready for me. Could you review it when you have some time? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_163853400 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 17:03:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 15:03:33 +0000 Subject: [gnutls-devel] GnuTLS | WIP: algorithms: implement X448 key exchange and Ed448 signature scheme (!984) References: Message-ID: New Merge Request !984 https://gitlab.com/gnutls/gnutls/merge_requests/984 Branches: tmp-ed448 to master Author: Daiki Ueno Assignee: This implements X448 and Ed448 in TLS 1.3, using the nettle patches proposed at: https://gitlab.com/dueno/nettle/tree/wip/dueno/ed448 I've tested it against OpenSSL and it seems to work. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/984 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 17:38:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 15:38:10 +0000 Subject: [gnutls-devel] GnuTLS | WIP: algorithms: implement X448 key exchange and Ed448 signature scheme (!984) In-Reply-To: References: Message-ID: This pull request **introduces 17 alerts** when merging 5a377c152e82c42f2988e77f7338636d72da6386 into c951c13f3814e02fc2df7ce8b2408337d3770660 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-5dc94748502c12e786f7f94a5811661471b75987) **new alerts:** * 16 for FIXME comment * 1 for Comparison result is always the same --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/984#note_163906567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 24 21:56:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 24 Apr 2019 19:56:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: This pull request **fixes 14 alerts** when merging 06140b84f0b6410cd6f387d8e4f4a96b40d51cfd into c951c13f3814e02fc2df7ce8b2408337d3770660 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-f0bffdf8fd7244f8764e8193e2ebe8c194eaedbb) **fixed alerts:** * 14 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_163980481 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 08:53:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 06:53:42 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate RSA-PSS certificates from RSA keys (!980) In-Reply-To: References: Message-ID: Reassigned Merge Request 980 https://gitlab.com/gnutls/gnutls/merge_requests/980 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 10:12:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 08:12:42 +0000 Subject: [gnutls-devel] GnuTLS | certtool: generate RSA-PSS certificates from RSA keys (!980) In-Reply-To: References: Message-ID: Merge Request !980 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/980 Branches: tmp-rsa-pss-cert-fix to master Author: Nikos Mavrogiannopoulos Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 13:25:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 11:25:32 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_verify_data2 calls fail erroneously with GNUTLS_E_INVALID_REQUEST when GNUTLS_VERIFY_DISABLE_CA_SIGN flag is set (#754) In-Reply-To: References: Message-ID: Reassigned Issue 754 https://gitlab.com/gnutls/gnutls/issues/754 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/754 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 13:27:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 11:27:03 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) In-Reply-To: References: Message-ID: Reassigned Merge Request 981 https://gitlab.com/gnutls/gnutls/merge_requests/981 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 13:31:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 11:31:35 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_verify_data2 calls fail erroneously with GNUTLS_E_INVALID_REQUEST when GNUTLS_VERIFY_DISABLE_CA_SIGN flag is set (#754) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/754 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 13:32:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 11:32:47 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) In-Reply-To: References: Message-ID: Thank you for this. It makes sense to me to remove the backwards compatibility to address the issue, because it is a niche-use-case (cannot find uses of it outside gnutls via debian code search), and it preserves backwards compatibility only with applications built with 3.4.[0-1]. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981#note_164177204 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 13:33:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 11:33:52 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 25 13:35:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 25 Apr 2019 11:35:27 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) In-Reply-To: References: Message-ID: Would you like to add or modify an existing test case so that the `GNUTLS_VERIFY_DISABLE_CA_SIGN` flag is tested? (e.g., `tests/sign-verify-data-newapi.c`) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981#note_164178401 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 26 17:37:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Apr 2019 15:37:47 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) References: Message-ID: New Merge Request !985 https://gitlab.com/gnutls/gnutls/merge_requests/985 Branches: tmp-record-sizes to master Author: Daiki Ueno Assignee: This fully implements the asymmetric record_size_limit negotiation. The previous behavior was that both sending and receiving limits are negotiated to be the same value. It was problematic when: - client sends a record_size_limit with a large value in CH - server sends a record_size_limit with a smaller value in EE - client updates the limit for both sending and receiving, upon receiving EE - server sends a Certificate message larger than the limit With this patch, each peer maintains the sending / receiving limits separately so not to confuse with the contradicting settings. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 26 17:49:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Apr 2019 15:49:42 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/985 was reviewed by Hubert Kario (@mention me if you need reply) -- Hubert Kario (@mention me if you need reply) started a new discussion on lib/ext/max_record.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164706954 > - if (session->security_parameters.max_record_send_size != > + /* this extension requires that both sending and > + * receiving limits are the same */ is it really? I don't see anything related to `max_fragment_length` here... -- Hubert Kario (@mention me if you need reply) started a new discussion on tests/tls-record-size-limit-asym.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164706955 > + * Copyright (C) 2015 Red Hat, Inc. > + * > + * Author: Nikos Mavrogiannopoulos is that authorship and copyright correct? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 26 17:50:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Apr 2019 15:50:51 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: shouldn't this PR update the tlsfuzzer configuration? what about a test case that uses tlslite-ng server to test against a client and server that advertises 64 byte limit? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164707317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 26 17:59:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Apr 2019 15:59:34 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/max_record.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164709605 > > /* this function sends the client extension data (dnsname) */ > if (session->security_parameters.entity == GNUTLS_CLIENT) { > - if (session->security_parameters.max_record_send_size != > + /* this extension requires that both sending and > + * receiving limits are the same */ @tomato42 maybe I don't understand what you mean, but my understanding is that if max_fragment_length is negotiated, the limit applies to both sending and receiving. The below condition is basically to check a programmer error, where the programmer sets the limit with the new asymmetric API `gnutls_record_set_max_recv_size()` instead of the old API `gnutls_record_set_max_size()`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164709605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 26 20:29:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 26 Apr 2019 18:29:57 +0000 Subject: [gnutls-devel] libtasn1 | _asn1_expand_object_id: Limit recursion (!8) In-Reply-To: References: Message-ID: Mike Gorse commented on a discussion: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_164757839 Sorry for the delay. I've added some lines to Test_tree.asn to reproduce the lockup, based on the reproducer from the issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/8#note_164757839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 27 13:21:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Apr 2019 11:21:48 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/ext/max_record.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164873828 > > /* this function sends the client extension data (dnsname) */ > if (session->security_parameters.entity == GNUTLS_CLIENT) { > - if (session->security_parameters.max_record_send_size != > + /* this extension requires that both sending and > + * receiving limits are the same */ I modified the documentation / comments to reflect the intention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164873828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 27 13:22:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Apr 2019 11:22:21 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: All discussions on Merge Request !985 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/merge_requests/985 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 27 13:26:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Apr 2019 11:26:54 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: > shouldn't this PR update the tlsfuzzer configuration? As noted in the description, the only visible behavior change is in client side, which can't be tested with tlsfuzzer. > what about a test case that uses tlslite-ng server to test against a client and server that advertises 64 byte limit? I am not sure what you mean. This MR is about asymmetricity, not about supporting smaller limits. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_164874142 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 27 13:42:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 27 Apr 2019 11:42:17 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Reassigned Merge Request 917 https://gitlab.com/gnutls/gnutls/merge_requests/917 Assignee changed from Ander Juaristi to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 28 11:48:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Apr 2019 09:48:22 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: @nmav Please check the changes in `CONTRIBUTING.md`. I also removed (commented for now) the line ``` AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.]) ``` in `configure.ac` since it clashed with the namespace for header guards and I couldn't find any reference/usage of `GNUTLS_COMPAT_H` at all. What is/was it and how to deal with it ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_164949593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 28 12:17:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Apr 2019 10:17:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: This pull request **fixes 14 alerts** when merging 946d9a4b270ff223db46f1346656a045419a42d7 into 1ee821191870e425b2e645476b5c311dddb66938 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-9b70d8a2a07e187a4bdb0921635469455c9c21b9) **fixed alerts:** * 14 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_164951745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 28 12:35:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Apr 2019 10:35:52 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: @nmav Should the headers in lib/minitasn1 and lib/nettle also be amended ? Not sure if these might be overwritten from time to time by upstream files... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_164953304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 28 13:06:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 28 Apr 2019 11:06:01 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: This pull request **fixes 36 alerts** when merging dfdce26df5c86e6f6ddb7883ba87295d7d3e6f79 into 1ee821191870e425b2e645476b5c311dddb66938 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-01c8c923c3dd3c9583089a5445564d601e9c84a0) **fixed alerts:** * 36 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_164955226 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 12:12:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 10:12:36 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) References: Message-ID: New Issue was created. Issue 758: https://gitlab.com/gnutls/gnutls/issues/758 Author: YmrDtnJu Assignee: ## Description of problem: [msmtp](https://marlam.de/msmtp/) gets stuck in a deadlock on mutex session->internals.epoch_lock in function _gnutls_epoch_get with gnutls version 3.6.7. The mutex has been introduced in commit 2db896b7fd3258851898652e9ddef7335f23e450. I am not sure if this is a bug in gnutls or in msmtp. Maybe msmtp fails to initialize gnutls correctly, but it works with version 3.6.6 so I suspect, that the commit may assume a specific usage of the gnutls API that msmtp (and maybe other software) does not adhere. ## Version of gnutls used: 3.6.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Gentoo ## How reproducible: Use msmtp with gnutls 3.6.7. It gets stuck trying to initiate a TLS connection to the SMTP server using STARTTLS. ## Actual results: Deadlock. ## Expected results: msmtp successfully sending an e-mail over a TLS connection to an SMTP server. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 12:30:44 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 10:30:44 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: Try to infer 64-bit time using date(1) (!986) References: Message-ID: New Merge Request !986 https://gitlab.com/gnutls/gnutls/merge_requests/986 Project:Branches: julian-klode/gnutls:crl-check-64-bit-time-support to gnutls/gnutls:master Author: Julian Andres Klode Assignee: Try to infer the 64-bit time_t support using date(1), instead of hardcoding 8, so tests work when run outside of the build tree. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [X] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 12:38:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 10:38:21 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: try to infer 64-bit time using date(1) (!986) In-Reply-To: References: Message-ID: Julian Andres Klode started a new discussion on tests/cert-tests/crl: https://gitlab.com/gnutls/gnutls/merge_requests/986#note_165136973 > srcdir="${srcdir:-.}" > CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" > DIFF="${DIFF:-diff}" > -ac_cv_sizeof_time_t="${ac_cv_sizeof_time_t:-8}" > + > +if test -z "${ac_cv_sizeof_time_t}"; then > + if [ "$(date --date=@2147483648 +%Y 2>/dev/null)" = "2038" ]; then Oh, that should be `test`, not `[` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/986#note_165136973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 12:39:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 10:39:18 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: try to infer 64-bit time using date(1) (!986) In-Reply-To: References: Message-ID: All discussions on Merge Request !986 were resolved by Julian Andres Klode https://gitlab.com/gnutls/gnutls/merge_requests/986 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 12:40:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 10:40:50 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: try to infer 64-bit time using date(1) (!986) In-Reply-To: References: Message-ID: FWIW, this `date` execution might fail on non-GNU platforms and then cause them to not check 64-bit support, so not 100% sure if that's the best way. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/986#note_165137703 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 13:04:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 11:04:36 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: Do you have a command line for msmtp that doesn't need a default account ? Something to easily reproduce with ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/758#note_165146578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 13:51:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 11:51:17 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented on a discussion on lib/ext/max_record.c: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_165161120 > > /* this function sends the client extension data (dnsname) */ > if (session->security_parameters.entity == GNUTLS_CLIENT) { > - if (session->security_parameters.max_record_send_size != > + /* this extension requires that both sending and > + * receiving limits are the same */ yes, the limits apply to both sending and receiving, but the limit for sending and receiving can be different (including a situation where either of those is not limited in practice) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_165161120 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 13:56:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 11:56:06 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_165162747 > > what about a test case that uses tlslite-ng server to test against a client and server that advertises 64 byte limit? > I am not sure what you mean. This MR is about asymmetricity, not about supporting smaller limits. but gnutls does default to 2^14+1, so a server that replies with a lower value, will force that asymmetricity; also as we discussed, if the server does reply with 64, the client has only two options: comply or abort connection, it can't retroactively un-negotiate the extension -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_165162747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 14:51:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 12:51:18 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: distinguish sending and receiving limits (!985) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_165188848 > but gnutls does default to 2^14+1, so a server that replies with a lower value, will force that asymmetricity; also as we discussed This is already covered by the new unit tests, where server and client sends different limits. > also as we discussed, if the server does reply with 64, the client has only two options: comply or abort connection, it can't retroactively un-negotiate the extension This still sounds out-of-scope. Regardless of this MR, the client aborts when it receives smaller limits than 512. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/985#note_165188848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 17:26:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 15:26:06 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: try to infer 64-bit time using date(1) (!986) In-Reply-To: References: Message-ID: Seeing as other tests also appear to need this, I just moved it to our external test running script in the packaging. But I do wonder if this is something worth changing. (Also, sorry for the CI failures, gitlab did not store the timeout change I entered...) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/986#note_165256643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 17:38:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 15:38:28 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: I guess the following line should work: echo -e 'From: Test \r\nTo: \r\nSubject: Testsubject\r\nDate: Sun, 28 Apr 2019 23:27:50 +0000\r\nMessage-ID: test at localhost\r\n\r\nTest\r\n' | /usr/bin/msmtp --host smtp.gmail.com --port 587 --tls --tls-starttls --tls-trust-file /etc/ssl/certs/ca-certificates.crt --from bla at bla.bla -- bla at bla.bla Neither the e-mail itself nor source or destination addresses need to actually work, because msmtp will hang before it can use them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/758#note_165260915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 21:28:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 29 Apr 2019 19:28:12 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: Thanks for the example. On Debian unstable I get ``` msmtp: envelope from address bla at bla.bla not accepted by the server msmtp: server message: 530-5.5.1 Authentication Required. Learn more at msmtp: server message: 530 5.5.1 https://support.google.com/mail/?p=WantAuthError d8sm6013277ejb.19 - gsmtp msmtp: could not send mail ``` GnuTLS is at 3.6.7-2, msmtp is 1.8.3-1. I also had a look at the GnuTLS sources - locking/unlocking in _gnutls_epoch_get looks good to me, also the initialization of the used mutex. Maybe there is a general issue with threading / pthreads in your version of Gentoo ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/758#note_165334344 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 07:49:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 05:49:21 +0000 Subject: [gnutls-devel] GnuTLS | server auth: disable TLS 1.3 if no signature algorithm is usable (!987) References: Message-ID: New Merge Request !987 https://gitlab.com/gnutls/gnutls/merge_requests/987 Branches: tmp-privkey-tls13 to master Author: Daiki Ueno Assignee: This is a server side counterpart of 005a4d04145707daad9588acedfdb5f6cd97c80c. Instead of signalling an error when no algorithm is usable in TLS 1.3, it downgrades the session to TLS 1.2 with a warning. Closes #731 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/987 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 11:58:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 09:58:38 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: Maybe, yes. But I do not experience any issues related to threading or locking with any other software on any of my systems. And they are all the same. I can see in gdb, that msmtp hangs trying to lock that mutex. I would send you the coredump, but it contains my authentication credentials. But to be honest, I did not expect anyone to be able to reproduce that problem. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/758#note_165512604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 16:05:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 14:05:19 +0000 Subject: [gnutls-devel] GnuTLS | crypto: add private API to retrieve next IV (!988) References: Message-ID: New Merge Request !988 https://gitlab.com/gnutls/gnutls/merge_requests/988 Branches: tmp-getiv to master Author: Daiki Ueno Assignee: In CFB mode encryption, the final IV value can be used for the next encryption. This adds a function to retrieve the value. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 16:18:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 14:18:43 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) In-Reply-To: References: Message-ID: @kmiller ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981#note_165616292 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 16:27:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 14:27:27 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk_passwd.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165620005 > + > +static int username_matches(const gnutls_datum_t *username, > + const char *line, size_t line_size) > +{ > + int retval; > + unsigned i; > + gnutls_datum_t hexline, hex_username = { NULL, 0 }; > + > + /* move to first ':' */ > + i = 0; > + while ((i < line_size) && (line[i] != '\0') > + && (line[i] != ':')) { > + i++; > + } > + > + if (line[0] == '@') { In DN encoding the form we use for raw names is `#HEX`, what about using the `#` here as well to mark these names? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165620005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 16:43:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 14:43:54 +0000 Subject: [gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/917 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626720 > > +inline static > +void _gnutls_copy_psk_auth_info(psk_auth_info_t info, const gnutls_datum_t *username) what about naming it `_gnutls_copy_psk_username`? Reading the name made me think that this copies something more than the username. -- Nikos Mavrogiannopoulos commented on a discussion on lib/auth/psk.h: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626724 > - gnutls_psk_server_credentials_function *pwd_callback; > + union { > + gnutls_psk_server_credentials_function *cb1; @juaristi did you see this one? -- Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk_passwd.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626728 > + return gnutls_assert_val(retval); > + > + retval = memcmp(username->data, hex_username.data, username->size); Shouldn't we compare the sizes before the memcmp for equality? -- Nikos Mavrogiannopoulos started a new discussion on lib/ext/pre_shared_key.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626730 > * return its error code in that case */ > - ret = _gnutls_psk_pwd_find_entry(session, identity_str, &key); > + ret = _gnutls_psk_pwd_find_entry(session, (const char *) psk.identity.data, psk.identity.size, &key); is the `const char*` cast necessary? -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626736 > + > +/** > + * gnutls_psk_set_server_credentials_function: typo: 2 is missing here -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626738 > > +/** > + * gnutls_psk_set_client_credentials_function: typo: 2 is missing -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626742 > +username_has_embedded_nulls(psk_auth_info_t info) > +{ > + for (uint16_t i = 0; i < info->len; i++) { There is also the `has_embedded_null` macro which could be used here. -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626745 > + > + if (info->username[0] != 0 && info->len > 0) > + return _gnutls_set_datum(out, info->username, info->len); Would it make sense to provide the pointer to the username instead of allocating memory? This will be more in par with the original function this replaces. An example of a function that works like that with datums is `gnutls_session_get_random`. -- Nikos Mavrogiannopoulos started a new discussion on lib/psk.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626747 > + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; > + > + if (info->username[0] != 0 && info->len > 0) What if the username is '\x00'? -- Nikos Mavrogiannopoulos started a new discussion on tests/psk.passwd: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626748 > jas:9e32cf7786321a828ef7668f09fb35db > non-hex:9e32cf7786321a828ef7668f09fb35dbxx > + at deadbeef:9e32cf7786321a828ef7668f09fb35db +1 I'd also add `@00` and `@0000aa00`, to ensure that embedded nulls work well. -- Nikos Mavrogiannopoulos started a new discussion on tests/pskself2.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626751 > + > + gnutls_psk_allocate_client_credentials(&pskcred); > + gnutls_psk_set_client_credentials2(pskcred, &user, &key, we should check the error code here, to ensure this is succeeding as expected. -- Nikos Mavrogiannopoulos started a new discussion on tests/pskself2.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626754 > +static gnutls_dh_params_t dh_params; > + > +static int generate_dh_params(void) The DH parameters are not necessary in new tests -- Nikos Mavrogiannopoulos started a new discussion on tests/pskself2.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626757 > + success("server: Handshake was completed\n"); > + > + if (gnutls_psk_server_get_username(session)) +1 -- Nikos Mavrogiannopoulos started a new discussion on tests/pskself2.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_165626758 > + generate_dh_params(); > + > + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", 1); We most likely do not need to test all combinations here. TLS1.2 and TLS1.3 should be the minimum. An idea could be however, to pass the username here on `run_test` so that multiple names can be tested. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 16:46:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 14:46:57 +0000 Subject: [gnutls-devel] GnuTLS | tests: cert-tests: crl: try to infer 64-bit time using date(1) (!986) In-Reply-To: References: Message-ID: > Seeing as other tests also appear to need this, I just moved it to our external test running script in the packaging. But I do wonder if this is something worth changing. what about moving it to scripts/common.sh? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/986#note_165628497 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 16:52:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 14:52:46 +0000 Subject: [gnutls-devel] GnuTLS | crypto: add private API to retrieve next IV (!988) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/988 was reviewed by Nikos Mavrogiannopoulos -- Nikos Mavrogiannopoulos started a new discussion on lib/crypto-api.c: https://gitlab.com/gnutls/gnutls/merge_requests/988#note_165631952 > + * @ivlen: the length of the IV > + * > + * This function will get the IV to be used for the next encryption If this is generally useful for CFB shouldn't we make it a properly exported function? Should we document the cases where this should be called (CFB?). What will this return in non-CFB cases? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 18:56:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 30 Apr 2019 16:56:05 +0000 Subject: [gnutls-devel] GnuTLS | pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA (!981) In-Reply-To: References: Message-ID: @nmav apologies it's been a busy week. I'll extend the `tests/sign-verify-data-newapi.c` and `tests/sign-verify-newapi.c` cases to test against the `GNUTLS_VERIFY_DISABLE_CA_SIGN` flag. It'd also be good to have a test for `GNUTLS_VERIFY_USE_TLS1_RSA` as well in terms of code coverage of the functions affected by the change. Will push a squashed commit with the updated ticket references this evening. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/981#note_165675655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: