From gnutls-devel at lists.gnutls.org Thu Mar 2 05:36:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Mar 2023 04:36:54 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 37 images (!1719) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1719 Project:Branches: dueno/gnutls:wip/dueno/ci-fedora37 to gnutls/gnutls:master Author: Daiki Ueno This updates the base CI images to Fedora 37. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1719 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 2 08:50:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Mar 2023 07:50:26 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 37 images (!1719) In-Reply-To: References: Message-ID: Merge request !1719 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1719 Project:Branches: dueno/gnutls:wip/dueno/ci-fedora37 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1719 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 2 08:50:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Mar 2023 07:50:24 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: switch to Fedora 37 images (!1719) In-Reply-To: References: Message-ID: Daiki Ueno commented: Merging without approval, as this is a CI-only change. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1719#note_1298238850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 2 10:22:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Mar 2023 09:22:56 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS 3.8.0 public API has broken ABI compatibility on 32-bit platforms with glibc >= 2.34 (#1466) References: Message-ID: Daniel P_ Berrang? created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1466 With the 3.8.0 release of GNUTLS, the public API has broken ABI compatibility on 32-bit platforms which have glibc >= 2.34 present. The issue affects any GNUTLS API that uses the `time_t` type. We detected this because it broken all the libvirt and QEMU unit tests which generate certificates, with errors about the certificate not being active yet. A condensed snippet from the QEMU tests to reproduce the problem is as follows: ``` $ cat demo.c #include #include #include #include #include # define PRIVATE_KEY \ "-----BEGIN RSA PRIVATE KEY-----\n" \ "MIIG5AIBAAKCAYEAyjWyLSNm5PZvYUKUcDWGqbLX10b2ood+YaFjWSnJrqx/q3qh\n" \ "rVGBJglD25AJENJsmZF3zPP1oMhfIxsXu63Hdkb6Rdlc2RUoUP34x9VC1izH25mR\n" \ "6c8DPDp1d6IraZ/llDMI1HsBFz0qGWtvOHgm815XG4PAr/N8rDsuqfv/cJ01KlnO\n" \ "0OdO5QRXCJf9g/dYd41MPu7wOXk9FqjQlmRoP59HgtJ+zUpE4z+Keruw9cMT9VJj\n" \ "0oT+pQ9ysenqeZ3gbT224T1khrEhT5kifhtFLNyDssRchUUWH0hiqoOO1vgb+850\n" \ "W6/1VdxvuPam48py4diSPi1Vip8NITCOBaX9FIpVp4Ruw4rTPVMNMjq9Cpx/DwMP\n" \ "9MbfXfnaVaZaMrmq67/zPhl0eVbUrecH2hQ3ZB9oIF4GkNskzlWF5+yPy6zqk304\n" \ "AKaiFR6jRyh3YfHo2XFqV8x/hxdsIEXOtEUGhSIcpynsW+ckUCartzu7xbhXjd4b\n" \ "kxJT89+riPFYij09AgMBAAECggGBAKyFkaZXXROeejrmHlV6JZGlp+fhgM38gkRz\n" \ "+Jp7P7rLLAY3E7gXIPQ91WqAAmwazFNdvHPd9USfkCQYmnAi/VoZhrCPmlsQZRxt\n" \ "A5QjjOnEvSPMa6SrXZxGWDCg6R8uMCb4P+FhrPWR1thnRDZOtRTQ+crc50p3mHgt\n" \ "6ktXWIJRbqnag8zSfQqCYGtRmhe8sfsWT+Yl4El4+jjaAVU/B364u7+PLmaiphGp\n" \ "BdJfTsTwEpgtGkPj+osDmhzXcZkfq3V+fz5JLkemsCiQKmn4VJRpg8c3ZmE8NPNt\n" \ "gRtGWZ4W3WKDvhotT65WpQx4+6R8Duux/blNPBmH1Upmwd7kj7GYFBArbCjgd9PT\n" \ "xgfCSUZpgOZHHkcgSB+022a8XncXna7WYYij28SLtwImFyu0nNtqECFQHH5u+k6C\n" \ "LRYBSN+3t3At8dQuk01NVrJBndmjmXRfxpqUtTdeaNgVpdUYRY98s30G68NYGSra\n" \ "aEvhhRSghkcLNetkobpY9pUgeqW/tQKBwQDZHHK9nDMt/zk1TxtILeUSitPXcv1/\n" \ "8ufXqO0miHdH23XuXhIEA6Ef26RRVGDGgpjkveDJK/1w5feJ4H/ni4Vclil/cm38\n" \ "OwRqjjd7ElHJX6JQbsxEx/gNTk5/QW1iAL9TXUalgepsSXYT6AJ0/CJv0jmJSJ36\n" \ "YoKMOM8uqzb2KhN6i+RlJRi5iY53kUhWTJq5ArWvNhUzQNSYODI4bNxlsKSBL2Ik\n" \ "LZ5QKHuaEjQet0IlPlfIb4PzMm8CHa/urOcCgcEA7m3zW/lL5bIFoKPjWig5Lbn1\n" \ "aHfrG2ngqzWtgWtfZqMH8OkZc1Mdhhmvd46titjiLjeI+UP/uHXR0068PnrNngzl\n" \ "tTgwlakzu+bWzqhBm1F+3/341st/FEk07r0P/3/PhezVjwfO8c8Exj7pLxH4wrH0\n" \ "ROHgDbClmlJRu6OO78wk1+Vapf5DWa8YfA+q+fdvr7KvgGyytheKMT/b/dsqOq7y\n" \ "qZPjmaJKWAvV3RWG8lWHFSdHx2IAHMHfGr17Y/w7AoHBALzwZeYebeekiVucGSjq\n" \ "T8SgLhT7zCIx+JMUPjVfYzaUhP/Iu7Lkma6IzWm9nW6Drpy5pUpMzwUWDCLfzU9q\n" \ "eseFIl337kEn9wLn+t5OpgAyCqYmlftxbqvdrrBN9uvnrJjWvqk/8wsDrw9JxAGc\n" \ "fjeD4nBXUqvYWLXApoR9mZoGKedmoH9pFig4zlO9ig8YITnKYuQ0k6SD0b8agJHc\n" \ "Ir0YSUDnRGgpjvFBGbeOCe+FGbohk/EpItJc3IAh5740lwKBwAdXd2DjokSmYKn7\n" \ "oeqKxofz6+yVlLW5YuOiuX78sWlVp87xPolgi84vSEnkKM/Xsc8+goc6YstpRVa+\n" \ "W+mImoA9YW1dF5HkLeWhTAf9AlgoAEIhbeIfTgBv6KNZSv7RDrDPBBxtXx/vAfSg\n" \ "x0ldwk0scZsVYXLKd67yzfV7KdGUdaX4N/xYgfZm/9gCG3+q8NN2KxVHQ5F71BOE\n" \ "JeABOaGo9WvnU+DNMIDZjHJMUWVw4MHz/a/UArDf/2CxaPVBNQKBwASg6j4ohSTk\n" \ "J7aE6RQ3OBmmDDpixcoCJt9u9SjHVYMlbs5CEJGVSczk0SG3y8P1lOWNDSRnMksZ\n" \ "xWnHdP/ogcuYMuvK7UACNAF0zNddtzOhzcpNmejFj+WCHYY/UmPr2/Kf6t7Cxk2K\n" \ "3cZ4tqWsiTmBT8Bknmah7L5DrhS+ZBJliDeFAA8fZHdMH0Xjr4UBp9kF90EMTdW1\n" \ "Xr5uz7ZrMsYpYQI7mmyqV9SSjUg4iBXwVSoag1iDJ1K8Qg/L7Semgg==\n" \ "-----END RSA PRIVATE KEY-----\n" static gnutls_x509_privkey_t load_key(void) { gnutls_x509_privkey_t key; const gnutls_datum_t data = { (unsigned char *)PRIVATE_KEY, strlen(PRIVATE_KEY) }; assert(gnutls_x509_privkey_init(&key) >= 0); assert(gnutls_x509_privkey_import(key, &data, GNUTLS_X509_FMT_PEM) >= 0); return key; } int main(int argc, char **argv) { gnutls_x509_crt_t crt; int err; static char buffer[1024 * 1024]; size_t size = sizeof(buffer); char serial[5] = { 1, 2, 3, 4, 0 }; gnutls_datum_t der; time_t start = time(NULL); time_t expire = time(NULL) + (60 * 60 * 24); gnutls_x509_privkey_t privkey = load_key(); assert(gnutls_x509_crt_init(&crt) >= 0); assert(gnutls_x509_crt_set_key(crt, privkey) >= 0); assert(gnutls_x509_crt_set_version(crt, 3) >= 0); assert(gnutls_x509_crt_set_serial(crt, serial, 5) >= 0); assert(gnutls_x509_crt_set_activation_time(crt, start) >= 0); assert(gnutls_x509_crt_set_expiration_time(crt, expire) >= 0); assert(gnutls_x509_crt_sign2(crt, crt, privkey, GNUTLS_DIG_SHA256, 0) >= 0); assert(gnutls_x509_crt_export( crt, GNUTLS_X509_FMT_PEM, buffer, &size) >= 0); assert(start == gnutls_x509_crt_get_activation_time(crt)); printf("%s\n", buffer); return 0; } ``` Compile this on a 32-bit host, (or 64-bit host passing -m32) and then query the certificate contents: ``` $ gcc -g -lgnutls -m32 -o demo demo.c $ ./demo | certtool -i | grep Not Not Before: Sat Sep 05 17:30:22 UTC 2703 Not After: Sun Sep 06 17:30:22 UTC 2703 ``` Notice that instead of having a validity/expiry date of today + 1 day, it has a date ~700 years into the future. This did not happen with gnutls 3.7.8 / 3.7.9 I ran a git bisect in gnutls and narrowed it down to this change ``` commit 61fa36ca4ea84ca3bc42918690151eec8dfc1148 Author: Daiki Ueno Date: Sat Jan 8 18:14:16 2022 +0100 gnulib: update git submodule Signed-off-by: Daiki Ueno ``` The problem arose because GNULIB has changed the 'largefile' module so that it probes for the C library exposing _TIME_BITS=64, and if available will set that define. This results in time_t changing from 32-bit in size to 64-bit when gnutls is built. Meanwhile essentially no application that uses GNUTLS will have _TIME_BITS=64 set, and thus they will all be passing/receiving time with a 32-bit time_t. This means that any application interacting with GNUTLS APIs that involve time_t will be broken on 32-bit hosts with glibc >= 2.34 (when _TIME_BITS=64 arrived). GNULIB did provide a '--disable-year2038' flag for configure which can be used at build time to disable 64-bit time_t. Essentially everyone who builds GNUTLS today needs to be sure to pass --disable-year2038 to avoid the silent ABI change. See also this thread https://sourceware.org/pipermail/libc-alpha/2023-March/146002.html Both Gentoo and Fedora have hit this ABI incompatibility, and any other distro which still has 32-bit builds will do so too. I'm not sure what the best course of action for GNUTLS is right now. IMHO, ideally GNULIB should not have forced 64-bit time_t on every application using 'largefile', it should have remained strictly opt-in, as GLibC had made it. I don't see a way for GNUTLS to get away from the 'largefile' change because 'largefile' is an important GNULIB module that every app needs. The best I can see is to prominently document the importance of setting '--disable-year2038' when building GNUTLS, unless GNULIB wants to revert their change to 'largefile' and make it opt-in. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1466 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 2 14:07:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Mar 2023 13:07:03 +0000 Subject: [gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1467 If there are multiple key objects with same label in a token, `p11tool --list-all` prints information of one of them, repeatedly: ```console $ mkdir t $ cd t $ echo 'directories.tokendir = .' > softhsm2.conf $ export SOFTHSM2_CONF=softhsm2.conf $ softhsm2-util --init-token --slot 0 --so-pin 1234 --pin 123456 --label Token1 $ pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --pin 123456 -v --key-type rsa:1024 $ pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --pin 123456 -v --key-type EC:prime256v1 $ pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --label OpenDNSSEC1 --pin 123456 -v --key-type rsa:1024 $ pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --label OpenDNSSEC1 --pin 123456 -v --key-type EC:prime256v1 $ p11tool --list-all pkcs11:model=SoftHSM%20v2 Object 0: URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=87b4e2263f5f82a4;token=Token1;object=OpenDNSSEC1;type=public Type: Public key (EC/ECDSA-SECP256R1) Label: OpenDNSSEC1 Flags: CKA_WRAP/UNWRAP; ID: Object 1: URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=87b4e2263f5f82a4;token=Token1;type=public Type: Public key Label: Flags: CKA_WRAP/UNWRAP; ID: Object 2: URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=87b4e2263f5f82a4;token=Token1;type=public Type: Public key Label: Flags: CKA_WRAP/UNWRAP; ID: Object 3: URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=87b4e2263f5f82a4;token=Token1;object=OpenDNSSEC1;type=public Type: Public key (EC/ECDSA-SECP256R1) Label: OpenDNSSEC1 Flags: CKA_WRAP/UNWRAP; ID: ``` Originally reported by @mhavrila. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 3 18:37:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Mar 2023 17:37:36 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS 3.8.0 public API has broken ABI compatibility on 32-bit platforms with glibc >= 2.34 (#1466) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented: I've since discovered that GNULIB flipped their default behaviour for 'largefile' back so the _TIME_BITS=64 is *NOT* enabled by default any more.. ``` commit 7c7c8a519f3892f6f5b30a1c6b22796ab314a45c Author: Paul Eggert Date: Sun Dec 25 11:41:57 2022 -0800 largefile: sync from Autoconf master ``` GNUTLS got this change in the master branch when it updated gnulib 2 weeks ago in ``` commit 9622d7201e1d73d217c18802e1d435ba3404adb3 Author: Daiki Ueno Date: Fri Feb 17 11:29:23 2023 +0900 gnulib: update git submodule Signed-off-by: Daiki Ueno ``` Presumably master branch corresponds to a future 3.9.0 release series, so if you create a branch for a 3.8.1 release, I'd suggest including this gnulib update to fix the ABI regression. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1466#note_1300721210 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 5 18:35:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Mar 2023 17:35:24 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler marked merge request !1716 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 5 18:44:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Mar 2023 17:44:19 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) References: Message-ID: Manogjna Singuluri created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720 Project:Branches: ms3939/gnutls:master to gnutls/gnutls:master Author: Manogjna Singuluri Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Owing to issue #1464 I have rewritten two files in python .Please let me know if any changes need to be done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 02:50:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 01:50:22 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Daiki Ueno commented: > Owing to issue #1464 I have rewritten two files in python .Please let me know if any changes need to be done This looks like a really good start. A couple of comments: - To fully integrate it with the testsuite, we would need to modify `tests/suite/test-ciphersuite-names.sh` to run the test with python instead of nodejs - I suggest replacing `tls-parameters.xml` and `registry-ciphers.xslt` with a [CSV file](https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv) and another Python script to generate `registry-ciphers.py` from the CSV data (you could use [`csv.reader`](https://docs.python.org/3/library/csv.html#csv.reader)). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1301496497 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 08:17:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 07:17:19 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Manogjna Singuluri commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1301668565 Sure will work on that! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1301668565 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 09:49:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 08:49:27 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 10:26:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 09:26:35 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/pkcs7-gen.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721#note_1301884817 > exit(1); > } > > + ret = gnutls_pkcs7_get_signature_count(pkcs7); > + if (ret < 0) { Should we check against the known number of signatures rather than just checking non-negativeness? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721#note_1301884817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 12:01:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 11:01:03 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS: Consider depth-first ("branching") certificate path building strategy (#1286) In-Reply-To: References: Message-ID: vandita chauhan commented: I like to contribute to this project , can I get some more knowledge about it Since I'm building an approach using different technologies -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1286#note_1302045291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 12:18:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 11:18:13 +0000 Subject: [gnutls-devel] libtasn1 | memory leaks in asn1_array2tree (#26) In-Reply-To: References: Message-ID: wang cheng commented: By carefully reviewing the code he submitted, I found that the memory leak described in this issue does not exist. I guess the memory leak described by this issue is as follows: ``` A---B---C | D ``` Assuming that A has been added to the tree (the structure is shown above), now a new node E needs to be added to the right of A. At this time, the following function will be called to delete the right node of A: ``` if (p_last && p_last->down) _asn1_delete_structure (e_list, &p_last->down, 0); ``` The memory leak of the node C will be caused. So this [commit](https://gitlab.com/gnutls/libtasn1/-/merge_requests/62) uses a while loop to continue deleting node C. But the problem described above will not appear in the `asn1_array2tree` function, because the new node creation function `_asn1_add_static_node` uses `calloc` to allocate memory. Perhaps this judgment `if (p_last && p_last->down)` is redundant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/26#note_1302077208 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 6 15:49:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Mar 2023 14:49:13 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Manogjna Singuluri commented: Tried doing that! Please go through it and let me know if anything needs to be done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1302436963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 01:05:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 00:05:42 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Daiki Ueno commented: Aside from the comments, the following files still need to be adjusted: - `tests/suite/test-ciphersuite-names.sh` should use python, not nodejs - `tests/suite/ciphersuites/test-ciphers.js` should probably be rewritten in python Once the rewrite is complete, you might want to run the test, which can be done with: ```console $ ./bootstrap --skip-po $ ./configure --disable-doc $ make -j$(nproc) $ cd tests/suite $ make check TESTS=test-ciphersuite-names.sh ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303140864 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 01:05:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 00:05:42 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1720 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/suite/ciphersuite/generate-registry-ciphers.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303140859 > + cipher_suites = [] > + for row in csv_reader: > + if row['registry_id'] == 'tls-parameters-4' and \ I got the following error when I run the script: ```console $ python generate-registry-ciphers.py Traceback (most recent call last): File "/home/ueno/devel/gnutls/tests/suite/ciphersuite/generate-registry-ciphers.py", line 7, in if row['registry_id'] == 'tls-parameters-4' and \ ~~~^^^^^^^^^^^^^^^ KeyError: 'registry_id' ``` -- Daiki Ueno started a new discussion on tests/suite/ciphersuite/registry-ciphers.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303140862 > -var registry_ciphersuites = { This file is now generated with `generate-registry-ciphers.py`; maybe we can remove it entirely? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 03:02:17 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 02:02:17 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on tests/pkcs7-gen.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721#note_1303193255 > exit(1); > } > > + ret = gnutls_pkcs7_get_signature_count(pkcs7); > + if (ret < 0) { That's true. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721#note_1303193255 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 03:02:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 02:02:24 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) In-Reply-To: References: Message-ID: All discussions on merge request !1721 were resolved by xuraoqing https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 03:09:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 02:09:47 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Manogjna Singuluri commented on a discussion on tests/suite/ciphersuite/registry-ciphers.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303197318 > -var registry_ciphersuites = { sure! 'll remove it when errors got resolued -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303197318 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 03:10:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 02:10:22 +0000 Subject: [gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1468 While those flag and modifier are described similarly in the manual, the actual behavior is a bit different. `GNUTLS_NO_EXTENSIONS` only disables a certain set of extensions (status request and extended master secret), `%NO_EXTENSIONS` prevents sending any TLS extensions. We probably should name the former like `GNUTLS_NO_DEFAULT_EXTENSIONS` and/or document the current behavior properly. ``` 'GNUTLS_NO_EXTENSIONS' Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. ``` ``` %NO_EXTENSIONS will prevent the sending of any TLS extensions in client side. Note that TLS 1.2 requires extensions to be used, as well as safe renegotiation thus this option must be used with care. When this option is set no versions later than TLS1.2 can be negotiated. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 03:11:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 02:11:58 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Manogjna Singuluri commented on a discussion on tests/suite/ciphersuite/generate-registry-ciphers.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303198520 > +import csv > + > +with open('tls-parameters-4.csv') as csv_file: > + csv_reader = csv.DictReader(csv_file) > + cipher_suites = [] > + for row in csv_reader: > + if row['registry_id'] == 'tls-parameters-4' and \ Worked on it! will be resolved with the latest commit.please go through it -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303198520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 03:27:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 02:27:03 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Manogjna Singuluri commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303204653 tests/suite/ciphersuites/test-ciphers.js is using a nodejs file named "gnutls-ciphers.js" which I am unable to find in the repository. Can you help me out with that -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303204653 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 06:34:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 05:34:42 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) In-Reply-To: References: Message-ID: Merge request !1721 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 06:34:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 05:34:57 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) In-Reply-To: References: Message-ID: Merge request !1721 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 06:35:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 05:35:06 +0000 Subject: [gnutls-devel] GnuTLS | add gnutls_pkcs7_get_signature_count test (!1721) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1721#note_1303318925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 7 06:50:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Mar 2023 05:50:47 +0000 Subject: [gnutls-devel] GnuTLS | Work on issue #1464 (!1720) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1720 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on tests/suite/ciphersuite/generate-registry-ciphers.py: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303327300 > + cipher_suites = [] > + for row in csv_reader: > + if row['registry_id'] == 'tls-parameters-4' and \ It now runs without failure, but the output is not as expected (I think): ```diff registry_ciphersuites = { - 0x0000: "TLS_NULL_WITH_NULL_NULL", - 0x0001: "TLS_RSA_WITH_NULL_MD5", - 0x0002: "TLS_RSA_WITH_NULL_SHA", ... + '00,9E': 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ([RFC5288])', + '00,9F': 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ([RFC5288])', + '00,AA': 'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 ([RFC5487])', } ``` A few observations: - the format of keys is different (it should be 0x....) - some ciphersuites are filtered out (because the script rejects ciphersuites with DTLS-OK != Y) -- Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720#note_1303327304 Previously, `gnutls-ciphers.js` was generated with `scan-gnutls.sh`, which you have rewritten as `scan-gnutls.py`. So I think what's expected here is to run `scan-gnutls.py` and generate a Python output (`gnutls-ciphers.py`). However, `scan-gnutls.py` currently fails: ```console $ python ./ciphersuite/scan-gnutls.py File "/home/ueno/devel/gnutls/tests/suite/./ciphersuite/scan-gnutls.py", line 58 f"prf: \"{suite['prf']}\" } ^ SyntaxError: unterminated string literal (detected at line 58) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 8 15:55:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Mar 2023 14:55:16 +0000 Subject: [gnutls-devel] GnuTLS | installing bookworm sid 12 on bullseye 11, libgiognutls problems arised (#1469) References: Message-ID: Elias Tsolis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1469 installing bookworm sid 12 on bullseye 11, libgiognutls problems arised (I Know that is in testing phase, but what I must do now?) `systemctl --user status xdg-desktop-portal*` results `xdg-desktop-portal[21464]: /usr/libexec/xdg-desktop-portal: symbol lookup error: /usr/libexec/xdg-desktop-portal: undefined symbol: g_power_profile_monitor_dup_default` `sudo apt update` results `Failed to load module: /usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so /usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so: undefined symbol: g_tls_channel_binding_error_quark ` in journal some entries: `error: /usr/libexec/gvfsd-trash: undefined symbol: g_unix_mount_point_at` `tracker-extract-3[51569]: /usr/lib/x86_64-linux-gnu/gio/modules/libgiognutls.so: undefined symbol: g_tls_channel_binding_error_quark` what I must do? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1469 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 8 16:32:13 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Mar 2023 15:32:13 +0000 Subject: [gnutls-devel] GnuTLS | installing bookworm sid 12 on bullseye 11, libgiognutls problems arised (#1469) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin Issue #1469: https://gitlab.com/gnutls/gnutls/-/issues/1469 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1469 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 8 16:32:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Mar 2023 15:32:12 +0000 Subject: [gnutls-devel] GnuTLS | installing bookworm sid 12 on bullseye 11, libgiognutls problems arised (#1469) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: The error suggests that the problem, if it exists, lies with the way libgiognutls is built in Debian. It doesn't seem to be related to gnutls itself. I'd suggest you to [install clean debian bookworm directly](https://www.debian.org/devel/debian-installer) (in a VM or somehow else) and try to reproduce the problem there. If you're successful in that, raise a question with Debian libgiognutls maintainers through Debian BTS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1469#note_1305770648 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 8 22:48:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Mar 2023 21:48:47 +0000 Subject: [gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467) In-Reply-To: References: Message-ID: Abhinav Srivastava commented: Can take this up, just wondering which directory would I be working with (first time here!) I'm guessing it's this: https://gitlab.com/gnutls/gnutls/-/blob/master/src/p11tool.c#L342 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1306227059 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 00:47:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Mar 2023 23:47:23 +0000 Subject: [gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1306312912 Yes, that's correct; in general, we put source files for tools (p11tool, etc.) under `src/`. Note also that the actual printing logic is in `src/pkcs11.c`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1306312912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 01:56:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 00:56:06 +0000 Subject: [gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467) In-Reply-To: References: Message-ID: Abhinav Srivastava commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1306348864 Ah, so to tackle this I'd have to write a way in `src/pkcs11.c` for the printing logic to differentiate between labels. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1306348864 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 09:32:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 08:32:38 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 13:31:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 12:31:35 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/crl_apis.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1307263849 > + assert(gnutls_x509_crl_get_issuer_dn(crl, crl_issuer, &crl_issuer_size) > + == GNUTLS_E_SUCCESS); > + assert(memcmp(crl_issuer, issuer, strlen(crl_issuer)) == 0); Use `memcmp` with a caution that a size mismatch may cause an out-of-bound read; maybe it should be `crl_issuer_size == issue_size && memcmp(crl_issuer, issuer, crl_issuer_size) == 0`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 15:11:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 14:11:02 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: All discussions on merge request !1711 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 15:11:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 14:11:01 +0000 Subject: [gnutls-devel] GnuTLS | Draft: priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1307479971 I just tweaked the relevant tests using those options for now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711#note_1307479971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 15:11:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 14:11:09 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !1711 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 15:11:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 14:11:14 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Merge request !1711 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 Project:Branches: dueno/gnutls:wip/dueno/ems to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 22:42:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 21:42:43 +0000 Subject: [gnutls-devel] GnuTLS | priority: add %FORCE_SESSION_HASH modifier (!1711) In-Reply-To: References: Message-ID: Merge request !1711 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 Project:Branches: dueno/gnutls:wip/dueno/ems to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Hubert Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 9 22:42:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Mar 2023 21:42:43 +0000 Subject: [gnutls-devel] GnuTLS | Add setting for requiring use of EMS in TLS 1.2 (#1445) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1711 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1711) Issue #1445: https://gitlab.com/gnutls/gnutls/-/issues/1445 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1445 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 04:10:10 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 03:10:10 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on tests/crl_apis.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1308347087 > +{ > +#define DN_MAX_LEN (1024) > + gnutls_x509_crt_t crt; > + char *issuer = gnutls_malloc(DN_MAX_LEN); > + size_t issuer_size = DN_MAX_LEN; > + assert(gnutls_x509_crt_init(&crt) >= 0); > + assert(gnutls_x509_crt_import(crt, issuer_cert, GNUTLS_X509_FMT_PEM) >= > + 0); > + assert(gnutls_x509_crt_get_issuer_dn(crt, issuer, &issuer_size) >= 0); > + > + /* issuer check */ > + char *crl_issuer = gnutls_malloc(DN_MAX_LEN); > + size_t crl_issuer_size = DN_MAX_LEN; > + assert(gnutls_x509_crl_get_issuer_dn(crl, crl_issuer, &crl_issuer_size) > + == GNUTLS_E_SUCCESS); > + assert(memcmp(crl_issuer, issuer, strlen(crl_issuer)) == 0); yeah,i will fix them all? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1308347087 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 08:11:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 07:11:07 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/crl_apis.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1308543135 > + dn.data = NULL; > + dn.size = 0; > + memset(crl_issuer, 0, dn.size); This has no effect as `dn.size` is set to 0 above? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 10:12:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 09:12:49 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) References: Message-ID: Richard W_M_ Jones created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1470 ## Description of problem: Since both `nbdkit` and `libnbd` support gnutls + kTLS, I can test (k)TLS sending and receiving between our server and client. I have found that if the sending process is using kTLS, then the data gets desynchronised under load. However receiving using kTLS seems fine. It seems there is a problem in gnutls_record_send (or perhaps the kernel related to sendmsg when using kTLS). Here is my test: ``` $ psktool -u alice -p keys.psk $ nbdkit --tls=require --tls-psk=keys.psk pattern 10G \ --run 'nbdcopy -p --no-extents "nbds://alice at localhost?tls-psk-file=keys.psk" null:' ``` It copies 10G of pattern data from nbdkit (server) to nbdcopy (client) and then throws it away (`null:`) over TCP localhost port 10809. The pattern data is generated by https://libguestfs.org/nbdkit-pattern-plugin.1.html Without kTLS it works fine. With kTLS it fails. I also hacked gnutls so I could disable kTLS selectively. Using LD_LIBRARY_PATH I am able to selectively enable and disable kTLS at either end. I found that it only fails if the **sender** is using kTLS, not if the sender is using userspace TLS and the receiver is using kTLS. This seems to indicate the problem happens on the sending side. I also used strace to show that it is a desynchronisation problem, because we can see the patterns produced by https://libguestfs.org/nbdkit-pattern-plugin.1.html in what is supposed to be an NBD reply header. ## Version of gnutls used: gnutls @ 496b4bb357adfbaa kernel 6.2.0-0.rc7.20230206gitd2d11f342b17.50.fc38.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora, but self-built. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 11:40:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 10:40:52 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: I think I may understand the problem. I collected an `strace` of the server when the desynchronisation happens, and the pattern of syscalls is odd. We see: ``` sendmsg(7, {msg_name=NULL, msg_namelen=0, msg_iov=[{... iov_len=262144}], msg_iovlen=1, msg_control=[{cmsg_len=17, cmsg_ level=SOL_TLS, cmsg_type=0x1}], msg_controllen=17, msg_flags=0}, MSG_DONTWAIT = 245760 ``` In other words, a short write. We wanted to send 262144 bytes, but only sent 245760 (16K less). Then I see: ``` sendmsg(7, {msg_name=NULL, msg_namelen=0, msg_iov=[{... iov_len=16384}], msg_iovlen=1, msg_control=[{cmsg_len=17, cmsg_level=SOL_TLS, cmsg_type=0x1}], msg_controllen=17, msg_flags=0}, MSG_DONTWAIT = -1 EAGAIN (Resource temporarily unavailable) ``` It's trying to follow on with the remaining 16K of data, and gets EAGAIN. But immediately after: ``` sendmsg(7, {msg_name=NULL, msg_namelen=0, msg_iov=[{... iov_len=262144}], msg_iovlen=1, msg_control=[{cmsg_len=17, cmsg_level=SOL_TLS, cmsg_type=0x1}], msg_controllen=17, msg_flags=0}, MSG_DONTWAIT= -1 EAGAIN (Resource temporarily unavailable) ``` It's trying to send the full block (the data is the same as before) again, which is definitely wrong. The documentation for `GNUTLS_E_INTERRUPTED` is quite confusing to be honest: > If the EINTR is returned by the internal push function then GNUTLS_E_INTERRUPTED will be returned. If GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call this function again with the exact same parameters, or provide a NULL pointer for data and 0 for data_size , in order to write the same data as before. If you wish to discard the previous data instead of retrying, you must call gnutls_record_discard_queued() before calling this function with different parameters. Note that the latter works only on special transports (e.g., UDP). cf. gnutls_record_get_direction(). Our code is here, and I think it's doing the right thing but I'm not certain of it: https://gitlab.com/nbdkit/nbdkit/-/blob/45b72f5bd8fc1b475fa130d06c86cd877bf595d5/server/crypto.c#L399 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470#note_1308821019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 11:55:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 10:55:18 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: I tried modifying nbdkit so it calls `gnutls_record_send(session, NULL, 0)` when GNUTLS_E_INTERRUPTED|AGAIN is seen, but it doesn't seem to work right. It just immediately returns success, and then when we try to send the next data that returns GNUTLS_E_INTERRUPTED. So I guess there's either something I don't understand about the gnutls sending API, or else the implementation of the API is wrong in the kTLS case. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470#note_1308847686 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 12:02:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 11:02:39 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: Looking at https://gitlab.com/gnutls/gnutls/-/blob/3a812ae1bb684a754f5988c6dd3e7b8f861a974f/lib/system/ktls.c#L565 I think the problem seems likely to be in the implementation of kTLS inside GnuTLS. I think what we are seeing is the first iteration of the while loop, `data_to_send` is 262144. We successfully do a short `sendmsg`, so `data_to_send` will be 16384. Then `sendmsg` returns `EAGAIN`. We return to the caller, but now we've "forgotten" that we already sent the first 245760 bytes. I'm pretty sure that loop cannot work in the case where `sendmsg` could ever return a short write. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470#note_1308857894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 12:10:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 11:10:57 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1470#note_1308870699 I concur, the lines ``` case EINTR: return GNUTLS_E_INTERRUPTED; case EAGAIN: return GNUTLS_E_AGAIN; ``` both have broken semantics AFAICT. Those two error codes must *ONLY* be returned if 'data_size == 0', otherwise the caller has no knowledge of fact that some bytes were successfully sent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470#note_1308870699 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 12:19:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 11:19:37 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short writes (!1723) References: Message-ID: Richard W_M_ Jones created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 Project:Branches: rwmjones/gnutls:2023-fix-ktls-writes to gnutls/gnutls:master Author: Richard W_M_ Jones Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 12:20:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 11:20:08 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Richard W_M_ Jones commented: Suggested fix: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470#note_1308882899 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 18:41:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 17:41:58 +0000 Subject: [gnutls-devel] libtasn1 | WATCH Creed 3 (FREE) FULLMOVIE ONLINE ON STREAMINGS | CREED III (#40) In-Reply-To: References: Message-ID: Issue was closed by Hilmi Cs Issue #40: https://gitlab.com/gnutls/libtasn1/-/issues/40 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/40 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 18:41:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 17:41:55 +0000 Subject: [gnutls-devel] libtasn1 | WATCH Creed 3 (FREE) FULLMOVIE ONLINE ON STREAMINGS | CREED III (#40) References: Message-ID: Hilmi Cs created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/40 16 secs ago - Still Now Here Option?s to Downloading or watching Scream 6 streaming the full movie online for free. Do you like movies? If so, then you?ll love New Romance Movie: Scream 6. This movie is one of the best in its genre. Scream 6 will be available to watch online on Netflix's very soon! ? ? ???? [Watch Scream 6 Full Movie HD](https://t.co/7LiYEtZpFI) ? ? ???? [Watch Here Scream 6 Full Movie Free](https://t.co/7LiYEtZpFI) Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... ? Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... ? Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... ? Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/40 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 19:10:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 18:10:52 +0000 Subject: [gnutls-devel] libtasn1 | WATCH Scream 6 (FREE) FULLMOVIE ONLINE ON STREAMINGS | SCREAM VI (#41) References: Message-ID: Rawa Rontek created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/41 16 secs ago - Still Now Here Option?s to Downloading or watching Scream 6 streaming the full movie online for free. Do you like movies? If so, then you?ll love New Romance Movie: Scream 6. This movie is one of the best in its genre. Scream 6 will be available to watch online on Netflix's very soon! ? ? ???? [Watch Scream 6 Full Movie HD](https://t.co/7LiYEtZpFI) ? ? ???? [Watch Here Scream 6 Full Movie Free](https://t.co/7LiYEtZpFI) Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... ? Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... ? Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... ? Now Is Scream 6 available to stream? Is watching Scream 6 on Disney Plus, HBO Max, Netflix, or Amazon Prime? Yes, we have found an authentic streaming option/service. A 1950s housewife living with her husband in a utopian experimental community begins to worry that his glamorous company could be hiding disturbing secrets. Showcase Cinema Warwick you'll want to make sure you're one of the first people to see it! So mark your calendars and get ready for a Scream 6 movie experience like never before. of our other Marvel movies available to watch online. We're sure you'll find something to your liking. Thanks for reading, and we'll see you soon! Scream 6 is available on our website for free streaming. Details on how you can watch Scream 6 for free throughout the year are described If you're a fan of the comics, you won't want to miss this one! The storyline follows Scream 6 as he tries to find his way home after being stranded on an alien Scream 6t. Scream 6 is definitely a Scream 6 movie you don't want to miss with stunning visuals and an action-packed plot! Plus, Scream 6 online streaming is available on our website. Scream 6 online is free, which includes streaming options such as 123movies, Reddit, or TV shows from HBO Max or Netflix! Scream 6 Release in the US Scream 6 hits theaters on January 20, 2023. Tickets to see the film at your local movie theater are available online here. The film is being released in a wide release so you can watch it in person. How to Watch Scream 6 for Free?release on a platform that offers a free trial. Our readers to always pay for the content they wish to consume online and refrain from using illegal means. Where to Watch Scream 6? There are currently no platforms that have the rights to Watch Scream 6 Movie Online.MAPPA has decided to air the movie only in theaters because it has been a huge success.The studio , on the other hand, does not wish to divert revenue Streaming the movie would only slash the profits, not increase them. As a result, no streaming services are authorized to offer Scream 6 Movie for free. The film would, however, very definitely be acquired by services like Funimation , Netflix, and Crunchyroll. As a last consideration, which of these outlets will likely distribute the film worldwide? Is Scream 6 on Netflix? The streaming giant has a massive catalog of television shows and movies, but it does not include 'Scream 6.' We recommend our readers watch other dark fantasy films like 'The Witcher: Nightmare of the Wolf.' Is Scream 6 on Crunchyroll? Crunchyroll, along with Funimation, has acquired the rights to the film and will be responsible for its distribution in North America.Therefore, we recommend our readers to look for the movie on the streamer in the coming months. subscribers can also watch dark fantasy shows like 'Jujutsu Kaisen.' Is Scream 6 on Hulu? No, 'Scream 6' is unavailable on Hulu. People who have a subscription to the platform can enjoy 'Afro Samurai Resurrection' or 'Ninja Scroll.' Is Scream 6 on Amazon Prime? Amazon Prime's current catalog does not include 'Scream 6.' However, the film may eventually release on the platform as video-on-demand in the coming months.fantasy movies on Amazon Prime's official website. Viewers who are looking for something similar can watch the original show 'Dororo.' When Will Scream 6 Be on Disney+? Scream 6, the latest installment in the Scream 6 franchise, is coming to Disney+ on July 8th! This new movie promises to be just as exciting as the previous ones, with plenty of action and adventure to keep viewers entertained. you're looking forward to watching it, you may be wondering when it will be available for your Disney+ subscription. Here's an answer to that question! Is Scream 6 on Funimation? Crunchyroll, its official website may include the movie in its catalog in the near future. Meanwhile, people who wish to watch something similar can stream 'Demon Slayer: Kimetsu no Yaiba ? The Movie: Mugen Train.' Scream 6 Online In The US? Most Viewed, Most Favorite, Top Rating, Top IMDb movies online. Here we can download and watch 123movies movies offline. 123Movies website is the best alternative to Scream 6's (2021) free online. We will recommend 123Movies as the best Solarmovie alternative There are a few ways to watch Scream 6 online in the US You can use a streaming service such as Netflix, Hulu, or Amazon Prime Video. You can also rent or buy the movie on iTunes or Google Play. watch it on-demand or on a streaming app available on your TV or streaming device if you have cable. What is Scream 6 About? It features an ensemble cast that includes Florence Pugh, Harry Styles, Wilde, Gemma Chan, KiKi Layne, Nick Kroll, and Chris Pine. In the film, a young wife living in a 2250s company town begins to believe there is a sinister secret being kept from her by the man who runs it. InshaAllah....... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/41 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 10 19:10:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 18:10:56 +0000 Subject: [gnutls-devel] libtasn1 | WATCH Scream 6 (FREE) FULLMOVIE ONLINE ON STREAMINGS | SCREAM VI (#41) In-Reply-To: References: Message-ID: Issue was closed by Rawa Rontek Issue #41: https://gitlab.com/gnutls/libtasn1/-/issues/41 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/41 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 11 00:36:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 23:36:48 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short writes (!1723) In-Reply-To: References: Message-ID: Merge request !1723 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 Project:Branches: rwmjones/gnutls:2023-fix-ktls-writes to gnutls/gnutls:master Author: Richard W_M_ Jones Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 11 00:37:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 23:37:01 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short writes (!1723) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723#note_1309810369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 11 00:37:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 23:37:09 +0000 Subject: [gnutls-devel] GnuTLS | kTLS gets desynchronised when sending (in gnutls_record_send) (#1470) In-Reply-To: References: Message-ID: Issue was closed by Richard W_M_ Jones via commit 21c386860f1973344872eec4e4dd68644b1b48aa Issue #1470: https://gitlab.com/gnutls/gnutls/-/issues/1470 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1470 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 11 00:37:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Mar 2023 23:37:09 +0000 Subject: [gnutls-devel] GnuTLS | ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short writes (!1723) In-Reply-To: References: Message-ID: Merge request !1723 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 Project:Branches: rwmjones/gnutls:2023-fix-ktls-writes to gnutls/gnutls:master Author: Richard W_M_ Jones -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1723 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 12 13:13:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Mar 2023 12:13:50 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented: I have no idea about the CI errors. debian/tests fail in src/gl/tests/ ``` ./../../build-aux/test-driver: line 109: 61536 Aborted (core dumped) "$@" > $log_file 2>&1 FAIL: test-parse-datetime ``` although we are exclusively touching the tests/ subdirectory. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1310404513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 12 22:44:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Mar 2023 21:44:00 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: All discussions on merge request !1716 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 12 22:49:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Mar 2023 21:49:48 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/scripts/gnutls_timewrapper: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1310649430 > +#!/bin/sh > + > +set -e > + > +if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then How about turning this script into a shell function in `common.sh` and exit the caller when any error happened? Then we could also omit `skip_if_no_timewrapper` calls. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1310649430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 01:39:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 00:39:24 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Sanskar Sehgal commented: Can try to work on this. Which directory do I need to look into? (Super new here) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310701204 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 02:33:12 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 01:33:12 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310714243 I can directly point you to the code, but maybe it might make sense to see how the current code works. If you successfully build the source code you will get test server and client in `src/gnutls-serv` and `src/gnutls-cli`. You can establish a TLS connection with something like: ```console $ src/gnutls-serv --x509certfile=doc/credentials/x509/cert-rsa-pss.pem --x509keyfile=doc/credentials/x509/key-rsa-pss.pem & $ src/gnutls-cli -d4 --x509cafile=doc/credentials/x509/ca.pem localhost -p 5556 ``` then you will see something like "Sending extension OCSP Status Request/5 (5 bytes)" in the output. After that you see where the message comes from, with `git grep "Sending extension"` for example. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310714243 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 03:01:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 02:01:53 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on tests/crl_apis.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310722165 > + assert(gnutls_x509_crt_import(crt, issuer_cert, GNUTLS_X509_FMT_PEM) >= > + 0); > + assert(gnutls_x509_crt_get_issuer_dn(crt, issuer, &issuer_size) >= 0); > + > + /* issuer check */ > + char *crl_issuer = gnutls_malloc(DN_MAX_LEN); > + size_t crl_issuer_size = DN_MAX_LEN; > + assert(gnutls_x509_crl_get_issuer_dn(crl, crl_issuer, &crl_issuer_size) > + == GNUTLS_E_SUCCESS); > + assert(crl_issuer_size == issuer_size > + && memcmp(crl_issuer, issuer, issuer_size) == 0); > + > + gnutls_datum_t dn; > + dn.data = NULL; > + dn.size = 0; > + memset(crl_issuer, 0, dn.size); memset is not required,i will delete it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310722165 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 03:34:43 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 02:34:43 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/crl_apis.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310735343 > return crl; > } > > +static void verify_issuer(gnutls_x509_crl_t crl, > + const gnutls_datum_t * issuer_cert) > +{ > +#define DN_MAX_LEN (1024) > + gnutls_x509_crt_t crt; > + char *issuer = gnutls_malloc(DN_MAX_LEN); `gnutls_calloc` (so you wouldn't need `memset`)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310735343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 03:35:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 02:35:16 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Merge request !1722 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 04:34:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 03:34:47 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: add `--attime` option (!1724) References: Message-ID: Pravek Sharma created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 Project:Branches: praveksharma/gnutls:feat/ocsp_attime to gnutls/gnutls:master Author: Pravek Sharma This adds the `--attime` option to ocsptool as required by Issue #1463. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 05:12:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 04:12:15 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: add `--attime` option (!1724) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on src/ocsptool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724#note_1310782741 > "long-option": "verify-allow-broken", > "description": "Allow broken algorithms, such as MD5 for verification", > "detail": "This can be combined with --verify-response." > + }, > + { > + "long-option": "attime", > + "description": "Perform validation at the timestamp instead of the system time", > + "detail": "Number of seconds since 01.01.1970", > + "argument-name": "timestamp", > + "argument-type": "number" I think it would be more useful if the option takes a string, like "2023-03-13" or "@1678680679". As we already import the [parse-datetime](https://www.gnu.org/software/gnulib/MODULES.html#module=parse-datetime) module from Gnulib, you could include "parse-datetime.h" and call `parse_datetime` function on the option value. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724#note_1310782741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 07:14:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 06:14:36 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Sanskar Sehgal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310847310 Tried setting it up on my local, ./bootstrap runs without errors but on running ./configure it constantly throws the error- ``` configure: error: *** *** gmp was not found. ``` For context, I am using a Mac Apple Silicon. Any clue why? I have verified that gmp is installed. On running ``` brew list gmp ``` The output I get is - ``` /opt/homebrew/Cellar/gmp/6.2.1_1/include/ (2 files) /opt/homebrew/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib /opt/homebrew/Cellar/gmp/6.2.1_1/lib/libgmpxx.4.dylib /opt/homebrew/Cellar/gmp/6.2.1_1/lib/pkgconfig/ (2 files) /opt/homebrew/Cellar/gmp/6.2.1_1/lib/ (4 other files) /opt/homebrew/Cellar/gmp/6.2.1_1/share/info/ (3 files) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310847310 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 07:39:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 06:39:40 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310861766 Could you attach the `config.log` file? We have CI doing macOS [build](https://gitlab.com/gnutls/gnutls/-/blob/157cfaebc098101ad41adbbf67291cd471ec1df2/.github/workflows/macos.yml#L14), but it might be based on older version of the OS than yours. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310861766 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 07:59:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 06:59:48 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Sanskar Sehgal commented: [config.log](/uploads/8a5cb330a8e4a316811a5453cf46916d/config.log) Here's the `config.log` file -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310876204 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 08:01:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 07:01:25 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Sanskar Sehgal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310877378 Here's the `config.log` file. [config.log](/uploads/a13fe84993620955f0cb45263a03514e/config.log) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310877378 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 08:19:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 07:19:27 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310893292 I see this: ``` configure:12461: checking for __gmpz_cmp in -lgmp configure:12484: gcc -o conftest -g -O2 -Wl,-no_weak_imports conftest.c -lgmp >&5 ld: library not found for -lgmp clang: error: linker command failed with exit code 1 (use -v to see invocation) ``` That might be an actual issue in the GnuTLS build infrastructure, so it shouldn't assume libgmp is available on the default library path (patch to fix this would be appreciated :-). Since your `brew list gmp` output contains a pkgconfig path, maybe you could work it around with: ``` ./configure GMP_CFLAGS=$(pkg-config gmp --cflags) GMP_LIBS=$(pkg-config gmp --libs) ... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1310893292 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 08:46:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 07:46:32 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion on tests/crl_apis.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310923325 > return crl; > } > > +static void verify_issuer(gnutls_x509_crl_t crl, > + const gnutls_datum_t * issuer_cert) > +{ > +#define DN_MAX_LEN (1024) > + gnutls_x509_crt_t crt; > + char *issuer = gnutls_malloc(DN_MAX_LEN); it looks better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310923325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 08:47:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 07:47:38 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: All discussions on merge request !1722 were resolved by xuraoqing https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 08:55:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 07:55:16 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Merge request !1722 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 08:57:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 07:57:19 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722#note_1310935066 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 15:04:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 14:04:07 +0000 Subject: [gnutls-devel] GnuTLS | add CRL issuer get test (!1722) In-Reply-To: References: Message-ID: Merge request !1722 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 18:30:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 17:30:18 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/scripts/gnutls_timewrapper: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1312005413 > +#!/bin/sh > + > +set -e > + > +if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then I can get rid of skip_if_no_timewrapper (using "return 77" in the wrapper script instead), however a separate executable (script) is necessary since some tests use timeout on top of datefudge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1312005413 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 18:58:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 17:58:56 +0000 Subject: [gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468) In-Reply-To: References: Message-ID: Hoang Long commented: I wanna try to work on this. Could you point me to relevant codes and a small guide on how to proceed? (i'm new) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468#note_1312037548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 19:41:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 18:41:06 +0000 Subject: [gnutls-devel] GnuTLS | need configurable echo server inactivity timeout (#1471) References: Message-ID: John Muehlhausen created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1471 gnutls-serv does not appear to allow testing of heartbeats (-b) via echo server since timeout is hard-coded to 30 seconds? Recommend adding a configuration parameter to control the inactivity interval. ``` if (j->start != 0 && now - j->start > 30) { if (verbose != 0) { fprintf(stderr, "Scheduling inactive connection for close\n"); } j->http_state = HTTP_STATE_CLOSING; } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 13 21:22:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Mar 2023 20:22:11 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Sanskar Sehgal commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1312180335 Hey Daiki, unfortunately still struggling to set up on my local. Command I'm using to run `configure` - ``` GMP_CFLAGS=$(pkg-config gmp --cflags) GMP_LIBS=$(pkg-config gmp --libs) ./configure --with-included-unistring ``` error I get - ``` configure: error: *** *** libev4 was not found. *** ``` config.log says - ``` configure:65636: checking for libev configure:65660: gcc -o conftest -g -O2 conftest.c -lev >&5 conftest.c:528:10: fatal error: 'ev.h' file not found #include ^~~~~~ 1 error generated. configure:65660: $? = 1 configure: failed program was: | /* confdefs.h */ ``` [config.log](/uploads/1dde659b547680f8884da25ca1bb82a9/config.log) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1312180335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 02:29:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 01:29:14 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/scripts/gnutls_timewrapper: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1312363099 > +#!/bin/sh > + > +set -e > + > +if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then Haven't tested, but can't we swap the order of commands like: ```sh timeout 1800 datefudge "2019-12-20" ... ``` into ```sh datefudge "2019-12-20" timeout 1800 ... ``` ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1312363099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 02:50:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 01:50:20 +0000 Subject: [gnutls-devel] GnuTLS | ClientHello extension permutation (#1465) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1312370929 Do you have libev installed (if yes, you might be hitting #1457)? Anyway, since libev is only used for testing, you could work it around with `--disable-full-test-suite`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1465#note_1312370929 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 05:20:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 04:20:58 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: add `--attime` option (!1724) In-Reply-To: References: Message-ID: Pravek Sharma commented on a discussion on src/ocsptool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724#note_1312510998 > "long-option": "verify-allow-broken", > "description": "Allow broken algorithms, such as MD5 for verification", > "detail": "This can be combined with --verify-response." > + }, > + { > + "long-option": "attime", > + "description": "Perform validation at the timestamp instead of the system time", > + "detail": "Number of seconds since 01.01.1970", > + "argument-name": "timestamp", > + "argument-type": "number" I've added a new commit which does that. The `--attime` option now accepts input like "2023-03-13", "13 March 2023", and "@1678680679" using the Gnulib parse-datetime module. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724#note_1312510998 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 06:13:23 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 05:13:23 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: add `--attime` option (!1724) In-Reply-To: References: Message-ID: Merge request !1724 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 Project:Branches: praveksharma/gnutls:feat/ocsp_attime to gnutls/gnutls:master Author: Pravek Sharma Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 06:15:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 05:15:54 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: add `--attime` option (!1724) In-Reply-To: References: Message-ID: All discussions on merge request !1724 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 06:16:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 05:16:03 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: add `--attime` option (!1724) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you; looks great! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1724#note_1312541189 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 06:47:48 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 05:47:48 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect CKA_NSS_SERVER_DISTRUST_AFTER upon issuer lookup (!1725) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 Project:Branches: dueno/gnutls:wip/dueno/distrust-after to gnutls/gnutls:master Author: Daiki Ueno This implements the basic logic needed to support time-based distrust of CA, according to [1], with a slight modification to optimize the number of PKCS#11 queries: instead of checking the validity after building a certificate chain, it uses the activation time of a certificate as the search criteria for issuer certificates. When a time-based distrust is detected, the search will exclude the issuer from the results. 1. https://wiki.mozilla.org/CA/Additional_Trust_Changes#Distrust_After Fixes: #912 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 11:43:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 10:43:07 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313015185 > (certificate_list[clist_size - 1], > certificate_list[clist_size - 1]) != 0) { > clist_size--; Does that mean that a self-signed CA which would've failed a distrust-after check will just go unchecked? -- Alexander Sosedkin started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313015192 > + && distrust_after <= > + gnutls_x509_crt_get_activation_time(certificate_list > + [clist_size - 1])) { Is distrust-after defined / supposed to be used for non-root cases? -- Alexander Sosedkin started a new discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313015200 > + a[0].type = CKA_NSS_SERVER_DISTRUST_AFTER; > + } else { > + a[0].type = CKA_NSS_EMAIL_DISTRUST_AFTER; Seems like a strange choice to fall back to EMAIL case if NONE will passed. I suggest either asserting it's not NONE or returning a special value. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 14:47:06 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 13:47:06 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313360546 > } > > +time_t _gnutls_utcTime2gtime(const char *ttime); > + > +static time_t > +get_distrust_after(struct pkcs11_session_info *sinfo, > + ck_object_handle_t object, enum distrust_purpose purpose) > +{ > + /* the attribute is in a fixed format: utcTime with seconds */ > + char buf[14]; > + struct ck_attribute a[1]; > + > + if (purpose == PKCS11_DISTRUST_AFTER_SERVER) { > + a[0].type = CKA_NSS_SERVER_DISTRUST_AFTER; > + } else { > + a[0].type = CKA_NSS_EMAIL_DISTRUST_AFTER; I agree; fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313360546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 15:01:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 14:01:07 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313385806 > if (gnutls_x509_crt_check_issuer > (certificate_list[clist_size - 1], > certificate_list[clist_size - 1]) != 0) { > clist_size--; I can think of a couple of cases: either the chain consists of a self-signed CA and EE certs, or only a self-signed CA. In either case, the CA cert must be in the trust store, for the chain to be successfully verified, so the former wouldn't be a problem. The latter is more interesting: if the CA is assigned distrust-after before its activation time, it will still be trusted, but I would consider it as an inconsistency in the trust store management, that should be resolved by some other means. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313385806 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 15:02:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 14:02:05 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313387550 > goto cleanup; > } > > + /* check if the raw issuer is assigned with a time-based > + * distruct and the certificate is issued after that period > + */ > + distrust_after = > + _gnutls_pkcs11_get_distrust_after(url, issuer, > + purpose == NULL ? > + GNUTLS_KP_TLS_WWW_SERVER : > + purpose, > + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); > + if (distrust_after != (time_t) - 1 > + && distrust_after <= > + gnutls_x509_crt_get_activation_time(certificate_list > + [clist_size - 1])) { It can be used for non-root cases, but they must be present in the PKCS#11 trust store I would say. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313387550 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 15:20:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 14:20:32 +0000 Subject: [gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1468#note_1313422090 As this is a documentation issue, `git grep` is your friend. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468#note_1313422090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 15:45:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 14:45:04 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313470069 > if (gnutls_x509_crt_check_issuer > (certificate_list[clist_size - 1], > certificate_list[clist_size - 1]) != 0) { > clist_size--; Sorry, I can't say I understood your answer, so let me elaborate on my question: How I read that code: for a chain of EE <- intermediate <- CA (self-signed, in trust store, but distrusted through distrust-after). CA is checked to be self-signed, certificate_list gets shortened, CA is excluded from the newly added distrust-after check below, which doesn't seem to be the desired result. What have I misenterpreted? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313470069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 15:46:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 14:46:47 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313472889 > goto cleanup; > } > > + /* check if the raw issuer is assigned with a time-based > + * distruct and the certificate is issued after that period > + */ > + distrust_after = > + _gnutls_pkcs11_get_distrust_after(url, issuer, > + purpose == NULL ? > + GNUTLS_KP_TLS_WWW_SERVER : > + purpose, > + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); > + if (distrust_after != (time_t) - 1 > + && distrust_after <= > + gnutls_x509_crt_get_activation_time(certificate_list > + [clist_size - 1])) { Should we extend the check to the entire chain then? I do realize that this scenario doesn't seem super-practical, so I wonder whether there's guidance about that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313472889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 16:04:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 15:04:04 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313498660 > if (gnutls_x509_crt_check_issuer > (certificate_list[clist_size - 1], > certificate_list[clist_size - 1]) != 0) { > clist_size--; If I understand correctly, the logic below this part is: - `gnutls_pkcs11_get_raw_issuer` call on intermediate (i.e., `certificate_list[cert_list - 1]`) will retrieve a raw DER representation of CA - the raw DER is imported into `issuer` with `gnutls_x509_crt_import` - distrust-after check is performed between intermediate and `issuer` (= CA) Would it be insufficient? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313498660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 14 16:27:15 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 15:27:15 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313554296 > if (gnutls_x509_crt_check_issuer > (certificate_list[clist_size - 1], > certificate_list[clist_size - 1]) != 0) { > clist_size--; Oh, now I get it. And why you were interested in the case of a single-cert-long chain. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1313554296 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 00:30:09 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 23:30:09 +0000 Subject: [gnutls-devel] GnuTLS | Indent code? (#1419) In-Reply-To: References: Message-ID: Daiki Ueno commented: Having used this feature for a while, I realized that automatic code formatting really improves productivity. On the other hand, the results are sometimes hard to read: - Too long lines cause unexpected indentation: https://gitlab.com/gnutls/gnutls/-/blob/1351f3e8e3a0a454613b9d686c948912a3928df6/lib/pkcs11.c#L4249 ```c if (! (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) && (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) && data.size > 0) { ``` - Unary operators (`-`, `+`) after a type case are not recognized properly: `(time_t)-1` becomes `(time-t) - 1` - Long conditionals are wrapped *before* binary operators, such as `&&` or `||`. This is not mandatory in the [style](https://www.kernel.org/doc/html/latest/process/coding-style.html) Running clang-format with the [configuration](https://github.com/torvalds/linux/blob/master/.clang-format) for the Linux kernel produces (IMO) a better output. Although it takes a bit more processing time, `xargs -P` makes it acceptable level. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1419#note_1314309697 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 00:33:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 23:33:26 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1314310826 > if (gnutls_x509_crt_check_issuer > (certificate_list[clist_size - 1], > certificate_list[clist_size - 1]) != 0) { > clist_size--; JFTR, I meant: if the chain only comprises of certificates that are self-signed and present in the trust store, it will be trimmed to an empty list after this loop, and no further checks including distrust-after are performed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1314310826 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 00:36:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Mar 2023 23:36:41 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1314311999 > goto cleanup; > } > > + /* check if the raw issuer is assigned with a time-based > + * distruct and the certificate is issued after that period > + */ > + distrust_after = > + _gnutls_pkcs11_get_distrust_after(url, issuer, > + purpose == NULL ? > + GNUTLS_KP_TLS_WWW_SERVER : > + purpose, > + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); > + if (distrust_after != (time_t) - 1 > + && distrust_after <= > + gnutls_x509_crt_get_activation_time(certificate_list > + [clist_size - 1])) { I'd say it's not worth it, because the distrust-after property is asserted as a PKCS#11 attribute, and that means that ICAs also need to be present on the trust store. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1314311999 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 03:18:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 02:18:14 +0000 Subject: [gnutls-devel] GnuTLS | need configurable echo server inactivity timeout (#1471) In-Reply-To: References: Message-ID: Yongye Zhu commented: Hello, I am new to GnuTLS and want to work on this. Can you assign this issue to me? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1471#note_1314399679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 04:17:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 03:17:39 +0000 Subject: [gnutls-devel] GnuTLS | need configurable echo server inactivity timeout (#1471) In-Reply-To: References: Message-ID: ATHARVA S MARATHE commented: I am already working on this issue -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1471#note_1314427839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 05:34:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 04:34:44 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) References: Message-ID: ATHARVA S MARATHE created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 Project:Branches: maratheatharva/gnutls:issue1471 to gnutls/gnutls:master Author: ATHARVA S MARATHE A configuration parameter to control the inactivity interval to gnutls-serv. The timeout can be configured by setting the ```--timeout``` option. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 05:47:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 04:47:34 +0000 Subject: [gnutls-devel] GnuTLS | Add a general purpose cipher benchmarking tool (#1204) In-Reply-To: References: Message-ID: Yongye Zhu commented: Hello, I am new to GnuTLS. Is this issue still valid and can I try to work on this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1204#note_1314465916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 07:50:03 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 06:50:03 +0000 Subject: [gnutls-devel] GnuTLS | Rewrite TLS protocol tests as a single process (#1472) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1472 There are a couple of different ways of writing unit tests for TLS handshake/record protocols in GnuTLS: - Run a TLS server and client in separate processes, communicate through FDs created using `socketpair` - Run both a TLS server and client in a single process, using helper macros such as `HANDSHAKE`, defined in [tests/eagain-common.h](https://gitlab.com/gnutls/gnutls/-/blob/1351f3e8e3a0a454613b9d686c948912a3928df6/tests/eagain-common.h) While the former could emulate a more practical scenario, it has a portability problem (the tests written in this way cannot run on Windows, and thus are skipped) as well as makes debugging hard. It would be nice if we could port those tests in the latter style. Tests under [tests/tls13/](https://gitlab.com/gnutls/gnutls/-/tree/master/tests/tls13) are a good candidate for the rewrite. 754098302c07b262d50b9aa70174edc74bc9e547 is an example of such rewrite. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1472 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 08:02:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 07:02:37 +0000 Subject: [gnutls-devel] Guile-GnuTLS | Cross-compilation of the Guile bindings (#11) References: Message-ID: Evgeny Ermakov created an issue: https://gitlab.com/gnutls/guile/-/issues/11 Hello! I'm trying to cross build `gnutls` with `guile-3.0.4`, but I get an error: ``` GEN modules/gnutls.scm GUILEC modules/gnutls.go GUILEC modules/gnutls/extra.go Backtrace: In ice-9/psyntax.scm: 1241:36 19 (expand-top-sequence ((define-module (gnutls extra) *)) *) 1233:19 18 (parse _ (("placeholder" placeholder)) ((top) #(# # *)) *) 285:10 17 (parse _ (("placeholder" placeholder)) (()) _ c&e (# #) #) In ice-9/eval.scm: 293:34 16 (_ #) In ice-9/boot-9.scm: 3380:4 15 (define-module* _ #:filename _ #:pure _ #:version _ # _ *) 2565:24 14 (call-with-deferred-observers #) 3393:24 13 (_) 222:17 12 (map1 (((gnutls)))) 3297:17 11 (resolve-interface (gnutls) #:select _ #:hide _ #:prefix *) In ice-9/threads.scm: 390:8 10 (_ _) In ice-9/boot-9.scm: 3223:13 9 (_) In ice-9/threads.scm: 390:8 8 (_ _) In ice-9/boot-9.scm: 3507:20 7 (_) 2806:4 6 (save-module-excursion #) 3527:26 5 (_) In unknown file: 4 (primitive-load-path "gnutls" #) In ice-9/eval.scm: 626:19 3 (_ #) 223:20 2 (proc #) In unknown file: 1 (%resolve-variable (7 . protocol/ssl3) #) In ice-9/boot-9.scm: 1669:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1669:16: In procedure raise-exception: Unbound variable: protocol/ssl3 make[3]: *** [Makefile:2520: modules/gnutls/extra.go] Error 1 make[3]: *** Waiting for unfinished jobs.... ``` Here's the patch I propose: ```diff --- guile/modules/gnutls.in +++ guile/modules/gnutls.in @@ -566,20 +566,33 @@ ;; Renaming. -(define protocol/ssl-3 protocol/ssl3) -(define protocol/tls-1.0 protocol/tls1-0) -(define protocol/tls-1.1 protocol/tls1-1) +(define protocol/ssl-3 #f) +(define protocol/tls-1.0 #f) +(define protocol/tls-1.1 #f) ;; Aliases. -(define credentials/anonymous credentials/anon) -(define cipher/rijndael-256-cbc cipher/aes-256-cbc) -(define cipher/rijndael-128-cbc cipher/aes-128-cbc) -(define cipher/rijndael-cbc cipher/aes-128-cbc) -(define cipher/arcfour-128 cipher/arcfour) -(define certificate-verify/allow-any-x509-v1-ca-certificate - certificate-verify/allow-any-x509-v1-ca-crt) -(define certificate-verify/allow-x509-v1-ca-certificate - certificate-verify/allow-x509-v1-ca-crt) +(define credentials/anonymous #f) +(define cipher/rijndael-256-cbc #f) +(define cipher/rijndael-128-cbc #f) +(define cipher/rijndael-cbc #f) +(define cipher/arcfour-128 #f) +(define certificate-verify/allow-any-x509-v1-ca-certificate #f) +(define certificate-verify/allow-x509-v1-ca-certificate #f) + +(eval-when (load eval) + (unless (getenv "GNUTLS_GUILE_CROSS_COMPILING") + (set! protocol/ssl-3 protocol/ssl3) + (set! protocol/tls-1.0 protocol/tls1-0) + (set! protocol/tls-1.1 protocol/tls1-1) + (set! credentials/anonymous credentials/anon) + (set! cipher/rijndael-256-cbc cipher/aes-256-cbc) + (set! cipher/rijndael-128-cbc cipher/aes-128-cbc) + (set! cipher/rijndael-cbc cipher/aes-128-cbc) + (set! cipher/arcfour-128 cipher/arcfour) + (set! certificate-verify/allow-any-x509-v1-ca-certificate + certificate-verify/allow-any-x509-v1-ca-crt) + (set! certificate-verify/allow-x509-v1-ca-certificate + certificate-verify/allow-x509-v1-ca-crt))) ;; Deprecated OpenPGP bindings. (define-deprecated certificate-type/openpgp) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/11 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 13:17:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 12:17:42 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 16:14:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 15:14:53 +0000 Subject: [gnutls-devel] GnuTLS | Rewrite TLS protocol tests as a single process (#1472) In-Reply-To: References: Message-ID: Yongye Zhu commented: Hello, I am new to GnuTLS. Can I take on this issue? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1472#note_1315484228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 15 19:23:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Mar 2023 18:23:22 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/scripts/gnutls_timewrapper: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1315828334 > +#!/bin/sh > + > +set -e > + > +if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then Yes switching the order of datefudge and timeout (or setsid) works. I will post an update in a couple of days. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1315828334 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 01:00:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 00:00:30 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Reassigned Issue 912 https://gitlab.com/gnutls/gnutls/-/issues/912 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 03:02:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 02:02:02 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 Project:Branches: dueno/gnutls:wip/dueno/clang-format to gnutls/gnutls:master Author: Daiki Ueno GNU indent yields weird output when using the Linux kernel coding style as in the below examples, which affects code readability. - Too long lines cause unexpected indentation: ```c if (! (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) && (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) && data.size > 0) { ``` - Unary operators (`-` and `+`) after a type cast are not recognized properly: `(time_t)-1` becomes `(time-t) - 1` - Long conditionals are wrapped before binary operators, such as `&&` or `||`. This is not mandatory in the style, but all the occurrences are replaced with that style This switches to using clang-format instead, with the configuration used in the Linux kernel as of commit 596ff4a09b8981790e15572e8e7bc904df5835e7: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/.clang-format ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 03:02:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 02:02:34 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Simon Josefsson and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 11:42:56 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 10:42:56 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on src/gnutls-serv-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726#note_1316752465 > "short-option": "a", > "description": "Do not request a client certificate", > "conflicts": [ > - "require-client-cert" > - ] > + "require-client-cert" > + ] Except the indentation mismatches, this already looks good to me! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726#note_1316752465 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 13:10:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 12:10:58 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Only a few small nits otherwise looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1316886578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 13:10:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 12:10:59 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1316886545 > > + /* check if the raw issuer is assigned with a time-based > + * distruct and the certificate is issued after that period typo: s/distruct/distrust/ -- Zolt?n Fridrich started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1316886552 > + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); > + if (distrust_after != (time_t) - 1 > + && distrust_after <= Probably irrelevant, but "after" means distrust after the time_t value (not inclusive), it should be < instead of <= -- Zolt?n Fridrich started a new discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1316886563 > + } > + > + return PKCS11_DISTRUST_AFTER_EMAIL; Shouldn't the default return value be PKCS11_DISTRUST_AFTER_NONE? -- Zolt?n Fridrich started a new discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1316886568 > +static enum distrust_purpose distrust_purpose_from_oid(const char *oid) > +{ > + static const struct { `map` doesn't have to be static when its used only in this function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 13:10:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 12:10:58 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Merge request !1725 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 Project:Branches: dueno/gnutls:wip/dueno/distrust-after to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 18:27:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 17:27:00 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: All discussions on merge request !1726 were resolved by ATHARVA S MARATHE https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 18:49:11 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 17:49:11 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: All discussions on merge request !1726 were resolved by ATHARVA S MARATHE https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 22:26:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 21:26:53 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1317686828 > + static const struct { > + const char *oid; > + enum distrust_purpose purpose; > + } map[] = { > + {GNUTLS_KP_TLS_WWW_SERVER, PKCS11_DISTRUST_AFTER_SERVER}, > + {GNUTLS_KP_EMAIL_PROTECTION, PKCS11_DISTRUST_AFTER_EMAIL}, > + }; > + size_t i; > + > + for (i = 0; i < sizeof(map) / sizeof(map[0]); i++) { > + if (strcmp(map[i].oid, oid) == 0) { > + return map[i].purpose; > + } > + } > + > + return PKCS11_DISTRUST_AFTER_EMAIL; Good catch, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1317686828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 22:28:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 21:28:47 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/pkcs11.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1317688472 > return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; > } > > +static enum distrust_purpose distrust_purpose_from_oid(const char *oid) > +{ > + static const struct { The `static` here is meant to be that the table is allocated in the text segment of the program, not on the stack every time the function is called, though in this case it might not matter, as the table is small. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1317688472 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 22:28:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 21:28:55 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: All discussions on merge request !1725 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 22:29:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 21:29:00 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Merge request !1725 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 Project:Branches: dueno/gnutls:wip/dueno/distrust-after to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 22:29:14 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 21:29:14 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725#note_1317688803 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 16 22:37:07 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Mar 2023 21:37:07 +0000 Subject: [gnutls-devel] GnuTLS | test:tls13/key_limits: rewrite key_limits testcase as single process (!1728) References: Message-ID: Yongye Zhu created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 Project:Branches: zyongye/gnutls:tests-keys_limits_single to gnutls/gnutls:master Author: Yongye Zhu Rewrite one testcase tls13/key_limit.c in single process. Issue #1472 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 03:44:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 02:44:46 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit-trust: investigate whether CKA_NSS_{SERVER, EMAIL}_DISTRUST_AFTER can be used (#912) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1725 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1725) Issue #912: https://gitlab.com/gnutls/gnutls/-/issues/912 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/912 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 03:44:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 02:44:47 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: respect Mozilla's time-based distrust upon issuer lookup (!1725) In-Reply-To: References: Message-ID: Merge request !1725 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 Project:Branches: dueno/gnutls:wip/dueno/distrust-after to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 18:13:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 17:13:04 +0000 Subject: [gnutls-devel] GnuTLS | Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: ATHARVA S MARATHE marked merge request !1726 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 23:12:27 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 22:12:27 +0000 Subject: [gnutls-devel] GnuTLS | Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: Daiki Ueno commented: @maratheatharva could you adjust the commits so the `Author:` and `Signed-off-by:` match? You can check that by running `devel/check_if_signed`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726#note_1319283235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 23:13:16 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 22:13:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix for issue #1471: Add configurable timeout to gnutls-serv (!1726) In-Reply-To: References: Message-ID: Merge request !1726 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 Project:Branches: maratheatharva/gnutls:issue1471 to gnutls/gnutls:master Author: ATHARVA S MARATHE Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 23:13:58 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 22:13:58 +0000 Subject: [gnutls-devel] GnuTLS | test:tls13/key_limits: rewrite key_limits testcase as single process (!1728) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you @zyongye; it looks good to me. Could you adjust the commits so the `Author:` and `Signed-off-by:` match? You can check that by running `devel/check_if_signed`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728#note_1319285652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 17 23:14:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 22:14:02 +0000 Subject: [gnutls-devel] GnuTLS | test:tls13/key_limits: rewrite key_limits testcase as single process (!1728) In-Reply-To: References: Message-ID: Merge request !1728 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 Project:Branches: zyongye/gnutls:tests-keys_limits_single to gnutls/gnutls:master Author: Yongye Zhu Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 00:22:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Mar 2023 23:22:29 +0000 Subject: [gnutls-devel] GnuTLS | test:tls13/key_limits: rewrite key_limits testcase as single process (!1728) In-Reply-To: References: Message-ID: Yongye Zhu commented: Thans @dueno . I looked into the Sign-off issue. In the script, when I run `git log --format='%b' ${hash}^\! | grep -i "Signed-off-by:"`, it doesn't show my commit. Do you have any idea why is that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728#note_1319352571 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 03:02:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 02:02:51 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: make use of .pre stage (!1729) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729 Project:Branches: dueno/gnutls:wip/dueno/pre-bootstrap to gnutls/gnutls:master Author: Daiki Ueno Jobs in the .pre stage run before any other jobs: https://docs.gitlab.com/ee/ci/yaml/index.html#stage-pre As commit-check is lightweight and a prerequisite for merging MRs, this moves it from the test stage to .pre. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 03:21:20 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 02:21:20 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: make use of .pre stage (!1729) In-Reply-To: References: Message-ID: Daiki Ueno commented: Since this is a CI-only change, merging without approval. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729#note_1319422213 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 03:21:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 02:21:02 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: make use of .pre stage (!1729) In-Reply-To: References: Message-ID: Merge request !1729 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729 Project:Branches: dueno/gnutls:wip/dueno/pre-bootstrap to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 08:13:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 07:13:51 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/scripts/gnutls_timewrapper: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1319460527 > +#!/bin/sh > + > +set -e > + > +if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then Updated with function instead of script pushed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1319460527 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 08:14:18 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 07:14:18 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: All discussions on merge request !1716 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 08:46:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 07:46:19 +0000 Subject: [gnutls-devel] GnuTLS | How to test QUIC implementation with shipped binaries? (#1375) In-Reply-To: References: Message-ID: takeru hayasaka commented: I will work on this issue :smile: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1375#note_1319464676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 09:14:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 08:14:25 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: make use of .pre stage (!1729) In-Reply-To: References: Message-ID: Merge request !1729 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729 Project:Branches: dueno/gnutls:wip/dueno/pre-bootstrap to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 14:59:26 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 13:59:26 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented: This CI error is fishy: tests/cert-reencoding reserved port 30259 reserved port 17179 === Bringing TLS server up === ./scripts/common.sh: line 109: faketime: command not found ERROR: ld.so: object 'datefudge.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS64): ignored. try 1: waiting for port [...] which corresponds to ```sh launch_bare_server \ gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \ -CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www SERVER_PID="${!}" ``` Do the respective test-machines combine 64bit datefudge with 32bit openssl? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1319571548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 16:56:46 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 15:56:46 +0000 Subject: [gnutls-devel] GnuTLS | Add `--attime` option to tools that perform certificate verification (#1463) In-Reply-To: References: Message-ID: Andreas Metzler commented: Somehow related: Some tests currently use openssl combined with datefudge. These could probably converted to `openssl ... -attime`. OpenSSL's -attime option only accepts seconds-since-epoch format, and 1519858800 is quite a bit less readable than "2018-03-01 00:00:00". With GNU date one can use `date -d "2018-03-01 00:00:00" +%s` to convert on the fly but neither the -d option nor the %s format are POSIX. - Any bright ideas? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1463#note_1319588313 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Mar 18 23:50:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 22:50:35 +0000 Subject: [gnutls-devel] GnuTLS | test:tls13/key_limits: rewrite key_limits testcase as single process (!1728) In-Reply-To: References: Message-ID: Merge request !1728 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 Project:Branches: zyongye/gnutls:tests-keys_limits_single to gnutls/gnutls:master Author: Yongye Zhu Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 19 00:12:35 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Mar 2023 23:12:35 +0000 Subject: [gnutls-devel] GnuTLS | test:tls13/key_limits: rewrite key_limits testcase as single process (!1728) In-Reply-To: References: Message-ID: Merge request !1728 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 Project:Branches: zyongye/gnutls:tests-keys_limits_single to gnutls/gnutls:master Author: Yongye Zhu -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 19 05:06:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Mar 2023 04:06:44 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 Project:Branches: dueno/gnutls:wip/dueno/psk-username to gnutls/gnutls:master Author: Daiki Ueno ...over gnutls_psk_server_get_username, as it is capable of handling non-NULL terminated PSK usernames. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 19 07:43:32 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Mar 2023 06:43:32 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on tests/scripts/gnutls_timewrapper: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1319729206 > +#!/bin/sh > + > +set -e > + > +if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then @dueno wrote > How about turning this script into a shell function in common.sh and exit the caller when any error happened? Then we could also omit skip_if_no_timewrapper calls. I have since realized that we cannot completely get rid of `skip_if_no_timewrapper`. Doing "exit 77" in the actual wrapper script does not work for some shell construct used in the testsuite, e.g.: - timewrapped background processes (`launch_bare_server gnutls_timewrapper_standalone "${TESTDATE}" openssl ...`) - Pipe constructs ( `gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" ... | tee $TMPFILE1 ...`) In these cases the timewrapped command is executed in a subshell and the exit 77 there cannot cause a test SKIP. So I will reintroduce skip_if_no_timewrapper, do the datefudge/faketime selection there and make previous invocation a hard requirement in the wrapper. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716#note_1319729206 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Mar 19 18:01:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Mar 2023 17:01:34 +0000 Subject: [gnutls-devel] GnuTLS | Use faketime instead of datefudge (!1716) In-Reply-To: References: Message-ID: All discussions on merge request !1716 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 09:34:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 08:34:57 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Simon Josefsson commented: Is clang-format output stable and idempotent between versions? Otherwise it is a bit of an extra work to synchronize versions for developers and CI/CD checks. I don't care strongly about this though so no objection from me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727#note_1320231317 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 09:48:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 08:48:51 +0000 Subject: [gnutls-devel] GnuTLS | add get dn by oid test (!1731) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 10:57:00 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 09:57:00 +0000 Subject: [gnutls-devel] GnuTLS | add get dn by oid test (!1731) In-Reply-To: References: Message-ID: Merge request !1731 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 11:01:04 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 10:01:04 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727#note_1320394682 >From my experience from the other TLS library (NSS), the output of clang-format seems to be pretty stable. We could also consider [uncrustify](https://uncrustify.sourceforge.net/), which GNOME projects are using, but if we only care the Linux kernel coding style and no extra requirements (e.g., argument alignment), I suppose whichever would work. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727#note_1320394682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 15:04:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 14:04:55 +0000 Subject: [gnutls-devel] GnuTLS | certtool: Add `--attime` option (!1732) References: Message-ID: Wilbur Wetterquarz created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732 Project:Branches: FreaxMATE/gnutls:attimecerttool to gnutls/gnutls:master Author: Wilbur Wetterquarz This adds the `--attime` option to certtool almost identical to https://gitlab.com/gnutls/gnutls/-/merge_requests/1724 . Partly solves issue https://gitlab.com/gnutls/gnutls/-/issues/1463 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [x] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 18:19:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 17:19:47 +0000 Subject: [gnutls-devel] GnuTLS | add get dn by oid test (!1731) In-Reply-To: References: Message-ID: Merge request !1731 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 18:19:51 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 17:19:51 +0000 Subject: [gnutls-devel] GnuTLS | add get dn by oid test (!1731) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1731#note_1321184693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 23:34:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 22:34:55 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Ander Juaristi was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Mar 20 23:37:54 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Mar 2023 22:37:54 +0000 Subject: [gnutls-devel] GnuTLS | certtool: Add `--attime` option (!1732) In-Reply-To: References: Message-ID: Daiki Ueno commented: Nice! Could you adjust the commit to match `Author` and `Signed-off-by:` to fix the CI [issue](https://gitlab.com/FreaxMATE/gnutls/-/jobs/3966392217#L43)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1321508627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 21 01:35:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 00:35:02 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 21 04:36:19 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 03:36:19 +0000 Subject: [gnutls-devel] GnuTLS | add DER crl list import test (!1733) References: Message-ID: xuraoqing created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 21 07:39:22 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 06:39:22 +0000 Subject: [gnutls-devel] GnuTLS | add DER crl list import test (!1733) In-Reply-To: References: Message-ID: Merge request !1733 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 21 07:41:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 06:41:59 +0000 Subject: [gnutls-devel] GnuTLS | add DER crl list import test (!1733) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks; I don't oppose to add this kind of tests, but I wonder if it's really worthwhile as the code coverage remains same at 74.90%. Perhaps it might make sense to fill the coverage gap by looking at the report? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733#note_1321757953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 21 09:16:39 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 08:16:39 +0000 Subject: [gnutls-devel] GnuTLS | Enable static code scanning (#1461) In-Reply-To: References: Message-ID: Udit Sharma commented: Hello sir Daiki Ueno, I would love to work on this , could you please assign this Issue to me , Thanks -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1461#note_1321853989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 21 12:29:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 11:29:47 +0000 Subject: [gnutls-devel] GnuTLS | add DER crl list import test (!1733) In-Reply-To: References: Message-ID: xuraoqing commented: yeah, I add the code only because the code is not covered during the test and can understand code meanwhile for me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733#note_1322186770 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 00:19:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 23:19:24 +0000 Subject: [gnutls-devel] GnuTLS | certtool: Add `--attime` option (!1732) In-Reply-To: References: Message-ID: Wilbur Wetterquarz commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1323231917 Done. Sorry for the multiple runs - I was confused by signed/signed-off. However CI still fails without an error message I can understand. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1323231917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 00:46:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Mar 2023 23:46:42 +0000 Subject: [gnutls-devel] GnuTLS | certtool: Add `--attime` option (!1732) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1323242377 We recently started auto-indenting source code, so if there is a mismatch about indentation, the check fails. Could you run `devel/indent-gnutls` and include the changes? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1323242377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 01:06:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 00:06:08 +0000 Subject: [gnutls-devel] GnuTLS | certtool: Add `--attime` option (!1732) In-Reply-To: References: Message-ID: Wilbur Wetterquarz commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1323249603 Done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1732#note_1323249603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 02:42:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 01:42:47 +0000 Subject: [gnutls-devel] libtasn1 | libtasn1 install err (#42) References: Message-ID: ??? created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/42 ## Description of problem: make(install) err ## Version of libtasn1 used: libtasn1-4.9 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) CentOS8 ## How reproducible: Steps to Reproduce: * one : ./configure * two : make ## Actual results: GNU C17 (GCC) version 8.2.0 (x86_64-pc-linux-gnu) compiled by GNU C version 8.2.0, GMP version 6.1.2, MPFR version 4.0.1, MPC version 1.1.0, isl version none GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 Compiler executable checksum: 81f798d4ff0871f00b0a4f3f1296b20a ASN1.c: In function '_asn1_yyparse': ASN1.y:164:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=] | '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^~~~~ ASN1.y:164:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65 | '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASN1.y:152:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=] neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^~~~~ ASN1.y:152:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65 neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Makefile:1112: recipe for target 'ASN1.lo' failed This looks to be more than just a warning, since it looks like the buffer is being over extended. ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/42 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 06:21:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 05:21:50 +0000 Subject: [gnutls-devel] libtasn1 | libtasn1 install err (#42) In-Reply-To: References: Message-ID: Issue was closed by Son Issue #42: https://gitlab.com/gnutls/libtasn1/-/issues/42 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/42 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 07:19:52 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 06:19:52 +0000 Subject: [gnutls-devel] GnuTLS | add DER crl list import test (!1733) In-Reply-To: References: Message-ID: Daiki Ueno commented: For example, if you could create the report with the following, and add tests for the non-covered code paths would be really helpful :-) ```console ./bootstrap --skip-po ./configure --enable-code-coverage make make check gcovr --html-details --gcov-ignore-parse-errors --exclude-unreachable-branches --print-summary -o coverage.html --root . gio open coverage.html ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733#note_1323427790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 07:31:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 06:31:59 +0000 Subject: [gnutls-devel] libtasn1 | libtasn1 4.9 make Intall err (#43) References: Message-ID: Son created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/43 ## Description of problem: I have a problem after libtasn1 4.9 make Intall ## Version of libtasn1 used: 4.9 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) CentOS8 ## How reproducible: Steps to Reproduce: * one : configure * two : make ## Actual results: ``` cc1: error: -Wabi won't warn about anything [-Wabi] cc1: note: -Wabi warns about differences from the most up-to-date ABI, which is also used by default cc1: note: use e.g. -Wabi=11 to warn about changes from GCC 7 ``` ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/43 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 08:17:01 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 07:17:01 +0000 Subject: [gnutls-devel] GnuTLS | CURVE- priority keyword doesn't work when the corresponding curve is not supported (#1473) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1473 In Fedora, we remove support for small ECC curves such as P-192 or P-224 for previous legal concerns: https://fedoraproject.org/wiki/Legal:ECC While other curves are treated equally with both `GROUP-` and `CURVE-` priority keywords, `CURVE-` with those small curves yields a syntax error: ```console $ gnutls-cli -l --priority NORMAL:+GROUP-SECP224R1 ... $ gnutls-cli -l --priority NORMAL:+CURVE-SECP224R1 Cipher suites for NORMAL:+CURVE-SECP224R1 Syntax error at: +CURVE-SECP224R1 $ gnutls-cli -l --priority NORMAL:+CURVE-SECP256R1 ... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1473 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 22 09:06:29 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Mar 2023 08:06:29 +0000 Subject: [gnutls-devel] GnuTLS | add DER crl list import test (!1733) In-Reply-To: References: Message-ID: Merge request !1733 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733 Project:Branches: xuraoqing/gnutls:master to gnutls/gnutls:master Author: xuraoqing -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1733 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 24 00:11:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Mar 2023 23:11:36 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (#1462) In-Reply-To: References: Message-ID: @Ash commented: Hi, I'm looking forward participate in GSOC. I found out this issue from project ideas, I do like to learn and work on this. could you please help me with some starter resources I should go through, that might help me for writing a detailed proposal. Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1462#note_1326501604 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 04:47:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 02:47:28 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) References: Message-ID: @Ajit created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 Project:Branches: peonix/gnutls:dev to gnutls/gnutls:master Author: @Ajit Resolves the inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier(fixes: [#1468](https://gitlab.com/gnutls/gnutls/-/issues/1468)) As suggested by @dueno I have renamed 'GNUTLS_NO_EXTESNIONS' with 'GNUTLS_NO_DEFAULT_EXTENSIONS' If any further changes or improvement are required, please let me know. Thank you :dagger: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 05:34:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 03:34:41 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: @Ajit marked merge request !1734 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 06:38:37 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 04:38:37 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: @Ajit marked merge request !1734 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 06:45:50 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 04:45:50 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: @Ajit commented: git diff --exit-code [Fails] Help will be highly appreciated, please >.< -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734#note_1330510466 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 08:07:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 06:07:08 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you. While the change looks good in general, we need to keep backward compatibility; if we go with renaming, we would need to keep the old name for a certain time period, maybe with `#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734#note_1330572321 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 08:04:42 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 06:04:42 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734#note_1330570487 The [error](https://gitlab.com/peonix/gnutls/-/jobs/4012645337#L62) means that some of the source files are not properly indented; you can run `devel/indent-gnutls` script and commit the changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734#note_1330570487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 13:24:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 11:24:30 +0000 Subject: [gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1468: https://gitlab.com/gnutls/gnutls/-/issues/1468 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 13:23:41 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 11:23:41 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: Merge request !1734 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 Project:Branches: peonix/gnutls:dev to gnutls/gnutls:master Author: @Ajit -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 13:23:38 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 11:23:38 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: Merge request !1734 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 Project:Branches: peonix/gnutls:dev to gnutls/gnutls:master Author: @Ajit Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 13:24:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 11:24:30 +0000 Subject: [gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468) In-Reply-To: References: Message-ID: Daiki Ueno commented: Fixed by !1734. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468#note_1331138202 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Mar 28 13:23:33 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Mar 2023 11:23:33 +0000 Subject: [gnutls-devel] GnuTLS | Modifier GNUTLS_NO_EXTENSIONS renamed to GNUTLS_NO_DEFAULT_EXTENSIONS (!1734) In-Reply-To: References: Message-ID: All discussions on merge request !1734 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1734 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 09:26:02 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 07:26:02 +0000 Subject: [gnutls-devel] GnuTLS | Sync (!1735) References: Message-ID: @Ajit created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 Project:Branches: peonix/gnutls:master to gnutls/gnutls:master Author: @Ajit -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 09:26:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 07:26:34 +0000 Subject: [gnutls-devel] GnuTLS | Sync (!1735) In-Reply-To: References: Message-ID: Merge request !1735 was closed by @Ajit Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 Project:Branches: peonix/gnutls:master to gnutls/gnutls:master Author: @Ajit Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 09:26:30 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 07:26:30 +0000 Subject: [gnutls-devel] GnuTLS | Sync (!1735) In-Reply-To: References: Message-ID: Merge request !1735 was reopened by @Ajit Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 Project:Branches: peonix/gnutls:master to gnutls/gnutls:master Author: @Ajit Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 09:26:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 07:26:28 +0000 Subject: [gnutls-devel] GnuTLS | Sync (!1735) In-Reply-To: References: Message-ID: Merge request !1735 was closed by @Ajit Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 Project:Branches: peonix/gnutls:master to gnutls/gnutls:master Author: @Ajit Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1735 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 13:31:55 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 11:31:55 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730#note_1332931890 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 13:32:25 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 11:32:25 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Zolt?n Fridrich was removed from reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 13:31:57 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 11:31:57 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Merge request !1730 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 Project:Branches: dueno/gnutls:wip/dueno/psk-username to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Ander Juaristi and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 14:59:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 12:59:05 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: Overall, looks alright. I think the format looks much better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727#note_1333085688 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 14:59:28 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 12:59:28 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Merge request !1727 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 Project:Branches: dueno/gnutls:wip/dueno/clang-format to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Mar 29 14:59:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Mar 2023 12:59:05 +0000 Subject: [gnutls-devel] GnuTLS | build: switch to using clang-format instead of GNU indent (!1727) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on doc/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727#note_1333085662 > ENUMS += enums/gnutls_gost_paramset_t please fix the type in the commit message of 76b344f5 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 30 02:27:05 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Mar 2023 00:27:05 +0000 Subject: [gnutls-devel] libtasn1 | Contributing test cases to libtasn1 (#44) References: Message-ID: Ahmed Zaki created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/44 ## Description of problem: It's not really a problem but rather a request for information. I would like to contribute some test cases that are generated from clients using Libtasn1. Would the best way to do this is to create a merge request ? Any specific information/processes to follow when creating the merge request ? Thanks -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/44 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 30 04:18:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Mar 2023 02:18:08 +0000 Subject: [gnutls-devel] GnuTLS | src: print_info: prefer gnutls_psk_server_get_username2 (!1730) In-Reply-To: References: Message-ID: Merge request !1730 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 Project:Branches: dueno/gnutls:wip/dueno/psk-username to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Ander Juaristi -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 30 11:18:24 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Mar 2023 09:18:24 +0000 Subject: [gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467) In-Reply-To: References: Message-ID: @Ajit commented: `src/pkcs11.c:171: ret = gnutls_pubkey_import_url(pubkey, objurl, flags);` I have checked that objects with same label or with no label have same `objurl`. So I think havin same `objurl` might be the reason for printing of same object in p11tool. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1334527453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Mar 30 13:06:34 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Mar 2023 11:06:34 +0000 Subject: [gnutls-devel] GnuTLS | fips: add additional pbkdf limit checks as defined in SP 800-132 (!1736) References: Message-ID: Tobias Heider created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736 Project:Branches: tobhe/gnutls:pbkdf to gnutls/gnutls:master Author: Tobias Heider I noticed that we seem to be missing a few mandatory checks for pbkdf. Currently we are checking the password size and outlen to be < 14 but SP 800-132 also mandates a minimum iteration count and a minimum salt size. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 01:47:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Mar 2023 23:47:44 +0000 Subject: [gnutls-devel] GnuTLS | Support reading and writing private keys in PKCS#8 v2 format (#1474) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1474 The `PrivateKeyInfo` structure defined in PKCS#8 (RFC 5208) has been further updated to the `OneAsymmetricKey` structure in [RFC 5958](https://www.rfc-editor.org/rfc/rfc5958), with a dedicated `publicKey` field designated with the `version` field set to `v2(1)`. GnuTLS currently only supports the old structure for reading and writing private keys and derives public key from the `privateKey` value. When reading, it could first try v2 and then fall back to v1; when writing there could be a new API to specify the version. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1474 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 01:52:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Mar 2023 23:52:59 +0000 Subject: [gnutls-devel] GnuTLS | Integrate test vectors from Project Wycheproof (#1475) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1475 [Project Wycheproof](https://github.com/google/wycheproof) provides an extensive set of test vectors for cryptographic operations. We could integrate it in our test suite and exercise test cases against known attacks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 10:38:40 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 08:38:40 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) References: Message-ID: Dongg Y created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1476 When I used Gnutls for certificate validation, I find that GnuTLS rejects the correct digital certificate.Is this a bug here?Or do I have some misunderstandings on openssl in its parsing or verification procedure? The command I used is: `certtool --verify --infile leaf.pem` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 12:04:44 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 10:04:44 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) In-Reply-To: References: Message-ID: Daiki Ueno commented: I can't say anything without looking at the certificate. Would you be able to attach it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476#note_1336557679 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 12:59:59 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 10:59:59 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) In-Reply-To: References: Message-ID: Dongg Y commented: First of all, thank you for your reply. Here is the certificate file I used.[leaf.pem](/uploads/76dee25b87c263d6145a0ed7384ecc9c/leaf.pem) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476#note_1336662690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 14:00:36 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 12:00:36 +0000 Subject: [gnutls-devel] GnuTLS | fips: add additional pbkdf limit checks as defined in SP 800-132 (!1736) In-Reply-To: References: Message-ID: Tobias Heider commented: Unit tests are fixed with f53252fd7872b07da175f699f386d4f2493a53f8. Self tests look ok, there are two vectors that are not valid for fips 140 but I haven't noticed any problems. There is a CI test failing in tls-fuzzer/tls-fuzzer-nocert.sh but I am not convinced that this is caused by the changes in this PR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1736#note_1336768514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 14:22:47 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 12:22:47 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) In-Reply-To: References: Message-ID: Andreas Metzler commented: a) This certificate is expired b) you probably won't have the intermediate certificate certificate (GeoTrust CN RSA CA G1) in your trust store and need to pass the concatenated chain (containing both leaf.pem and the intermediate cert) to certtool. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476#note_1336808400 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 14:18:49 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 12:18:49 +0000 Subject: [gnutls-devel] GnuTLS | added clientHello extension permutation (!1737) References: Message-ID: @Ajit created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 Project:Branches: peonix/gnutls:dev0 to gnutls/gnutls:master Author: @Ajit Added clientHello extension permutation support(Fixes: #1465)
Created a func `shuffle_arr` which create random permutation of numbers(0-MAX_EXT_TYPES), which I later used as indices for sending extensions in randomized order. @dueno If any further changes or improvement are required, please let me know. Thank you :dagger: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 14:54:31 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 12:54:31 +0000 Subject: [gnutls-devel] GnuTLS | p11tool does not distinguish key objects with the same label (#1467) In-Reply-To: References: Message-ID: @Ajit commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1336857891 @dueno any suggestions on this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1467#note_1336857891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 15:09:53 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 13:09:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: misleading output when verifying cross-signed certificate chain (#1477) References: Message-ID: Dimitrios Apostolou created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1477 Running gnutls-cli against letsencrypt.org shows the following output: ``` $ gnutls-cli -p 443 letsencrypt.org Processed 414 CA certificate(s). Resolving 'letsencrypt.org:443'... Connecting to '34.141.11.154:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `CN=lencr.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04eac294a0e61035d8254d5a04f61a37c802, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2023-02-02 00:00:24 UTC', expires `2023-05-03 00:00:23 UTC', pin-sha256="Z01UftPixvNAGu26I3rx4bremFOKT/7UjuLFSPF42PA=" Public Key ID: sha1:11be4527d70814fbfd2b37080293fc45d85afe75 sha256:674d547ed3e2c6f3401aedba237af1e1bade98538a4ffed48ee2c548f178d8f0 Public Key PIN: pin-sha256:Z01UftPixvNAGu26I3rx4bremFOKT/7UjuLFSPF42PA= - Certificate[1] info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Certificate[2] info: - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=" - Status: The certificate is trusted. ``` The last line leads us to believe that **the last certificate on the chain is trusted**. However this is not the case. If I use gnutls-cli with `--print-cert` and copy-paste the certificates into their own files, `certtool` reports that **certificate[2] is untrusted**, but **certificate[1] one is trusted**. This is because certificate[2] is issued by an expired CA, and certificate[1] is cross-signed by both certificate[2] (invalid trust) and by a trusted CA. This is not trivial to figure out. gnutls-cli should print information on what path it used to verify the chain, and not just print "certificate trusted" under the last certificate. A quick fix would be to just print "certificate[0] trusted" to avoid any confusion. But still it would be nice to have some verbose output on how gnutls came to that conclusion. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1477 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Mar 31 16:17:08 2023 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Mar 2023 14:17:08 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS rejects the correct digital certificate. (#1476) In-Reply-To: References: Message-ID: Dongg Y commented: Thank you for your reply, I will follow your advice and check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1476#note_1337000388 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: