From gnutls-devel at lists.gnutls.org Fri Mar 1 09:53:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 08:53:04 +0000 Subject: [gnutls-devel] GnuTLS | Fixed operation under multiple threads (!935) In-Reply-To: References: Message-ID: Just tried the patchset, no race detected! And this solution looks much cleaner to me know, so as far as I'm concerned, this is ready to be merged! Thanks a lot for fixing this! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/935#note_146274748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 11:06:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 10:06:13 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation for gnutls_cipher_get_iv_size and AEAD ciphers (!941) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 11:33:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 10:33:41 +0000 Subject: [gnutls-devel] GnuTLS | handshake: increase the default number of tickets we send to 2 (!942) References: Message-ID: New Merge Request !942 https://gitlab.com/gnutls/gnutls/merge_requests/942 Branches: tmp-increase-nr-of-tickets to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. That's because 2 tickets allow for 2 new connections (if one is using each ticket once as recommended), which in turn lead to 4 new and so on. ## Checklist * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 11:34:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 10:34:13 +0000 Subject: [gnutls-devel] GnuTLS | change or make configurable to number of tickets to send by default (#596) In-Reply-To: References: Message-ID: Reassigned Issue 596 https://gitlab.com/gnutls/gnutls/issues/596 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 12:41:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 11:41:01 +0000 Subject: [gnutls-devel] GnuTLS | Implement gnutls_aead_cipher_decryptv() (#719) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #719: https://gitlab.com/gnutls/gnutls/issues/719 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/719 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 12:41:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 11:41:00 +0000 Subject: [gnutls-devel] GnuTLS | Implement gnutls_aead_cipher_decryptv() (#719) In-Reply-To: References: Message-ID: Ok, thank you! Let's close this for #718 which is more generic. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/719#note_146347879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 16:38:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 15:38:48 +0000 Subject: [gnutls-devel] GnuTLS | Fixed operation under multiple threads (!935) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/handshake-tls13.c: > > > /* explicitly reset any false start flags */ > - session->internals.recv_state = RECV_STATE_0; > session->internals.initial_negotiation_completed = 1; > + session->internals.recv_state = RECV_STATE_0; No, it should be reverted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/935#note_146473629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 16:40:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 15:40:03 +0000 Subject: [gnutls-devel] GnuTLS | Fixed operation under multiple threads (!935) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/record.c: > * data. We allow sending however, if we are in false start handshake > * state. */ > if (session->internals.recv_state != RECV_STATE_FALSE_START && > + session->internals.recv_state != RECV_STATE_FALSE_START_HANDLING && > session->internals.recv_state != RECV_STATE_EARLY_START && > - !(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) > - return gnutls_assert_val(GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE); > + session->internals.recv_state != RECV_STATE_EARLY_START_HANDLING && > + !(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) { > + /* this additional check is to avoid a mutex for applications sending > + * and receiving in parallel. */ > + if (!session->internals.initial_negotiation_completed) Solved (hopefully) differently. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/935#note_146474042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 16:40:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 15:40:02 +0000 Subject: [gnutls-devel] GnuTLS | Fixed operation under multiple threads (!935) In-Reply-To: References: Message-ID: All discussions on Merge Request !935 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/935 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/935 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 16:52:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 15:52:36 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: @nmav Hi Nikos, what is this SPACE_TAB sequence? I can hardly find any information about this, how to fix it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_146478017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 18:03:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 17:03:11 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/940 was reviewed by Nathaniel McCallum -- Nathaniel McCallum started a new discussion on src/socket.c: > if (socket->verbose) > - printf("Negotiating SMTP STARTTLS\n"); > + fprintf(output_pointer ? output_pointer:stdout, "Negotiating SMTP STARTTLS\n"); If you follow my suggestion above, this line becomes: `log(stdout, "Negotiating SMTP STARTTLS\n");` -- Nathaniel McCallum started a new discussion on src/socket.c: > #define MAX_BUF 4096 > - > +extern FILE *output_pointer; Why don't we make a `log()` function with the same signature as `fprintf()`? This function should wrap `vfprintf()` but should substitute the correct output file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 20:16:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 19:16:14 +0000 Subject: [gnutls-devel] GnuTLS | Update ./bootstrap from latest gnulib (!943) References: Message-ID: New Merge Request !943 https://gitlab.com/gnutls/gnutls/merge_requests/943 Branches: update-bootstrap to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Main change is that wget is used for .po downloads, instead of rsync. At lgtm.com there seems to be an issue with rsync. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 21:44:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 20:44:01 +0000 Subject: [gnutls-devel] build-images | Add wget (!21) References: Message-ID: New Merge Request !21 https://gitlab.com/gnutls/build-images/merge_requests/21 Branches: add-wget to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/21 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 1 21:44:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 01 Mar 2019 20:44:07 +0000 Subject: [gnutls-devel] build-images | Add wget (!21) In-Reply-To: References: Message-ID: Merge Request !21 was merged Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/21 Branches: add-wget to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/21 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 03:28:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 02:28:48 +0000 Subject: [gnutls-devel] GnuTLS | Configuration for LGTM.com C/C++ analysis (!944) References: Message-ID: New Merge Request !944 https://gitlab.com/gnutls/gnutls/merge_requests/944 Project:Branches: sj_vs/gnutls:lgtm-analysis to gnutls/gnutls:master Author: Bas van Schaik Assignee: Following request by @rockdaboot here: https://discuss.lgtm.com/t/please-add-gitlab-repo-gnutls-to-my-projects/1809/5. LGTM.com analysis results are available here: https://lgtm.com/projects/gl/gnutls/gnutls/alerts/ With this configuration file, you can control the behaviour of the LGTM.com analysis (including the build setup). If the build process ever changes, you only have to change this file which will automatically be picked up by LGTM. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 11:25:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 10:25:30 +0000 Subject: [gnutls-devel] GnuTLS | Configuration for LGTM.com C/C++ analysis (!944) In-Reply-To: References: Message-ID: @sj\_vs Thank you so much ! I would be great if you could - increase the CI timeout on your side to 2h (Settings/CICD/General pipelines/Timeout) - merge your 3 commits into one (`git rebase -i HEAD~3`, then replace 'pick' with 'f' on lines 2 and 3 and save+exit the editor) - sign-off that commit (`git commit -s --amend`, save+exit your editor) - update the MR (`git push --force-with-lease`) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/944#note_146609093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 20:53:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 19:53:15 +0000 Subject: [gnutls-devel] GnuTLS | Configuration for LGTM.com C/C++ analysis (!944) In-Reply-To: References: Message-ID: @rockdaboot: all done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/944#note_146660681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 21:22:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 20:22:21 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) References: Message-ID: New Merge Request !945 https://gitlab.com/gnutls/gnutls/merge_requests/945 Branches: lgtm-analysis to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Add LGTM integration ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 21:24:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 20:24:08 +0000 Subject: [gnutls-devel] GnuTLS | Update ./bootstrap from latest gnulib (!943) In-Reply-To: References: Message-ID: Merge Request !943 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/943 Branches: update-bootstrap to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 21:24:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 20:24:24 +0000 Subject: [gnutls-devel] GnuTLS | Update ./bootstrap from latest gnulib (!943) In-Reply-To: References: Message-ID: LGTM :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/943#note_146662850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 21:27:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 20:27:43 +0000 Subject: [gnutls-devel] GnuTLS | Configuration for LGTM.com C/C++ analysis (!944) In-Reply-To: References: Message-ID: @sj\_vs Great ! Author and Signed-off-by don't match, so I changed Signed-off-by to `Bas van Schaik `, pushed your branch to upstream and created a new MR of it. Let me know if this is wrong. Else we merge the new MR after CI success. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/944#note_146663006 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 21:27:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 20:27:54 +0000 Subject: [gnutls-devel] GnuTLS | Configuration for LGTM.com C/C++ analysis (!944) In-Reply-To: References: Message-ID: Merge Request !944 was closed by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/944 Project:Branches: sj_vs/gnutls:lgtm-analysis to gnutls/gnutls:master Author: Bas van Schaik Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 21:55:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 20:55:50 +0000 Subject: [gnutls-devel] GnuTLS | Update ./bootstrap from latest gnulib (!943) In-Reply-To: References: Message-ID: Merge Request !943 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/943 Branches: update-bootstrap to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 22:50:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 21:50:15 +0000 Subject: [gnutls-devel] GnuTLS | Fixed operation under multiple threads (!935) In-Reply-To: References: Message-ID: Merge Request !935 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/935 Branches: tmp-false-start-clarifications to master Author: Nikos Mavrogiannopoulos Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/935 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 2 22:50:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 02 Mar 2019 21:50:15 +0000 Subject: [gnutls-devel] GnuTLS | False start and early start are not multi-thread recv/send safe (#713) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #713: https://gitlab.com/gnutls/gnutls/issues/713 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 15:34:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 14:34:01 +0000 Subject: [gnutls-devel] GnuTLS | Fix FIPS integrity self tests (!873) In-Reply-To: References: Message-ID: Thanks for the changes in cppcheck, after rebase it passed all tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/873#note_147031471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 15:45:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 14:45:18 +0000 Subject: [gnutls-devel] GnuTLS | Fix FIPS integrity self tests (!873) In-Reply-To: References: Message-ID: Merge Request !873 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/873 Project:Branches: ansasaki/gnutls:fix_fips_lib_name to gnutls/gnutls:master Author: Anderson Sasaki Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/873 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 16:58:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 15:58:10 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: @nmav Ping. Did you have the chance to look at the new public functions? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147062450 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 17:05:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 16:05:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Fix --starttls-proto=xmpp (!911) In-Reply-To: References: Message-ID: Merge Request !911 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/911 Branches: tmp-fix-cli-starttls-xmpp to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 17:06:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 16:06:00 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Fix --starttls-proto=xmpp (!911) In-Reply-To: References: Message-ID: Reassigned Merge Request 911 https://gitlab.com/gnutls/gnutls/merge_requests/911 Assignee changed to Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 17:25:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 16:25:11 +0000 Subject: [gnutls-devel] GnuTLS | TLS 1.3: utilize "certificate_required" alert (!946) References: Message-ID: New Merge Request !946 https://gitlab.com/gnutls/gnutls/merge_requests/946 Branches: tmp-cert-req to master Author: Daiki Ueno Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list The RFC suggests possible use of the new alert when the client sends no certificates while required. Let's use it in the server by default in TLS 1.3. Fixes #715. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 18:40:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 17:40:58 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: In which way will it be integrated with GitLab interface? Will it be visible in MR somehow? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_147117019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 18:52:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 17:52:43 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation for gnutls_cipher_get_iv_size and AEAD ciphers (!941) In-Reply-To: References: Message-ID: LGTM. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/941#note_147120036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 18:52:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 17:52:58 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation for gnutls_cipher_get_iv_size and AEAD ciphers (!941) In-Reply-To: References: Message-ID: Merge Request !941 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/941 Branches: tmp-doc-update-iv to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 21:14:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 20:14:31 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Look at the MR's pipeline: https://gitlab.com/gnutls/gnutls/pipelines/49999025 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_147155482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 4 23:22:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 04 Mar 2019 22:22:06 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Oh, nice! I was expecting something like test status on GitHub. But this is even better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_147178638 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 08:37:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 07:37:33 +0000 Subject: [gnutls-devel] GnuTLS | Improve documentation for gnutls_cipher_get_iv_size and AEAD ciphers (!941) In-Reply-To: References: Message-ID: Merge Request !941 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/941 Branches: tmp-doc-update-iv to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 08:37:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 07:37:33 +0000 Subject: [gnutls-devel] GnuTLS | Document that the returned size by gnutls_cipher_get_iv_size() might not be the correct size for the nonce (#717) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #717: https://gitlab.com/gnutls/gnutls/issues/717 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:05:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:05:17 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.h: > /* callback function, instead of reading the > * password files. > */ > - gnutls_psk_server_credentials_function *pwd_callback; > + union { > + gnutls_psk_server_credentials_function *cb1; What about using a single callback here, and wrap any old callback set with the new? (i.e., similarly to how `gnutls_certificate_set_retrieve_function2()` works) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147288242 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:06:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:06:52 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.h: > /* these structures should not use allocated data */ > typedef struct psk_auth_info_st { > char username[MAX_USERNAME_SIZE + 1]; > + uint16_t len; > dh_info_st dh; > char hint[MAX_USERNAME_SIZE + 1]; > } *psk_auth_info_t; > > typedef struct psk_auth_info_st psk_auth_info_st; > > +inline static > +void _gnutls_copy_psk_auth_info(psk_auth_info_t info, const gnutls_datum_t *psk) instead of `psk` naming the value `username`, may make the function easier to grasp. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147288662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:07:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:07:41 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/dhe_psk.c: > return GNUTLS_E_ILLEGAL_SRP_USERNAME; > } > > - memcpy(info->username, username.data, username.size); > - info->username[username.size] = 0; > + _gnutls_copy_psk_auth_info(info, &username); > > /* Adjust the data */ > data += username.size + 2; > > ret = > - _gnutls_psk_pwd_find_entry(session, info->username, &psk_key); > + _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &psk_key); shouldn't here be info->len? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147288947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:07:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:07:59 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/dhe_psk.c: > /* should never fail. It will always return a key even if it is > * a random one */ > ret = > - _gnutls_psk_pwd_find_entry(session, info->username, &psk_key); > + _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &psk_key); also here `info->len`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147289030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:08:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:08:29 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.c: > return GNUTLS_E_ILLEGAL_SRP_USERNAME; > } > > - memcpy(info->username, username.data, username.size); > - info->username[username.size] = 0; > + _gnutls_copy_psk_auth_info(info, &username); > > ret = > - _gnutls_psk_pwd_find_entry(session, info->username, &psk_key); > + _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &psk_key); strlen here as well -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147289173 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:10:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:10:28 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/auth/psk.h: > /* these structures should not use allocated data */ > typedef struct psk_auth_info_st { > char username[MAX_USERNAME_SIZE + 1]; > + uint16_t len; > dh_info_st dh; > char hint[MAX_USERNAME_SIZE + 1]; > } *psk_auth_info_t; > > typedef struct psk_auth_info_st psk_auth_info_st; > > +inline static > +void _gnutls_copy_psk_auth_info(psk_auth_info_t info, const gnutls_datum_t *psk) > +{ > + memcpy(info->username, psk->data, psk->size); I see the functions that call this already did the bounds check. However a function which does an unchecked memcpy may be misused in the future by mistake. Any suggestions on how to improve this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147290164 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:15:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:15:51 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/pskself2.c: > + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); > + > + gnutls_transport_set_int(session, sd); > + ret = gnutls_handshake(session); > + if (ret < 0) { > + close(sd); > + gnutls_deinit(session); > + fail("server: Handshake has failed (%s)\n\n", > + gnutls_strerror(ret)); > + return; > + } > + > + if (debug) { > + success("server: Handshake was completed\n"); > + > + if (gnutls_psk_server_get_username2(session, &psk_username) < 0) I think we should compare here with the expected value. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147291898 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:16:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:16:54 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/pskself2.c: > + close(sd); > + gnutls_deinit(session); > + fail("server: Handshake has failed (%s)\n\n", > + gnutls_strerror(ret)); > + return; > + } > + > + if (debug) { > + success("server: Handshake was completed\n"); > + > + if (gnutls_psk_server_get_username2(session, &psk_username) < 0) > + fail("server: Could not get PSK username\n"); > + > + success("server: PSK username length: %d\n", psk_username.size); > + } > + It would be beneficial I think to check `gnutls_psk_server_get_username()` as well. I guess it should fail when called an the username has embedded null. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147292245 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:17:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:17:41 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: I just did. They look fine to me. I made also some suggestions inline. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_147292473 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:21:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:21:50 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: > @nmav Hi Nikos, Can I add an shortcut like -f to represent my new option? Because I think this may cause trouble when you are going to add new features in the future. Let's use the long option only for start. If that option becomes very handy and popular we can add a shortcut later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_147293728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:22:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:22:53 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: > @nmav Hi Nikos, what is this SPACE_TAB sequence? I can hardly find any information about this, how to fix it? The `make syntax-check` command checks whether the code contains a sequence of (space)-(tab) and fails in that case. In the gnu syntax rules only spaces after tabs are allowed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_147294116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:25:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:25:31 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/cli-args.def: > doc = ""; > }; > > +flag = { > + name = file-log; `--log-file` or `--logfile` sound more natural to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_147295030 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:26:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:26:20 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/cli-args.def: > doc = ""; > }; > > +flag = { > + name = file-log; > + arg-type = string; > + descrip = "Redirect some information to a temporary log file."; I guess the word 'temporary' is superfluous here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_147295307 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 09:29:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 08:29:21 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/cli.c: > } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); > > if (ret == 0) { > - printf("*** Re-auth was performed.\n"); > + log(output_pointer, "*** Re-auth was performed.\n"); I'd avoid the name 'log' because it is easy to clash with other similar functions (I see a compilation failure which may be due to clash with libmath). What about `log_info`? Here I'm assuming that your intention is to log informational messages (see the description of some above). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_147296274 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 10:07:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 09:07:47 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: @lumag It just needs your approval :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_147310191 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 11:42:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 10:42:51 +0000 Subject: [gnutls-devel] GnuTLS | p11tool is using a R/O session when logging as a SO (#721) References: Message-ID: New Issue was created. Issue 721: https://gitlab.com/gnutls/gnutls/issues/721 Author: Anderson Sasaki Assignee: ## Description of problem: p11tool tries to use a R/O session when the user requests SO login. This is not allowed by PKCS#11 specification. The SO can only log in using R/W sessions. This was originally reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1685434 See also the discussion in: https://github.com/opendnssec/SoftHSMv2/issues/451 ## Version of gnutls used: In the original report were used the following versions: * gnutls-utils-3.6.5-2.fc29.x86_64 * softhsm-2.5.0-2.fc29.x86_64 I reproduced the issue using the current master (c7c01872b). ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora 29 ## How reproducible: always Steps to Reproduce: * Initialize a new token using SoftHSM: ``` $ softhsm2-util --init-token --label softhsm --free --pin 1234 --so-pin 1234 ``` * Generate a key pair (to have an object to be listed): ``` $ p11tool --generate-privkey=RSA --bits=2048 --label=pkey --login --set-pin=1234 pkcs11:token=softhsm ``` * Try to list the objects using SO login: ``` p11tool --list-all --so-login --set-so-pin=1234 pkcs11:token=softhsm ``` ## Actual results: ``` $ p11tool -d9 --list-all --so-login --set-so-pin=1234 pkcs11:token=softhsm Setting log level to 9 |<2>| p11: Initializing module: p11-kit-trust |<2>| p11: Initializing module: opensc |<2>| p11: Initializing module: softhsm2 |<3>| ASSERT: pkcs11.c[compat_load]:894 |<2>| p11: No login requested. |<2>| p11: Login result = A read-only session exists (183) |<3>| ASSERT: pkcs11.c[_pkcs11_traverse_tokens]:1620 |<3>| ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url4]:3510 Error in crt_list_import (1): PKCS #11 error in session ``` ## Expected results: Objects listed (only public). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 11:48:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 10:48:41 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Merge Request !945 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/945 Branches: lgtm-analysis to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 11:48:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 10:48:48 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: LGTM too -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_147350641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 12:27:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 11:27:30 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Merge Request !945 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/945 Branches: lgtm-analysis to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 13:22:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 12:22:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Fix --starttls-proto=xmpp (!911) In-Reply-To: References: Message-ID: I am merging because - I have currently no time to work on the starttls tests - fix without test is still better than no fix at all -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/911#note_147391116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 13:22:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 12:22:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli starttls connection to XMPP fails with 'error receiving References: Message-ID: Issue was closed by Tim R?hsen Issue #697: https://gitlab.com/gnutls/gnutls/issues/697 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 13:22:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 12:22:59 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Fix --starttls-proto=xmpp (!911) In-Reply-To: References: Message-ID: Merge Request !911 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/911 Branches: tmp-fix-cli-starttls-xmpp to master Author: Tim R?hsen Assignee: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 14:45:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 13:45:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli starttls connection to XMPP fails with 'error receiving References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 15:07:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 14:07:30 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) References: Message-ID: New Merge Request !947 https://gitlab.com/gnutls/gnutls/merge_requests/947 Project:Branches: robUx4/gnutls:inet_ntop to gnutls/gnutls:master Author: Steve Lhomme Assignee: inet_ntop is available in Windows but not via arpa/inet.h It's found in ws2tcpip.h which is already included in gnutls_int.h included by this file. arpa/inet.h doesn't exist on Windows so the build fails -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 16:45:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 15:45:26 +0000 Subject: [gnutls-devel] GnuTLS | p11tool is using a R/O session when logging as a SO (#721) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 17:23:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 16:23:46 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Thank you for the MR / report ! We would like to use the gnulib compatibility layer, if possible. Could you add 'arpa_inet' to 'gnulib_modules=...' in bootstrap.conf ? After the change you have to `./bootstrap` and should find `gl/arpa/inet.h`... then you continue with `./configure && make clean && make`. Could you please test that out - and if it works, update your MR with that change !? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147487482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 17:31:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 16:31:02 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Hi, Why use a compatibility layer for a header for a header which is not required? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147489981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 17:33:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 16:33:31 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: To avoid the #ifdef in the library code, if possible. Or in general: avoid OS-specific code where possible (should be handled by gnulib). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147490851 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 17:46:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 16:46:46 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: gnulib makes extensive use of `#include_next`, which makes compilation using MSVC quite harder. In this case I must say I like the small `#ifdef` much more -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147494820 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 18:28:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 17:28:08 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use encryption and integrity checks cause errors when used by GnuTLS (#722) References: Message-ID: New Issue was created. Issue 722: https://gitlab.com/gnutls/gnutls/issues/722 Author: Hubert Kario Assignee: ## Description of problem: Files that don't encrypt the key or certificate, and that don't include MAC (HMAC) in the PKCS#12 files cause errors to be emitted by `certtool` ## Version of gnutls used: gnutls-3.6.5-1.el8.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: always * download https://github.com/redhat-qe-security/keyfile-corpus * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/ecdsa(P-256,sha256),cert(none),key(none).p12' --password ''` ## Actual results: ``` BAG #0 Elements: 1 Type: Certificate Friendly name: localhost Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D -----BEGIN CERTIFICATE----- MIIBbjCCARWgAwIBAgIJAI/IbTxv+I9jMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM CWxvY2FsaG9zdDAeFw0xNzAzMTcxODEyMDFaFw0xNzA0MTYxODEyMDFaMBQxEjAQ BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCMknyAq nA+3aK3ZOZniUoMdXw2FS32ntx/z5lyNHR/uDccJWqf+pvRrh3KIJ/rBH1senRgZ rxBFNLiSy4jFl6GjUDBOMB0GA1UdDgQWBBRA0Rev/Y1Sim7zT+43/pscgrYNmDAf BgNVHSMEGDAWgBRA0Rev/Y1Sim7zT+43/pscgrYNmDAMBgNVHRMEBTADAQH/MAoG CCqGSM49BAMCA0cAMEQCIHjCu1sp0hot0cJYRfl3/PrFY5cmvIacmhaNydbCCDIE AiBa+Og0kq9JmSQzGgeTmzCOdU/PTSNZ9d8KWE70AgDu1A== -----END CERTIFICATE----- BAG #1 Elements: 1 Type: PKCS #8 Key Friendly name: localhost Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQRBA0do9FYtTDVeJ +jra/OoPyOwUMxm4AfTWUyI/BrKhRANCAAQjJJ8gKpwPt2it2TmZ4lKDHV8NhUt9 p7cf8+ZcjR0f7g3HCVqn/qb0a4dyiCf6wR9bHp0YGa8QRTS4ksuIxZeh -----END PRIVATE KEY----- verify_mac: ASN1 parser: Element was not found. There were errors parsing the structure ``` ## Expected results: no errors printed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 18:35:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 17:35:51 +0000 Subject: [gnutls-devel] GnuTLS | PBKDF2 doesn't work with all SHA-2 hashes or MD5 (#723) References: Message-ID: New Issue was created. Issue 723: https://gitlab.com/gnutls/gnutls/issues/723 Author: Hubert Kario Assignee: ## Description of problem: in PKCS#12 files, PBES2 with PBKDF2 with hmacWithSHA512, hmacWithSHA384, hmacWithSHA224 or hmacWithMD5 PRF does not work ## Version of gnutls used: gnutls-3.6.5-1.el8.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: * download https://github.com/redhat-qe-security/keyfile-corpus * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/rsa(2048,sha256),cert&key(PBES2(PBKDF2(salt(64),iter(1000000),keyLen(default),prf(hmacWithSHA512)),aes-256-cbc(IV(16)))),mac(sha512,salt(64),iter(1000000)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'` * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/rsa(2048,sha256),cert&key(PBES2(PBKDF2(salt(8),iter(2048),keyLen(default),prf(hmacWithMD5)),aes-128-cbc(IV(16)))),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'` * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/rsa(2048,sha256),cert&key(PBES2(PBKDF2(salt(8),iter(2048),keyLen(default),prf(hmacWithSHA224)),aes-128-cbc(IV(16)))),mac(sha1,salt(8),iter(2048)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'` * etc. ## Actual results: ``` bag_decrypt: The hash algorithm is unknown. There were errors parsing the structure MAC info: MAC: SHA1 (1.3.14.3.2.26) Salt: a9e4a4ff82fcc30b Salt size: 8 Iteration count: 2048 BAG #0 Type: Encrypted Cipher: AES-128-CBC Schema: PBES2-AES128-CBC (2.16.840.1.101.3.4.1.2) Salt: 38cc590051f7c4e4 Salt size: 8 Iteration count: 2048 Decrypting... BAG #1 Elements: 1 Type: PKCS #8 Encrypted key PKCS #8 information: Cipher: AES-128-CBC Schema: PBES2-AES128-CBC (2.16.840.1.101.3.4.1.2) Salt: 5369a4e334531320 Salt size: 8 Iteration count: 2048 Friendly name: localhost Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0 -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIU2mk4zRTEyACAggA MAwGCCqGSIb3DQIIBQAwHQYJYIZIAWUDBAECBBAgdxbvUGAApqxH2FVPOldABIIE 0JJ4SXh8mxEk0MA+zVhfW9y2PXyL3vm2/3SI7U0hc9d3OCZtgFu3al1CN9PbfqZ9 DcG0ddTY3WY8wpNlWErPeYlRuNVFCpK++pWCrFjZAftRVaJlQQS0okf+idmfSv8E 5fSo8RoyXzPOmzgh0YUpaYT0iSE1YeJ0LTIjk1ZYeNoZbQFMUgoQZgRE04i9pCBX UdlXlGjJeGSykNEcRFFBpr6yA+kkWJecjQeGbk8dnUO9nyN10UzJ0Ly7v9pR7Eaq jJTk3dqusCn4ViPWxmj3fY+/+GEhe9+sVgxVhtBanb0NAXc3HQ8Dcz2vyPLI1rfJ wTxDyGLD/6sVQAZYhYh5BVOaWCIRUOPkxtXfH990+1pTN90ySvVxMuIypJvvPULW Ik+w94xOiYMSuxe1DFQjRRBxOjVXZLGHmgzUREevti81g80FCOnKO0Nivg/WcLKq 2AhOQv3TvnTfu3WbFF7Ddyp56IXynUaxhyqxGstMZ/0+PL0To1zfPnWY88BJn0co TPRIiuFC8Ggt7IirrXm8MvuShvEeh9V1X0UOhOXZEZTFu+xlLNaaT6LcIJ0xuRtn R90sSqra4hzyG0HlqjA/fqmO2wExDZGyou3ghpGczx7VEFlLxDUPTsANC63Z+EIs WeVrXfpYt1J+5WzNSYCAopLKisCaamKVO9n0SO0Bm9nBglRvNmXi9OBtBE5ZX0/J VYF3QzgiU0rItUqszVM5Rzkdc1pdc1zCs/G+W+F0G3OmfhsHE9RLS31g9YzAEFSW nMMVsFQ1GpyIV2ajl4wiP7+KJ4eniX1xJ7mM9toMY6ZUmmY6Qopg2TueWxXB3hm6 6eETjutu5pCnZIJ49CH111OgGS5jMt17Lv8fAWHpHOwHUOMX/csTOir9GXfTo0HV PA2dLDwK+f8Vl+BsgBiKqRlgMYYOiZPM7Op3JJS9gTgf4T1dQiy5j4Uq0PWvAfof A10hK/Y6ESJvHojrDrN/c5dKfT+qrAlQJR1T8jCanGWxf4DLcbM68pdiJM89WSBb Xa+zJdnYXZdt3XkoxGwjfsvJfd51ho2A0E6E4wIrLo1/w32Vnhza/Kb2icN/pMTA kIaU81XTXwPjvI70yqlHM6Qakam1mXvjVXS923XPOMa/0mlX/L7uh6zlm3AYwXJa cFoxAkrWea0baa6nnT77rEJUwm3yYfTLAop8zdnjr2TJyspptA1dcqBSDsFRZWCU hU1hSMk71dUSuBtwNevwF9hRY4DT3CTfG8cDADA7At3Z4UcbXH61d4M4seyqew52 1OulIa0sQGlDJKt2h2rglwpwMHkZszSA5Yu4iG20HODXZVPe6qApTUWd4YXIj1xy uLRVF/jubWOXfXI11r1UACEQnfZvqNL7Y3+EP41dOO5yu8IIBAtM+ESg69MqfDQc mA+4Tr3C7H8bw66cyek8+zq0uXQPBxFv2c4CUkxmzSPmtkwhjnlxAo7GeBcN+Dk0 ic8MiCFTr/WFCsI3taVcRdkOPDlEhGMvoSPDGkx4hlMMXWrBIF2SwqMBi9k3wl5y nl5hxmCd8WnSTsWHdx5T6Ki+iblYUIus7x475mrzTdfZwoGX3+yacjCsgUwxjAvO OnEMJN1p36UGzgEk7cZ/rKPqFGcxvTt+IBrrtFH8Kdiz -----END ENCRYPTED PRIVATE KEY----- ``` ## Expected results: files can be processed just like other PKCS#12 files in the set -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/723 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 18:40:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 17:40:20 +0000 Subject: [gnutls-devel] GnuTLS | scrypt in PKCS#12 files is unsupported (#724) References: Message-ID: New Issue was created. Issue 724: https://gitlab.com/gnutls/gnutls/issues/724 Author: Hubert Kario Assignee: ## Description of problem: PKCS#12 files that use scrypt for key derivation are unsupported by gnutls ## Version of gnutls used: gnutls-3.6.5-1.el8.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: * Download https://github.com/redhat-qe-security/keyfile-corpus * run `certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/rsa(2048,sha256),cert&key(PBES2(scrypt(salt(64),N(16384),r(8),p(1)),aes-256-cbc(IV(16)))),mac(sha512,salt(64),iter(1000000)),pass(ascii).p12' --password 'Red Hat Enterprise Linux 7.4'` ## Actual results: ``` PKCS #12 bag read error: ASN1 parser: Generic parsing error. bag_decrypt: ASN1 parser: Generic parsing error. There were errors parsing the structure BAG #0 Type: Encrypted Decrypting... BAG #1 Elements: 1 Type: PKCS #8 Encrypted key Friendly name: localhost Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0 -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFXjCBhwYJKoZIhvcNAQUNMHowWQYJKwYBBAHaRwQLMEwEQOhfHV2LdjihKQzO 193FE8QEj759vzsKsDnsngu4Mz/MI62z7tuv30Jy0nVKdl8TlvO4P4uCrELXML/n e8FvNXkCAkAAAgEIAgEBMB0GCWCGSAFlAwQBKgQQLsNG7LknUfa3lwM3TUWD1gSC BNCbgVmMFOLFbofIE0HY52yIQ0TpVMp3RTl8kGW3qzlkphN3pnLqqhGfcgy3pCjd XY0CR21/fRlsNDxSteSpUCrKzrgpTfzBUDtbgAh+9QcPKTU/RpJIueHOAnoZ6mrs aJ++IOS2l3zKRe8EWYymSWaCvIyu/XVNwAMkhWevm1XY04lP+IGvbJqxGaa3biFB WRqGC29/ds1lQHXsDuLePGjlxVic09nasNIR5t1LBVN20iajBNkh6zGjUN9SExud 8lqyaa66qU8gZ+Md3zay6KSRmXjz+GFjMtJts1bLnnmFmi0eNoIufptRk7ZL4MxP ffPoK0xqC9nsAuFejB8LZSpqlLr2NQwoouVBdzP63xBgVkypJvKVtdxyWVes13aL nj6LjqkQvAosvAst1BGJauyPXJsLHlMM90WxIu1Gggohot6KgJ3Gl355zptyjF0j H2bznCyr+74hjqZO+HKT/IhQTfi/I1s327qwKkSXuekjP+NIdhvY4aWAkcYJ/dLV COiBINua0HqCZHJk9qWeFjBQOnKy3BM6HoT2iNV6VhBsCXFjwuKI7BM/SIhB7vBY lhSUZP2Ck7GBiQvwFI903YptNrOd88bETbNVAXgU6oPj2vWwqn/jf8pLdVF/0T9X h72ILxNkfgRKAQ3rPq2o/sPKCswnznGeGZY4DYOGgGQy8jDwKmlrUcZiqVGyRv6/ 7y/vt5LnpHcaUxy8LKYowzb2DpDB/2PvUdELYv9SPGOfjZ8uF4naQIO4geBC3DWr rmrNcuKvynU950ZbjtMQoxw1mlCX9K+YN9jz3a9Ix66wsJcVJbG7qFsOrfqHbx89 6YdXPjFbbfIOX1/oDR/4AWoLy90q362kh0t7Gdo4/UxBl6k1i6GxDO7uRvYfioMy UB9GZ62OgeQCZENJmIPKVVR1Oj1bbtDn+y3gp9DDZBCFSeDygBYR0BwyLcp56Di+ /9i4rvHr2kB9LIsM/rXUZVkPWWwt2k3BZfawYlbtniqqMWRc1O6rFg6eAF6PBa5S CCToYrcw0ThDA39ITqVkAnW7YV4ymjiLOjUPVm0I2vnYmgkg2RiD1TzPSpDefEtB 9wDOflT3ajb9gbyDe1uDQiD7Gjjljn2Gh4733eF50o9TE8O3usbBpoY8r/fuJOLm M4Fv7KX4VGj/T8J2ww/9h4FcCrTzoFYZvPDjqwIOsdE9zPCuD5LP7LlnXCXNNYue 8kwLlQ1OGaAAC87k4pWPX0vpJ8bTD9UshKnkTU/LAM7rg51axzw1tp/CGry18HX6 mERjuv2Nz69iKziX2My6VBnYKLbgqFnwQY17dkqOLlTRJEffAexibSgfebyyFrnZ 0IacOgTIu0JQRqC/0YOrATf5W7rerc2nHoD0nVIfflP/ade0vOLkr+QtaY3DQoMs 6+BnAOWEMFqxgI4yV9dOFqZLjAJeEaAOCiDMG92UBYhYeJSCVS1xagcKN8Hjk0/K KPT3deFiTGLgFsjbBFkphEuD5S8GR03wr856dB/uE1g7jUwVinYJ3frllP+1Dos8 1SKf05atGwKC5QbMpkqYVapKfE45TtNMsfVD0JGewRkDePY+Jbiydc3IF6kUgfNv RR0jU7haDKCSU1CGVWBiuA5x04RO++VMOGYKNLlJ1nVx3w== -----END ENCRYPTED PRIVATE KEY----- ``` ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 18:47:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 17:47:41 +0000 Subject: [gnutls-devel] GnuTLS | Legacy algorithms are not supported for PKCS#12 files (#725) References: Message-ID: New Issue was created. Issue 725: https://gitlab.com/gnutls/gnutls/issues/725 Author: Hubert Kario Assignee: ## Description of the feature: PKCS#12 files that use one of the below-listed PBES1 algorithms cannot be used by gnutls: * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndRC2-CBC * pbeWithSHAAnd128BitRC2-CBC * pbeWithMD5AndDES-CBC * pbeWithSHA1AndDES-CBC * pbeWithSHAAnd2-KeyTripleDES-CBC * pbeWithSHAAnd40BitRC4 also PBES2 with rc2-cbc does not work ## Applications that this feature may be relevant to: `certutil` ## Is this feature implemented in other libraries (and which) OpenSSL implements all of them, NSS does implement some. See https://github.com/redhat-qe-security/keyfile-corpus for example test files -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 18:55:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 17:55:34 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: I understand, but... a) we already make much use of gnulib so that `#include_next` is not a convincing argument here and b) MSVC is not a target compiler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147512975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 19:10:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 18:10:10 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: And c) there might be other environments without proper arpa/inet.h. So we need it anyways. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147515888 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 19:26:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 18:26:10 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Reassigned Merge Request 910 https://gitlab.com/gnutls/gnutls/merge_requests/910 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 19:35:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 18:35:31 +0000 Subject: [gnutls-devel] GnuTLS | TLS 1.3: utilize "certificate_required" alert (!946) In-Reply-To: References: Message-ID: Merge Request !946 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/946 Branches: tmp-cert-req to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 19:35:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 18:35:52 +0000 Subject: [gnutls-devel] GnuTLS | TLS 1.3: utilize "certificate_required" alert (!946) In-Reply-To: References: Message-ID: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/946#note_147523639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 19:37:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 18:37:23 +0000 Subject: [gnutls-devel] GnuTLS | cleanup: _gnutls_recv_handshake: added explicit sanity checks (!937) In-Reply-To: References: Message-ID: Merge Request !937 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/937 Branches: tmp-explicit-sanity-checks to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/937 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 19:39:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 18:39:45 +0000 Subject: [gnutls-devel] GnuTLS | Use ChangeLog date instead of build date (!928) In-Reply-To: References: Message-ID: @bmwiedemann Would you like to give it a try ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/928#note_147524228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 5 22:49:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 05 Mar 2019 21:49:23 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for libidn2 2.1.1a for gnutls 3.5.x (!948) References: Message-ID: New Merge Request !948 https://gitlab.com/gnutls/gnutls/merge_requests/948 Project:Branches: dakotarwilliams/gnutls:libidn2-symbol-fix-el6 to gnutls/gnutls:gnutls_3_5_x Author: Dakota Williams Assignee: libidn2 >=2.1.0 removed `_idn2_punycode_[en|de]code` symbols from its library. The preprocessor check in `str-idna.c` only checks for the existence of libidn2, not the version. Therefore the symbol is declared, but missing a definition. This showed up after linking to GnuTLS on EL6, which recently updated their distributed version of libidn2 to 2.1.1a. A simplified version of this patch has already been accepted into the [EL6 package](https://src.fedoraproject.org/rpms/gnutls30/pull-request/1). Also as part of this merge request, I cherry-picked the copyright update so that the static-analysis test would pass. The Debian test seems to be failing due to OpenSSL being upgraded to 1.1.1a and exhibits the same behavior as https://gitlab.com/gnutls/gnutls/issues/572. I could use some guidance on how it was fixed for 3.6 so that it could be brought in here. I tried an approach of picking a few relevant-looking commits (c5a251d31cd987edd02cce142dac9665f5034d3b, d4202bc951de81ea4799ff74b37527f3f6ac1249, and b9709cac12a0f98442042d20c02a5d1e3c8efe5a) and resolving conflicts, which helped a bit, but found it more difficult when things went wrong afterwards. Any ideas would be appreciated. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/948 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 04:35:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 03:35:11 +0000 Subject: [gnutls-devel] GnuTLS | "certificate_required" alert is unknown (#715) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #715: https://gitlab.com/gnutls/gnutls/issues/715 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 04:35:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 03:35:11 +0000 Subject: [gnutls-devel] GnuTLS | TLS 1.3: utilize "certificate_required" alert (!946) In-Reply-To: References: Message-ID: Merge Request !946 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/946 Branches: tmp-cert-req to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 04:35:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 03:35:21 +0000 Subject: [gnutls-devel] GnuTLS | TLS 1.3: utilize "certificate_required" alert (!946) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/946#note_147623589 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 08:24:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 07:24:35 +0000 Subject: [gnutls-devel] GnuTLS | cleanup: _gnutls_recv_handshake: added explicit sanity checks (!937) In-Reply-To: References: Message-ID: Merge Request !937 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/937 Branches: tmp-explicit-sanity-checks to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/937 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 08:32:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 07:32:51 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Previously we didn't use gnulib for `inet_ntop` so we may want to treat that as a regression in an exceptional way. What if this header is moved in `gnutls_int.h`? We already have system-dependent code there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147668201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 08:34:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 07:34:48 +0000 Subject: [gnutls-devel] GnuTLS | Legacy algorithms are not supported for PKCS#12 files (#725) In-Reply-To: References: Message-ID: `certutil` is not an application using gnutls, and I doubt it will ever be. Are there any applications relevant to gnutls which could benefit from using these ciphers, or this is about documenting the algorithms which are not implemented? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/725#note_147668678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 09:32:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 08:32:59 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: We can do that, but first let's fix and test the regression - namely we forgot to add the `arpa_inet` gnulib module that guarantees `#include ` to succeed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_147684921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 15:34:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 14:34:41 +0000 Subject: [gnutls-devel] GnuTLS | scrypt in PKCS#12 files is unsupported (#724) In-Reply-To: References: Message-ID: Which applications produce or use these files? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/724#note_147826393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 15:37:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 14:37:20 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12 files that do not use integrity checks cause errors when used by GnuTLS (#722) In-Reply-To: References: Message-ID: Are these files generated by any applications that we should be compatible with? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/722#note_147827482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 15:55:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 14:55:06 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: Merge Request !940 was closed by Ke Zhao Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/940 Project:Branches: DK_DARKmatter/gnutls:master to gnutls/gnutls:master Author: Ke Zhao Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 6 17:11:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 06 Mar 2019 16:11:25 +0000 Subject: [gnutls-devel] GnuTLS | scrypt in PKCS#12 files is unsupported (#724) In-Reply-To: References: Message-ID: See https://github.com/redhat-qe-security/keyfile-corpus/issues/6#issuecomment-470163759 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/724#note_147872240 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 09:40:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 08:40:53 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: I am ok with the change, however I still do not think we can modify a license. The FSF licenses do explicitly require no changes. If FSF has updated licenses with https, we should copy otherwise, let's leave it as is. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910#note_148137476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 09:42:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 08:42:30 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/algorithms/ciphersuites.c: > * Lesser General Public License for more details. > * > * You should have received a copy of the GNU Lesser General Public License > - * along with this program. If not, see > + * along with this program. If not, see This is not the license itself so it is ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910#note_148138046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 09:47:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 08:47:30 +0000 Subject: [gnutls-devel] GnuTLS | scrypt in PKCS#12 files is unsupported (#724) In-Reply-To: References: Message-ID: Ok. To summarize, the main argument is that these can be generated by openssl. I do not see that as a sufficient reason to add scrypt. If it is widely used or provides real benefits to use it by default in applications it may make more sense. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/724#note_148139831 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 09:59:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 08:59:20 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--file-log" to redirect some information to a temporary file (!940) In-Reply-To: References: Message-ID: Note that you don't need to close the pull request. You can simply force push on the branch you are working on. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/940#note_148143993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 10:12:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 09:12:56 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Sorry, just realized what you mean (`fdl.texi`). I'll update it from upstream - they fixed the URL to https:// and made some minor bug fixes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910#note_148154539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 10:18:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 09:18:39 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: All discussions on Merge Request !910 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/910 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 10:18:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 09:18:39 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on doc/fdl-1.3.texi: > of the GNU Free Documentation License from time to time. Such new > versions will be similar in spirit to the present version, but may > differ in detail to address new problems or concerns. See > - at uref{http://www.gnu.org/copyleft/}. > + at uref{https://www.gnu.org/copyleft/}. Updated FDL from Upstream -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910#note_148156669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 13:43:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 12:43:52 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Merge Request !910 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/910 Project:Branches: rockdaboot/gnutls:tmp-use-https to gnutls/gnutls:master Author: Tim R?hsen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 13:44:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 12:44:00 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Reassigned Merge Request 910 https://gitlab.com/gnutls/gnutls/merge_requests/910 Assignee changed from Nikos Mavrogiannopoulos to Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 13:44:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 12:44:11 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910#note_148243692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 13:47:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 12:47:28 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: `arpa_inet` depends on `sys_socket` and that in turn to other modules which we don't use. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_148244846 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 15:07:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 14:07:46 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: `sys_socket` is explicitly included in `bootstrap.conf`. It provides `sys/socket.h` which is used as ``` #if HAVE_SYS_SOCKET_H # include #elif HAVE_WS2TCPIP_H # include #endif ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_148297923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 19:13:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 18:13:09 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: ok then -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_148394898 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 19:32:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 18:32:21 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for libidn2 2.1.1a for gnutls 3.5.x (!948) In-Reply-To: References: Message-ID: Hi, The patch makes sense to me, but gnutls 3.5.x is no longer an active branch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/948#note_148399128 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 19:42:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 18:42:38 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): configure: error: Guile 2.2 required, but 2.0.14 found (#726) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 19:44:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 18:44:13 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): configure: error: Guile 2.2 required, but 2.0.14 found (#726) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #726: https://gitlab.com/gnutls/gnutls/issues/726 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 19:44:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 18:44:13 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): configure: error: Guile 2.2 required, but 2.0.14 found (#726) In-Reply-To: References: Message-ID: Thank you for this report. This is addressed by !898 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/726#note_148401625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 20:20:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 19:20:19 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for libidn2 2.1.1a for gnutls 3.5.x (!948) In-Reply-To: References: Message-ID: Oh ok, I'll close this. Thanks for letting me know. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/948#note_148409175 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 20:20:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 19:20:19 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add support for libidn2 2.1.1a for gnutls 3.5.x (!948) In-Reply-To: References: Message-ID: Merge Request !948 was closed by Dakota Williams Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/948 Project:Branches: dakotarwilliams/gnutls:libidn2-symbol-fix-el6 to gnutls/gnutls:gnutls_3_5_x Author: Dakota Williams Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/948 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 22:52:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 21:52:31 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) References: Message-ID: New Merge Request !949 https://gitlab.com/gnutls/gnutls/merge_requests/949 Project:Branches: DK_DARKmatter/gnutls:logfileoption to gnutls/gnutls:master Author: Ke Zhao Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 7 22:54:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 07 Mar 2019 21:54:18 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @nmav Hi Nikos, sorry for the disturbing. This time I made some changes based on your comments. Is there anything that need me to imrpove? Thanks for your patience. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_148439745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 8 15:33:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 08 Mar 2019 14:33:46 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: Thanks for this fix. I think there's [yet another] Autoconf bug in play here. With the patch applied I encounter the following when attempting to build a discardable GnuTLS for testing. It is being installed into `/var/tmp` and the directory is deleted once testing completes. The directory includes all of the GnuTLS dependencies. ``` configure: checking for guile 2.2 configure: found guile 2.2 checking for guile-2.2... no checking for guile2.2... no checking for guile-2... no checking for guile2... /bin/guile2 configure: error: found development files for Guile 2.2, but /bin/guile2 has effective version 2.0 ``` And: ``` $ ls /var/tmp/lib64/*guile* /var/tmp/lib64/libguile-2.2.a /var/tmp/lib64/libguile-2.2.so.1 /var/tmp/lib64/libguile-2.2.la /var/tmp/lib64/libguile-2.2.so.1.3.1 /var/tmp/lib64/libguile-2.2.so /var/tmp/lib64/libguile-2.2.so.1.3.1-gdb.scm /var/tmp/lib64/guile: 2.2 $ /var/tmp/bin/guile --version guile (GNU Guile) 2.2.4 Copyright (C) 2018 Free Software Foundation, Inc. ``` Finally: ``` $ cat /var/tmp/lib64/pkgconfig/guile-2.2.pc prefix=/var/tmp exec_prefix=/var/tmp bindir=/var/tmp/bin libdir=/var/tmp/lib64 includedir=/var/tmp/include datarootdir=/var/tmp/share datadir=/var/tmp/share pkgdatadir=/var/tmp/share/guile pkgincludedir=/var/tmp/include/guile sitedir=/var/tmp/share/guile/site/2.2 extensiondir=/var/tmp/lib64/guile/2.2/extensions siteccachedir=/var/tmp/lib64/guile/2.2/site-ccache libguileinterface=4:1:3 # Actual name of the 'guile' and 'guild' programs. This is # particularly useful when '--program-transform-name' or similar has # been used. guild=${bindir}/guild guile=${bindir}/guile Name: GNU Guile Description: GNU's Ubiquitous Intelligent Language for Extension Version: 2.2.4 Libs: -L${libdir} -lguile-2.2 -lgc Libs.private: /var/tmp/lib64/libgmp.so -ldl -lpthread -Wl,-rpath -Wl,/var/tmp/lib64 -lltdl -L/var/tmp/lib64/../lib64 -lffi \ /var/tmp/lib64/libunistring.so /var/tmp/lib64/libiconv.so -ldl -lpthread -Wl,-rpath -Wl,/var/tmp/lib64 -L/var/tmp/lib64 -Wl,-R,/var/tmp/lib64 -Wl,--enable-new-dtags -lcrypt -ldl -lpthread -lm /var/tmp/lib64/libiconv.so -Wl,-rpath -Wl,/var/tmp/lib64 \ \ Cflags: -I${pkgincludedir}/2.2 -I/var/tmp/include ``` There's no reason for Autoconf to get confused. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148650532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 8 15:49:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 08 Mar 2019 14:49:29 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: Did you check if pkg-config really finds the .pc file ? E.g. with ``` $ pkg-config --print-provides guile-2.2 ``` If not, pkg-config should tell you what to do. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148656097 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 8 16:15:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 08 Mar 2019 15:15:55 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: The result looks like: ``` $ PKG_CONFIG_PATH=/var/tmp/lib64/pkgconfig pkg-config --print-provides guile-2.2 guile-2.2 = 2.2.4 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148664606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 11:49:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 10:49:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) References: Message-ID: New Issue was created. Issue 727: https://gitlab.com/gnutls/gnutls/issues/727 Author: Andreas Metzler Assignee: Looking at doc/cyclo/cyclo-gnutls.html we find ```html Cyclomatic Complexity report for GnuTLS 3.1.5 ...

Report generated at: Sun Dec 16 12:43:56 CET 2012

``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 15:50:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 14:50:25 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Thanks for that, it seems it has been forgotten. I have a small patch to modernize it, but the question is whether it is useful at all. No-one has missed it since 2012. Maybe in a different form (e.g, CI) it would make more sense [patch.txt](/uploads/71b5e51389e9e77af1c9cbc412c28910/patch.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727#note_148862962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 15:58:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 14:58:45 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos wrote > No-one has missed it since 2012. Maybe in a different form (e.g, CI) it would make more sense I agree. > patch.txt ```diff -$(PMCCABE) +pmccabe ``` The `$(PMCCABE)` actually would work - ./configure sets it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727#note_148863606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 20:58:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 19:58:39 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: @rockdaboot is there a badge we can add to the main site based on that? I see that lgtm.com has badges, but it is not clear to me where the integration has been. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_148888023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:00:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:00:02 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Is that it https://lgtm.com/projects/g/gnutls/gnutls/ci/ ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_148888102 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:12:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:12:48 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Thanks, however I think it makes sense removing that directory completely. We can auto-generate it in the gnutls/coverage repo and link it from the wiki or so. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727#note_148888697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:16:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:16:48 +0000 Subject: [gnutls-devel] GnuTLS | doc: removed cyclo subdir (!950) References: Message-ID: New Merge Request !950 https://gitlab.com/gnutls/gnutls/merge_requests/950 Branches: tmp-remove-doc-cyclo to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This directory had a makefile which was intended to calculate the cyclomatic complexity, however that was not functional, and not related with gnutls' documentation. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/950 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:25:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:25:27 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Right, the Javascript badge is not relevant, but he number of Alerts and C++ Language Grade are. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_148889414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:27:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:27:23 +0000 Subject: [gnutls-devel] coverage | generate cyclomatic complexity html output (!3) References: Message-ID: New Merge Request !3 https://gitlab.com/gnutls/coverage/merge_requests/3 Branches: tmp-update to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/coverage/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:27:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:27:39 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Reassigned Issue 727 https://gitlab.com/gnutls/gnutls/issues/727 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:28:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:28:55 +0000 Subject: [gnutls-devel] GnuTLS | doc: removed cyclo subdir (!950) In-Reply-To: References: Message-ID: An attempt to move that generation at: https://gitlab.com/gnutls/coverage/merge_requests/3 Not sure where we can link it, but one option is the wiki: https://gitlab.com/gnutls/gnutls/wikis/home -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/950#note_148889639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:33:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:33:08 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 21:55:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 20:55:45 +0000 Subject: [gnutls-devel] GnuTLS | SECURITY.md: updated to reflect the current practice (!951) References: Message-ID: New Merge Request !951 https://gitlab.com/gnutls/gnutls/merge_requests/951 Branches: tmp-security-update to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi and GnuTLS devel mailing list This change updates the SECURITY guidelines to reflect the current practice (no special security releases), and thus refer directly to the upcoming or following release. Furthermore, it removes any mention of absolute time, as the release cadence is already fixed to bi-monthly. ## Reviewer's checklist: * [ ] It makes sense -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/951 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 9 22:10:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 09 Mar 2019 21:10:21 +0000 Subject: [gnutls-devel] coverage | generate cyclomatic complexity html output (!3) In-Reply-To: References: Message-ID: Merge Request !3 was merged Merge Request url: https://gitlab.com/gnutls/coverage/merge_requests/3 Branches: tmp-update to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/coverage/merge_requests/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 07:07:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 06:07:23 +0000 Subject: [gnutls-devel] GnuTLS | Create .lgtm.yml for LGTM.com C/C++ analysis (!945) In-Reply-To: References: Message-ID: Cool, thanks, I've added them both. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/945#note_148913909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 11:00:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 10:00:26 +0000 Subject: [gnutls-devel] GnuTLS | doc: removed cyclo subdir (!950) In-Reply-To: References: Message-ID: Merge Request !950 was approved by Andreas Metzler Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/950 Branches: tmp-remove-doc-cyclo to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/950 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 12:14:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 11:14:14 +0000 Subject: [gnutls-devel] GnuTLS | doc: removed cyclo subdir (!950) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/950 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 12:14:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 11:14:16 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #727: https://gitlab.com/gnutls/gnutls/issues/727 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 12:14:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 11:14:16 +0000 Subject: [gnutls-devel] GnuTLS | doc: removed cyclo subdir (!950) In-Reply-To: References: Message-ID: Merge Request !950 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/950 Branches: tmp-remove-doc-cyclo to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/950 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 12:14:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 11:14:16 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.6.6 doc/cyclo/cyclo-gnutls.html seems to be outdated (#727) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #727: https://gitlab.com/gnutls/gnutls/issues/727 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 12:18:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 11:18:57 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: So @robUx4 would you like to modify this patch to add arpa_inet in gnulib_modules of bootstrap.conf? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_148932510 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 13:33:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 12:33:35 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Could you add your signoff-by line in the two commits you've added? The CI fails due to that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_148941607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 13:35:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 12:35:59 +0000 Subject: [gnutls-devel] GnuTLS | Valid CA certificate rejected by GnuTLS (#693) In-Reply-To: References: Message-ID: @taviso should we close this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/693#note_148941769 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 13:38:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 12:38:38 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from maxhrt33@aim.com): Trust list bug? (#666) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 13:40:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 12:40:57 +0000 Subject: [gnutls-devel] GnuTLS | tests/rng-op-key extrmely slow on the MinGW runners (#669) In-Reply-To: References: Message-ID: Last win32 builds are 30 and 28 minutes: https://gitlab.com/gnutls/gnutls/-/jobs/174790020 https://gitlab.com/gnutls/gnutls/-/jobs/174790019 should we close this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/669#note_148942209 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 13:41:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 12:41:02 +0000 Subject: [gnutls-devel] GnuTLS | tests/rng-op-key extrmely slow on the MinGW runners (#669) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 14:01:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 13:01:13 +0000 Subject: [gnutls-devel] GnuTLS | tests: verify that 'certtool -i --outder' does not output text (!952) References: Message-ID: New Merge Request !952 https://gitlab.com/gnutls/gnutls/merge_requests/952 Branches: tmp-test-certtool to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list A common regression in the past, was certtool outputting text while writing raw DER data. Ensure that the certificate-info option does not regress. ## Checklist * [x] Test suite updated with negative tests ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/952 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 14:02:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 13:02:53 +0000 Subject: [gnutls-devel] GnuTLS | Verify that certtool --outder does not output textual data (#627) In-Reply-To: References: Message-ID: Reassigned Issue 627 https://gitlab.com/gnutls/gnutls/issues/627 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 14:09:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 13:09:52 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: I'm pretty sure the problem is `GUILE_PKG` assumes `${prefix}/lib`. It does not handle `${libdir}` properly when `libdir=${prefix}/lib64` like on Red Hat and Fedora. Ubuntu is OK because Ubuntu uses `libdir=${prefix}/lib` (unless multilib is being built, in which case it should fail too). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148944832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 16:10:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 15:10:32 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: This worked for me on Fedora and Ubuntu. It followed the [Autoconf](https://www.gnu.org/software/guile/manual/html_node/Autoconf-Macros.html) manual. ``` --- configure.ac +++ configure.ac @@ -859,8 +859,7 @@ AC_PATH_PROG([GUILD], [guild]) AC_SUBST([GUILD]) - GUILE_PROGS - GUILE_FLAGS + PKG_CHECK_MODULES([GUILE], [guile-2.2]) save_CFLAGS="$CFLAGS" save_LIBS="$LIBS" ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148957920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 16:15:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 15:15:47 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: > This worked for me on Fedora and Ubuntu. It followed the Autoconf > > manual. > > --- configure.ac+++ configure.ac@@ -859,8 +859,7 @@ AC_PATH_PROG([GUILD], [guild]) AC_SUBST([GUILD]) - GUILE_PROGS- GUILE_FLAGS+ PKG_CHECK_MODULES([GUILE], [guile-2.2]) > > This bypass all the guile m4 detection logic, probably not what upstream intended. For the record, at gentoo we do not have issue with previous (older m4 macros) after the fix and with current (newer m4 macros). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148958347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 17:14:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 16:14:30 +0000 Subject: [gnutls-devel] GnuTLS | Valid CA certificate rejected by GnuTLS (#693) In-Reply-To: References: Message-ID: Sure, thanks for investigating. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/693#note_148963223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 17:14:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 16:14:30 +0000 Subject: [gnutls-devel] GnuTLS | Valid CA certificate rejected by GnuTLS (#693) In-Reply-To: References: Message-ID: Issue was closed by Tavis Ormandy Issue #693: https://gitlab.com/gnutls/gnutls/issues/693 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 17:18:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 16:18:08 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: @alonbl, I was looking through `configure` options again and I see there is a `--with-guile-site-dir`. Should I be using something like: ``` PKG_CONFIG_PATH="..." GUILE_DIR=$(pkg-config --variable=sitedir guile) configure ... --with-guile-site-dir=${GUILE_DIR} ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148963461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 17:24:17 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 16:24:17 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: hmmm... maybe we need to call BUILD_SITE_DIR[1] instead/inaddition of GUILE_PKG and GUILE_PROGS as both are dependency of it and is discovering the site directory automatically. [1] http://git.savannah.gnu.org/cgit/guile.git/tree/meta/guile.m4#n157 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_148963981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 20:44:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 19:44:55 +0000 Subject: [gnutls-devel] GnuTLS | tests/rng-op-key extrmely slow on the MinGW runners (#669) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #669: https://gitlab.com/gnutls/gnutls/issues/669 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 10 20:44:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 10 Mar 2019 19:44:55 +0000 Subject: [gnutls-devel] GnuTLS | tests/rng-op-key extrmely slow on the MinGW runners (#669) In-Reply-To: References: Message-ID: I agree, looks good now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/669#note_148979907 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 11 09:40:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 11 Mar 2019 08:40:50 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: I updated the pull request with the change (and reverted the previous one). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_149100966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 11 10:06:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 11 Mar 2019 09:06:35 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Please also use the checklist; we don't necessarily need negative testing here, but at least a functionality test is necessary to test that option. You can base it on `gnutls-cli-save-data.sh`, and some ideas on what it should check: - whether the expected information is stored in the specified logfile and not printed in stdout - whether the same information is printed on stdout if the logfile option is not given -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_149110361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 11 10:10:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 11 Mar 2019 09:10:27 +0000 Subject: [gnutls-devel] GnuTLS | tests: verify that 'certtool -i --outder' does not output text (!952) In-Reply-To: References: Message-ID: Merge Request !952 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/952 Branches: tmp-test-certtool to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/952 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 11 10:10:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 11 Mar 2019 09:10:35 +0000 Subject: [gnutls-devel] GnuTLS | tests: verify that 'certtool -i --outder' does not output text (!952) In-Reply-To: References: Message-ID: Merge Request !952 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/952 Branches: tmp-test-certtool to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/952 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 11 10:10:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 11 Mar 2019 09:10:35 +0000 Subject: [gnutls-devel] GnuTLS | Verify that certtool --outder does not output textual data (#627) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #627: https://gitlab.com/gnutls/gnutls/issues/627 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 11 13:12:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 11 Mar 2019 12:12:59 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Thank you. The failure is not because of you, but because of some change in the master repo. You can avoid it by cleaning all caches at: https://gitlab.com/robUx4/gnutls/pipelines and restarting the failed pipelines -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_149181783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 12 17:04:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 12 Mar 2019 16:04:19 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: Ander Juaristi commented on a discussion on lib/auth/psk.h: > /* these structures should not use allocated data */ > typedef struct psk_auth_info_st { > char username[MAX_USERNAME_SIZE + 1]; > + uint16_t len; > dh_info_st dh; > char hint[MAX_USERNAME_SIZE + 1]; > } *psk_auth_info_t; > > typedef struct psk_auth_info_st psk_auth_info_st; > > +inline static > +void _gnutls_copy_psk_auth_info(psk_auth_info_t info, const gnutls_datum_t *psk) > +{ > + memcpy(info->username, psk->data, psk->size); How about an assertion? `assert(sizeof(info->username) <= username->size)` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_149746057 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 12 21:57:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 12 Mar 2019 20:57:25 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) References: Message-ID: New Issue was created. Issue 728: https://gitlab.com/gnutls/gnutls/issues/728 Author: Tim R?hsen Assignee: We have several header files without header guards. Other have inconsistent names for the guards (or even illegal names with leading underscores, e.g. `_ABSTRACT_INT_H`). If we agree upon a standard for our header guards, I'll write a script for batch-processing. Are the files in `lib/` and `src/` sufficient ? Suggestion "project_directory_filename", e.g.: ``` GNUTLS_LIB_ABSTRACT_INT_H or GNUTLS_LIB_EXT_ALPN_H ``` Special chars in file or dir names like `-` should also be converted to `_`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 02:05:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 01:05:18 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @nmav Hi Nikos, it seems that I have a big failure with the test. It works fine on my local. Are these tests based on my modified code? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_149896520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:04:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:04:03 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Ah, the failure is unrelated. Please rebase to current master, it should address it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_149963301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:05:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:05:01 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: @robUx4 alternatively you can rebase this to master which fixes that issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_149963593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:06:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:06:24 +0000 Subject: [gnutls-devel] GnuTLS | WIP: support non-NULL-terminated PSKs (!917) In-Reply-To: References: Message-ID: The failures you see may be unrelated, you may want to rebase to master to see if they go. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_149963950 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:09:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:09:26 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 ( https://gitlab.com/gnutls/gnutls/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:10:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:10:13 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: I'm adding it to 3.7.0 milestone, because renaming files will make patching harder. I agree though that we should strive for consistency in naming files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728#note_149965084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:52:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:52:08 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: https://gitlab.com/robUx4/gnutls/-/jobs/176603313 Do I need to add Signed-Off to my own patch ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_149978140 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 09:57:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 08:57:43 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: I added it anyway, @chouquette told me I have to. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_149981225 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 10:00:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 09:00:53 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Yes, thank you -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947#note_149982398 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 10:01:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 09:01:35 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Reassigned Merge Request 947 https://gitlab.com/gnutls/gnutls/merge_requests/947 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 10:01:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 09:01:38 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 10:02:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 09:02:35 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: A rebase on master would fix the issue -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910#note_149983268 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 11:18:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 10:18:45 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Merge Request !947 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/947 Project:Branches: robUx4/gnutls:inet_ntop to gnutls/gnutls:master Author: Steve Lhomme Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 12:07:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 11:07:13 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: @nmav *NOT renaming files* ... it's about renaming header guards within the header files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728#note_150042873 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 12:46:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 11:46:53 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: but it says: "Special chars in file or dir names like `-` should also be converted to `_`." -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728#note_150057788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 14:13:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 13:13:41 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: I may have misunderstood the text. If you mean that the '-' will be mapped to '_' in the guard, it makes sense to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728#note_150093155 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 14:13:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 13:13:43 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 14:17:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 13:17:59 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: Yes that's what I meant. Sorry if I was a bit unclear. Of course we could also make the filenames consistent, but that is can be done independently in another issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728#note_150094820 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 14:59:01 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 13:59:01 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: I'm removing it from the 3.6.7 milestone as I'll not work on it, but if someone cares addressing that, please re-add. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_150112930 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 14:59:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 13:59:06 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 15:03:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 14:03:36 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect handling of session resumption with changed ClientHello (#657) In-Reply-To: References: Message-ID: I'm removing it from the 3.6.7 plan, because that's not a security issue and looks to me like a nice-to-have feature. Indeed a gnutls server will not behave as it should when a client violates the spec, but I do not think that such corner cases handling are something to prioritize. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/657#note_150115721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 15:03:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 14:03:50 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect handling of session resumption with changed ClientHello (#657) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 15:05:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 14:05:11 +0000 Subject: [gnutls-devel] GnuTLS | fuzzying: enable raw public keys (#687) In-Reply-To: References: Message-ID: @Vrancken did you have some time to check into that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/687#note_150116350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 15:28:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 14:28:39 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: security officer login implies writable session (!953) References: Message-ID: New Merge Request !953 https://gitlab.com/gnutls/gnutls/merge_requests/953 Branches: tmp-fix-pkcs11-so to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list According to the PKCS#11 v2.30, 6.7.1 there are no read-only Security Officer sessions. Resolves: #721 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 15:54:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 14:54:30 +0000 Subject: [gnutls-devel] GnuTLS | inet_ntop is available in Windows but not via arpa/inet.h (!947) In-Reply-To: References: Message-ID: Merge Request !947 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/947 Project:Branches: robUx4/gnutls:inet_ntop to gnutls/gnutls:master Author: Steve Lhomme Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 16:41:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 15:41:51 +0000 Subject: [gnutls-devel] GnuTLS | p11tool is using a R/O session when logging as a SO (#721) In-Reply-To: References: Message-ID: Reassigned Issue 721 https://gitlab.com/gnutls/gnutls/issues/721 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 17:45:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 16:45:12 +0000 Subject: [gnutls-devel] GnuTLS | certtool --generate-self-signed interactive mode spews infinite text when confronted with EOF (#729) References: Message-ID: New Issue was created. Issue 729: https://gitlab.com/gnutls/gnutls/issues/729 Author: Daniel Kahn Gillmor Assignee: consider the following sequence of commands, using `certtool` from GnuTLS 3.6.6: ``` certtool --generate-privkey > x.pem echo | certtool --load-privkey x.pem --generate-self-signed ``` this produces the following text on stderr: ``` Generating a self signed certificate... Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Common name: UID: Organizational unit name: Organization name: Locality name: State or province name: Country name (2 chars): Enter the subject's domain component (DC): This field should not be used in new certificates. E-mail: Enter the certificate's serial number in decimal (123) or hex (0xabcd) (default is 0x23e8987047eeafd765c8b71070fa06c99acb6a5f) value: Activation/Expiration time. The certificate will expire in (days): The certificate will expire in (days): The certificate will expire in (days): The certificate will expire in (days): The certificate will expire in (days): The certificate will expire in (days): The certificate will expire in (days): The certificate will expire in (days): ``` the last line continues forever. I recognize that feeding the interactive mode with an EOF is user input error, but `certtool` should still not produce infinite spew as a result. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 13 20:32:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 13 Mar 2019 19:32:46 +0000 Subject: [gnutls-devel] GnuTLS | Change HTTP:// references to HTTPs:// (generally) (!910) In-Reply-To: References: Message-ID: Merge Request !910 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/910 Project:Branches: rockdaboot/gnutls:tmp-use-https to gnutls/gnutls:master Author: Tim R?hsen Assignee: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 02:10:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 01:10:15 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @nmav Hi Nikos, it looks like the psk.passwd I used in my test cannot be found in the test environment. Do we have any easy and stable way to setup connection in the test script? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_150352313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 09:42:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 08:42:55 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: You can use the `gnutls-cli-save-data.sh` as base. It uses X509 with some pre-existing certificates and keys. If you want to specifically test PSK you can use `psk.passwd` which is already present in the test directory (you can use it in a script with the `PSK_FILE` environment variable). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_150425245 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 10:44:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 09:44:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls client should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA (#730) References: Message-ID: New Issue was created. Issue 730: https://gitlab.com/gnutls/gnutls/issues/730 Author: Anderson Sasaki Assignee: ## Description of problem: When applications using GnuTLS with client certificate key in smart card connect using TLS, the library should check the PKCS#11 module capabilities before negotiating the TLS 1.3 and failing later without any mechanisms to try originally reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1681006 ## Version of gnutls used: 3.6.5 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: always Steps to Reproduce: * Prerequisites: * PKCS#11 module without support for RSA-PSS and raw-RSA mechanisms * The server requests TLS client authentication * Start a server requesting TLS client authentication: ``` $ gnutls-serv --http --require-client-cert --x509cafile ca.pem -d 9 --x509certfile cert.pem --x509keyfile key.pem ``` * Connect to the server using wget (or any other application) compiled against GnuTLS with private key in the PKCS#11 module: ``` $ GNUTLS_DEBUG_LEVEL=9 wget --no-check-certificate --certificate="pkcs11:token=SomeDevice;object=cert;type=cert" --private-key="pkcs11:token=SomeDevice;object=key;type=private?pin-value=111111" --debug --tries 1 https://localhost:5556/ ``` ## Actual results: The TLS 1.3 connection fails: ``` [...] gnutls[4]: checking cert compat with RSA-PSS-SHA512 gnutls[4]: checking cert compat with RSA-PSS-RSAE-SHA512 gnutls[4]: checking cert compat with ECDSA-SECP521R1-SHA512 gnutls[4]: cannot use privkey of RSA with ECDSA-SECP521R1-SHA512 gnutls[4]: checking cert compat with RSA-SHA1 gnutls[3]: ASSERT: signature.c[_gnutls_session_sign_algo_enabled]:365 gnutls[4]: Signature algorithm RSA-SHA1 is not enabled gnutls[4]: checking cert compat with ECDSA-SHA1 gnutls[4]: cannot use privkey of RSA with ECDSA-SHA1 gnutls[3]: ASSERT: tls13/certificate_verify.c[_gnutls13_send_certificate_verify]:192 gnutls[3]: ASSERT: handshake-tls13.c[_gnutls13_handshake_client]:178 GnuTLS: The signature is incompatible with the public key. gnutls[5]: REC[0x55bab44e9510]: Start of epoch cleanup gnutls[5]: REC[0x55bab44e9510]: Epoch #0 freed gnutls[5]: REC[0x55bab44e9510]: End of epoch cleanup gnutls[5]: REC[0x55bab44e9510]: Epoch #1 freed Closed fd 4 Unable to establish SSL connection. ``` ## Expected results: The TLS connection should be downgraded to TLS 1.2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 13:30:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 12:30:52 +0000 Subject: [gnutls-devel] GnuTLS | gnutls server should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA (#731) References: Message-ID: New Issue was created. Issue 731: https://gitlab.com/gnutls/gnutls/issues/731 Author: Anderson Sasaki Assignee: ## Description of problem: When server applications use GnuTLS for TLS with server key in a PKCS#11 device, the library should check if the PKCS#11 module supports RSA-PSS or raw-RSA mechanisms before negotiating TLS 1.3 and failing without any mechanisms to try (or blindly trying unsupported mechanisms). Originally reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1681274 ## Version of gnutls used: 3.6.5 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: always Steps to Reproduce: * Prerequisites: * PKCS#11 module without RSA-PSS nor raw-RSA mechanisms support. * Run GnuTLS test server (but it should be reproducible with any other server using GnuTLS) using the key in the PKCS#11 device: ``` gnutls-serv --http --x509certfile="pkcs11:token=SomeDevice;object=cert;type=cert" --x509keyfile="pkcs11:token=SomeDevice;object=key;type=private?pin-value=111111" -d 9 ``` * Try to connect to the https port with TLS 1.3 capable client: ``` wget --no-check-certificate --tries 1 https://localhost:5556/ ``` ## Actual results: TLS 1.3 connection fails without any ciphersuites that could be used: ``` |<2>| checking c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) for compatibility |<2>| checking 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) for compatibility |<3>| ASSERT: ciphersuites.c[_gnutls_figure_common_ciphersuite]:1587 |<3>| ASSERT: handshake.c[_gnutls_server_select_suite]:1079 |<3>| ASSERT: handshake.c[read_client_hello]:800 |<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1545 |<3>| ASSERT: handshake.c[handshake_server]:3389 Error in handshake: No supported cipher suites have been found. |<5>| REC: Sending Alert[2|40] - Handshake failed |<5>| REC[0x55ed12486eb0]: Preparing Packet Alert(21) with length: 2 and min pad: 0 |<9>| ENC[0x55ed12486eb0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 |<5>| REC[0x55ed12486eb0]: Sent Packet[1] Alert(21) in epoch 0 and length: 7 ``` ## Expected results: The library should downgrade the TLS version to 1.2 if it can not provide valid signature for TLS 1.3 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 22:01:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 21:01:30 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @nmav Hi Nikos, everything looks fine now. Any further changes needed? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_150696310 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 22:06:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 21:06:25 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) References: Message-ID: New Merge Request !954 https://gitlab.com/gnutls/gnutls/merge_requests/954 Branches: tmp-header-guards to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This MR currently amends lib/*.h. More subdirs of lib/ will follow. Closes #738 ## Checklist * [*] Commits have `Signed-off-by:` with name/author being identical to the commit author * [*] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 14 22:45:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 14 Mar 2019 21:45:30 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add or clean header guards in lib/ (!954) In-Reply-To: References: Message-ID: This pull request **fixes 14 alerts** when merging 667ff32ed5a1a7cfd7d51a525f1c4c0509a7169d into 9dca575622586e4c94ced9e453ae0a91f346d711 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-438cc50f23de89817e44f1ec9492a971134b9bf9) **fixed alerts:** * 14 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/954#note_150704739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 16:46:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 15:46:37 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Looks fine to me, but could you squash all commits and rebase to master? I wonder why your previous rebase didn't pickup the lgtm.com integration. It adds some sanity checks in the code, and the rebase will make sure we don't increase such errors. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_150958548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 16:46:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 15:46:42 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Reassigned Merge Request 949 https://gitlab.com/gnutls/gnutls/merge_requests/949 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 16:46:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 15:46:45 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 17:04:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 16:04:11 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) References: Message-ID: New Merge Request !955 https://gitlab.com/gnutls/gnutls/merge_requests/955 Branches: tmp-remove-fixme to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list We expand informational comments on limitations, but with removing FIXME (keyword didn't help fixing these), and remove completely unhelpful or comments about ideas. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 17:47:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 16:47:54 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) In-Reply-To: References: Message-ID: This pull request **fixes 12 alerts** when merging 304ef620819d87b9bf0c128da0eb4d9d394a2954 into 9dca575622586e4c94ced9e453ae0a91f346d711 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-ed4d5c772bfea0b85d428205f54582e0c80bb4c6) **fixed alerts:** * 12 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955#note_150980487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 19:05:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 18:05:38 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/logfile-option.sh: > +fi > + > +rm -f ${TMPFILE1} ${TMPFILE2} > + > +eval "${GETPORT}" > +launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} > +PID=$! > +wait_server ${PID} > + > +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile ${TMPFILE1} --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} > + > +kill ${PID} > +wait > + > +if ! test -f ${TMPFILE1};then > + echo "Logfile shoule be created!" Wouldn't be useful to test for at least a known line? I'm thinking to detect if that file is created with completely bogus content or empty. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_150998695 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 19:23:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 18:23:15 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) In-Reply-To: References: Message-ID: Hmmm, does the lgtm.com run only on the merge requests on the repository? There seem to be no run for !949. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955#note_151004877 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 19:44:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 18:44:39 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Ke Zhao commented on a discussion on tests/logfile-option.sh: > +fi > + > +rm -f ${TMPFILE1} ${TMPFILE2} > + > +eval "${GETPORT}" > +launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} > +PID=$! > +wait_server ${PID} > + > +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile ${TMPFILE1} --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} > + > +kill ${PID} > +wait > + > +if ! test -f ${TMPFILE1};then > + echo "Logfile shoule be created!" I am sorry that I am not that familiar with the sh script. I'm not sure about what should I detect. Could you explain it further? And it there any better command I can use for this script? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_151008818 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 20:03:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 19:03:08 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Ke Zhao commented on a discussion on tests/logfile-option.sh: > +fi > + > +rm -f ${TMPFILE1} ${TMPFILE2} > + > +eval "${GETPORT}" > +launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} > +PID=$! > +wait_server ${PID} > + > +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile ${TMPFILE1} --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} > + > +kill ${PID} > +wait > + > +if ! test -f ${TMPFILE1};then > + echo "Logfile shoule be created!" By the way, rebase that single commit to master means merge this commit into master right? I just want to make sure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_151012246 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 20:08:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 19:08:03 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/logfile-option.sh: > +fi > + > +rm -f ${TMPFILE1} ${TMPFILE2} > + > +eval "${GETPORT}" > +launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} > +PID=$! > +wait_server ${PID} > + > +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile ${TMPFILE1} --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} > + > +kill ${PID} > +wait > + > +if ! test -f ${TMPFILE1};then > + echo "Logfile shoule be created!" Something like checking whether `grep "Handshake was completed" ${TMPFILE1}` succeeds. About the rest what I mean is to combine the 3 commits to a single one, and then rebase to master. A way to rebase to recent master: ``` git checkout master git pull git checkout my-work-branch git rebase master ``` A way to combine the commits to a single is to use (on the working branch): ``` git rebase master git format-patch master git reset --hard master cat *.patch|patch -p1 ``` and commit the changes to a single patch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_151013123 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 15 20:14:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 15 Mar 2019 19:14:39 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Ke Zhao commented on a discussion on tests/logfile-option.sh: > +fi > + > +rm -f ${TMPFILE1} ${TMPFILE2} > + > +eval "${GETPORT}" > +launch_server $$ --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} > +PID=$! > +wait_server ${PID} > + > +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile ${TMPFILE1} --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} > + > +kill ${PID} > +wait > + > +if ! test -f ${TMPFILE1};then > + echo "Logfile shoule be created!" Got it. I will first rebase my squashed commit and then make a further change on the script. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_151014314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 15:40:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 14:40:58 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: Meson can generate MSVS project files, apparently. At least, i don't see our resident MSVC user complaining about Gnome libraries migrating to Meson. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_151126275 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:47:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:47:19 +0000 Subject: [gnutls-devel] GnuTLS | LGTM.com integration (#602) In-Reply-To: References: Message-ID: What I have noticed is that we get lgtm.com comments on pull requests that were based on this gnutls repo, but any 3rd party one (e.g., nmav/gnutls), do not run the lgtm.com pipelines. Is that the expected behavior? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/602#note_151164096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:47:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:47:28 +0000 Subject: [gnutls-devel] GnuTLS | LGTM.com integration (#602) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:52:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:52:21 +0000 Subject: [gnutls-devel] GnuTLS | LGTM.com integration (#602) In-Reply-To: References: Message-ID: Actually I think that the integration of lgtm.com only works for new MRs, so I think we are ok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/602#note_151164345 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:52:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:52:22 +0000 Subject: [gnutls-devel] GnuTLS | LGTM.com integration (#602) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #602: https://gitlab.com/gnutls/gnutls/issues/602 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/602 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:54:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:54:05 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: All discussions on Merge Request !949 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/949 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:57:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:57:42 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Merge Request !949 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/949 Project:Branches: DK_DARKmatter/gnutls:logfileoption to gnutls/gnutls:master Author: Ke Zhao Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:59:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:59:39 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Merge Request !949 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/949 Project:Branches: DK_DARKmatter/gnutls:logfileoption to gnutls/gnutls:master Author: Ke Zhao Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 19:59:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 18:59:39 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: thank you! I've corrected some typos and merged it manually. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_151164724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 20:24:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 19:24:51 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) In-Reply-To: References: Message-ID: LGTM integrates only with MRs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955#note_151166377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 20:25:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 19:25:38 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) In-Reply-To: References: Message-ID: This pull request **fixes 12 alerts** when merging 31eefe1c0cfacf17b5c66aeacfdbc531abb1b98c into 9dca575622586e4c94ced9e453ae0a91f346d711 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-e8cf1a36c6e126c2531981d9f65a1a6fc968bcd3) **fixed alerts:** * 12 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955#note_151166419 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 20:26:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 19:26:10 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) In-Reply-To: References: Message-ID: Merge Request !955 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/955 Branches: tmp-remove-fixme to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 20:26:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 19:26:18 +0000 Subject: [gnutls-devel] GnuTLS | Removed all FIXME comments in code (!955) In-Reply-To: References: Message-ID: Merge Request !955 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/955 Branches: tmp-remove-fixme to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/955 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 16 20:38:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 19:38:57 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: If you have the knowledge of building GnuTLS on Windows, please consider to integrate AppVeyor CI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_151167139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 17 00:39:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 16 Mar 2019 23:39:03 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: LRN commented on a discussion: Sorry, all of my knowledge is MinGW-related. I don't even know what AppVeyor is :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_151201714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 17 18:22:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 17 Mar 2019 17:22:58 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: Ke Zhao commented on a discussion: Thank you for the patience and help! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_151306996 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:02:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:02:30 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Hubert Kario started a new discussion on lib/session.c: > } > > if (vers->tls13_sem && !(session->internals.hsk_flags & HSK_TICKET_RECEIVED)) { > - /* wait for a message with timeout of 1ms */ > - ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, 50); > + unsigned ertt = session->internals.ertt; > + /* use our estimation of round-trip + some time for the server to calculate > + * the value(s). */ > + ertt += 100; 100 ms is a long time, I don't think we should delay connection for this much if it is necessary for old applications to handle upgrade to TLS 1.3 transparently, I think there should be an opt-out for applications that do plan to use `gnutls_handshake_set_hook_function()` to get explicit notifications when the tickets are ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152015014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:02:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:02:54 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: test coverage? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152015297 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:25:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:25:42 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/session.c: > } > > if (vers->tls13_sem && !(session->internals.hsk_flags & HSK_TICKET_RECEIVED)) { > - /* wait for a message with timeout of 1ms */ > - ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, 50); > + unsigned ertt = session->internals.ertt; > + /* use our estimation of round-trip + some time for the server to calculate > + * the value(s). */ > + ertt += 100; I do not know why, but in practice anything smaller than that 50ms results to session resumption randomly (or even consistently for low values) failing. Note that TLS1.3 servers although it is optional almost always send a session ticket so the delay is never the maximum value imposed here. 100 is set as maximum because I could not reliably time-bound how much time a server would take to transmit the next message (it may be loaded temporarily or so). I can set to something lower like 60 which seems to provide consistent results if you insist. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152026130 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:30:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:30:22 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: > test coverage? Session resumption is covered with functionality tests itself, but here I believe you mean something to test this value. I can think of a test, checking whether multiple connections will succeed reliably. However, that's quite impossible to make reliably (there will always be some slower CI, or with cpu peak during that execution etc). Any ideas? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152029674 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:36:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:36:50 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Hubert Kario commented on a discussion on lib/session.c: > } > > if (vers->tls13_sem && !(session->internals.hsk_flags & HSK_TICKET_RECEIVED)) { > - /* wait for a message with timeout of 1ms */ > - ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, 50); > + unsigned ertt = session->internals.ertt; > + /* use our estimation of round-trip + some time for the server to calculate > + * the value(s). */ > + ertt += 100; I'd say that anything in double-digit range is too long... in general, I don't like the idea of sleeping to wait for something to happen - that feels to me like a hack -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152035734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:39:13 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:39:13 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: > I can think of a test, checking whether multiple connections will succeed reliably. yes, a test that fires up few dozen connections at a time and verifies that all of them can resume (something like the nss strsclnt) of course having a server that deliberately delays sending the ticket would be ideal, but that may be too complex for such a simple change -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152036761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:52:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:52:58 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: security officer login implies writable session (!953) In-Reply-To: References: Message-ID: Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/953#note_152042935 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:53:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:53:00 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: security officer login implies writable session (!953) In-Reply-To: References: Message-ID: Merge Request !953 was approved by Tom?? Mr?z Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/953 Branches: tmp-fix-pkcs11-so to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 15:52:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 14:52:57 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Moved to 60ms, and added a script to check successful resumption in a trial of 10 connections. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152042931 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 16:07:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 15:07:48 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Hubert Kario started a new discussion on tests/gnutls-cli-resume.sh: > rm -f ${TMPFILE} > done > > +echo "Checking whether session resumption works reliably under TLS1.2" > + > +i=0 > +while [ $i -lt 10 ] > +do > + ${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile=${TMPFILE} --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --resume --insecure /dev/null || \ a). this runs the clients one by one, not all at once b). valgrind will slow the client significantly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152049426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 17:05:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 16:05:26 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/gnutls-cli-resume.sh: > rm -f ${TMPFILE} > done > > +echo "Checking whether session resumption works reliably under TLS1.2" > + > +i=0 > +while [ $i -lt 10 ] > +do > + ${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile=${TMPFILE} --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --resume --insecure /dev/null || \ The valgrind run is on a single specific CI runner, but it makes sense to remove it completely. I've updated the PR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152081223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 17:45:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 16:45:58 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: security officer login implies writable session (!953) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/953#note_152097690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 17:46:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 16:46:03 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: security officer login implies writable session (!953) In-Reply-To: References: Message-ID: Merge Request !953 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/953 Branches: tmp-fix-pkcs11-so to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 19 17:46:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 19 Mar 2019 16:46:07 +0000 Subject: [gnutls-devel] GnuTLS | p11tool is using a R/O session when logging as a SO (#721) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #721: https://gitlab.com/gnutls/gnutls/issues/721 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 20 21:15:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 20 Mar 2019 20:15:53 +0000 Subject: [gnutls-devel] GnuTLS | Downgrade sentinels from RFC 8446 are not used when TLS 1.3 is disabled (#734) References: Message-ID: New Issue was created. Issue 734: https://gitlab.com/gnutls/gnutls/issues/734 Author: Hubert Kario Assignee: ## Description of problem: When TLS 1.3 support is disabled, the downgrade sentinels for TLS 1.1 and TLS 1.0 connections are not set by the server ## Version of gnutls used: gnutls-3.6.5-2.el8.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: Steps to Reproduce: * `gnutls-serv --priority @SYSTEM:-VERS-TLS1.3 ...` * `tlsfuzzer/scripts/test-downgrade-protection.py --server-max-protocol=TLSv1.2` ## Actual results: ``` TLS 1.3 downgrade check for Protocol (3, 1) ... Error encountered while processing node (child: ) with last message being: Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-downgrade-protection.py", line 204, in main runner.run() File "/tmp/tmp.EFXzDIvMDn/tlsfuzzer/tlsfuzzer/runner.py", line 227, in run node.process(self.state, msg) File "/tmp/tmp.EFXzDIvMDn/tlsfuzzer/tlsfuzzer/expect.py", line 586, in process self._check_downgrade_protection(srv_hello) File "/tmp/tmp.EFXzDIvMDn/tlsfuzzer/tlsfuzzer/expect.py", line 692, in _check_downgrade_protection "Server failed to set downgrade protection sentinel in " AssertionError: Server failed to set downgrade protection sentinel in ServerHello.random value TLS 1.3 downgrade check for Protocol (3, 2) ... Error encountered while processing node (child: ) with last message being: Error while processing Traceback (most recent call last): File "tlsfuzzer/scripts/test-downgrade-protection.py", line 204, in main runner.run() File "/tmp/tmp.EFXzDIvMDn/tlsfuzzer/tlsfuzzer/runner.py", line 227, in run node.process(self.state, msg) File "/tmp/tmp.EFXzDIvMDn/tlsfuzzer/tlsfuzzer/expect.py", line 586, in process self._check_downgrade_protection(srv_hello) File "/tmp/tmp.EFXzDIvMDn/tlsfuzzer/tlsfuzzer/expect.py", line 692, in _check_downgrade_protection "Server failed to set downgrade protection sentinel in " AssertionError: Server failed to set downgrade protection sentinel in ServerHello.random value ``` ## Expected results: ``` TLS 1.3 downgrade check for Protocol (3, 1) ... OK TLS 1.3 downgrade check for Protocol (3, 2) ... OK ``` ## Additional info: While setting the downgrade sentinels is not mandatory when the TLS 1.2 is the highest supported version, it is recommended. And the main reason it is optional, is that not all TLS 1.2 implementations needs to be updated, but GnuTLS is implementing TLS 1.3... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 09:24:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 08:24:46 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @DK\_DARKmatter testing the option I see that there are still informational messages printed on a connection. Is that intentional, or you explicitly wanted to exclude them from the option? ``` $ ./gnutls-cli www.google.com --logfile /tmp/aa - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US', issuer `CN=Google Internet Authority G3,O=Google Trust Services,C=US', serial 0x3a15f4c87fb4d33993d3eeb3bf4ae5e4, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2019-03-01 09:46:35 UTC', expires `2019-05-24 09:25:00 UTC', pin-sha256="c2zcMA6wQm75LreK+pr2KB4M+5+GpT1FdSSGi1byZ7M=" Public Key ID: sha1:6f680893dc474668d26ded06d3d07e1648786765 sha256:736cdc300eb0426ef92eb78afa9af6281e0cfb9f86a53d457524868b56f267b3 Public Key PIN: pin-sha256:c2zcMA6wQm75LreK+pr2KB4M+5+GpT1FdSSGi1byZ7M= - Certificate[1] info: - subject `CN=Google Internet Authority G3,O=Google Trust Services,C=US', issuer `CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2', serial 0x01e3a9301cfc7206383f9a531d, RSA key 2048 bits, signed using RSA-SHA256, activated `2017-06-15 00:00:42 UTC', expires `2021-12-15 00:00:42 UTC', pin-sha256="f8NnEFZxQ4ExFOhSN7EiFWtiudZQVD2oY60uauV/n78=" ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_152780283 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 11:13:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 10:13:45 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) References: Message-ID: New Issue was created. Issue 735: https://gitlab.com/gnutls/gnutls/issues/735 Author: OBATA Akio Assignee: ## Description of problem: With adb31e77, `AC_LIB_HAVE_LINKFLAGS` usage was replaced with `AC_SEARCH_LIBS` and `AC_SUBST` for checking `unistring` library. It may resolve unwanted full path of libunistring in pc files, it also affect to real link, e.g. missing rpath. Furthermore, AC_SEARCH_LIBS also affect to LIBS globally. The first hit issue is in configure script, subsequent `try_compile_and run` type checks may be result in unwanted result, because it will always try to link with -lunistring but failed to run due to missing "unistring.so" if it is not in system default rpath. `LIBS` should be reset with `$ac_func_search_save_LIBS` after the `unistring` check. ## Version of gnutls used: 3.6.6 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) N/A ## How reproducible: Steps to Reproduce: * install and use libunistring not in system path * configure with `LDFLAG` having -L to find the libuistring * do `configure` and `make` ## Actual results: configured as `ftellio` is broken and try to compile and use gnulib one. ## Expected results: No problem! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 14:48:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 13:48:14 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @nmav Hi Nikos, this is intentional. Sorry that I missed this part of output, because I did not notice there are some lines using fprintf and out. I checked common.c and only find 4 lines with such kind of output, I will fix it very soon. When I push a new commit, will it be shown on this closed request? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_152914773 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 14:53:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 13:53:26 +0000 Subject: [gnutls-devel] GnuTLS | Add an option "--logfile" to redirect informational messages to a specific file (!949) In-Reply-To: References: Message-ID: @DK\_DARKmatter You need to make a new branch and submit a new pull request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/949#note_152916710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 15:00:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 14:00:55 +0000 Subject: [gnutls-devel] GnuTLS | SECURITY.md: updated to reflect the current practice (!951) In-Reply-To: References: Message-ID: @lumag @dueno ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/951#note_152919655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 16:44:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 15:44:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_prf_rfc5705() API not exposed by command line utilities (#736) References: Message-ID: New Issue was created. Issue 736: https://gitlab.com/gnutls/gnutls/issues/736 Author: Hubert Kario Assignee: ## Description of the feature: To test the interoperability of Keying Material Exporters (a.k.a TLS Exporter) defined in [RFC 5705](https://tools.ietf.org/html/rfc5705), it's necessary for the command line utilities to support it too. Currently the `gnutls_prf_rfc5705()` API is only accessible for applications that use the API directly ## Applications that this feature may be relevant to: all that use TLS Exporter, change should happen in `gnutls-cli` and `gnutls-serv` so that the functionality can be tested for interoperability ## Is this feature implemented in other libraries (and which) * OpenSSL (`s_client` and `s_server` `-keymatexport` option) * tlslite-ng (`tls.py server` and `tls.py client` `-l` option) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 16:51:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 15:51:00 +0000 Subject: [gnutls-devel] GnuTLS | SECURITY.md: updated to reflect the current practice (!951) In-Reply-To: References: Message-ID: Merge Request !951 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/951 Branches: tmp-security-update to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/951 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 17:42:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 16:42:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_prf_rfc5705() API not exposed by command line utilities (#736) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 17:53:45 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 16:53:45 +0000 Subject: [gnutls-devel] GnuTLS | fuzzying: enable raw public keys (#687) In-Reply-To: References: Message-ID: I'm working on it. I'm currently a bit short on time because of upcoming exams. I will report back. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/687#note_152992725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 21 18:43:14 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 21 Mar 2019 17:43:14 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) References: Message-ID: New Merge Request !956 https://gitlab.com/gnutls/gnutls/merge_requests/956 Project:Branches: DK_DARKmatter/gnutls:logfileoption-fixup to gnutls/gnutls:master Author: Ke Zhao Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 08:32:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 07:32:08 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on src/common.c: > return; > } > > - fputs("\n", out); > - fputs((char*)pem.data, out); > - fputs("\n", out); > + log_msg(out, "\n"); > + log_msg(out, "%s", (char*)pem.data); due to this change, these three can be simplified to a single `log_msg("\n%s\n")` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956#note_153160942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 08:33:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 07:33:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: I think it makes sense to enhance the logfile-option test to ensure that the x509 functionality of gnutls is also tested. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956#note_153161223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:15:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:15:59 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Ke Zhao commented on a discussion: Hi Nikos, is there any specific web site can be used in x509 test? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956#note_153297517 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:26:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:26:05 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Merge Request !936 was approved by Hubert Kario Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/936 Branches: tmp-improve-session-resumption to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:26:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:26:23 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: r+ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_153301710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:35:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:35:27 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: All discussions on Merge Request !936 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/936 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:35:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:35:34 +0000 Subject: [gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936) In-Reply-To: References: Message-ID: Merge Request !936 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/936 Branches: tmp-improve-session-resumption to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:35:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:35:36 +0000 Subject: [gnutls-devel] GnuTLS | Session resumption randomly fails (#706) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #706: https://gitlab.com/gnutls/gnutls/issues/706 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/706 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:37:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:37:46 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: None, you can use gnutls-serv. See how `tests/sni-hostname.sh` creates a functional server and tests gnutls-cli against it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956#note_153306960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:39:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:39:19 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Ke Zhao commented on a discussion: I just pushed a stupid commit about the test, please ignore it, I will improve it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956#note_153307579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 22 15:56:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 22 Mar 2019 14:56:30 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: We build and install libunistring in non-system directories and do not have any problems with the `./configure` run. Even if there is no system `libunistring.so`. And we use -L in LDFLAGS AFAICS, e.g. in our MinGW build script at https://gitlab.com/gnuwget/wget2/blob/master/contrib/mingw. Maybe we do something differently that I missed !? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_153314014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 23 01:17:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 23 Mar 2019 00:17:07 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: remove --with-guile-site-dir (!957) References: Message-ID: New Merge Request !957 https://gitlab.com/gnutls/gnutls/merge_requests/957 Project:Branches: alonbl/gnutls:guile to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: The hack of distcheck is not known and should not be the default as the GUILE_SITE_DIR macro is the default expected behavior. There is little value in specifying any other location of the site-dir as it is out of the guile configuration so best to remove. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/957 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 23 01:18:26 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 23 Mar 2019 00:18:26 +0000 Subject: [gnutls-devel] GnuTLS | build: detect previous supported guile (ae715f67) In-Reply-To: References: Message-ID: @nmav: there is a point in what @noloader argue, I traced this to confusion in the way the autoconf script is being used, there is a hack here[1] Expected behavior of default processing is to run `GUILE_SITE_DIR` this is done only if `--without-guile-site-dir` is used, it is quite confusing. If default or `--with-guile-site-dir` is used then there is some hack activated, I do not understand the need for the hack, but for sure it should not be the default. If `--with-guile-site-dir=xxx` is specified then we take the value of the argument which makes sense, but how came we can override what guile knows about itself? It will be ineffective. Unless there is a good reason to keep this logic, probably leaving only `GUILE_SITE_DIR` is the best method. See #957 for removal of `--with-guile-site-dir` Thanks! [1] https://gitlab.com/gnutls/gnutls/blob/master/configure.ac#L867 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ae715f6703f73476dbe51b1281da6f69fdad0de5#note_153431900 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 23 10:37:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 23 Mar 2019 09:37:32 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: Please refer your `config.log`, and make sure that "result" of "checking whether ftello works" is "yes", and `LIBS` does not contains "-lunistring". It is the "Expected results: No problem!" for me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_153459490 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 23 14:04:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 23 Mar 2019 13:04:38 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: ``` $ grep -A1 ftello config.log configure:19175: checking whether ftello is declared configure:19175: x86_64-w64-mingw32-gcc -c -O2 -Wall -Wno-format -I/home/tim/src/wget2/x86_64-w64-mingw32/include conftest.c >&5 -- configure:19199: checking for ftello configure:19216: x86_64-w64-mingw32-gcc -o conftest.exe -O2 -Wall -Wno-format -I/home/tim/src/wget2/x86_64-w64-mingw32/include -L/home/tim/src/wget2/x86_64-w64-mingw32/lib conftest.c -latomic >&5 -- configure:19238: checking whether ftello works configure:19327: result: guessing yes -- configure:26724: checking for ftello configure:26750: result: yes configure:26763: checking whether ftello works configure:26852: result: guessing yes -- configure:39089: checking for ftello configure:39115: result: yes configure:39128: checking whether ftello works configure:39217: result: guessing yes -- ac_cv_have_decl_ftello=yes ac_cv_have_decl_funlockfile=no -- gl_cv_func_ftello=yes gl_cv_func_ftello_works='guessing yes' gl_cv_func_gai_strerror_posix_signature=no $ grep ^LIBS= config.log LIBS='' ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_153480119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 03:24:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 02:24:21 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: Ah, `--with-included-unistring` is in your script, then external libunistring will be never checked on your situation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_153541189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 08:27:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 07:27:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Reassigned Merge Request 956 https://gitlab.com/gnutls/gnutls/merge_requests/956 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 08:38:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 07:38:41 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Merge Request !956 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/956 Project:Branches: DK_DARKmatter/gnutls:logfileoption-fixup to gnutls/gnutls:master Author: Ke Zhao Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 08:38:50 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 07:38:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Merge Request !956 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/956 Project:Branches: DK_DARKmatter/gnutls:logfileoption-fixup to gnutls/gnutls:master Author: Ke Zhao Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 08:38:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 07:38:49 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Option "--logfile" fixup (!956) In-Reply-To: References: Message-ID: Thank you. Merged manually. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/956#note_153553800 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 13:11:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 12:11:08 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: Would you like to suggest a patch (MR) to address the issue you mention? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_153569930 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 13:12:41 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 12:12:41 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from lrn1986): DEFAULT_TRUST_STORE_FILE relocation (#732) In-Reply-To: References: Message-ID: I do not know if that's possible, but the question is why? If you are running this application on windows the system store is the windows certificate store, and in wine that's the same. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/732#note_153570531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 13:18:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 12:18:11 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: remove --with-guile-site-dir (!957) In-Reply-To: References: Message-ID: Merge Request !957 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/957 Project:Branches: alonbl/gnutls:guile to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/957 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 13:18:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 12:18:15 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: remove --with-guile-site-dir (!957) In-Reply-To: References: Message-ID: I'm not a guile expert, but I'm for simple versions. LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/957#note_153571522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 13:18:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 12:18:51 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: remove --with-guile-site-dir (!957) In-Reply-To: References: Message-ID: Merge Request !957 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/957 Project:Branches: alonbl/gnutls:guile to gnutls/gnutls:master Author: Alon Bar-Lev Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/957 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 13:43:06 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 12:43:06 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: @akichangy Oh right. I now removed `--with-included-unistring` and see the same results. config.log attached.[config.log](/uploads/75724d3b4a148f15dd4ff08d28f9194a/config.log) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_153573130 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 24 14:33:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 24 Mar 2019 13:33:42 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from lrn1986): DEFAULT_TRUST_STORE_FILE relocation (#732) In-Reply-To: References: Message-ID: Well, i like having an option to use the system store that i control and can update at will with a script, instead of something Microsoft cooked up and updates at its own leisure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/732#note_153576772 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:01:58 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:01:58 +0000 Subject: [gnutls-devel] GnuTLS | Support Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (#738) References: Message-ID: New Issue was created. Issue 738: https://gitlab.com/gnutls/gnutls/issues/738 Author: acharintsev Assignee: Hi all. Tell me please. How can I extend the supported Cipher Suites in GnuTLS ? My version 3.6.5. But when establishing connection with remote servers I get: HSK[0x13fe7f0]: unsupported cipher suite 00.31 was negotiated Fatal error: Could not negotiate a supported cipher suite. The output of **wireshark **logs shows that the server only requires ciphersuite **TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)**. It is not in the list of supported https://www.gnutls.org/manual/html_node/Supported-ciphersuites.html#Supported-ciphersuites. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/738 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:19:56 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:19:56 +0000 Subject: [gnutls-devel] GnuTLS | add support for AES-XTS mode (#354) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:20:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:20:08 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should test whether RSA key exchange is enabled (#449) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:20:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:20:19 +0000 Subject: [gnutls-devel] GnuTLS | session resumption: ability to limit resumption to TLS 1.3+ connections (#477) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/477 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:20:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:20:02 +0000 Subject: [gnutls-devel] GnuTLS | handle OID 1.3.6.1.4.1.11129.2.4.2 (x.509 extension for certificate transparency SCTs) (#232) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:20:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:20:35 +0000 Subject: [gnutls-devel] GnuTLS | Tests with RSA-PSS private_key and rsae/rsa-pss signature schemes. (#646) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/646 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:20:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:20:39 +0000 Subject: [gnutls-devel] GnuTLS | fuzzying: enable raw public keys (#687) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/687 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:20:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:20:46 +0000 Subject: [gnutls-devel] GnuTLS | Unencrypted Finished msg is rejected with incorrect Alert (#643) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:21:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:21:10 +0000 Subject: [gnutls-devel] GnuTLS | Consistent header guards (#728) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 08:25:18 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 07:25:18 +0000 Subject: [gnutls-devel] GnuTLS | Support Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (#738) In-Reply-To: References: Message-ID: The server you are connecting negotiates Diffie-Hellman public key. This is not supported by gnutls nor advertised by it. Most likely you are trying to connect to a broken server. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/738#note_153714976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 09:39:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 08:39:22 +0000 Subject: [gnutls-devel] GnuTLS | Support Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (#738) In-Reply-To: References: Message-ID: Many thanks for the quick reply. Maybe there is a proxy server like "**IANA to GnuTLS**" and vice versa? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/738#note_153737210 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 25 19:39:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 25 Mar 2019 18:39:00 +0000 Subject: [gnutls-devel] build-images | build images: switch to podman for generation (!22) References: Message-ID: New Merge Request !22 https://gitlab.com/gnutls/build-images/merge_requests/22 Branches: tmp-rely-on-podman to master Author: Nikos Mavrogiannopoulos Assignee: podman doesn't require a privileged docker container to build images. Signed-off-by: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/22 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 09:46:23 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 08:46:23 +0000 Subject: [gnutls-devel] GnuTLS | Use ChangeLog date instead of build date (!928) In-Reply-To: References: Message-ID: Where are we with that? Should we mark it as WIP? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/928#note_154140804 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 09:48:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 08:48:21 +0000 Subject: [gnutls-devel] GnuTLS | handshake: increase the default number of tickets we send to 2 (!942) In-Reply-To: References: Message-ID: @juaristi @rockdaboot what do you think about this change in the wget perspective? Does wget take advantage of multiple resumption tickets if sent by the server? Is that something it is being considered on upstream? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/942#note_154141486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 09:52:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 08:52:33 +0000 Subject: [gnutls-devel] GnuTLS | Use ChangeLog date instead of build date (!928) In-Reply-To: References: Message-ID: Would be nice if you could make alternative patches, because I know little about the build system. I can help test things. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/928#note_154143134 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 09:55:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 08:55:11 +0000 Subject: [gnutls-devel] GnuTLS | SECURITY.md: updated to reflect the current practice (!951) In-Reply-To: References: Message-ID: Merge Request !951 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/951 Branches: tmp-security-update to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/951 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 09:55:15 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 08:55:15 +0000 Subject: [gnutls-devel] GnuTLS | SECURITY.md: updated to reflect the current practice (!951) In-Reply-To: References: Message-ID: Merge Request !951 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/951 Branches: tmp-security-update to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/951 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 14:54:39 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 13:54:39 +0000 Subject: [gnutls-devel] GnuTLS | handshake: increase the default number of tickets we send to 2 (!942) In-Reply-To: References: Message-ID: Merge Request !942 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/942 Branches: tmp-increase-nr-of-tickets to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 14:54:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 13:54:53 +0000 Subject: [gnutls-devel] GnuTLS | handshake: increase the default number of tickets we send to 2 (!942) In-Reply-To: References: Message-ID: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/942#note_154274732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 14:58:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 13:58:54 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from jianqiang.wang@securitygossip.com): potential null pointer de-reference bugs. (#739) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 15:00:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 14:00:11 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from jianqiang.wang@securitygossip.com): potential null pointer de-reference bugs. (#739) In-Reply-To: References: Message-ID: Thank you for reporting that. I unmarked that as confidential because this only affects examples or command line tools with trusted input. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/739#note_154277236 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 15:33:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 14:33:49 +0000 Subject: [gnutls-devel] GnuTLS | handshake: increase the default number of tickets we send to 2 (!942) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/942#note_154300808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 15:33:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 14:33:59 +0000 Subject: [gnutls-devel] GnuTLS | change or make configurable to number of tickets to send by default (#596) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #596: https://gitlab.com/gnutls/gnutls/issues/596 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 15:33:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 14:33:59 +0000 Subject: [gnutls-devel] GnuTLS | handshake: increase the default number of tickets we send to 2 (!942) In-Reply-To: References: Message-ID: Merge Request !942 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/942 Branches: tmp-increase-nr-of-tickets to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/942 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 16:53:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 15:53:21 +0000 Subject: [gnutls-devel] GnuTLS | fips140: Perform SHA-3 self tests (!958) References: Message-ID: New Merge Request !958 https://gitlab.com/gnutls/gnutls/merge_requests/958 Project:Branches: ansasaki/gnutls:sha3_selftests to gnutls/gnutls:master Author: Anderson Sasaki Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. The self tests for SHA-3 were defined but not run in FIPS mode. This is required for FIPS validation of the SHA-3 implementation. The patch adds the calls to perform the required self tests. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 16:58:34 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 15:58:34 +0000 Subject: [gnutls-devel] GnuTLS | fips140: Perform SHA-3 self tests (!958) In-Reply-To: References: Message-ID: Reassigned Merge Request 958 https://gitlab.com/gnutls/gnutls/merge_requests/958 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 16:58:38 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 15:58:38 +0000 Subject: [gnutls-devel] GnuTLS | fips140: Perform SHA-3 self tests (!958) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.7 (Jan 26, 2019?Mar 27, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/19 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 16:58:49 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 15:58:49 +0000 Subject: [gnutls-devel] GnuTLS | fips140: Perform SHA-3 self tests (!958) In-Reply-To: References: Message-ID: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/958#note_154337438 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 16:58:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 15:58:55 +0000 Subject: [gnutls-devel] GnuTLS | fips140: Perform SHA-3 self tests (!958) In-Reply-To: References: Message-ID: Merge Request !958 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/958 Project:Branches: ansasaki/gnutls:sha3_selftests to gnutls/gnutls:master Author: Anderson Sasaki Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 17:18:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 16:18:51 +0000 Subject: [gnutls-devel] GnuTLS | Use ChangeLog date instead of build date (!928) In-Reply-To: References: Message-ID: @nmav I am pretty much out of free time currently, sorry -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/928#note_154345698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 26 19:14:16 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 18:14:16 +0000 Subject: [gnutls-devel] GnuTLS | fips140: Perform SHA-3 self tests (!958) In-Reply-To: References: Message-ID: Merge Request !958 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/958 Project:Branches: ansasaki/gnutls:sha3_selftests to gnutls/gnutls:master Author: Anderson Sasaki Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 00:06:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 23:06:43 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) References: Message-ID: New Merge Request !959 https://gitlab.com/gnutls/gnutls/merge_requests/959 Project:Branches: simo5/gnutls:xts to gnutls/gnutls:master Author: Simo Sorce Assignee: This add support for XTS which is used/wanted by some GnuTLS downstreams. It includes a backport from nettle's master tree so that it works also on older nettle versions. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 00:44:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 26 Mar 2019 23:44:25 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: This pull request **introduces 1 alert** when merging 0cf6edd8f93c724fbae7e34dc25c8f7f8c7c3d07 into 9043c8c2d1c6aef9aff0e4a40ec3926bc7c34361 - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-27ad9472a4c2570be9a06ffd7a89005c0a17bcd8) **new alerts:** * 1 for Missing header guard --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_154464347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 08:07:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 08:07:57 +0100 Subject: [gnutls-devel] gnutls 3.6.7 Message-ID: Hello, I've just released gnutls 3.6.7. This is a bug fix and security release on the stable 3.6.x branch. I'd like to thank everyone who contributed in this release: Alon Bar-Lev, Anderson Toshiyuki Sasaki, Andreas Metzler, Bas van Schaik, Daiki Ueno, Dmitry Eremin-Solenikov, Hugo Beauz?e-Luyssen, Ke Zhao, R. Andrew Bailey, Steve Lhomme, and Tim R?hsen. The applicable security advisory GNUTLS-SA-2019-03-27 will be made available at: https://www.gnutls.org/security-new.html The detailed list of changes follows; they can be seen in more detail in our milestone tracker: https://gitlab.com/gnutls/gnutls/milestones/19 Changes ======= * Version 3.6.7 (released 2019-03-27) ** libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). ** libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] ** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] ** libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). ** libgnutls: the default number of tickets sent under TLS 1.3 was increased to two. This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. ** libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. ** libgnutls: fixed issue preventing sending and receiving from different threads when false start was enabled (#713). ** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable session, as non-writeable security officer sessions are undefined in PKCS#11 (#721). ** libgnutls: no longer send downgrade sentinel in TLS 1.3. Previously the sentinel value was embedded to early in version negotiation and was sent even on TLS 1.3. It is now sent only when TLS 1.2 or earlier is negotiated (#689). ** gnutls-cli: Added option --logfile to redirect informational messages output. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from ;. A list of GnuTLS mirrors can be found at ;. Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.7.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.7.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From gnutls-devel at lists.gnutls.org Wed Mar 27 09:03:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 08:03:12 +0000 Subject: [gnutls-devel] GnuTLS | multiple issues in handling KeyUpdate messages (#699) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:07:11 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:07:11 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) References: Message-ID: New Merge Request !960 https://gitlab.com/gnutls/gnutls/merge_requests/960 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:30:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:30:59 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/merge_requests/960 was reviewed by Tim R?hsen -- Tim R?hsen started a new discussion on src/ocsptool-common.c: > + if (url == NULL) { > + ret = -1; > + return ret; Why not `return -1` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:31:31 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:31:31 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Hubert Kario started a new discussion on src/ocsptool-common.c: > } > > url = malloc(data.size + 1); > + if (url == NULL) { > + ret = -1; why -1 and not, say `GNUTLS_E_MEMORY_ERROR`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154657815 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:41:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:41:12 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on src/ocsptool-common.c: > } > > url = malloc(data.size + 1); > + if (url == NULL) { > + ret = -1; > + return ret; -1 is used everywhere in the function for error return. It's not library code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154661983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:42:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:42:20 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: All discussions on Merge Request !960 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/960 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:42:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:42:20 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on src/ocsptool-common.c: > } > > url = malloc(data.size + 1); > + if (url == NULL) { > + ret = -1; LGTM. Could you merge your two commits into one and `git push --force-with-lease` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154662473 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 14:53:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 13:53:35 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Thanks @rockdaboot , -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154667411 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 15:01:42 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 14:01:42 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Merge Request !960 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/960 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 15:03:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 14:03:07 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on src/ocsptool-common.c: > } > > url = malloc(data.size + 1); > + if (url == NULL) { > + ret = -1; Thanks for addressing that issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154672377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 15:03:08 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 14:03:08 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: All discussions on Merge Request !960 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/960 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 15:58:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 14:58:24 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: @mia2019 Eventually set your CI timeout to 2h (Settings/CICD/GeneralPipelines, field 'Timeout'). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154702815 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 16:37:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 15:37:55 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: @rockdaboot Done! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154746018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 16:41:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 15:41:07 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: If you restart the failing job (valgrind), it should run with a timeout of 2h now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154747412 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 16:49:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 15:49:12 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Done! please answer my security issue -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154752213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 17:22:07 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 16:22:07 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: @nmav I wonder why our CI scan-build didn't find this obvious issue. And I believe that is because we don't use function attributes 'malloc' (and '__alloc_size' for clang). @mia2019 Would you like to investigate here ? - make a define for the gcc attribute 'malloc' - add the attribute (macro) to gnutls allocation functions - push the branch to see 'static-analyzers.Fedora.x86_64' fail (at least I hope so) - if it fails, click on the failed job, then on 'browse'... you'll find the issues listed there - open new issue(s), make up a fix, push MR, ... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154767047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 17:49:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 16:49:02 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Merge Request !960 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/960 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 19:14:10 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 18:14:10 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Checking .gitlab-ci.yml, the scan-build is not run on src/. Something about this MR, the commits did not have the Signoff-by. Irrespective of the CI failure to detect that, we should be using the manual tick boxes as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154804910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 19:17:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 18:17:00 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Actually the CI check failed, but the failure was not reflected in gitlab: ``` fatal: ambiguous argument 'master..HEAD': unknown revision or path not in the working tree. Use '--' to separate paths from revisions, like this: 'git [...] -- [...]' ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154805564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 19:22:59 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 18:22:59 +0000 Subject: [gnutls-devel] GnuTLS | check_if_signed: ensure that git-rev-list command succeeds (!961) References: Message-ID: New Merge Request !961 https://gitlab.com/gnutls/gnutls/merge_requests/961 Branches: tmp-signoff-update to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This makes sure that check_if_signed script will fail if the git-rev-list command fails. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/961 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 19:27:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 18:27:02 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: @mia2019 would you like to add your acceptance to the DCO manually in this MR? (i.e., say something like, my contribution is in accordance with the [project DCO](https://gitlab.com/gnutls/gnutls/blob/master/doc/DCO.txt))? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154807798 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 27 19:32:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 27 Mar 2019 18:32:09 +0000 Subject: [gnutls-devel] GnuTLS | Run tlsfuzzer against gnutls built with clang asan and ubsan (#741) References: Message-ID: New Issue was created. Issue 741: https://gitlab.com/gnutls/gnutls/issues/741 Author: Hubert Kario Assignee: Not all wrong code behaviour will cause the gnutls binary to misbehave on TLS level or to crash. To make it more likely to find issues in error handling code, the tlsfuzzer test suite should be ran against gnutls built with clang Address Sanitizer and Undefined Behaviour Sanitizer (possibly others) I've talked about it with @ansasaki and he said that the tlsfuzzer is already ran against gnutls running under valgrind, it's clang/ubsan that's missing, but it is used for the FreeBSD run. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 10:43:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 09:43:22 +0000 Subject: [gnutls-devel] GnuTLS | Let check_if_signed fail if git fails (!962) References: Message-ID: New Merge Request !962 https://gitlab.com/gnutls/gnutls/merge_requests/962 Branches: tmp-fail-sigcheck to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list See discussion at !960 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 10:45:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 09:45:29 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: > Checking .gitlab-ci.yml, the scan-build is not run on src/. I see in L281: ``` - make -j$(nproc) -C src/gl && scan-build --status-bugs -o scan-build-lib make -j$(nproc) -C src ``` Maybe we should separate this into two lines. > we should be using the manual tick boxes as well to catch this kind of issues. Well yes, and I am sorry, but the check boxes are ambiguous and often do not apply. So I found myself staring clueless at them, so I started to ignore them. > `fatal: ambiguous argument 'master..HEAD': unknown revision or path not in the working tree.` If there is no 'master' branch, we simply can't check the commits since we don't know which ones are new. But we should see a CI failure - that needs to be fixed (addressed in!962). There are also 2 commits merged into master... that's my fault, i somehow thought they have been merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154983304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 10:51:37 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 09:51:37 +0000 Subject: [gnutls-devel] GnuTLS | check_if_signed: ensure that git-rev-list command succeeds (!961) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on devel/check_if_signed: > # create list of commits of the current branch > commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME) > > +if test $? -ne 0;then That's not how it works. I tried it locally with `a..b`, got the same error as mentioned in !960, the script stopped with `$?` being 0. Please see !962 for a working and more general approach (in case of command failure in other places). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/961#note_154985964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 11:06:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 10:06:33 +0000 Subject: [gnutls-devel] GnuTLS | check_if_signed: ensure that git-rev-list command succeeds (!961) In-Reply-To: References: Message-ID: Merge Request !961 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/961 Branches: tmp-signoff-update to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/961 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 11:07:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 10:07:20 +0000 Subject: [gnutls-devel] GnuTLS | check_if_signed: ensure that git-rev-list command succeeds (!961) In-Reply-To: References: Message-ID: Ok, closing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/961#note_154992714 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 11:10:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 10:10:51 +0000 Subject: [gnutls-devel] GnuTLS | Detect malloc failure. (!960) In-Reply-To: References: Message-ID: Would git accept the origin/master for that cmd (origin/master..HEAD)? that way we may not need to care whether the master actually exists. About the tickboxes, is there something we can improve? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/960#note_154993899 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 14:48:24 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 13:48:24 +0000 Subject: [gnutls-devel] GnuTLS | Let check_if_signed fail if git fails (!962) In-Reply-To: References: Message-ID: @nmav Gitlab changed something (see https://gitlab.com/gnutls/gnutls/-/jobs/186006633). `HEAD` seems to be non-existent now. Trying again with `master..`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/962#note_155107617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 21:39:12 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 20:39:12 +0000 Subject: [gnutls-devel] GnuTLS | Let check_if_signed fail if git fails (!962) In-Reply-To: References: Message-ID: Merge Request !962 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/962 Branches: tmp-fail-sigcheck to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 21:39:19 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 20:39:19 +0000 Subject: [gnutls-devel] GnuTLS | Let check_if_signed fail if git fails (!962) In-Reply-To: References: Message-ID: Reassigned Merge Request 962 https://gitlab.com/gnutls/gnutls/merge_requests/962 Assignee changed to Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 21:42:33 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 20:42:33 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/nettle/backport/xts.c: > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* ############################################# > + * THIS IS A BACKPORT FROM NETTLE, DO NOT MODIFY > + * ############################################# > + */ > + > +#ifndef HAVE_XTS_ENCRYPT_MESSAGE wouldn't you need config.h for this ifndef to function? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155280891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 21:42:57 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 20:42:57 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/nettle/backport/xts.h: > + * as published by the Free Software Foundation; either version 2.1 of > + * the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +#ifndef _BACKPORT_NETTLE_XTS_H_INCLUDED > +#define _BACKPORT_NETTLE_XTS_H_INCLUDED > + same here for config.h -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155281050 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 21:48:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 20:48:47 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/algorithms/ciphers.c: > .type = CIPHER_BLOCK, > .explicit_iv = 16, > .cipher_iv = 16}, > + { .name = "AES-128-XTS", Is there anything different with XTS in relation with existing block ciphers that we may want to document? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155283457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 28 22:27:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 28 Mar 2019 21:27:02 +0000 Subject: [gnutls-devel] GnuTLS | Let check_if_signed fail if git fails (!962) In-Reply-To: References: Message-ID: Merge Request !962 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/962 Branches: tmp-fail-sigcheck to master Author: Tim R?hsen Assignee: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 10:07:53 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 09:07:53 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/nettle/cipher.c: > #else > #include "cfb8.h" > #endif /* HAVE_NETTLE_CFB8_ENCRYPT */ > +#include nit: it would be nice if you reorder the commits so that the "Vender in ..." commit comes first and this commit comes later, so not to break bisectability -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155432034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 12:35:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 11:35:27 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/crypto-selftests.c: > FALLTHROUGH; > CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher, > aes256_cfb8_vectors); > + FALLTHROUGH; since that's a fips mode it may make sense to add a self test in fips.c as well (executed at startup) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155488612 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 12:47:00 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 11:47:00 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) References: Message-ID: New Merge Request !963 https://gitlab.com/gnutls/gnutls/merge_requests/963 Project:Branches: mia2019/gnutls:master to gnutls/gnutls:master Author: Elta Koepp Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 12:49:32 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 11:49:32 +0000 Subject: [gnutls-devel] GnuTLS | OSCP: Fixed check null pointer OCSP resp to *_read_value() (!963) In-Reply-To: References: Message-ID: Hi @rockdaboot In the function `_gnutls_ocsp_get_validity()` / `gnutls_ocsp_resp_check_crt()` if `gnutls_ocsp_resp_t` is invalid return -1 and any check `resp == NULL` and pass to fuction `gnutls_ocsp_resp_get_single()`, and pass `resp` to `*_read_value()`, -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/963#note_155493089 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 14:06:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 13:06:04 +0000 Subject: [gnutls-devel] GnuTLS | Consider dropping heartbeat support (#743) References: Message-ID: New Issue was created. Issue 743: https://gitlab.com/gnutls/gnutls/issues/743 Author: Nikos Mavrogiannopoulos Assignee: Openssl has removed support for heartbeat messages under TLS and DTLS. Given that this most likely indicates that there is not much use of this extension, we should consider dropping that feature as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 15:52:27 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 14:52:27 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion on lib/nettle/backport/xts.h: > + * as published by the Free Software Foundation; either version 2.1 of > + * the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +#ifndef _BACKPORT_NETTLE_XTS_H_INCLUDED > +#define _BACKPORT_NETTLE_XTS_H_INCLUDED > + I do not think it is needed here, anything that includes xts.h needs to have config.h included already. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155565824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 15:52:30 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 14:52:30 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion on lib/nettle/backport/xts.c: > + * This library is distributed in the hope that it will be useful, but > + * WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public License > + * along with this program. If not, see > + * > + */ > + > +/* ############################################# > + * THIS IS A BACKPORT FROM NETTLE, DO NOT MODIFY > + * ############################################# > + */ > + > +#ifndef HAVE_XTS_ENCRYPT_MESSAGE Uhmm good catch, I guess this is a bug that shows up also in the other backports (eg cmac.c). I'll fix this then propose a MR for the other places too. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155565868 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 15:53:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 14:53:22 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion on lib/algorithms/ciphers.c: > .type = CIPHER_BLOCK, > .explicit_iv = 16, > .cipher_iv = 16}, > + { .name = "AES-128-XTS", Do we want to document that XTs is a oneshot API ? Ie the entire message need to be provided, can't send in a few blocks at a time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155566235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 15:53:43 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 14:53:43 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion on lib/nettle/cipher.c: > #else > #include "cfb8.h" > #endif /* HAVE_NETTLE_CFB8_ENCRYPT */ > +#include will do -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155566336 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 15:54:05 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 14:54:05 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion on lib/crypto-selftests.c: > FALLTHROUGH; > CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher, > aes256_cfb8_vectors); > + FALLTHROUGH; ok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155566512 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 17:35:46 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 16:35:46 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/algorithms/ciphers.c: > .type = CIPHER_BLOCK, > .explicit_iv = 16, > .cipher_iv = 16}, > + { .name = "AES-128-XTS", Yes, that's tricky. From that sense it fits more into the AEAD interface (which handles messages), though there is not authentication tag here. It would be good to document it on the cipher description. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155600056 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:20:04 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:20:04 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Simo Sorce commented on a discussion on lib/algorithms/ciphers.c: > .type = CIPHER_BLOCK, > .explicit_iv = 16, > .cipher_iv = 16}, > + { .name = "AES-128-XTS", ok added comment, PTAL -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155611940 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:20:21 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:20:21 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: All issues raised should have been addressed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155612014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:41:52 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:41:52 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: All discussions on Merge Request !959 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/959 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:45:28 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:45:28 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Squashed commits together as requested by @nmav -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155618712 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:46:25 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:46:25 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Merge Request !959 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/959 Project:Branches: simo5/gnutls:xts to gnutls/gnutls:master Author: Simo Sorce Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:46:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:46:35 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Reassigned Merge Request 959 https://gitlab.com/gnutls/gnutls/merge_requests/959 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:46:40 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:46:40 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.8 (Mar 28, 2019?May 28, 2019) ( https://gitlab.com/gnutls/gnutls/milestones/21 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 18:51:20 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 17:51:20 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: @rockdaboot after a rebase the check_if_signed fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155620014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 19:18:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 18:18:09 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: I'll merge this directly when the rest of the CI passes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155625982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 19:23:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 18:23:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix check_if_signed (!964) References: Message-ID: New Merge Request !964 https://gitlab.com/gnutls/gnutls/merge_requests/964 Project:Branches: simo5/gnutls:check_if_signed to gnutls/gnutls:master Author: Simo Sorce Assignee: Make check_if_signed return intelligible output instead of abruptly exiting on internal failures ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [/] Test suite updated with functionality tests * [/] Test suite updated with negative tests * [/] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 19:59:54 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 18:59:54 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: All but commit_check (which seems broken, see !964) passed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155634169 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 20:03:29 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 19:03:29 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix check_if_signed (!964) In-Reply-To: References: Message-ID: So after various failures and confusion around why my fixes weren't working I caused the script to print the actial git config in the test: `[fetch] recurseSubmodules = false [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] url = https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx at gitlab.com/simo5/gnutls.git fetch = +refs/heads/*:refs/remotes/origin/*` And the mistery reveals itself, there is no real "origin" tree here. We have two options I guess. 1) force add upstream as remote or return to use "master" depending on the user having updated their own "master" REF_HEAD -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/964#note_155634870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 20:51:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 19:51:48 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Merged manually. Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959#note_155643708 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 29 20:51:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 29 Mar 2019 19:51:48 +0000 Subject: [gnutls-devel] GnuTLS | Add XTS backport from Nettle (!959) In-Reply-To: References: Message-ID: Merge Request !959 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/959 Project:Branches: simo5/gnutls:xts to gnutls/gnutls:master Author: Simo Sorce Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/959 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 05:34:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 04:34:47 +0000 Subject: [gnutls-devel] GnuTLS | add support for AES-XTS mode (#354) In-Reply-To: References: Message-ID: Closed by !959 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/354#note_155689554 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 05:34:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 04:34:48 +0000 Subject: [gnutls-devel] GnuTLS | add support for AES-XTS mode (#354) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #354: https://gitlab.com/gnutls/gnutls/issues/354 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 05:37:55 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 04:37:55 +0000 Subject: [gnutls-devel] GnuTLS | add support for AES-XTS mode (#354) In-Reply-To: References: Message-ID: Reassigned Issue 354 https://gitlab.com/gnutls/gnutls/issues/354 Assignee changed to Simo Sorce -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 06:42:02 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 05:42:02 +0000 Subject: [gnutls-devel] GnuTLS | Unwanted -lunistring leak to global LIBS in configure (#735) In-Reply-To: References: Message-ID: ``` --- configure.ac.orig 2019-03-27 06:15:41.000000000 +0000 +++ configure.ac @@ -381,6 +381,7 @@ else *** Libunistring was not found. To use the included one, use --with-included-unistring ]]) ]) + LIBS=$ac_func_search_save_LIBS fi AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/735#note_155692238 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 09:29:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 08:29:35 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#744) References: Message-ID: New Issue was created. Issue 744: https://gitlab.com/gnutls/gnutls/issues/744 Author: GnuTLS bot Assignee: The following issues require labels: - [ ] [Reconsidering use of VLAs and alloca()](https://gitlab.com/gnutls/gnutls/issues/684) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/744 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 09:29:36 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 08:29:36 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from julian.klode@canonical.com): spurious (?) failure: gnutls 3.6.5 FAIL tls13/post-handshake-with-cert (exit status: 1) (#652) In-Reply-To: References: Message-ID: @support-bot This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/652#note_155701212 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 09:29:35 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 08:29:35 +0000 Subject: [gnutls-devel] GnuTLS | Reconsidering use of VLAs and alloca() (#684) In-Reply-To: References: Message-ID: @rockdaboot This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_155701209 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 30 19:47:09 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 30 Mar 2019 18:47:09 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) References: Message-ID: New Merge Request !965 https://gitlab.com/gnutls/gnutls/merge_requests/965 Project:Branches: ametzler/gnutls:tmp-ametzler-test-error-on-missing-expect to gnutls/gnutls:master Author: Andreas Metzler Assignee: testcompat-tls13-openssl.sh FAILed in missing expect instead of SKIPping the test ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 31 01:53:48 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 31 Mar 2019 00:53:48 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) References: Message-ID: New Issue was created. Issue 745: https://gitlab.com/gnutls/gnutls/issues/745 Author: Hubert Assignee: `...` ``libgnutls.a(hostname-verify.o):(.text+0xfe): undefined reference to `rpl_inet_pton'`` ``libgnutls.a(hostname-verify.o):(.text+0x46b): undefined reference to `rpl_inet_pton'`` ``libgnutls.a(ip.o):(.text+0x3f2): undefined reference to `rpl_inet_pton'`` ``collect2.exe: error: ld returned 1 exit status`` inet_ntop.c is there but not inet_pton.c ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 31 08:47:03 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 31 Mar 2019 06:47:03 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: I do not think we should be skipping tests in `suite/`. If we do it would be very easy during CI systems upgrade to lose tests because a new version of a system doesn't include a dependency. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965#note_155776799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 31 13:34:51 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 31 Mar 2019 11:34:51 +0000 Subject: [gnutls-devel] GnuTLS | gl/inet_pton.c missing in 3.6.7 release tarball (#745) In-Reply-To: References: Message-ID: I'm seeing something very similar, though the error is `undefined reference to inet_pton`. It seems to exist in the `src/gl` directory, so doing something like: ```diff diff --git a/lib/Makefile.am b/lib/Makefile.am index 1111111..2222222 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -138,6 +138,7 @@ libgnutls_la_LDFLAGS = -no-undefined \ -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) $(COMMON_LINK_FLAGS) libgnutls_la_LIBADD = ../gl/libgnu.la x509/libgnutls_x509.la \ + ../src/gl/libgnu_gpl.la \ ext/libgnutls_ext.la \ auth/libgnutls_auth.la algorithms/libgnutls_alg.la \ extras/libgnutls_extras.la ``` and `autoreconf` is a workaround. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/745#note_155794020 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 31 18:26:22 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 31 Mar 2019 16:26:22 +0000 Subject: [gnutls-devel] GnuTLS | Skip testcompat-tls13-openssl.sh on missing expect (!965) In-Reply-To: References: Message-ID: We already do skip tests in suite: * The openssl version check in testcompat-main-openssl will also cause SKIP for missing openssl. * testcompat-main-polarssl does not run on mising polarssl. * testcompat-openssl.sh is skipped on missing openssl or missing datefudge. * test-ciphersuite-names.sh is SKIPPED on missing nodejs. * testrng.sh is skipped on missing dieharder. * Stopped checking here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/965#note_155821511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 31 19:25:47 2019 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 31 Mar 2019 17:25:47 +0000 Subject: [gnutls-devel] GnuTLS | Fix link errors with gcc-9 (!966) References: Message-ID: New Merge Request !966 https://gitlab.com/gnutls/gnutls/merge_requests/966 Project:Branches: ametzler/gnutls:tmp-ametzler-gcc9-build-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: This fixes the error reported in https://bugs.debian.org/925701 - Gnutls FTBFS with gcc-9 due to these changes: ``` GCC 9 also passes the linker option --as-needed by default; typical build issues are passing libraries before object files to the linker, or underlinking of convenience libraries built from the same source. ``` To reproduce I had to configure gnutls for installation into a multiarch path: ```--prefix=/usr --libdir=\${prefix}/lib/x86_64-linux-gnu``` I have found two issues: libecore.la is underlinked, -ldl missing. ``` /usr/bin/ld: ./.libs/libecore.a(libecore_la-eina_module.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5' /usr/bin/ld: /usr/lib/x86_64-linux-gnu/libdl.so: error adding symbols: DSO missing from command line ``` cipher-openssl-compat has wrong order, due to setting cipher_openssl_compat_LDFLAGS instead of cipher_openssl_compat_LDADD ``` libtool: link: gcc-9 [...] -Wabi=11 -fdiagnostics-show-option -g -O2 /usr/lib/x86_64-linux-gnu/libcrypto.so -Wl,-rpath -Wl,/usr/lib/x86_64-linux-gnu -o .libs/cipher-openssl-compat cipher-openssl-compat.o ../.libs/libutils.a /dev/shm/gnutls.git/b4deb/lib/.libs/libgnutls.so -lp11-kit -lidn2 -lunistring -ltasn1 -lnettle -lhogweed -lgmp ../../gl/.libs/libgnu.a ../../lib/.libs/libgnutls.so /usr/bin/ld: cipher-openssl-compat.o: in function `cipher_test': /dev/shm/gnutls.git/b4deb/tests/slow/../../../tests/slow/cipher-openssl-compat.c:42: undefined reference to `EVP_get_cipherbyname' /usr/bin/ld: /dev/shm/gnutls.git/b4deb/tests/slow/../../../tests/slow/cipher-openssl-compat.c:146: undefined reference to `EVP_CipherInit_ex' [...] ``` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: