From gnutls-devel at lists.gnutls.org Tue Dec 1 05:09:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 04:09:13 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1127) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1127 The following issues require labels: - [ ] [Service Desk (from andreas.haslwimmer at gmail.com): link broken](https://gitlab.com/gnutls/gnutls/-/issues/1106) - [ ] [Service Desk (from justin at yackoski.name): windows download link broken](https://gitlab.com/gnutls/gnutls/-/issues/1105) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1127 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 07:37:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 06:37:56 +0000 Subject: [gnutls-devel] GnuTLS | x509: Improve documentation of new set_getissuer_function (!1365) In-Reply-To: References: Message-ID: Merge Request !1365 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/getissuer_func_docs to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 07:37:53 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 06:37:53 +0000 Subject: [gnutls-devel] GnuTLS | x509: Improve documentation of new set_getissuer_function (!1365) In-Reply-To: References: Message-ID: Merge Request !1365 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/getissuer_func_docs to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 07:38:29 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 06:38:29 +0000 Subject: [gnutls-devel] GnuTLS | x509: Improve documentation of new set_getissuer_function (!1365) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you, looks very clear! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365#note_457640373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 07:38:52 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 06:38:52 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1127) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1127: https://gitlab.com/gnutls/gnutls/-/issues/1127 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1127 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 09:35:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 08:35:24 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: ihsinme commented on a discussion on lib/x509/x509_dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457719609 > > /* remove spaces from the end */ > while(val->size > 0 && c_isspace(val->data[val->size-1])) { > - if (val->size-2 > 0 && val->data[val->size-2] == '\\') > + if (val->size > 2 && val->data[val->size-2] == '\\') I correct the comparison to be similar, with the exception of the unsigned overflow error. I think the logic is not affected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457719609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 10:05:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 09:05:12 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/x509_dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457748552 > > /* remove spaces from the end */ > while(val->size > 0 && c_isspace(val->data[val->size-1])) { > - if (val->size-2 > 0 && val->data[val->size-2] == '\\') > + if (val->size > 2 && val->data[val->size-2] == '\\') Yes, we can fix it later if it turns out to be an issue. For now, could you please: - amend your commit with `Signed-off-by:` following the [CONTRIBUTING.md](https://gitlab.com/gnutls/gnutls/-/blob/master/CONTRIBUTING.md#git-commits) - increase CI timeout in your setting to ~2h - retrigger the failed CI jobs ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457748552 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 11:50:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 10:50:25 +0000 Subject: [gnutls-devel] GnuTLS | fuzz: fix handshake fuzzer issues spotted by oss-fuzz (!1363) In-Reply-To: References: Message-ID: Merge Request !1363 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 Project:Branches: dueno/gnutls:wip/dueno/fuzzer-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 11:50:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 10:50:34 +0000 Subject: [gnutls-devel] GnuTLS | fuzz: fix handshake fuzzer issues spotted by oss-fuzz (!1363) In-Reply-To: References: Message-ID: Sahana Prasad commented: lgtm -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363#note_457840727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 13:33:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 12:33:41 +0000 Subject: [gnutls-devel] GnuTLS | fuzz: fix handshake fuzzer issues spotted by oss-fuzz (!1363) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363#note_457979426 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 13:33:29 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 12:33:29 +0000 Subject: [gnutls-devel] GnuTLS | fuzz: fix handshake fuzzer issues spotted by oss-fuzz (!1363) In-Reply-To: References: Message-ID: Merge Request !1363 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 Project:Branches: dueno/gnutls:wip/dueno/fuzzer-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 13:50:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 12:50:18 +0000 Subject: [gnutls-devel] GnuTLS | CI pipeline rework - using stages and inheritance (!1366) References: Message-ID: Stanislav ?idek created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1366 Project:Branches: ep69/gnutls:ci-rework to gnutls/gnutls:master Author: Stanislav ?idek Assignee: Daiki Ueno Separating CI/CD pipeline into stages - fails can be spotted earlier and provides useful groundwork for splitting longer tests later. Using inheritance to decrease code duplication. @dueno Daiki, could you have a look? Does it make sense from your point of view? ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 15:13:21 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 14:13:21 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: ihsinme commented on a discussion on lib/x509/x509_dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_458096513 > > /* remove spaces from the end */ > while(val->size > 0 && c_isspace(val->data[val->size-1])) { > - if (val->size-2 > 0 && val->data[val->size-2] == '\\') > + if (val->size > 2 && val->data[val->size-2] == '\\') sorry. this is my first experience at gitlab -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_458096513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 17:17:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 16:17:07 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: All discussions on Merge Request !1364 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 17:17:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 16:17:14 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Merge Request !1364 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 Project:Branches: ihsinme/gnutls:ihsinme-master-patch-42280 to gnutls/gnutls:master Author: ihsinme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 17:17:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 16:17:16 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Merge Request !1364 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 Project:Branches: ihsinme/gnutls:ihsinme-master-patch-42280 to gnutls/gnutls:master Author: ihsinme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 17:17:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 16:17:23 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_458208217 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 17:32:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 16:32:45 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Merge Request !1364 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 Project:Branches: ihsinme/gnutls:ihsinme-master-patch-42280 to gnutls/gnutls:master Author: ihsinme Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 1 20:28:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Dec 2020 19:28:05 +0000 Subject: [gnutls-devel] GnuTLS | CI pipeline rework - using stages and inheritance (!1366) In-Reply-To: References: Message-ID: Daiki Ueno commented: At first glance, this looks like a great improvement. Thank you for doing that! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1366#note_458331588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 12:33:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 11:33:41 +0000 Subject: [gnutls-devel] GnuTLS | Remove SRP support (#943) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 12:33:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 11:33:55 +0000 Subject: [gnutls-devel] GnuTLS | Enable PSK by default (#680) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 12:34:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 11:34:08 +0000 Subject: [gnutls-devel] GnuTLS | Consider dropping heartbeat support (#743) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 12:34:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 11:34:23 +0000 Subject: [gnutls-devel] GnuTLS | Add support for DTLS 1.3 (#1019) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 12:34:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 11:34:55 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS should transparently use KTLS if it's available (#1113) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 12:35:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 11:35:20 +0000 Subject: [gnutls-devel] GnuTLS | Add Linux kernel AF_ALG backend (#308) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/308 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 2 21:05:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Dec 2020 20:05:19 +0000 Subject: [gnutls-devel] GnuTLS | Add support for DTLS 1.3 (#1019) In-Reply-To: References: Message-ID: Daniel Lenski commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1019#note_459131248 Looks like the URLs have changed, slightly. Latest Rev39 draft: https://tools.ietf.org/html/draft-ietf-tls-dtls13-39 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1019#note_459131248 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 3 14:40:52 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Dec 2020 13:40:52 +0000 Subject: [gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.0 release ( https://gitlab.com/gnutls/gnutls/-/milestones/30 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/594 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 3 20:21:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Dec 2020 19:21:32 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented: @npocs looks like you need to increase the timeout; could you do that from "Settings" ? "CI / CD" ? "General pipelines" ? "Timeout"? I think 2h would be sufficient. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_460156675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 4 16:57:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Dec 2020 15:57:45 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Norbert Pocs commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_460779745 Timout increased and I am rerunning the pipeline now -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_460779745 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 5 09:58:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Dec 2020 08:58:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_461013684 Seems like 2h was not sufficient :-( But it also fails in the check of "Signed-off-by:". Perhaps you could squash the commits into a single commit, add "Signed-off-by:", and "git push --force-with-lease": https://estl.tech/a-gentler-force-push-on-git-force-with-lease-fb15701218df ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_461013684 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 6 16:00:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Dec 2020 15:00:38 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Avi Kivity commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_461178657 @tgrabiec please try it out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_461178657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 6 16:18:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Dec 2020 15:18:32 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/corpus2array: fix build with gnu89 (!70) In-Reply-To: References: Message-ID: Merge Request !70 was approved by Tim R?hsen Merge Request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70 Project:Branches: mangix/libtasn1:mangix-master-patch-15289 to gnutls/libtasn1:master Author: Rosen Penev Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 6 16:24:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Dec 2020 15:24:28 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/corpus2array: fix build with gnu89 (!70) In-Reply-To: References: Message-ID: Tim R?hsen commented: The CI/pipeline failure is not related to this change. BTW, there are more places to fix for C89: ``` libtasn1_array2tree_fuzzer.c: In function 'LLVMFuzzerTestOneInput': libtasn1_array2tree_fuzzer.c:60:2: error: 'for' loop initial declarations are only allowed in C99 or C11 mode 60 | for (int it = 0; it < nelem; it++) { | ^~~ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70#note_461181277 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 7 12:28:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Dec 2020 11:28:19 +0000 Subject: [gnutls-devel] GnuTLS | certificate issuer unknown on duplicate certificates in chain (#1131) References: Message-ID: Tomas Krizek created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1131 ## Description of problem: When a root certificate appears twice in the certificate chain, it is marked as untrusted. I suppose there's no reason why duplicate certificates should be in the chain, but these do appear in the wild, e.g. `gitlab.nic.cz` (as of 2020-12-07). ## Version of gnutls used: 3.7.0 (the same certificate chain works fine with 3.6.15) ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Archlinux ## How reproducible: 100% Steps to Reproduce: ``` $ gnutls-cli gitlab.nic.cz Processed 149 CA certificate(s). Resolving 'gitlab.nic.cz:443'... Connecting to '217.31.192.133:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `CN=gitlab.labs.nic.cz', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x043d7d8a63166e0368df867d4c584791ae65, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-11-16 08:03:24 UTC', expires `2021-02-14 08:03:24 UTC', pin-sha256="7NBmA2/dDjJ3o6SHLLbhoP6nTu95BhIMlOQG/FGTTMs=" Public Key ID: sha1:1bb89b72e0dfd583e5cc970030310e38f7740ffa sha256:ecd066036fdd0e3277a3a4872cb6e1a0fea74eef7906120c94e406fc51934ccb Public Key PIN: pin-sha256:7NBmA2/dDjJ3o6SHLLbhoP6nTu95BhIMlOQG/FGTTMs= - Certificate[1] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Certificate[2] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. ``` In case the service cert gets fixed in the mean time, I'm also attaching a copy of the certificate. [gitlab.nic.cz.pem](/uploads/ae1a7cd5362b07fcba7210c2b2247503/gitlab.nic.cz.pem) ## Actual results: certificate verification fails ## Expected results: certificate verification succeeds -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1131 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 7 17:56:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Dec 2020 16:56:25 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Read Certificate Transparency (RFC 6962) SCT extension (!1367) References: Message-ID: Ander Juaristi created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367 Branches: aja-certificate-transparency to master Author: Ander Juaristi This MR would close issue #232. I've implemented new public functions to parse the Certificate Transparency SCT extension (Signed Certificate Timestamp), as specified by [RFC 6962](https://tools.ietf.org/html/rfc6962). It also extends `certtool` to be able to read such extension from certificates. The tests included in this MR use the aclu.org example X.509 certificate provided by Daniel Kahn Gillmor in the issue itself. It is embedded as a PEM string in the test code `x509cert-ct.c`. I can change that and create a new custom certificate if asked. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [X] Code modified for feature * [X] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 10:31:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 09:31:34 +0000 Subject: [gnutls-devel] GnuTLS | Name Constraints parsing failure (unsupported othername or subject null) (#1132) References: Message-ID: Moritz Schlarb created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1132 First of all, I'm sorry that I had to replace all the actual domain names, but I couldn't reach someone to tell me that it would be okay to post them here... I hope it doesn't prevent you from having a look. ## Description of problem: I have an (intermediate) certificate (generated and used on Windows) that includes Name Constraints (for Kerberos Principals) that OpenSSL seems to be able to parse (to some extent), but GnuTLS does not (at all): GnuTLS: ``` ~ # certtool --certificate-info --infile $INTERMEDIATE.pem | grep -C1 "Name Constraints" Access Location URI: $CDP_URL Name Constraints (critical): Signature Algorithm: RSA-SHA256 ``` OpenSSL: ``` ~ # openssl x509 -in $INTERMEDIATE.pem -noout -text | grep -A12 "Name Constraints" X509v3 Name Constraints: critical Permitted: othername: othername: email:.$DOMAIN.$TLD email:@$DOMAIN.$TLD DNS:$DOMAIN DNS:.$DOMAIN.$TLD DNS:$DOMAIN.$TLD DirName:DC = $TLD, DC = $DOMAIN URI:http://.$DOMAIN.$TLD URI:http://$DOMAIN.$TLD ``` Windows: ``` Permitted [1]Subtrees (0..Max): Other Name: Principal Name=.$DOMAIN.$TLD [2]Subtrees (0..Max): Other Name: Principal Name=@$DOMAIN.$TLD [3]Subtrees (0..Max): RFC822 Name=.$DOMAIN.$TLD [4]Subtrees (0..Max): RFC822 Name=@$DOMAIN.$TLD [5]Subtrees (0..Max): DNS Name=$DOMAIN [6]Subtrees (0..Max): DNS Name=.$DOMAIN.$TLD [7]Subtrees (0..Max): DNS Name=$DOMAIN.$TLD [8]Subtrees (0..Max): Directory Address: DC=$DOMAIN DC=$TLD [9]Subtrees (0..Max): URL=http://.$DOMAIN.$TLD [10]Subtrees (0..Max): URL=http://$DOMAIN.$TLD Excluded=None ``` ## Version of gnutls used: 3.6.7 and 3.7.0 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Debian Stable and Unstable ## How reproducible: I tried to reproduce the certificate setup but it seems impossible to add the unsupported name constraints by OID and I can't create a leaf certificate with a `null` subject. ## Actual results: ``` ~ # certtool --verify --verify-hostname $LEAF --load-ca-certificate $CA --infile $LEAF Loaded CAs (1 available) Subject: $INTERMEDIATE Issuer: $CA Checked against: $CA Signature algorithm: RSA-SHA256 Output: Verified. The certificate is trusted. Subject: (null) Issuer: $INTERMEDIATE Checked against: $INTERMEDIATE Signature algorithm: RSA-SHA256 Output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. ``` ## Expected results: Leaf certificate should be trusted (it is in OpenSSL): ``` openssl verify -CAfile $CA+INTERMEDIATE $LEAF $LEAF: OK ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1132 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 15:30:44 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 14:30:44 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Norbert Pocs commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_462438242 Squash done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_462438242 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 19:13:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 18:13:00 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Merge Request !1350 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 Project:Branches: npocs/gnutls:#1074 to gnutls/gnutls:master Author: Norbert Pocs Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 19:13:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 18:13:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: All discussions on Merge Request !1350 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 19:13:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 18:13:55 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello.legacy_session_id is not set even if middlebox compat mode is enabled in TLS 1.3 (#1074) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1350 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1350) Issue #1074: https://gitlab.com/gnutls/gnutls/-/issues/1074 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1074 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 19:13:51 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 18:13:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_462613479 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 19:13:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 18:13:55 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello.legacy_session_id is not set even if middlebox compat mode is enabled in TLS 1.3 (#1074) In-Reply-To: References: Message-ID: Issue was closed by Norbert Pocs via commit e0bb98e1f71f94691f600839ff748d3a9f469d3e Issue #1074: https://gitlab.com/gnutls/gnutls/-/issues/1074 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1074 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 8 19:13:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Dec 2020 18:13:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Merge Request !1350 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 Project:Branches: npocs/gnutls:#1074 to gnutls/gnutls:master Author: Norbert Pocs Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 11 06:45:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Dec 2020 05:45:03 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) References: Message-ID: Sadie Powell created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 Project:Branches: SadieCat/gnutls:fix-priority-typo to gnutls/gnutls:master Author: Sadie Powell Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 11 10:33:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Dec 2020 09:33:34 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) In-Reply-To: References: Message-ID: Merge Request !1368 was approved by Airtower Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 Project:Branches: SadieCat/gnutls:fix-priority-typo to gnutls/gnutls:master Author: Sadie Powell Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 14 21:38:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Dec 2020 20:38:45 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) In-Reply-To: References: Message-ID: Sadie Powell commented: Is there anything else I need to do for this? The pipeline failures don't seem to be related to this PR specifically. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368#note_466526189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 14 22:54:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Dec 2020 21:54:33 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) In-Reply-To: References: Message-ID: Airtower commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368#note_466566156 I don't think so. Except maybe rebasing when there's a fix on master to get rid of the pipeline failure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368#note_466566156 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 15 05:09:01 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Dec 2020 04:09:01 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1133) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1133 The following issues require labels: - [ ] [Service Desk (from faa851 at mail.usask.ca): Disclosure of Security Flaw](https://gitlab.com/gnutls/gnutls/-/issues/1118) - [ ] [Undefined reference to __imp_gnutls_free error with static build on MinGW](https://gitlab.com/gnutls/gnutls/-/issues/1117) - [ ] [Service Desk (from okudayukiko0 at yandex.com): Any future plan to support RDRAND & TPM2?](https://gitlab.com/gnutls/gnutls/-/issues/1115) - [ ] [Service Desk (from jemuel.campogan at gmail.com): Broken Link at Download Page](https://gitlab.com/gnutls/gnutls/-/issues/1114) - [ ] [Service Desk (from rob.a.bolton at gmail.com): GNU TLS Guile documentation](https://gitlab.com/gnutls/gnutls/-/issues/1112) - [ ] [Build failure on Solaris 11.3](https://gitlab.com/gnutls/gnutls/-/issues/1109) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 15 05:09:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Dec 2020 04:09:02 +0000 Subject: [gnutls-devel] GnuTLS | Undefined reference to __imp_gnutls_free error with static build on MinGW (#1117) In-Reply-To: References: Message-ID: GnuTLS bot commented: @josuegomes This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1117#note_466698118 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 15 05:09:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Dec 2020 04:09:05 +0000 Subject: [gnutls-devel] GnuTLS | Copy Finished packet to cb_tls_unique buffer in tls13/finished (!1293) In-Reply-To: References: Message-ID: GnuTLS bot commented: @rufferson This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1293#note_466698141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 15 05:09:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Dec 2020 04:09:05 +0000 Subject: [gnutls-devel] GnuTLS | Copy Finished packet to cb_tls_unique buffer in tls13/finished (!1293) In-Reply-To: References: Message-ID: Merge Request !1293 was closed by GnuTLS bot Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1293 Project:Branches: rufferson/gnutls:tls-unique-13 to gnutls/gnutls:master Author: Ruslan Marchenko Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1293 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 15 05:09:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Dec 2020 04:09:03 +0000 Subject: [gnutls-devel] GnuTLS | Build failure on Solaris 11.3 (#1109) In-Reply-To: References: Message-ID: GnuTLS bot commented: @cryintothebluesky This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1109#note_466698137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 15 21:57:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Dec 2020 20:57:07 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) References: Message-ID: Tuomo Soini created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1135 ## Description of problem: test certificates in tests/testpkcs11-certs have expired ## Version of gnutls used: Any released up to 3.7.0 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) All ceritifcates in that directory have expired at same time: Not After : Dec 13 08:24:54 2020 GMT ## How reproducible: Steps to Reproduce: * build gnutls * try to run tests ## Actual results: FAIL: testpkcs11.sh ## Expected results: Success. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 16 07:12:04 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Dec 2020 06:12:04 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Andreas Metzler commented: I guess any and all tests using certificates should use datefudge to avoid timebombs like this one. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_467747229 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 16 10:40:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Dec 2020 09:40:56 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Tuomo Soini commented: Any of tests should generate test certificates at the beginning of the test to completely remove timebombs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_467944954 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 16 13:46:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Dec 2020 12:46:50 +0000 Subject: [gnutls-devel] GnuTLS | Testsuite error - listening on IPv6, connecting to IPv4 (#1007) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: @dueno, I agree that it's good to have it, but there's also the question of sane defaults, and the current ones trip people. My preference would be merging a patch from https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206, as I find the resulting behaviour less surprising. This, or binding a single `AF_INET6` to `in6addr_any` without `IPV6_V6ONLY` and taking advantage of IPv4-to-IPv6 address mapping, but I'm not sure whether that won't open a can of compatibility worms for platforms other than mine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1007#note_468139397 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 16 17:07:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Dec 2020 16:07:25 +0000 Subject: [gnutls-devel] GnuTLS | Testsuite error - listening on IPv6, connecting to IPv4 (#1007) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented: yes, if we do that we will need to verify behaviour on a platform that doesn't support IPv6 at all (not even for loopback) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1007#note_468346927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 16 17:19:31 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Dec 2020 16:19:31 +0000 Subject: [gnutls-devel] GnuTLS | init_fds test fails when sssd is running (#1125) In-Reply-To: References: Message-ID: Simo Sorce commented: Looking at this initialization code I do not see it makes a lot of sense. At any given time two threads in an application can be competing and opening file descriptors. There is no way to guarantee sequential fd number allocation, so this check should be removed. The problem is whether there is code in GnuTLS that somehow depends on sequential fd allocation, if that's the case that code needs to be changed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1125#note_468363715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 16 18:46:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Dec 2020 17:46:07 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Andreas Metzler commented: Tuomo Soini @bleve wrote > Any of tests should generate test certificates at the beginning of the test to completely remove timebombs. I do not think that is an option for all tests since not all certificates can be generated by certtool. Also it imho makes the testsuite less strong since it introduces another moving piece. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_468443888 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 18 07:00:49 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Dec 2020 06:00:49 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Andreas Metzler commented: I think this is the minimal bugfix: [minimalchange.diff](/uploads/cc4fecddd17e776d98675d4eb42c54c9/minimalchange.diff) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 18 11:57:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Dec 2020 10:57:10 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Tuomo Soini commented: That is working around the issue, not fixing it. There are other issues with those certificates. They are too small certs to be verified in FIPS mode... So certs should be recreated with 2k size. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469857916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 20 22:55:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Dec 2020 21:55:39 +0000 Subject: [gnutls-devel] GnuTLS | init_fds test fails when sssd is running (#1125) In-Reply-To: References: Message-ID: Ryan Burns commented: Very interesting, thank you. That makes a lot of sense, it seems like it would be quite difficult to rephrase this test case without making assumptions that don't necessarily hold. Thanks, I think I'll just ignore this test result for now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1125#note_471027705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 11:47:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 10:47:16 +0000 Subject: [gnutls-devel] GnuTLS | tpmtool_test.sh failure in tpm_createek call (#1136) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1136 Currently some pipelines are failing due to an error in `setup_tcsd` in `tpmtool_test.sh`: ```console Tspi_Context_Connect failed: 0x00003011 - layer=tsp, code=0011 (17), Communication failure Could not create EK FAIL tpmtool_test.sh (exit status: 1) ``` I assume that this is caused by a change in the build-image. I can also reproduce it on Fedora 33, with the following packages: - trousers-0.3.14-4.fc33.x86_64 - tpm-tools-1.3.9-9.fc33.x86_64 - swtpm-0.5.1-2.20201117git96f5a04.fc33.x86_64 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1136 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 11:48:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 10:48:18 +0000 Subject: [gnutls-devel] GnuTLS | tpmtool_test.sh failure in tpm_createek call (#1136) In-Reply-To: References: Message-ID: Daiki Ueno commented: @stefanberger do you have any clue on this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1136#note_471335664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 15:00:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 14:00:03 +0000 Subject: [gnutls-devel] GnuTLS | tpmtool_test.sh failure in tpm_createek call (#1136) In-Reply-To: References: Message-ID: Stefan Berger commented: Yes, they patches trousers and it doesn't accept certain ownership configurations for the tcsd config file anymore, such as `tss:tss`, which now has to be `root:tss`. It's now a matter of trial and error because the one is required for older versions of trouser and the other for later ones. I'll send a patch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1136#note_471503749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 15:45:21 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 14:45:21 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix tpmtool_test due to changes in trousers (!1369) References: Message-ID: Stefan Berger created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1369 Project:Branches: stefanberger/gnutls:fix_tpmtools_test to gnutls/gnutls:master Author: Stefan Berger This patch fixes test run failures of tpmtools_test.sh due to recent changes in ownership requirement of the trousers configuration file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 15:54:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 14:54:40 +0000 Subject: [gnutls-devel] GnuTLS | tpmtool_test.sh failure in tpm_createek call (#1136) In-Reply-To: References: Message-ID: Stefan Berger commented: PR https://gitlab.com/gnutls/gnutls/-/merge_requests/1369 is supposed to resolve this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1136#note_471546032 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 17:08:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 16:08:33 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix tpmtool_test due to changes in trousers (!1369) In-Reply-To: References: Message-ID: Merge Request !1369 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1369 Project:Branches: stefanberger/gnutls:fix_tpmtools_test to gnutls/gnutls:master Author: Stefan Berger Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 17:09:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 16:09:42 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix tpmtool_test due to changes in trousers (!1369) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you, looks good to me (the other failure in CI is #1135, which I'll adjust when merging). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1369#note_471600190 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 21 18:36:51 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Dec 2020 17:36:51 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix tpmtool_test due to changes in trousers (!1369) In-Reply-To: References: Message-ID: Stefan Berger commented: Are these pipeline test failures related to this fix? I couldn't tell... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1369#note_471662995 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 26 11:02:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Dec 2020 10:02:58 +0000 Subject: [gnutls-devel] GnuTLS | Cross-compilation of the Guile bindings (#1137) References: Message-ID: Evgeny Ermakov created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1137 Hello! I'm trying to cross build `gnutls` with `guile-3.0.4`, but I got an error: ``` GEN modules/gnutls.scm GUILEC modules/gnutls.go GUILEC modules/gnutls/extra.go Backtrace: In ice-9/psyntax.scm: 1241:36 19 (expand-top-sequence ((define-module (gnutls extra) *)) *) 1233:19 18 (parse _ (("placeholder" placeholder)) ((top) #(# # *)) *) 285:10 17 (parse _ (("placeholder" placeholder)) (()) _ c&e (# #) #) In ice-9/eval.scm: 293:34 16 (_ #) In ice-9/boot-9.scm: 3380:4 15 (define-module* _ #:filename _ #:pure _ #:version _ # _ *) 2565:24 14 (call-with-deferred-observers #) 3393:24 13 (_) 222:17 12 (map1 (((gnutls)))) 3297:17 11 (resolve-interface (gnutls) #:select _ #:hide _ #:prefix *) In ice-9/threads.scm: 390:8 10 (_ _) In ice-9/boot-9.scm: 3223:13 9 (_) In ice-9/threads.scm: 390:8 8 (_ _) In ice-9/boot-9.scm: 3507:20 7 (_) 2806:4 6 (save-module-excursion #) 3527:26 5 (_) In unknown file: 4 (primitive-load-path "gnutls" #) In ice-9/eval.scm: 626:19 3 (_ #) 223:20 2 (proc #) In unknown file: 1 (%resolve-variable (7 . protocol/ssl3) #) In ice-9/boot-9.scm: 1669:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1669:16: In procedure raise-exception: Unbound variable: protocol/ssl3 make[3]: *** [Makefile:2520: modules/gnutls/extra.go] Error 1 make[3]: *** Waiting for unfinished jobs.... ``` Here's the patch I propose: ```diff --- guile/modules/gnutls.in +++ guile/modules/gnutls.in @@ -566,20 +566,33 @@ ;; Renaming. -(define protocol/ssl-3 protocol/ssl3) -(define protocol/tls-1.0 protocol/tls1-0) -(define protocol/tls-1.1 protocol/tls1-1) +(define protocol/ssl-3 #f) +(define protocol/tls-1.0 #f) +(define protocol/tls-1.1 #f) ;; Aliases. -(define credentials/anonymous credentials/anon) -(define cipher/rijndael-256-cbc cipher/aes-256-cbc) -(define cipher/rijndael-128-cbc cipher/aes-128-cbc) -(define cipher/rijndael-cbc cipher/aes-128-cbc) -(define cipher/arcfour-128 cipher/arcfour) -(define certificate-verify/allow-any-x509-v1-ca-certificate - certificate-verify/allow-any-x509-v1-ca-crt) -(define certificate-verify/allow-x509-v1-ca-certificate - certificate-verify/allow-x509-v1-ca-crt) +(define credentials/anonymous #f) +(define cipher/rijndael-256-cbc #f) +(define cipher/rijndael-128-cbc #f) +(define cipher/rijndael-cbc #f) +(define cipher/arcfour-128 #f) +(define certificate-verify/allow-any-x509-v1-ca-certificate #f) +(define certificate-verify/allow-x509-v1-ca-certificate #f) + +(eval-when (load eval) + (unless (getenv "GNUTLS_GUILE_CROSS_COMPILING") + (set! protocol/ssl-3 protocol/ssl3) + (set! protocol/tls-1.0 protocol/tls1-0) + (set! protocol/tls-1.1 protocol/tls1-1) + (set! credentials/anonymous credentials/anon) + (set! cipher/rijndael-256-cbc cipher/aes-256-cbc) + (set! cipher/rijndael-128-cbc cipher/aes-128-cbc) + (set! cipher/rijndael-cbc cipher/aes-128-cbc) + (set! cipher/arcfour-128 cipher/arcfour) + (set! certificate-verify/allow-any-x509-v1-ca-certificate + certificate-verify/allow-any-x509-v1-ca-crt) + (set! certificate-verify/allow-x509-v1-ca-certificate + certificate-verify/allow-x509-v1-ca-crt))) ;; Deprecated OpenPGP bindings. (define-deprecated certificate-type/openpgp) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 26 12:08:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Dec 2020 11:08:08 +0000 Subject: [gnutls-devel] GnuTLS | Build fails with autoconf 2.70 (#1138) References: Message-ID: Jan Palus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1138 Reconfiguring with autoconf 2.70 fails: ``` syntax error: unexpected 'ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89' ``` Can you please update gnulib to include: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=a3b3fc85e3e632374811b27cb2111e50fa177e36 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 26 12:15:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 26 Dec 2020 11:15:25 +0000 Subject: [gnutls-devel] GnuTLS | Cross-compilation of the Guile bindings (#1137) In-Reply-To: References: Message-ID: Evgeny Ermakov commented: Crossc-compiling against guile-2.2.7 causes the same failure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1137#note_473954383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 27 18:08:53 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Dec 2020 17:08:53 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) References: Message-ID: Darshit Shah created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1139 ## Description of problem: It seems like certificates signed by the old Let's Encrypt CA certificate "Let's Encrypt Authority X3", are not being recognized as valid by gnutls. The same certificate is recorded as valid when I use OpenSSL. ## Version of gnutls used: 3.7.0 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Arch Linux Official repository package ## How reproducible: Always Steps to Reproduce: * `gnutls-cli translatationproject.org` ## Actual results: ``` Processed 139 CA certificate(s). Resolving 'translationproject.org:443'... Connecting to '2a01:7c8:c037:6::20:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `CN=stats.vrijschrift.org', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x04f78efb758d89606ce87baa6471c832d949, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-11-01 10:34:36 UTC', expires `2021-01-30 10:34:36 UTC', pin-sha256="g+cvDmsK+CiS5TfMiasFm7RqsMly8J+yamG+VbKehIM=" Public Key ID: sha1:3a6a632ee02dacea20b66789fbfc9bf58dc46b27 sha256:83e72f0e6b0af82892e537cc89ab059bb46ab0c972f09fb26a61be55b29e8483 Public Key PIN: pin-sha256:g+cvDmsK+CiS5TfMiasFm7RqsMly8J+yamG+VbKehIM= - Certificate[1] info: - subject `CN=stats.vrijschrift.org', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x04f78efb758d89606ce87baa6471c832d949, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-11-01 10:34:36 UTC', expires `2021-01-30 10:34:36 UTC', pin-sha256="g+cvDmsK+CiS5TfMiasFm7RqsMly8J+yamG+VbKehIM=" - Certificate[2] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. ``` ## Expected results: The certificate is recognized as valid. On Firefox I don't see any problems as it recognizes it just fine. As does `openssl s_client`. Other websites using Let's Encrypt, but with the newer signing certificate have no problems. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 27 18:11:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Dec 2020 17:11:02 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: Darshit Shah commented: I'm sorry, this seems to be a duplicate of #1131. I'm not sure how I missed it at first. Closing it -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139#note_474185540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 27 18:11:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Dec 2020 17:11:03 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: Issue was closed by Darshit Shah Issue #1139: https://gitlab.com/gnutls/gnutls/-/issues/1139 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 27 18:12:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 27 Dec 2020 17:12:11 +0000 Subject: [gnutls-devel] GnuTLS | Older Let's Encrypt certificates are not recognized (#1139) In-Reply-To: References: Message-ID: Issue was reopened by Darshit Shah Issue 1139: https://gitlab.com/gnutls/gnutls/-/issues/1139 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 12:30:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 11:30:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates (!1370) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1370 Project:Branches: dueno/gnutls:wip/dueno/dupes to gnutls/gnutls:master Author: Daiki Ueno The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a regression, where duplicate certificates in a certificate chain are no longer ignored but treated as a non-contiguous segment and that results in calling the issuer callback, or a verification failure. This adds a mechanism to record certificates already seen in the chain, and skip them while still allow the caller to inject missing certificates. Fixes: #1131 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 14:08:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 13:08:08 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Jeffrey Walton commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_474595538 Be careful of `datefudge`. It is missing on some platforms and difficult to build. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_474595538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 14:34:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 13:34:10 +0000 Subject: [gnutls-devel] GnuTLS | tpmtool_test.sh failure in tpm_createek call (#1136) In-Reply-To: References: Message-ID: Jeffrey Walton commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1136#note_474612785 I believe that change occurred due to a recent thread on OSS-security. See [Multiple Security Issues in the TrouSerS tpm1.2 tscd Daemon](https://www.openwall.com/lists/oss-security/2020/08/06/1) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1136#note_474612785 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 14:35:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 13:35:11 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates (!1370) In-Reply-To: References: Message-ID: Andreas Metzler commented: Hello Daiko, Welcome back, I hope you managed to get some rest during your time off. This commit seems to make the chainverify test hang. cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1370#note_474613276 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 15:56:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 14:56:48 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Niels M?ller commented: Would it make sense to have a command line option to specify the "current" date, and some way to have the library use that rather than gettimeofday() or similar? Then the tests could use that to test certificate logic without depending at all on actual wall clock time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_474677161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 16:23:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 15:23:40 +0000 Subject: [gnutls-devel] GnuTLS | testpkcs11: use datefudge to trick certificate expiry (!1371) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master Author: Daiki Ueno The certificates stored in tests/testpkcs11-certs expired on 2020-12-13. To avoid verification failure due to that, use datefudge to set custom date when calling gnutls-cli, gnutls-serv, and certtool. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 16:36:46 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 15:36:46 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_474696943 Yes, we have an API for that (`gnutls_global_set_time_function`), so that should be possible. Meanwhile I've opened an MR incorporating Andreas' change. It's also tempting to generate certs at run time as Tuomo suggests, though I worry that it may increase CI running time (that should work well in this specific test, as we generate certs on SC anyway). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135#note_474696943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 28 21:16:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Dec 2020 20:16:14 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates (!1370) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1370#note_474796876 Yeah, obviously I didn't run the complete test suite but only `missingissuer`. The hang should be fixed now, with a trivial fix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1370#note_474796876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 12:04:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 11:04:12 +0000 Subject: [gnutls-devel] GnuTLS | fix CI failures on recent Fedora 33 image (!1371) In-Reply-To: References: Message-ID: Daiki Ueno commented: The pipeline seems to be finally fixed; @ametzler could you review the changes? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371#note_475079908 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:09:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:09:26 +0000 Subject: [gnutls-devel] GnuTLS | fix CI failures on recent Fedora 33 image (!1371) In-Reply-To: References: Message-ID: Andreas Metzler commented: Looks good. Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371#note_475120389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:10:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:10:09 +0000 Subject: [gnutls-devel] GnuTLS | fix CI failures on recent Fedora 33 image (!1371) In-Reply-To: References: Message-ID: Merge Request !1371 was approved by Andreas Metzler Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:28:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:28:33 +0000 Subject: [gnutls-devel] GnuTLS | test certificates in tests/testpkcs11-certs have expired (#1135) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1371 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1371) Issue #1135: https://gitlab.com/gnutls/gnutls/-/issues/1135 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1135 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:28:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:28:33 +0000 Subject: [gnutls-devel] GnuTLS | tpmtool_test.sh failure in tpm_createek call (#1136) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1371 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1371) Issue #1136: https://gitlab.com/gnutls/gnutls/-/issues/1136 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1136 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:28:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:28:33 +0000 Subject: [gnutls-devel] GnuTLS | fix CI failures on recent Fedora 33 image (!1371) In-Reply-To: References: Message-ID: Merge Request !1371 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:35:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:35:03 +0000 Subject: [gnutls-devel] GnuTLS | tests: remove hand-written parallelism (!1372) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372 Project:Branches: dueno/gnutls:wip/dueno/parallel-openssl to gnutls/gnutls:master Author: Daiki Ueno This splits `tests/suite/testcompat-openssl.sh` and `tests/suite/testcompat-polarssl.sh` into smaller tests so that they can be invoked in parallel by the automake's test harness. Fixes: #1099 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 13:42:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 12:42:19 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates (!1370) In-Reply-To: References: Message-ID: Andreas Metzler commented: FWIW: I can gladly confirm that the patch fixes the reproducer I had setup. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1370#note_475136929 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 16:37:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 15:37:41 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) In-Reply-To: References: Message-ID: Merge Request !1368 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 Project:Branches: SadieCat/gnutls:fix-priority-typo to gnutls/gnutls:master Author: Sadie Powell Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 16:42:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 15:42:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368#note_475264576 Sorry for the delay. The CI pipeline was broken for some time, so I've merged the change manually as https://gitlab.com/gnutls/gnutls/-/commit/3b80944f1678a193bb7fc3ff5c42a58798c2b66f. Thank you for the patch! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368#note_475264576 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 16:42:57 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 15:42:57 +0000 Subject: [gnutls-devel] GnuTLS | Fix a common typo of gnutls_priority_t. (!1368) In-Reply-To: References: Message-ID: Merge Request !1368 was closed by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 Project:Branches: SadieCat/gnutls:fix-priority-typo to gnutls/gnutls:master Author: Sadie Powell Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 17:58:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 16:58:39 +0000 Subject: [gnutls-devel] GnuTLS | libgnutls-openssl: Clean up list of exported symbols (!1373) References: Message-ID: Andreas Metzler created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 Project:Branches: ametzler/gnutls:tmp-limit-gnutls-openssl-exported-symbols to gnutls/gnutls:master Author: Andreas Metzler libgnutls-openssl exports many unwanted symbols (e.g. c_isgraph, get_stat_ctime, gnutls_x509_extract_certificate_dn, etc.) Clean this up by limiting to symbols whose name starts with a capital letter. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 18:32:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 17:32:45 +0000 Subject: [gnutls-devel] GnuTLS | libgnutls-openssl: Clean up list of exported symbols (!1373) In-Reply-To: References: Message-ID: Merge Request !1373 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 Project:Branches: ametzler/gnutls:tmp-limit-gnutls-openssl-exported-symbols to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 19:28:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 18:28:58 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update git submodule (!1374) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1374 Project:Branches: dueno/gnutls:wip/dueno/autoconf-2.70 to gnutls/gnutls:master Author: Daiki Ueno This brings in the fix for building with autoconf 2.70: https://lists.gnu.org/archive/html/bug-gnulib/2020-12/msg00091.html Suggested by Jan Palus in: https://gitlab.com/gnutls/gnutls/-/issues/1138 Fixes: #1138 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 19:29:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 18:29:26 +0000 Subject: [gnutls-devel] GnuTLS | Build fails with autoconf 2.70 (#1138) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the pointer; I've opened !1374 for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1138#note_475369019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 29 20:14:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Dec 2020 19:14:08 +0000 Subject: [gnutls-devel] GnuTLS | Rethink the use of GitHub CI integration (#1140) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1140 We have a [GitHub mirror](https://github.com/gnutls/gnutls) mainly used for testing on various macOS versions, provided by Travis CI. However, after their change of pricing model, it is no longer possible to use it for that purpose (unless someone pays for it): - https://blog.travis-ci.com/oss-announcement - https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing I guess we should stop relying on macOS CI on Travis at least, and switch to GitHub Actions for the limited support for that OS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1140 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 30 08:43:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Dec 2020 07:43:45 +0000 Subject: [gnutls-devel] GnuTLS | libgnutls-openssl: Clean up list of exported symbols (!1373) In-Reply-To: References: Message-ID: Andreas Metzler commented: Hello @dueno, just wondering about the correct thing to do. I see that I recently got a green [merge] button on gitlab. - Should I use it now, since you've already approved the patch? TIA, cu Andreas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373#note_475672325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 30 09:22:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Dec 2020 08:22:56 +0000 Subject: [gnutls-devel] GnuTLS | Rethink the use of GitHub CI integration (#1140) In-Reply-To: References: Message-ID: Airtower started a new discussion: https://gitlab.com/gnutls/gnutls/-/issues/1140#note_475686762 I've set up a workflow here: https://github.com/airtower-luna/gnutls/runs/1623839505 There are some test failures, but those occur in the Travis build, too. There are two things I'd like someone with macOS experience to take a look at: 1. The Travis build seems to test with different Xcode versions. The Github runners have multiple versions installed, but I'm not sure how to configure the build to use a certain one. 2. The dependency installation seems questionable, with failures being ignored and some packages being installed and then immediately upgraded. I just copied that from the Travis build, but maybe it could be improved? Other than that (or if those questions can be deferred) I'd say it's ready to merge. :slight_smile: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1140#note_475686762 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 30 10:14:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Dec 2020 09:14:55 +0000 Subject: [gnutls-devel] GnuTLS | libgnutls-openssl: Clean up list of exported symbols (!1373) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373#note_475711713 Sure, please go ahead and merge it :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373#note_475711713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 30 11:40:04 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Dec 2020 10:40:04 +0000 Subject: [gnutls-devel] GnuTLS | libgnutls-openssl: Clean up list of exported symbols (!1373) In-Reply-To: References: Message-ID: All discussions on Merge Request !1373 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 30 11:40:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Dec 2020 10:40:19 +0000 Subject: [gnutls-devel] GnuTLS | libgnutls-openssl: Clean up list of exported symbols (!1373) In-Reply-To: References: Message-ID: Merge Request !1373 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 Project:Branches: ametzler/gnutls:tmp-limit-gnutls-openssl-exported-symbols to gnutls/gnutls:master Author: Andreas Metzler Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: