From gnutls-devel at lists.gnutls.org  Fri Nov  1 03:16:31 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 02:16:31 +0000
Subject: [gnutls-devel] GnuTLS | _gnutls_session_supports_group: return
 boolean instead of error code (!1892)
References: <reply-9cd5220786d7fb83f973d61ac9d2e264@gitlab.com>
Message-ID: <mailman.2057.1730427403.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892

Project:Branches: dueno/gnutls:wip/dueno/kem-group-ordering to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* priority: give KEM groups precedence over EC(DH) groups in TLS 1.3
* key_share: detect overlap of PK types in hybrid groups
* _gnutls_session_supports_group: return boolean instead of error code

Fixes: #1602

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/bee10f83/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 06:56:09 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 05:56:09 +0000
Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types
 in hybrid groups (!1892)
In-Reply-To: <merge_request_339026387@gitlab.com>
References: <reply-d574f1d9b1585aedd336721c9ba01bf9@gitlab.com>
 <merge_request_339026387@gitlab.com>
Message-ID: <mailman.2060.1730440580.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1892

https://gitlab.com/gnutls/gnutls/-/merge_requests/1892

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/98c2fb76/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 06:56:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 05:56:20 +0000
Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types
 in hybrid groups (!1892)
In-Reply-To: <merge_request_339026387@gitlab.com>
References: <reply-88cdbe00e6c7525fc6cdc2ef8f5e3cbc@gitlab.com>
 <merge_request_339026387@gitlab.com>
Message-ID: <mailman.2061.1730440591.18299.gnutls-devel@lists.gnutls.org>



Alexander Sosedkin and Zolt?n Fridrich were added as reviewers.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/6b512d10/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 06:55:51 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 05:55:51 +0000
Subject: [gnutls-devel] GnuTLS | Update liboqs version requirement to
 0.11.0 to support final version of ML-KEM (!1883)
In-Reply-To: <note_2184897498@gitlab.com>
References: <reply-e2de85d6c736023ed1e77d5731372a8f@gitlab.com>
 <merge_request_332441367@gitlab.com> <note_2157749867@gitlab.com>
 <note_2183504179@gitlab.com> <note_2183608162@gitlab.com>
 <note_2183849092@gitlab.com> <note_2184897498@gitlab.com>
Message-ID: <mailman.2062.1730440600.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/ext/supported_groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883#note_2188808307

 >  								break;
 >  							cli_dh_pos = i;
 >  							serv_dh_idx = j;
 > -						} else if (IS_EC(group->pk)) {
 > +						} else if (IS_EC(group->pk) ||
 > +							   IS_KEM(group->pk)) {

Could you check !1892, which should fix this ordering issue as well?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883#note_2188808307
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/1826e2e3/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 10:42:56 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 09:42:56 +0000
Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types
 in hybrid groups (!1892)
In-Reply-To: <merge_request_339026387@gitlab.com>
References: <reply-9999f8e36af0031e36910bcc7a838784@gitlab.com>
 <merge_request_339026387@gitlab.com>
Message-ID: <mailman.2063.1730454186.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2188989332


Reviewed, no issues found.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2188989332
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/e8bb4288/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 10:42:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 09:42:33 +0000
Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types
 in hybrid groups (!1892)
In-Reply-To: <merge_request_339026387@gitlab.com>
References: <reply-8bab2b7fcbb4f08ae87ff145be7e3139@gitlab.com>
 <merge_request_339026387@gitlab.com>
Message-ID: <mailman.2064.1730454193.18299.gnutls-devel@lists.gnutls.org>



Merge request !1892 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892
Project:Branches: dueno/gnutls:wip/dueno/kem-group-ordering to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/54b5cfdc/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 11:40:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 10:40:00 +0000
Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types
 in hybrid groups (!1892)
In-Reply-To: <merge_request_339026387@gitlab.com>
References: <reply-d904b8173be7d2f0dcee5df714f6d638@gitlab.com>
 <merge_request_339026387@gitlab.com>
Message-ID: <mailman.2067.1730457610.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2189061305


Thanks for the review.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892#note_2189061305
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/971f53fa/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 11:40:09 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 10:40:09 +0000
Subject: [gnutls-devel] GnuTLS | `--priority` mishandling with hybrid
 key exchanges (#1602)
In-Reply-To: <issue_155608457@gitlab.com>
References: <reply-cad50e5ecee235b397b2c6e1194d5348@gitlab.com>
 <issue_155608457@gitlab.com>
Message-ID: <mailman.2068.1730457621.18299.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno with merge request !1892 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1892)
Issue #1602: https://gitlab.com/gnutls/gnutls/-/issues/1602

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1602
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/f46720cb/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 11:40:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 10:40:08 +0000
Subject: [gnutls-devel] GnuTLS | key_share: detect overlap of PK types
 in hybrid groups (!1892)
In-Reply-To: <merge_request_339026387@gitlab.com>
References: <reply-f79757d4056d7b0ae8d2acebf135a509@gitlab.com>
 <merge_request_339026387@gitlab.com>
Message-ID: <mailman.2069.1730457628.18299.gnutls-devel@lists.gnutls.org>



Merge request !1892 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892
Project:Branches: dueno/gnutls:wip/dueno/kem-group-ordering to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1892
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/1e8886b6/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  1 12:09:58 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 11:09:58 +0000
Subject: [gnutls-devel] GnuTLS | Update liboqs version requirement to
 0.11.0 to support final version of ML-KEM (!1883)
In-Reply-To: <merge_request_332441367@gitlab.com>
References: <reply-c59c242f964b1105ed90b71fb4e88488@gitlab.com>
 <merge_request_332441367@gitlab.com>
Message-ID: <mailman.2071.1730459410.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1883 was reviewed by Geert Hendrickx

--
  
Geert Hendrickx commented on a discussion on lib/ext/supported_groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883#note_2189104668

 > -						} else if (IS_EC(group->pk)) {
 > +						} else if (IS_EC(group->pk) ||
 > +							   IS_KEM(group->pk)) {

Yes, that fixes it, thanks!


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1883
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/793960f5/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Nov  2 00:54:44 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 01 Nov 2024 23:54:44 +0000
Subject: [gnutls-devel] GnuTLS | certtool - no x509v3 extensions copied
 from template file - honor_crq_extensions makes no difference (#1600)
In-Reply-To: <issue_155419213@gitlab.com>
References: <reply-cf3fd288a191aa6f5f4ee246d5e323a8@gitlab.com>
 <issue_155419213@gitlab.com>
Message-ID: <mailman.2073.1730505328.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1600#note_2189837626


Yeah, I think this is a generalization of #1550. It would make sense to have more control over which extensions are copied.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1600#note_2189837626
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241101/c30c9a17/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Nov  2 04:14:31 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Nov 2024 03:14:31 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893)
References: <reply-9a56e2d654cf50d5c84f548b4a3eb962@gitlab.com>
Message-ID: <mailman.2076.1730517313.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893

Project:Branches: dueno/gnutls:wip/dueno/release-3.8.8 to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Release 3.8.8

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241102/bce002eb/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Nov  2 08:29:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 02 Nov 2024 07:29:20 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893)
In-Reply-To: <merge_request_339192759@gitlab.com>
References: <reply-4987b193680cf9339afdd6eed1a77fbc@gitlab.com>
 <merge_request_339192759@gitlab.com>
Message-ID: <mailman.2077.1730532602.18299.gnutls-devel@lists.gnutls.org>



Alexander Sosedkin and Zolt?n Fridrich were added as reviewers.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241102/db33496e/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov  3 17:17:58 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 03 Nov 2024 16:17:58 +0000
Subject: [gnutls-devel] GnuTLS | multiple certificates containing
 wildcards - squid 5.7 error (#1599)
In-Reply-To: <issue_155402929@gitlab.com>
References: <reply-1098b45c2501ba3968359acb3b7e2360@gitlab.com>
 <issue_155402929@gitlab.com>
Message-ID: <mailman.2081.1730650720.18299.gnutls-devel@lists.gnutls.org>




Mihael Milea commented: https://gitlab.com/gnutls/gnutls/-/issues/1599#note_2191286209


This is the bug report related to squid and I was sent here:
https://bugs.squid-cache.org/show_bug.cgi?id=5467

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1599#note_2191286209
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241103/162ba4f3/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov  4 11:25:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Nov 2024 10:25:33 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893)
In-Reply-To: <merge_request_339192759@gitlab.com>
References: <reply-a78d269e6806a6344d466f835c012b0e@gitlab.com>
 <merge_request_339192759@gitlab.com>
Message-ID: <mailman.2091.1730715944.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191960209


@ZoltanFridrich @asosedkin could you review?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191960209
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241104/8ab507aa/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov  4 11:40:48 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Nov 2024 10:40:48 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893)
In-Reply-To: <merge_request_339192759@gitlab.com>
References: <reply-64097708c18248c40cdbb12cc006ca2a@gitlab.com>
 <merge_request_339192759@gitlab.com>
Message-ID: <mailman.2093.1730716864.18299.gnutls-devel@lists.gnutls.org>



Merge request !1893 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893
Project:Branches: dueno/gnutls:wip/dueno/release-3.8.8 to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241104/a5318beb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Nov  4 11:41:04 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 04 Nov 2024 10:41:04 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893)
In-Reply-To: <merge_request_339192759@gitlab.com>
References: <reply-9e12df3474414f6424d8dab3507d6c17@gitlab.com>
 <merge_request_339192759@gitlab.com>
Message-ID: <mailman.2096.1730716874.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191992736


Seems fine.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893#note_2191992736
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241104/7c9362fc/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 01:01:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 00:01:01 +0000
Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c
 (!1875)
In-Reply-To: <merge_request_327168556@gitlab.com>
References: <reply-604ce5fc8d6c109c56829ba06f2b614d@gitlab.com>
 <merge_request_327168556@gitlab.com>
Message-ID: <mailman.2102.1730764906.18299.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/f215e763/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 01:03:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 00:03:07 +0000
Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c
 (!1875)
In-Reply-To: <merge_request_327168556@gitlab.com>
References: <reply-f85656aa76dc99751f480c6c2b3d809b@gitlab.com>
 <merge_request_327168556@gitlab.com>
Message-ID: <mailman.2103.1730764997.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875#note_2193257878


Patch included in !1893.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875#note_2193257878
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/3f647957/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 01:03:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 00:03:08 +0000
Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c
 (!1875)
In-Reply-To: <merge_request_327168556@gitlab.com>
References: <reply-dd4c895ee6e7300b081d4dfb9e9df6cf@gitlab.com>
 <merge_request_327168556@gitlab.com>
Message-ID: <mailman.2104.1730765030.18299.gnutls-devel@lists.gnutls.org>



Merge request !1875 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875
Project:Branches: d.meliksetyan/gnutls:master to gnutls/gnutls:master
Author: David Meliksetyan
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/c4eeb978/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 01:06:29 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 00:06:29 +0000
Subject: [gnutls-devel] GnuTLS | dlwrap: clarify the code generation is
 one time only [ci skip] (!1878)
In-Reply-To: <merge_request_329789787@gitlab.com>
References: <reply-6b75a08803e859520a4bab084384597d@gitlab.com>
 <merge_request_329789787@gitlab.com>
Message-ID: <mailman.2105.1730765230.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878#note_2193260674


This is a doc-only change; merging without approval.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878#note_2193260674
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/eeff877d/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 01:06:36 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 00:06:36 +0000
Subject: [gnutls-devel] GnuTLS | dlwrap: clarify the code generation is
 one time only [ci skip] (!1878)
In-Reply-To: <merge_request_329789787@gitlab.com>
References: <reply-c6d0eea777f367c0489bafd98e7d1d1b@gitlab.com>
 <merge_request_329789787@gitlab.com>
Message-ID: <mailman.2106.1730765236.18299.gnutls-devel@lists.gnutls.org>



Merge request !1878 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878
Project:Branches: dueno/gnutls:wip/dueno/dlwrap-doc to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/e354cdef/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 03:33:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 02:33:07 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.8 (!1893)
In-Reply-To: <merge_request_339192759@gitlab.com>
References: <reply-359986648efd4b7a0c738ea8b037473f@gitlab.com>
 <merge_request_339192759@gitlab.com>
Message-ID: <mailman.2109.1730774028.18299.gnutls-devel@lists.gnutls.org>



Merge request !1893 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893
Project:Branches: dueno/gnutls:wip/dueno/release-3.8.8 to gnutls/gnutls:master
Author: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1893
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/22ef87ea/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 05:26:26 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 04:26:26 +0000
Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls
 version - 3.8.3) (#1578)
In-Reply-To: <issue_153004810@gitlab.com>
References: <reply-d0d132ddd3524a6294d3bae16ea413b5@gitlab.com>
 <issue_153004810@gitlab.com>
Message-ID: <mailman.2110.1730780803.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2193538775


Fixed as part of !1875 ? !1893.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2193538775
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/91e51c9b/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 05:26:23 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 04:26:23 +0000
Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls
 version - 3.8.3) (#1578)
In-Reply-To: <issue_153004810@gitlab.com>
References: <reply-cbff5450f14fad7fb18a21da8c854711@gitlab.com>
 <issue_153004810@gitlab.com>
Message-ID: <mailman.2111.1730780826.18299.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno
Issue #1578: https://gitlab.com/gnutls/gnutls/-/issues/1578

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/1723adc5/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 05:27:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 04:27:14 +0000
Subject: [gnutls-devel] GnuTLS | Dereference of null at privkey.c
 (gnutls version - 3.8.3) (#1579)
In-Reply-To: <issue_153007372@gitlab.com>
References: <reply-754160efdebb7dbf863828963147bc7b@gitlab.com>
 <issue_153007372@gitlab.com>
Message-ID: <mailman.2112.1730780847.18299.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.9 (Nov 5, 2024?Jan 5, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/47 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1579
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/2676ec40/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 05:27:31 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 04:27:31 +0000
Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket
 authentication algorithm (#1482)
In-Reply-To: <issue_127337459@gitlab.com>
References: <reply-f309b20887b71f71c80ae99e7a329636@gitlab.com>
 <issue_127337459@gitlab.com>
Message-ID: <mailman.2113.1730780861.18299.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.9 (Nov 5, 2024?Jan 5, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/47 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/e67757ec/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov  5 14:19:36 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 05 Nov 2024 13:19:36 +0000
Subject: [gnutls-devel] GnuTLS | Android build failing with latest NDK
 (`mktime_z`) (#1603)
References: <reply-6df06974f240259b7f8c1933655c4044@gitlab.com>
Message-ID: <mailman.2117.1730812819.18299.gnutls-devel@lists.gnutls.org>



Arthur Khachaturov created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1603



## Description of problem:
`timezone_t` struct [was introduced](https://android.googlesource.com/platform/bionic/+/HEAD/docs/status.md) in NDK r27, but `mktime_z()` is only available for API >= 35. GnuTLS expects `mktime_z()` if target has `timezone_t` symbol.

## Version of gnutls used:
3.7.11, 3.8.8


## How reproducible:

Steps to Reproduce:

* Download Android NDK r27c from Google website
* Try to build GnuTLS with NDK toolchain with `-D__ANDROID_API__=34` or less

## Actual results:
`./configure` correctly identifies that `timezone_t` struct exists, and build process then fails:
<details><summary>Build log</summary>
<pre><code>../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:1195:17: error: call to undeclared function 'mktime_z'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
 1195 |             t = mktime_z (tz, &ltm);
      |                 ^
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:1195:17: note: did you mean 'mktime'?
/home/wzray/Projects/ics-openconnect/external/openconnect/android/x86_64-linux-android/sysroot/usr/../usr/include/time.h:159:8: note: 'mktime' declared here
  159 | time_t mktime(struct tm* _Nonnull __tm);
      |        ^
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:593:16: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  593 |          ? (a) < (tmax) / (b) \
      |            ~~~ ^ ~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:597:13: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  594 |          : ((INT_NEGATE_OVERFLOW (b) \
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  595 |              ? _GL_INT_CONVERT (b, tmax) >> (TYPE_WIDTH (+ (b)) - 1) \
      |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  596 |              : (tmax) / -(b)) \
      |              ~~~~~~~~~~~~~~~~
  597 |             <= -1 - (a))) \
      |             ^  ~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 9223372036854775807 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:601:35: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  601 |          : 0 < (a) && -1 - (tmin) < (a) - 1) \
      |                       ~~~~~~~~~~~ ^ ~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:602:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  602 |       : (tmin) / (b) < (a)) \
      |         ~~~~~~~~~~~~ ^ ~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:510:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  510 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 |                            long int, LONG_MIN, LONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:609:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  609 |       : (tmax) / (b) < (a)))
      |         ~~~~~~~~~~~~ ^ ~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:593:16: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  593 |          ? (a) < (tmax) / (b) \
      |            ~~~ ^ ~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:597:13: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  594 |          : ((INT_NEGATE_OVERFLOW (b) \
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  595 |              ? _GL_INT_CONVERT (b, tmax) >> (TYPE_WIDTH (+ (b)) - 1) \
      |              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  596 |              : (tmax) / -(b)) \
      |              ~~~~~~~~~~~~~~~~
  597 |             <= -1 - (a))) \
      |             ^  ~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 9223372036854775807 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:601:35: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  601 |          : 0 < (a) && -1 - (tmin) < (a) - 1) \
      |                       ~~~~~~~~~~~ ^ ~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant -922337203685477580 with expression of type 'int' is always true [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:602:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  602 |       : (tmin) / (b) < (a)) \
      |         ~~~~~~~~~~~~ ^ ~~~
../../../../sources/gnutls-3.7.11/src/gl/nstrftime.c:692:19: warning: result of comparison of constant 922337203685477580 with expression of type 'int' is always false [-Wtautological-constant-out-of-range-compare]
  692 |               if (INT_MULTIPLY_WRAPV (width, 10, &width)
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:416:34: note: expanded from macro 'INT_MULTIPLY_WRAPV'
  416 |    _GL_INT_OP_WRAPV (a, b, r, *, _GL_INT_MULTIPLY_RANGE_OVERFLOW)
      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:505:45: note: expanded from macro '_GL_INT_OP_WRAPV'
  505 |     : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow))
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:515:41: note: expanded from macro '_GL_INT_OP_WRAPV_LONGISH'
  515 |         ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \
      |           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  516 |                            long long int, LLONG_MIN, LLONG_MAX) \
      |                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:534:4: note: expanded from macro '_GL_INT_OP_CALC'
  534 |   (overflow (a, b, tmin, tmax) \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../sources/gnutls-3.7.11/src/gl/intprops.h:609:22: note: expanded from macro '_GL_INT_MULTIPLY_RANGE_OVERFLOW'
  609 |       : (tmax) / (b) < (a)))
      |         ~~~~~~~~~~~~ ^ ~~~
10 warnings and 1 error generated.

</code></pre>

</details>

## Expected results:

A successful build

This patch for NDK can help work around this issue:
<details><summary>Patch</summary>

<pre><code>--- a/include/time.h
+++ b/include/time.h
@@ -39,6 +39,7 @@

 __BEGIN_DECLS

+#if __ANDROID_API__ >= 35
 /* If we just use void* in the typedef, the compiler exposes that in error messages. */
 struct __timezone_t;

@@ -50,6 +51,7 @@
  * to remove the pointer.
  */
 typedef struct __timezone_t* timezone_t;
+#endif

 /** Divisor to compute seconds from the result of a call to clock(). */
 #define CLOCKS_PER_SEC 1000000
</code></pre>

</details>

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1603
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241105/af5767ee/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:19:56 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:19:56 +0000
Subject: [gnutls-devel] GnuTLS | Android build failing with latest NDK
 (mktime_z) (#1603)
In-Reply-To: <issue_156847006@gitlab.com>
References: <reply-147ba43a912a0f27b0b844d67db2adff@gitlab.com>
 <issue_156847006@gitlab.com>
Message-ID: <mailman.2130.1730870439.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1603#note_2195813036


In GnuTLS, the corresponding code is mechanically [imported](https://www.gnu.org/software/gnulib/MODULES.html#module=time_rz) from Gnulib; could you report it to the [bug-gnulib](https://lists.gnu.org/mailman/listinfo/bug-gnulib) mailing list?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1603#note_2195813036
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/0c01e730/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:29:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:29:37 +0000
Subject: [gnutls-devel] GnuTLS | fips: Mark gnutls_hash_fast as approved
 in FIPS SLI (!1888)
In-Reply-To: <merge_request_336367830@gitlab.com>
References: <reply-9d5f2c8c0d1d3dad0fbb2dbc40f6c54c@gitlab.com>
 <merge_request_336367830@gitlab.com>
Message-ID: <mailman.2131.1730871018.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1888 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1888

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1888
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/e95c4173/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:29:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:29:46 +0000
Subject: [gnutls-devel] GnuTLS | fips: Mark gnutls_hash_fast as approved
 in FIPS SLI (!1888)
In-Reply-To: <merge_request_336367830@gitlab.com>
References: <reply-9c45d79f7bbbabbbaa85238db27dbeda@gitlab.com>
 <merge_request_336367830@gitlab.com>
Message-ID: <mailman.2132.1730871026.18299.gnutls-devel@lists.gnutls.org>



Merge request !1888 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1888
Project:Branches: ayankov/gnutls:fips/gnutls_hash_fast_approved to gnutls/gnutls:master
Author: Angel Yankov

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1888
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/6f847b0c/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:32:13 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:32:13 +0000
Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys
 with modulus >= 2048 bits (!1889)
In-Reply-To: <merge_request_336368579@gitlab.com>
References: <reply-4574b2f594b0f47ddbbe1dd487ce5d88@gitlab.com>
 <merge_request_336368579@gitlab.com>
Message-ID: <mailman.2133.1730871174.18299.gnutls-devel@lists.gnutls.org>



Merge request !1889 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889
Project:Branches: ayankov/gnutls:fips/rsa2048 to gnutls/gnutls:master
Author: Angel Yankov
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/f5f3867e/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:32:41 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:32:41 +0000
Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys
 with modulus >= 2048 bits (!1889)
In-Reply-To: <merge_request_336368579@gitlab.com>
References: <reply-3f9a93313e4d165d43e4d8a6955c0d15@gitlab.com>
 <merge_request_336368579@gitlab.com>
Message-ID: <mailman.2134.1730871202.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195821761


Thanks; could you retrigger the CI?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195821761
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/28342840/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:33:50 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:33:50 +0000
Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS
 mode. (!1890)
In-Reply-To: <merge_request_336647469@gitlab.com>
References: <reply-a7b9f2b8e07349fe47bc4c5f67b22999@gitlab.com>
 <merge_request_336647469@gitlab.com>
Message-ID: <mailman.2137.1730871240.18299.gnutls-devel@lists.gnutls.org>



Merge request !1890 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890
Project:Branches: ayankov/gnutls:fips/no_dsa_selftest to gnutls/gnutls:master
Author: Angel Yankov
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/3dc6963d/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:33:53 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:33:53 +0000
Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS
 mode. (!1890)
In-Reply-To: <merge_request_336647469@gitlab.com>
References: <reply-07c42313170241185bc5ae28afbdd1c5@gitlab.com>
 <merge_request_336647469@gitlab.com>
Message-ID: <mailman.2138.1730871243.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2195822484


Could you retrigger the CI?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2195822484
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/bf0a249a/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:37:57 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:37:57 +0000
Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys
 with modulus >= 2048 bits (!1889)
In-Reply-To: <merge_request_336368579@gitlab.com>
References: <reply-1232ebe925ce1fdaa6b7586c584d36b6@gitlab.com>
 <merge_request_336368579@gitlab.com>
Message-ID: <mailman.2139.1730871518.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195824861

 >  		bits = mpz_sizeinbase(pub.n, 2);
 >  
 >  		/* In FIPS 140-3, RSA key size should be larger than
 >  			 * 2048-bit or one of the known lengths (1024, 1280,

The comment should be updated.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2195824861
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/d04500ba/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:40:26 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:40:26 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for
 SigVer in FIPS mode (!1891)
In-Reply-To: <merge_request_336648172@gitlab.com>
References: <reply-8a0ad1ff2b21878e565d1e7785a6c36f@gitlab.com>
 <merge_request_336648172@gitlab.com>
Message-ID: <mailman.2140.1730871637.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 was reviewed by Daiki Ueno

--
  
Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2195826326

 >  
 > -		/* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
 > +		/* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy

Maybe remove this comment entirely, as it was an excuse to keep SHA1 here.

--
  
Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2195826329

 >  
 > +		/* Only SHA-2 is allowed in FIPS 140-3 */
 > +		if (DIG_TO_MAC(sign_params->dsa_dig) == GNUTLS_MAC_SHA1) {

I'd prefer to use `switch` and enumerate all SHA-2 algorithms, rather than special casing SHA-1.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/27a48998/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:40:50 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:40:50 +0000
Subject: [gnutls-devel] GnuTLS | fips: Mark operations using P-192 as
 not approved (!1887)
In-Reply-To: <merge_request_336319959@gitlab.com>
References: <reply-4fe400310583b68912e5d348921b5f8e@gitlab.com>
 <merge_request_336319959@gitlab.com>
Message-ID: <mailman.2143.1730871660.18299.gnutls-devel@lists.gnutls.org>



Merge request !1887 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1887
Project:Branches: ayankov/gnutls:fips/p192-disabled to gnutls/gnutls:master
Author: Angel Yankov
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/dbea0974/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 06:42:50 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 05:42:50 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
References: <reply-5e40cea42a986607cdb3c2d7b8731d4c@gitlab.com>
Message-ID: <mailman.2144.1730871782.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894

Project:Branches: dueno/gnutls:wip/dueno/assorted-fixes to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* gnulib: update gnulib submodule
* dlwrap: regenerate files
* gnutls_privkey_get_spki: avoid NULL dereference in invalid call
* gnutls-cli-debug: skip GOST and X25519 tests in FIPS mode

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/e8ed36f8/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 09:19:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 08:19:54 +0000
Subject: [gnutls-devel] GnuTLS | Subnet mask analysis (#1596)
In-Reply-To: <note_2187740984@gitlab.com>
References: <reply-57c8302d0c6a9d9962333871d3db3a53@gitlab.com>
 <issue_155109060@gitlab.com> <note_2183578077@gitlab.com>
 <note_2187740984@gitlab.com>
Message-ID: <mailman.2146.1730881235.18299.gnutls-devel@lists.gnutls.org>




dulanshuangqiao commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1596#note_2196061189


I used the provided test path and found that the use case passed the gnutls verification, but the Nameconstraint of the use case had an incorrect subnet mask.

I executed
certtool --verify --infile E_mask.pem --load-ca-certificate E_maskCA.pem
And got the output
Chain verification output: Verified. The certificate is trusted.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1596#note_2196061189
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/519c914b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 09:51:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 08:51:20 +0000
Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys
 with modulus >= 2048 bits (!1889)
In-Reply-To: <note_2196116254@gitlab.com>
References: <reply-774341e6423486d3204b82c3a7998612@gitlab.com>
 <merge_request_336368579@gitlab.com> <note_2195824861@gitlab.com>
 <note_2196116254@gitlab.com>
Message-ID: <mailman.2149.1730883121.18299.gnutls-devel@lists.gnutls.org>




Angel Yankov commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2196117555

 >  		bits = mpz_sizeinbase(pub.n, 2);
 >  
 >  		/* In FIPS 140-3, RSA key size should be larger than
 >  			 * 2048-bit or one of the known lengths (1024, 1280,

Updated to remove the false block sizes.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889#note_2196117555
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/19c13ec3/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 09:53:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 08:53:01 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for
 SigVer in FIPS mode (!1891)
In-Reply-To: <note_2195826326@gitlab.com>
References: <reply-6e25e1b943b06934b6f49484335e9ca5@gitlab.com>
 <merge_request_336648172@gitlab.com> <note_2195826326@gitlab.com>
Message-ID: <mailman.2150.1730883192.18299.gnutls-devel@lists.gnutls.org>




Angel Yankov commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2196121701

 >  		if (hash_len > vdata->size)
 >  			hash_len = vdata->size;
 >  
 > -		/* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
 > +		/* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy

Good point, there is no reason for it now.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2196121701
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/a966c402/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 11:48:45 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 10:48:45 +0000
Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys
 with modulus >= 2048 bits (!1889)
In-Reply-To: <merge_request_336368579@gitlab.com>
References: <reply-844bac1cd685b5b623a34f7826cf871e@gitlab.com>
 <merge_request_336368579@gitlab.com>
Message-ID: <mailman.2155.1730890168.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1889 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1889

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/c734913e/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 11:49:26 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 10:49:26 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for
 SigVer in FIPS mode (!1891)
In-Reply-To: <merge_request_336648172@gitlab.com>
References: <reply-e4dbf183ad4836fd8c1a7f99673ada3e@gitlab.com>
 <merge_request_336648172@gitlab.com>
Message-ID: <mailman.2156.1730890177.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1891 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1891

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/3b890de1/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 11:49:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 10:49:05 +0000
Subject: [gnutls-devel] GnuTLS | fips: Allow SigVer only with RSA keys
 with modulus >= 2048 bits (!1889)
In-Reply-To: <merge_request_336368579@gitlab.com>
References: <reply-1b1277e1959050a5df645673ac49c2cf@gitlab.com>
 <merge_request_336368579@gitlab.com>
Message-ID: <mailman.2159.1730890185.18299.gnutls-devel@lists.gnutls.org>



Merge request !1889 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889
Project:Branches: ayankov/gnutls:fips/rsa2048 to gnutls/gnutls:master
Author: Angel Yankov

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1889
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/e77ba911/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov  6 11:50:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 06 Nov 2024 10:50:14 +0000
Subject: [gnutls-devel] GnuTLS | fips: Mark operations using P-192 as
 not approved (!1887)
In-Reply-To: <merge_request_336319959@gitlab.com>
References: <reply-f978d2ade39f2ed28bcea1a9e863bb24@gitlab.com>
 <merge_request_336319959@gitlab.com>
Message-ID: <mailman.2160.1730890254.18299.gnutls-devel@lists.gnutls.org>



Merge request !1887 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1887
Project:Branches: ayankov/gnutls:fips/p192-disabled to gnutls/gnutls:master
Author: Angel Yankov

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1887
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/07edbd2e/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov  7 14:15:02 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 07 Nov 2024 13:15:02 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-e2c941f03ccc2dd9a56a055226e127a5@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2169.1730985343.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich were added as reviewers.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241107/1582857c/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:16:18 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:16:18 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-85a4c5d31da070af1daa0347a98185ca@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2183.1731064589.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1894 was reviewed by Zolt?n Fridrich

--
  
Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973717

 > +/*
 > + * This file is part of GNUTLS.

Maybe also add the copyright line and author name?

--
  
Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973735

 > +#include "liboqs/sha3x4.h"
 > +
 > +#include "dlwrap/oqs.h"

Includes could be sorted.

--
  
Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973750

 > +		return;
 > +
 > +	for (size_t i = 0; i < 4; i++) {

I think we don't use the syntax of declaring vars in for loops.
I am not sure if it matters though.

--
  
Zolt?n Fridrich started a new discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973763

 > +		return;
 > +
 > +	for (size_t i = 0; i < 4; i++) {

maybe better to do something similar to `sizeof(p->hds) / sizeof(p->hds[0])` rather then hard coding. Also change this in other functions.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/be122388/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:16:19 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:16:19 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-a776712a650ebeef48bb632d7ea67956@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2186.1731064620.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973776


Mostly nits.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200973776
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/8a3197e0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:33:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:33:01 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2200973717@gitlab.com>
References: <reply-06022e89cfa00d7bb7f1629614408fec@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973717@gitlab.com>
Message-ID: <mailman.2187.1731065592.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998447

 > +/*
 > + * This file is part of GNUTLS.

Good point. @d-Dudas, could you let me know what copyright header you would prefer? Is "Copyright (C) 2024 David Dudas" ok?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998447
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/8b71bd41/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:33:17 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:33:17 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2200973735@gitlab.com>
References: <reply-a0d9159cbb8e0b64e5c1d06474c0edb9@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973735@gitlab.com>
Message-ID: <mailman.2188.1731065640.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998830

 > + *
 > + * This library is distributed in the hope that it will be useful, but
 > + * WITHOUT ANY WARRANTY; without even the implied warranty of
 > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 > + * Lesser General Public License for more details.
 > + *
 > + * You should have received a copy of the GNU Lesser General Public License
 > + * along with this program.  If not, see <https://www.gnu.org/licenses/>
 > + *
 > + */
 > +
 > +#include "config.h"
 > +
 > +#include "liboqs/sha3x4.h"
 > +
 > +#include "dlwrap/oqs.h"

Fixed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200998830
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/24b8b147/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:34:09 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:34:09 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2200993738@gitlab.com>
References: <reply-eb66e27139c8cccc24eb662383f181b8@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973750@gitlab.com>
 <note_2200993738@gitlab.com>
Message-ID: <mailman.2191.1731065660.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200999999

 > +#include "dlwrap/oqs.h"
 > +#include <gnutls/crypto.h>
 > +#include "gnutls_int.h"
 > +#include <string.h>
 > +#include "attribute.h"
 > +
 > +struct sha3_x4_context_st {
 > +	gnutls_hash_hd_t hds[4];
 > +};
 > +
 > +static void sha3_x4_context_deinit(struct sha3_x4_context_st *context)
 > +{
 > +	if (!context)
 > +		return;
 > +
 > +	for (size_t i = 0; i < 4; i++) {

That should be OK, as long as CONTRIBUTING.md suggests C99.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2200999999
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/63ae5218/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:35:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:35:08 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2200993746@gitlab.com>
References: <reply-3ffa81088e95ae265f94584969cd4511@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973763@gitlab.com>
 <note_2200993746@gitlab.com>
Message-ID: <mailman.2192.1731065719.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201001370

 > +#include "dlwrap/oqs.h"
 > +#include <gnutls/crypto.h>
 > +#include "gnutls_int.h"
 > +#include <string.h>
 > +#include "attribute.h"
 > +
 > +struct sha3_x4_context_st {
 > +	gnutls_hash_hd_t hds[4];
 > +};
 > +
 > +static void sha3_x4_context_deinit(struct sha3_x4_context_st *context)
 > +{
 > +	if (!context)
 > +		return;
 > +
 > +	for (size_t i = 0; i < 4; i++) {

The file is about 4-parallel SHAKE implementation, so I just defined a macro `SHA3_N` (= 4).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201001370
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/78afc914/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 12:38:13 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 11:38:13 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2200998447@gitlab.com>
References: <reply-dd752566a88180483e6b8e4fc6c5b1ed@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973717@gitlab.com>
 <note_2200998447@gitlab.com>
Message-ID: <mailman.2195.1731065937.18299.gnutls-devel@lists.gnutls.org>




David Dudas commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201005728

 > +/*
 > + * This file is part of GNUTLS.

I think "Copyright (C) 2024 David Dudas" it's ok.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201005728
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/74c6a382/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 13:08:08 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 12:08:08 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-3b216d47b1fcba7269381dbd09823493@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2196.1731067730.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1894 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1894

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/ba850b1d/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 14:00:38 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 13:00:38 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2201005728@gitlab.com>
References: <reply-b011a79f894fdd3d3f6e6d2c92bd5b12@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973717@gitlab.com>
 <note_2200998447@gitlab.com> <note_2201005728@gitlab.com>
Message-ID: <mailman.2197.1731070881.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201146735

 > +/*
 > + * This file is part of GNUTLS.

It would be better if copyrights were assigned to the FSF, IMHO.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201146735
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/d86a7ca4/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 14:21:12 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 13:21:12 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2201146735@gitlab.com>
References: <reply-1b5a65d3df1139e120624515ad228228@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973717@gitlab.com>
 <note_2200998447@gitlab.com> <note_2201005728@gitlab.com>
 <note_2201146735@gitlab.com>
Message-ID: <mailman.2198.1731072112.18299.gnutls-devel@lists.gnutls.org>




David Dudas commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201181556

 > +/*
 > + * This file is part of GNUTLS.

For me it's ok if it's assigned to FSF.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201181556
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/5eb56d09/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 15:15:52 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 14:15:52 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <note_2201181556@gitlab.com>
References: <reply-3bdcbcc7ba565df811bee8013c60327e@gitlab.com>
 <merge_request_340877629@gitlab.com> <note_2200973717@gitlab.com>
 <note_2200998447@gitlab.com> <note_2201005728@gitlab.com>
 <note_2201146735@gitlab.com> <note_2201181556@gitlab.com>
Message-ID: <mailman.2199.1731075394.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/liboqs/sha3x4.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201280826

 > +/*
 > + * This file is part of GNUTLS.

TBH, I'm not sure if that would work. Do we need to follow the full copyright assignment [procedure](https://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html#Copyright-Papers), or we can casually use "Copyright (C) 2024 Free Software Foundation, Inc."? In particular for a project like GnuTLS which [declared](https://lwn.net/Articles/529522/) to be not part of GNU?

(I didn't participate in the decision process at the time, and I personally hope that GnuTLS will rejoin the GNU project at some point)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894#note_2201280826
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/4e322d8f/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 15:34:10 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 14:34:10 +0000
Subject: [gnutls-devel] GnuTLS | Draft: My master (!1895)
References: <reply-3f39ebe9418d43c0a351007fb0adf6ab@gitlab.com>
Message-ID: <mailman.2202.1731076492.18299.gnutls-devel@lists.gnutls.org>



Angel Yankov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895

Project:Branches: ayankov/gnutls:my_master to gnutls/gnutls:master
Author:   Angel Yankov




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->



## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/1ee82b5e/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 15:35:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 14:35:20 +0000
Subject: [gnutls-devel] GnuTLS | Draft: My master (!1895)
In-Reply-To: <merge_request_341652900@gitlab.com>
References: <reply-592310710a44b0c4e9a97938041cfa42@gitlab.com>
 <merge_request_341652900@gitlab.com>
Message-ID: <mailman.2203.1731076561.18299.gnutls-devel@lists.gnutls.org>



Merge request !1895 was closed by Angel Yankov
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895
Project:Branches: ayankov/gnutls:my_master to gnutls/gnutls:master
Author: Angel Yankov
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/9c551d94/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 15:36:02 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 14:36:02 +0000
Subject: [gnutls-devel] GnuTLS | Draft: My master (!1895)
In-Reply-To: <merge_request_341652900@gitlab.com>
References: <reply-4f951522b1a650c30b3ff951deee2c80@gitlab.com>
 <merge_request_341652900@gitlab.com>
Message-ID: <mailman.2204.1731076574.18299.gnutls-devel@lists.gnutls.org>




Angel Yankov commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895#note_2201320114


Please nevermind this, I mixed up where I was pushing..

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1895#note_2201320114
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/e40c78be/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 15:38:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 14:38:05 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for
 SigVer in FIPS mode (!1891)
In-Reply-To: <merge_request_336648172@gitlab.com>
References: <reply-76dce29ce0e5feb9c45d076d471368ff@gitlab.com>
 <merge_request_336648172@gitlab.com>
Message-ID: <mailman.2205.1731076725.18299.gnutls-devel@lists.gnutls.org>



Merge request !1891 was closed by Angel Yankov
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891
Project:Branches: ayankov/gnutls:fips/sha1_sigver to gnutls/gnutls:master
Author: Angel Yankov
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/80c8a37a/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 15:38:07 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 14:38:07 +0000
Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS
 mode. (!1890)
In-Reply-To: <merge_request_336647469@gitlab.com>
References: <reply-c94e09bbe35adac5bdbd569e5ff1b76d@gitlab.com>
 <merge_request_336647469@gitlab.com>
Message-ID: <mailman.2206.1731076727.18299.gnutls-devel@lists.gnutls.org>



Merge request !1890 was closed by Angel Yankov
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890
Project:Branches: ayankov/gnutls:fips/no_dsa_selftest to gnutls/gnutls:master
Author: Angel Yankov
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/51ddcb66/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Nov  8 16:45:23 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 08 Nov 2024 15:45:23 +0000
Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test.
 (!1896)
References: <reply-ef1f303e75da2df13970a0dd3439d5b5@gitlab.com>
Message-ID: <mailman.2210.1731080763.18299.gnutls-devel@lists.gnutls.org>



Angel Yankov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1896

Project:Branches: ayankov/gnutls:fips/full_hash_sign to gnutls/gnutls:master
Author:   Angel Yankov




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This was required by our FIPS auditor. 
I couldn't get a handle on how it's mandated by changes in the standard, 
but apparently this is better, since it's not calling the crypto operations 
piece by piece.

* Use full hash+sign operations in pct_test.

pct_test inside fips uses low-level, separate primitves
for some hasing and signing. Replace them with high-level,
more specific APIs.

Signed-off-by: Angel Yankov <angel.yankov at suse.com>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1896
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241108/2bf2ae42/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 10 08:49:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 10 Nov 2024 07:49:39 +0000
Subject: [gnutls-devel] GnuTLS | error: initializer element is not a
 compile-time constant (#1604)
References: <reply-71dc5a9092c939d465d12fea61bdbd0a@gitlab.com>
Message-ID: <mailman.2233.1731225020.18299.gnutls-devel@lists.gnutls.org>



Ryan Carsten Schmidt created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1604



gnutls 3.8.8 does not build on macOS 14 or earlier:

```
libtool: compile:  /usr/bin/clang -DHAVE_CONFIG_H -I. -I../.. -I./../../gl -I./../../gl -I./../includes -I./../includes -I./../../gl -I./.. -I/opt/local/include -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk -Wtype-limits -Wall -Wbad-function-cast -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wextra -Winit-self -Winvalid-pch -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wuninitialized -Wunknown-pragmas -Wvariadic-macros -Wwrite-strings -Wformat=2 -Wno-missing-field-initializers -Wno-unused-parameter -fdiagnostics-show-option -fno-builtin-strcmp -I/opt/local/include/p11-kit-1 -pipe -Os -isysroot/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk -arch x86_64 -c mac.c  -fno-common -DPIC -o .libs/mac.o
groups.c:93:2: error: initializer element is not a compile-time constant
        group_x25519,
        ^~~~~~~~~~~~
1 error generated.
make[4]: *** [groups.lo] Error 1
```

Full log: https://build.macports.org/builders/ports-14_x86_64-builder/builds/50991/steps/install-port/logs/stdio

Regression; 3.8.7 built ok.

Presumably caused by 806dd5e3d459e7ca73ba0756286b095e655d82e2 (@dueno)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1604
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241110/0f63d10e/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 10 11:35:16 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 10 Nov 2024 10:35:16 +0000
Subject: [gnutls-devel] GnuTLS | error: initializer element is not a
 compile-time constant (#1604)
In-Reply-To: <issue_157077612@gitlab.com>
References: <reply-1eb7011336a23e61e75d586ab53fee01@gitlab.com>
 <issue_157077612@gitlab.com>
Message-ID: <mailman.2238.1731234962.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202522937


Also reported in https://lists.gnupg.org/pipermail/gnutls-help/2024-November/004866.html

As I couldn't reproduce it with Clang 18 on Fedora (and the element is really a compile-time constant), so using a newer Clang might work around the issue.

We could expand the definition of `group_x25519` in the initializer, though it would also pose a problem when compiled with --with-liboqs..

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202522937
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241110/3608372e/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 10 13:09:16 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 10 Nov 2024 12:09:16 +0000
Subject: [gnutls-devel] GnuTLS | Clarification on stable/unstable version
 numbering (#1605)
References: <reply-c0af9b4c496b9df01632fe8f43b55431@gitlab.com>
Message-ID: <mailman.2241.1731240597.18299.gnutls-devel@lists.gnutls.org>



Ryan Carsten Schmidt created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1605



[In the manual](https://www.gnutls.org/manual/html_node/Downloading-and-installing.html) it says:

> GnuTLS uses a development cycle where even minor version numbers indicate a stable release and a odd minor version number indicate a development release. For example, GnuTLS 1.6.3 denote a stable release since 6 is even, and GnuTLS 1.7.11 denote a development release since 7 is odd.

This is contracted by [the download page](https://www.gnutls.org/download.html) which says:

> | Release        | Version | ?
> | -------------- | ------- | -
> | Next?          | 3.8.x   | ?
> | Current stable | 3.7.x   | ?

Which is correct?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1605
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241110/6ad204a3/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 10 13:48:18 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 10 Nov 2024 12:48:18 +0000
Subject: [gnutls-devel] GnuTLS | error: initializer element is not a
 compile-time constant (#1604)
In-Reply-To: <issue_157077612@gitlab.com>
References: <reply-db953f0f734707d7f3a0f475d68b76ff@gitlab.com>
 <issue_157077612@gitlab.com>
Message-ID: <mailman.2242.1731242939.18299.gnutls-devel@lists.gnutls.org>




Ryan Carsten Schmidt commented: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202542748


We had build failure on macOS 14 with Apple clang version 15.0.0 (clang-1500.3.9.4) from Xcode 15.4 (which is based on llvm 16.0.0) and earlier, and build success on macOS 15 with Apple clang version 16.0.0 (clang-1600.0.26.3) from Xcode 16.0 (which is based on llvm 17.0.6).

So yes, I suspect using llvm.org clang 17 or later would work. But clang 17 is pretty new; it was released September 2023. Requiring it may cause problems for some users whose distributions do not have a compiler that new.

Does gnutls have a documented C language version or set of compiler features that it aims to remain compatible with? I didn't find it in the documentation and all I found in the configure script was a check for C99. Increasing the requirement from C99 to clang 17 would be drastic, especially in a bugfix release.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1604#note_2202542748
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241110/6b77b2be/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 07:01:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 06:01:14 +0000
Subject: [gnutls-devel] GnuTLS | 3.8.8 fails to compile system/ktls (#1606)
References: <reply-9157cd43a4200ca8283bebc3cee88be7@gitlab.com>
Message-ID: <mailman.2248.1731304915.18299.gnutls-devel@lists.gnutls.org>



????? ???????? created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1606



> ./configure --disable-ssl2-support --with-unbound-root-key-file=/usr/local/etc/unbound/root.key --with-default-trust-store-file=/etc/openssl/certs/ca-bundle.crt --with-default-trust-store-dir=/etc/openssl/certs --enable-ktls && make

results with gcc 14.2.1
```
make[4]: Entering directory '/src/gnutls-3.8.8/lib'                 
  CC       system/ktls.lo                                                                                                               
system/ktls.c: In function '_gnutls_ktls_set_keys':                                                                                     
system/ktls.c:662:68: error: storage size of 'crypto_info' isn't known                                                                  
  662 |                         struct tls12_crypto_info_chacha20_poly1305 crypto_info;
      |                                                                    ^~~~~~~~~~~                                                  system/ktls.c:666:33: error: 'TLS_CIPHER_CHACHA20_POLY1305' undeclared (first use in this function); did you mean 'GNUTLS_CIPHER_CHACHA2
0_POLY1305'?                                                                                                                            
  666 |                                 TLS_CIPHER_CHACHA20_POLY1305;           
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                    
      |                                 GNUTLS_CIPHER_CHACHA20_POLY1305               
system/ktls.c:666:33: note: each undeclared identifier is reported only once for each function it appears in
In file included from ./mbuffers.h:28,
                 from ./buffers.h:26,
                 from ./record.h:27,
                 from system/ktls.c:32:
system/ktls.c:668:32: error: 'TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE' undeclared (first use in this function); did you mean 'GNUTLS_CIPHE
R_CHACHA20_POLY1305'?
  668 |                                TLS_CIPHER_CHACHA20_POLY1305_KEY_SIZE);
      |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
system/ktls.c:674:40: error: 'TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE' undeclared (first use in this function); did you mean 'GNUTLS_CIPHER
_CHACHA20_POLY1305'?
  674 |                                        TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE);
      |                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                        GNUTLS_CIPHER_CHACHA20_POLY1305
system/ktls.c:678:40: error: 'TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE' undeclared (first use in this function); did you mean 'GNUTLS_CIPH
ER_CHACHA20_POLY1305'?
  678 |                                        TLS_CIPHER_CHACHA20_POLY1305_SALT_SIZE +
      |                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
system/ktls.c:690:32: error: 'TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE' undeclared (first use in this function); did you mean 'TLS_CIPH
ER_AES_GCM_128_REC_SEQ_SIZE'?
  690 |                                TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
      |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE
system/ktls.c:662:68: warning: unused variable 'crypto_info' [-Wunused-variable]
  662 |                         struct tls12_crypto_info_chacha20_poly1305 crypto_info;
      |                                                                    ^~~~~~~~~~~
system/ktls.c:837:68: error: storage size of 'crypto_info' isn't known
  837 |                         struct tls12_crypto_info_chacha20_poly1305 crypto_info;
      |                                                                    ^~~~~~~~~~~
system/ktls.c:837:68: warning: unused variable 'crypto_info' [-Wunused-variable]

```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1606
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/1eff06f7/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 09:51:15 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 08:51:15 +0000
Subject: [gnutls-devel] Guile-GnuTLS | doc/gnutls-guile: Update
 "Anonymous Authentication Guile Example" (!26)
In-Reply-To: <merge_request_321560527@gitlab.com>
References: <reply-a7301953d8d5ab6b59cdb3981c857f71@gitlab.com>
 <merge_request_321560527@gitlab.com>
Message-ID: <mailman.2253.1731315086.18299.gnutls-devel@lists.gnutls.org>



Merge request !26 was merged
Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/26
Project:Branches: a_v_p/guile-gnutls:avp-update-anonymous-authentication-guile-example to gnutls/guile:master
Author: Artyom V_ Poptsov

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/26
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/a99ffd28/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 10:30:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 09:30:06 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Do not list unimplemented
 public-key algorithms in pk-algorithm-list (!27)
References: <reply-f14d82b433feb7e6ad7a806cc33cf3ab@gitlab.com>
Message-ID: <mailman.2254.1731317417.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/27

Branches: fix-macos-build to master
Author:   Vivien Kraus Would Rather Not Be On Gitlab_com




It looks like pk-algorithm-list includes things that are not recognized as pk-algorithms in the Macos build.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/cebeeaa7/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 10:33:27 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 09:33:27 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Do not list unimplemented
 public-key algorithms in pk-algorithm-list (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-5d47525d6cea79eefcf6b62a0edf0674@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2255.1731317618.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203180483


Please disregard this, it should be solved at configure time instead.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203180483
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/fb8bf323/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 10:44:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 09:44:39 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-b007d726592db27c028ae6aa7477b290@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2256.1731318289.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !27 as draft

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/40d4b04e/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 10:58:16 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 09:58:16 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-a9622cab513665521effd001856a5550@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2257.1731319138.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203226540


https://gitlab.com/gnutls/guile/-/jobs/8322133379#L1118

It looks like on macos, there is a public-key algorithm number 13. Is it a new algorithm?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203226540
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/c807fbba/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:00:29 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:00:29 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-5dfe3dff12a3b9a4854cf229eb3cf6c2@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2258.1731319240.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203230295


13 is GNUTLS_PK_RSA_OAEP which is new, does macos really have it?  Then maybe something is wrong with the configure.ac detection logic.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203230295
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/cb218ca0/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:02:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:02:39 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-e3ed0d52b42db7700d82f94be0115518@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2261.1731319373.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203234110


Yes, seems like brew has 3.8.4 which has OAEP.  So I wonder why the configure.ac check works on all GNU/Linux platforms but not mac?!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203234110
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/8fc1847c/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:04:04 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:04:04 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-061c72aa154046028d2ba4a8f2130d54@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2262.1731319483.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203237188


(sorry I clicked the wrong button and it displays a review and not a comment)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203237188
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/e03ba630/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:05:12 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:05:12 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-9054e4db233956724ab2285aa9e382c9@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2263.1731319553.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203239372


All tests fail with the compiler chocking at `#include <gnutls/gnutls.h>` (`conftest.c:47:10: fatal error: 'gnutls/gnutls.h' file not found`)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203239372
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/538a10c6/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:10:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:10:39 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-2e890b3c3510e75bb9da333d570109c8@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2264.1731319881.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203250538


Oh.  I think configure.ac should reject that as a broken setup, rather than accepting it and then failing to detect all the symbols it wants to check for.  However since compilation succeeds, it doesn't look like a broken setup, but a bug in the configure.ac setting?  Probably missing CFLAGS's.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203250538
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/14eca59a/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:11:58 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:11:58 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: Check that all public-key
 algorithms returned by gnutls have an enumeration value in gnutls-guile
 (!27)
In-Reply-To: <note_2203250538@gitlab.com>
References: <reply-12a9f285079ebb8886d82185d3f49486@gitlab.com>
 <merge_request_341933117@gitlab.com> <note_2203250538@gitlab.com>
Message-ID: <mailman.2265.1731319958.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203252706


I had a bad copy-paste when I added gnutls feature checks, so the GNUTLS_CFLAGS and GNUTLS_LIB from pkg-config were evicted from CFLAGS and LIBS too early.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203252706
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/a4db36bd/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:19:23 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:19:23 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Fix macos build (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-6abbd9abfdb1423aaafb268e87c5b2f7@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2266.1731320375.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !27 as ready

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/d751b836/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:21:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:21:37 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Fix macos build (!27)
In-Reply-To: <note_2203252706@gitlab.com>
References: <reply-9999f8702046364b2d228d59e9047a4d@gitlab.com>
 <merge_request_341933117@gitlab.com> <note_2203250538@gitlab.com>
 <note_2203252706@gitlab.com>
Message-ID: <mailman.2269.1731320543.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203267288


Thank you!  Looks good.  I'll merge once the pipeline is happy

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27#note_2203267288
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/784885f1/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:29:13 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:29:13 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Sometimes really slow 'make check' in
 pipeline (#26)
References: <reply-fe59ec0decaa2c36501e3dcd16e622eb@gitlab.com>
Message-ID: <mailman.2270.1731320963.18299.gnutls-devel@lists.gnutls.org>



Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/26



Maybe a /dev/random related delay?  Canceling a job gives a backtrace like this:

```
Terminated
FAIL: tests/x509-auth.scm
======================================================
   Guile-GnuTLS 4.0.0.18-b2b0: guile/test-suite.log
======================================================
# TOTAL: 23
# PASS:  22
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: tests/x509-auth.scm
=========================
throw to `gnutls-error' with args (#<gnutls-error-enum Public key signing has failed.> handshake) [PID 14806]
          14 (primitive-load "/builds/gnutls/guile/guile/./tests/x50?")
In ice-9/eval.scm:
    155:9 13 (_ _)
In ice-9/boot-9.scm:
  1731:15 12 (with-exception-handler #<procedure 5794537996f0 at ic?> ?)
  1736:10 11 (with-exception-handler _ _ #:unwind? _ # _)
    142:2 10 (dynamic-wind _ _ #<procedure 5794537ac4c0 at ice-9/eva?>)
In ice-9/eval.scm:
    155:9  9 (_ _)
   279:15  8 (_ #(#(#<directory (gnutls build tests) 5794535755a0> ?)))
    619:8  7 (_ #(#(#(#<directory (guile-user) 579453575f00> # ?)) ?))
In unknown file:
           6 (handshake #<session 5794537b6fe0>)
In ice-9/boot-9.scm:
  1669:16  5 (raise-exception _ #:continuable? _)
  1764:13  4 (_ #<&compound-exception components: (#<&error> #<&irri?>)
In ice-9/eval.scm:
    619:8  3 (_ #(#(#<directory (gnutls build tests) 5794535755a0>) ?))
In ice-9/boot-9.scm:
    142:2  2 (dynamic-wind #<procedure 5794537b1b80 at ice-9/eval.s?> ?)
In ice-9/eval.scm:
    159:9  1 (_ #(#(#<directory (gnutls build tests) 5794535755a0> ?)))
In unknown file:
           0 (make-stack #t)
FAIL tests/x509-auth.scm (exit status: 143)
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/26
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/78f7ac14/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:33:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:33:54 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Fix macos build (!27)
In-Reply-To: <merge_request_341933117@gitlab.com>
References: <reply-28501a86be4e6b6a64c55baac776a8d0@gitlab.com>
 <merge_request_341933117@gitlab.com>
Message-ID: <mailman.2271.1731321274.18299.gnutls-devel@lists.gnutls.org>



Merge request !27 was merged
Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/27
Branches: fix-macos-build to master
Author: Vivien Kraus Would Rather Not Be On Gitlab_com

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/27
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/a4567e0d/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:46:58 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:46:58 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: X509 auth test: do not use the
 same file for certificate and trust file (!28)
References: <reply-8527f835bf7fbdfccd2eeb7d36c1004e@gitlab.com>
Message-ID: <mailman.2272.1731322063.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/28

Branches: read-race-in-x509-auth-test to master
Author:   Vivien Kraus Would Rather Not Be On Gitlab_com




It seems like on old versions (used in the Ubuntu20.04-git and
Trisquel10-git CI jobs), some sort of a read race is happening.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/28
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/b207f4b5/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 11:50:27 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 10:50:27 +0000
Subject: [gnutls-devel] Guile-GnuTLS | New release: Guile-GnuTLS 4.0.1 -
 v4.0.1
Message-ID: <mailman.2273.1731322267.18299.gnutls-devel@lists.gnutls.org>



A new Release v4.0.1 for Guile-GnuTLS was published. Visit the Releases page to read more about it: https://gitlab.com/gnutls/guile/-/releases

Assets:
  - Download zip: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.zip
  - Download tar.gz: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.tar.gz
  - Download tar.bz2: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.tar.bz2
  - Download tar: https://gitlab.com/gnutls/guile/-/archive/v4.0.1/guile-v4.0.1.tar

Release notes:
https://gitlab.com/gnutls/guile/-/blob/v4.0.1/NEWS

[guile-gnutls-4.0.1.tar.gz](/uploads/f80b3a30cfc66c988775edc4ce3fb546/guile-gnutls-4.0.1.tar.gz)

[guile-gnutls-4.0.1.tar.gz.sig](/uploads/dfab0dfed009502d31fed0770afe23db/guile-gnutls-4.0.1.tar.gz.sig)

-- 
View it on GitLab: https://gitlab.com/gnutls/guile/-/releases
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/6f701194/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 12:21:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 11:21:54 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: X509 auth test: do not use
 the same file for certificate and trust file (!28)
In-Reply-To: <merge_request_341953242@gitlab.com>
References: <reply-57da1050863df93eb143e274fae2ca83@gitlab.com>
 <merge_request_341953242@gitlab.com>
Message-ID: <mailman.2276.1731324125.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/merge_requests/28#note_2203361580


After these tests, I would be surprised if it were concurrent reads of the certificate file.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/28#note_2203361580
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/6c909e03/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 12:22:45 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 11:22:45 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: X509 auth test: do not use
 the same file for certificate and trust file (!28)
In-Reply-To: <merge_request_341953242@gitlab.com>
References: <reply-5f1d6ef556e585ba003946c08c1016a7@gitlab.com>
 <merge_request_341953242@gitlab.com>
Message-ID: <mailman.2277.1731324178.18299.gnutls-devel@lists.gnutls.org>



Merge request !28 was closed by Vivien Kraus Would Rather Not Be On Gitlab_com
Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/28
Branches: read-race-in-x509-auth-test to master
Author: Vivien Kraus Would Rather Not Be On Gitlab_com
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/28
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/c604a2bf/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 11 12:27:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 11 Nov 2024 11:27:05 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Sometimes really slow 'make
 check' in pipeline (#26)
In-Reply-To: <issue_157113059@gitlab.com>
References: <reply-c0a206318c6f3f39ebe5e6ee52ef1790@gitlab.com>
 <issue_157113059@gitlab.com>
Message-ID: <mailman.2278.1731324437.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/guile/-/issues/26#note_2203369202


It looks suspiciously similar to https://gitlab.com/gnutls/guile/-/issues/22

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/26#note_2203369202
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241111/e3b7e11d/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 12 14:09:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 12 Nov 2024 13:09:20 +0000
Subject: [gnutls-devel] GnuTLS | incomplete error checking with hybrid
 ML-KEM key exchange groups (#1607)
References: <reply-e6aeac5337a10d0c640e5cceeebb12dd@gitlab.com>
Message-ID: <mailman.2304.1731417001.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1607



## Description of problem:
When GnuTLS server is configured to enable the `x25519mlkem768` and `secp256r1mlkem768` groups, some malformed key shares from the client aren't handled correctly.

## Version of gnutls used:
gnutls-3.8.8-1.el10.x86_64

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL

## How reproducible:

Steps to Reproduce:

 * run the tlsfuzzer `test-tls13-mlkem.py` script

## Actual results:
The following tests fail:
* `secp256r1mlkem768: invalid ECDH point format: compressed`
* `secp256r1mlkem768: invalid ECDH point format: hybrid`
* `secp256r1mlkem768: invalid ECDH point format: raw`
* `secp256r1mlkem768: malformed pqc part, variable 0`
* `secp256r1mlkem768: malformed pqc part, variable 1`
* `secp256r1mlkem768: malformed pqc part, variable 2`
* `secp256r1mlkem768: malformed pqc part, variable 3`
* `x25519mlkem768: malformed pqc part, variable 0`
* `x25519mlkem768: malformed pqc part, variable 1`
* `x25519mlkem768: malformed pqc part, variable 2`
* `x25519mlkem768: malformed pqc part, variable 3`

## Expected results:

The tests should pass (reject the queries with malformed pqc part and reject the invalid ECDH parts with `illegal_parameter`)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1607
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/66db349e/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 12 14:17:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 12 Nov 2024 13:17:37 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-5d8f4c70708a5b30a9d27fc910599170@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2307.1731417499.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1894 were resolved by Zolt?n Fridrich

https://gitlab.com/gnutls/gnutls/-/merge_requests/1894

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/1f0c2e9c/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 12 14:17:43 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 12 Nov 2024 13:17:43 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-4843069f7e111b35e2b51ed31ad790c2@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2308.1731417504.18299.gnutls-devel@lists.gnutls.org>



Merge request !1894 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
Project:Branches: dueno/gnutls:wip/dueno/assorted-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: Alicja Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/34b9c161/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 12 14:43:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 12 Nov 2024 13:43:33 +0000
Subject: [gnutls-devel] Guile-GnuTLS | pipeline: Add debian testing job.
 (!29)
References: <reply-488b76e3c51eeb1594878454249510e2@gitlab.com>
Message-ID: <mailman.2309.1731419053.18299.gnutls-devel@lists.gnutls.org>



Simon Josefsson created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/29

Branches: debian-testing-job to master
Author:   Simon Josefsson




This will add testing against latest GnuTLS in Debian, sometimes more recent versions break things (compare #25).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/29
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/62b150f1/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 12 14:47:34 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 12 Nov 2024 13:47:34 +0000
Subject: [gnutls-devel] Guile-GnuTLS | SRP build option (#4)
In-Reply-To: <issue_116888894@gitlab.com>
References: <reply-921cf24389b591631d1193b331447806@gitlab.com>
 <issue_116888894@gitlab.com>
Message-ID: <mailman.2310.1731419265.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/issues/4#note_2205931679


Lack of better handling of this now breaks 'make distcheck' on any platform that lack GnuTLS with SRP:

```
make[6]: *** No rule to make target 'tests/srp-base64.scm', needed by 'tests/srp-base64.scm.log'.  Stop.

```

I think the SRP stuff be conditionalized like the existing crypto on/off handling.  Maybe something extra is needed because this was in libgnutls-extra.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/4#note_2205931679
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/6ad1085a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 12 15:01:19 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 12 Nov 2024 14:01:19 +0000
Subject: [gnutls-devel] Guile-GnuTLS | pipeline: Add debian testing job.
 (!29)
In-Reply-To: <merge_request_342290248@gitlab.com>
References: <reply-2fa93848a6e2623355c6a39ea7b4373d@gitlab.com>
 <merge_request_342290248@gitlab.com>
Message-ID: <mailman.2313.1731420090.18299.gnutls-devel@lists.gnutls.org>



Merge request !29 was merged
Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/29
Branches: debian-testing-job to master
Author: Simon Josefsson

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/29
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241112/25547e6e/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 14 10:12:31 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Nov 2024 09:12:31 +0000
Subject: [gnutls-devel] GnuTLS | keyusage extension parsing (#1608)
References: <reply-4f86c97c797810835c9b994b15f50f11@gitlab.com>
Message-ID: <mailman.2327.1731575593.18299.gnutls-devel@lists.gnutls.org>



dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1608



## Description of problem:
Parse the certificate using certtool -i --inraw --infile fd.der

## Version of gnutls used:
gnutls-cli 3.7.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu

## How reproducible:

Steps to Reproduce:

 * certtool -i --inraw --infile fd.der

## Actual results:
![image](/uploads/ba24e73fd5661075a38924e3137e0868/image.png)

## Expected results:
I parse the certificate which has a keyusage extension with an empty value.
gnutls throws a tag error, while openssl successfully parses and displays a null value

![image](/uploads/8218bebff0161d782fa31f8491b0adf2/image.png)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1608
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241114/d3f413fc/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 14 11:12:14 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Nov 2024 10:12:14 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Publish PGP signed minimal tarball
 a'la git-archive (#27)
References: <reply-ffeb17522714fa4def569845d0ec893a@gitlab.com>
Message-ID: <mailman.2328.1731579175.18299.gnutls-devel@lists.gnutls.org>



Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/27



For inspiration and background see:

https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/

https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/27
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241114/8ef1dbb3/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 14 11:12:47 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Nov 2024 10:12:47 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Produce a reproducible source tarball
 and verify that in pipeline (#28)
References: <reply-a501eb8076d52fdef85ede6e2bc375c6@gitlab.com>
Message-ID: <mailman.2329.1731579177.18299.gnutls-devel@lists.gnutls.org>



Simon Josefsson created an issue: https://gitlab.com/gnutls/guile/-/issues/28



For inspiration and background see:

https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/

https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/28
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241114/7265aead/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 14 14:05:41 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Nov 2024 13:05:41 +0000
Subject: [gnutls-devel] GnuTLS | does not abort the connection when client
 does not send uncompressed format in ECPointFormatList or sends an epmty
 ECPointFormatList (#1609)
References: <reply-b479b5733620a8af835c0efb8dd25233@gitlab.com>
Message-ID: <mailman.2330.1731589583.18299.gnutls-devel@lists.gnutls.org>



AnnaStarovojtova created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1609



## Description of problem:
The server does not abort the connection when:
- the client sends an ECPointFormatList without the uncompressed format in it;
- the client sends an empty ECPointFormatList.

## Version of gnutls used:

gnutls-cli 3.8.6

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Fedora

## How reproducible:

Steps to Reproduce:

run the tlsfuzzer `test-point-extension.py` script

## Actual results:

The following tests fail:

- ECDHE uncompressed extension missing
- ECDHE empty list extension

## Expected results:

- When the client sends the ECPointForamtList with only compressed values, the server must abort the handshake and return illegal_parameter alert.
  * RFC8422 - 5.1.2.  Supported Point Formats Extension

    >>>
    If the client sends the extension and the extension does not contain the uncompressed point format, and the client has used the Supported Groups extension to indicate support for any of the curves defined in this specification, then the server MUST abort the handshake and return an illegal_parameter alert.

    >>>
- When the client sends an empty ECPointFormatList, the client should abort the handshake and return a decode_error alert.
  * RFC8422 - 5.1.2.  Supported Point Formats Extension

    > struct { ECPointFormat ec_point_format_list\<1..2^8-1\> } ECPointFormatList;

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1609
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241114/28a5f798/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 14 14:16:01 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Nov 2024 13:16:01 +0000
Subject: [gnutls-devel] GnuTLS | keyusage extension parsing (#1608)
In-Reply-To: <issue_157292300@gitlab.com>
References: <reply-e59b7bfba7df745e26d90f54d0cd8a36@gitlab.com>
 <issue_157292300@gitlab.com>
Message-ID: <mailman.2334.1731590175.18299.gnutls-devel@lists.gnutls.org>




Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210585857


> I parse the certificate which has a keyusage extension with an empty value.

Sorry, I don't think that's a valid certificate.

https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3:
>   When the  keyUsage extension appears in a certificate, at least one of the bits MUST be set to 1.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210585857
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241114/e1b2feff/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 14 15:00:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 14 Nov 2024 14:00:54 +0000
Subject: [gnutls-devel] GnuTLS | keyusage extension parsing (#1608)
In-Reply-To: <note_2210585857@gitlab.com>
References: <reply-ff8beff573c246b430dd40a43efa7ed0@gitlab.com>
 <issue_157292300@gitlab.com> <note_2210585857@gitlab.com>
Message-ID: <mailman.2335.1731592895.18299.gnutls-devel@lists.gnutls.org>




dulanshuangqiao commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210695293


openssl gives other views on this
While RFC 5280 states that "at least one of the bits MUST be set to 1," X.509 does not. X.509 just says that if the extension is present and all bits are zero, then the key is intended for a purpose other than the ones listed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1608#note_2210695293
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241114/c4f3d7fa/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov 15 08:54:22 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Nov 2024 07:54:22 +0000
Subject: [gnutls-devel] GnuTLS | Assorted fixes (!1894)
In-Reply-To: <merge_request_340877629@gitlab.com>
References: <reply-4c4f479f0670e21e06126a9acbd77889@gitlab.com>
 <merge_request_340877629@gitlab.com>
Message-ID: <mailman.2340.1731657274.18299.gnutls-devel@lists.gnutls.org>



Merge request !1894 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
Project:Branches: dueno/gnutls:wip/dueno/assorted-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Reviewers: Alicja Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241115/bdc108d2/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov 15 20:55:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Nov 2024 19:55:59 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
References: <reply-ccc01127e211032640b93e80c1415383@gitlab.com>
Message-ID: <mailman.2343.1731700570.18299.gnutls-devel@lists.gnutls.org>



William Roberts created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1610



Fedora 40
```
git clone --depth 1 --branch 3.8.8 https://gitlab.com/gnutls/gnutls.git
cd gnutls
./bootstrap
./configure --with-included-unistring
make dist-xz
```

Fails with:
```
make ./errcodes
make[4]: Entering directory '/home/bill/tmp/gnutls/doc'
  CC       errcodes.o
  CC       common.o
make[4]: *** No rule to make target '../lib/libgnutls.la', needed by 'errcodes'.  Stop.
make[4]: Leaving directory '/home/bill/tmp/gnutls/doc'
make[3]: *** [Makefile:6239: error_codes.texi] Error 2
```

I would expect it to work or to apprise me of a missing option. If make dist depends on the library isn't their some way to inform them of that dependency in a way that will trigger it to build? This is beyond mu automake knowledge as I thought LDADD would do it.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241115/a30dce7a/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Nov 15 21:01:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 15 Nov 2024 20:01:20 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <issue_157386200@gitlab.com>
References: <reply-b3fb0ebe0fe2ae9bb8dd2a3c3eed5262@gitlab.com>
 <issue_157386200@gitlab.com>
Message-ID: <mailman.2344.1731700921.18299.gnutls-devel@lists.gnutls.org>




William Roberts commented: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214155270


After issuing `make`, it avoids that error but still errors:
```
make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'.  Stop.
```

This looks enabled by default and I can't identify the target to build this?

I have a pile of questions on how the tarball is created for the fedora package as well and why make asm-sources fails with a missing `.s` file:
```
make: *** No rule to make target 'lib/accelerated/aarch64/coff/ghash-aarch64.s', needed by 'asm-sources'.  Stop.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214155270
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241115/08573ac3/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Nov 16 07:22:03 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Nov 2024 06:22:03 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <issue_157386200@gitlab.com>
References: <reply-d647e95dc738cbed8e7601ee029babab@gitlab.com>
 <issue_157386200@gitlab.com>
Message-ID: <mailman.2347.1731738135.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214420941


Running a regular "make" before running make dist on a the fresh checkout (or after running `git clean -fxd && git reset --hard`) works for me.
```
./bootstrap && ./configure --with-included-unistring && make && make dist-xz
```
I suspect you either had a dirty checkout or "make" already threw an error.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2214420941
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241116/f34d8776/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Nov 16 19:27:27 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 16 Nov 2024 18:27:27 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS mode
 (!1897)
References: <reply-459fb81102922e4ecb44b4ef5091246b@gitlab.com>
Message-ID: <mailman.2348.1731781688.18299.gnutls-devel@lists.gnutls.org>



Po-Hsing Wu created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897

Project:Branches: 0140454/gnutls:fips/mark-eddsa-approved to gnutls/gnutls:master
Author:   Po-Hsing Wu




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

FIPS 186-5 approves EdDSA.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241116/ecd6d98c/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 01:48:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 00:48:06 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS
 mode (!1897)
In-Reply-To: <merge_request_343510815@gitlab.com>
References: <reply-7633c6957ac568eb74e0031627aa9082@gitlab.com>
 <merge_request_343510815@gitlab.com>
Message-ID: <mailman.2349.1731804497.18299.gnutls-devel@lists.gnutls.org>



Merge request !1897 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897
Project:Branches: 0140454/gnutls:fips/mark-eddsa-approved to gnutls/gnutls:master
Author: Po-Hsing Wu
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/ab3280a5/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 01:48:03 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 00:48:03 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS
 mode (!1897)
In-Reply-To: <merge_request_343510815@gitlab.com>
References: <reply-f59acc0971eae67d02b0215952aec917@gitlab.com>
 <merge_request_343510815@gitlab.com>
Message-ID: <mailman.2352.1731804523.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214723179


@0140454 This looks great; thank you for also adding the self-tests.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214723179
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/0ddf877f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 01:49:53 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 00:49:53 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark sha1 as not approved for
 SigVer in FIPS mode (!1891)
In-Reply-To: <merge_request_336648172@gitlab.com>
References: <reply-7d822a01e81ea5698193d21060fd5d0c@gitlab.com>
 <merge_request_336648172@gitlab.com>
Message-ID: <mailman.2353.1731804602.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2214723336


@ayankov Same here as https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2214723286

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2214723336
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/53930cb2/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 01:49:23 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 00:49:23 +0000
Subject: [gnutls-devel] GnuTLS | fips: Remove DSA selftest check in FIPS
 mode. (!1890)
In-Reply-To: <merge_request_336647469@gitlab.com>
References: <reply-c0c87560b74c72f4cee269b6202cb73a@gitlab.com>
 <merge_request_336647469@gitlab.com>
Message-ID: <mailman.2354.1731804605.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2214723286


@ayankov This MR seems to have been mistakenly closed as the source project has been removed. Could you resurrect it somehow, e.g., as as new MR?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1890#note_2214723286
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/a7a08cb0/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 06:29:56 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 05:29:56 +0000
Subject: [gnutls-devel] GnuTLS | fips: mark EdDSA as approved in FIPS
 mode (!1897)
In-Reply-To: <merge_request_343510815@gitlab.com>
References: <reply-66b7e8986b37f159ea29b9663e6b6c3d@gitlab.com>
 <merge_request_343510815@gitlab.com>
Message-ID: <mailman.2355.1731821436.18299.gnutls-devel@lists.gnutls.org>




Po-Hsing Wu commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214757237


@dueno Tests have been updated to make CI pipeline succeed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1897#note_2214757237
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/86d26452/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 09:01:21 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 08:01:21 +0000
Subject: [gnutls-devel] GnuTLS | key usage extension Parse (#1611)
References: <reply-71aa4e51c0eb79b4291c9aedd65917a1@gitlab.com>
Message-ID: <mailman.2356.1731830522.18299.gnutls-devel@lists.gnutls.org>



dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1611



## Description of the feature:
The X.509 description of the keyusage extension states that?
If the extension is present with all bits set to zero,the key is intended for a purpose other than those listed above.
In this case, openssl's parsing result is presented as...
while gnutls's parsing result is empty
![image](/uploads/e9bf59d384254389fb46b0cab2b90a9e/image.png){width=272 height=47}
## Applications that this feature may be relevant to:
Parse certificate

## Is this feature implemented in other libraries (and which)
openssl implemented
![image](/uploads/dc4e1027c8a2cbe58706559d1782d88a/image.png){width=272 height=64}

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1611
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/ce3b3713/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 12:49:26 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 11:49:26 +0000
Subject: [gnutls-devel] GnuTLS | fips: only perform DSA selftest if DSA
 enabled (!1898)
References: <reply-07bb0447b44b23fe1caf6dbc4ec5fccb@gitlab.com>
Message-ID: <mailman.2359.1731844177.18299.gnutls-devel@lists.gnutls.org>



Po-Hsing Wu created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898

Project:Branches: 0140454/gnutls:fips/only-run-dsa-sleftest-if-enabled to gnutls/gnutls:master
Author:   Po-Hsing Wu




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

When building with `--disable-dsa`, DSA selftest is not defined in the `gnutls_pk_self_test` function.

Finally, it causes selftest failed with error `GNUTLS_E_NO_SELF_TEST`

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/50a4ca68/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 12:58:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 11:58:06 +0000
Subject: [gnutls-devel] GnuTLS | fips: only perform DSA selftest if DSA
 enabled (!1898)
In-Reply-To: <merge_request_343552955@gitlab.com>
References: <reply-21f215b3e309ee0c15b1bb1896e03115@gitlab.com>
 <merge_request_343552955@gitlab.com>
Message-ID: <mailman.2360.1731844697.18299.gnutls-devel@lists.gnutls.org>




Po-Hsing Wu commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898#note_2214852894


Close this because there already have another MR !1890 that seems to be just closed accidentally.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898#note_2214852894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/d165e85f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Nov 17 12:58:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 17 Nov 2024 11:58:06 +0000
Subject: [gnutls-devel] GnuTLS | fips: only perform DSA selftest if DSA
 enabled (!1898)
In-Reply-To: <merge_request_343552955@gitlab.com>
References: <reply-049cf16e78d5054fabfdf68eb5821127@gitlab.com>
 <merge_request_343552955@gitlab.com>
Message-ID: <mailman.2361.1731844705.18299.gnutls-devel@lists.gnutls.org>



Merge request !1898 was closed by Po-Hsing Wu
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898
Project:Branches: 0140454/gnutls:fips/only-run-dsa-sleftest-if-enabled to gnutls/gnutls:master
Author: Po-Hsing Wu
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1898
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241117/b1438925/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 18 18:53:30 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Nov 2024 17:53:30 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2214420941@gitlab.com>
References: <reply-e214e8738826664e890c82a4516cec54@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
Message-ID: <mailman.2371.1731952450.18299.gnutls-devel@lists.gnutls.org>




William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216580176


Even with that, how come the Makefile isn't setup to correctly track the dependencies so the tools that need the library for make dist properly build them? Ie this should work, "`./bootstrap && ./configure --with-included-unistring && make dist-xz`"

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216580176
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241118/4f2b5e3a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Nov 18 18:57:47 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 18 Nov 2024 17:57:47 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2216580176@gitlab.com>
References: <reply-c63e775a64470023bc171ae14c59dbbc@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com>
Message-ID: <mailman.2374.1731952678.18299.gnutls-devel@lists.gnutls.org>




William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216585255


Even cleaning and doing as you described still yields: make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'.  Stop.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2216585255
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241118/29a6c59b/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 03:34:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 02:34:33 +0000
Subject: [gnutls-devel] GnuTLS | Parse repeated extension (#1612)
References: <reply-cfb669ad79e5e3252937c292902bc34e@gitlab.com>
Message-ID: <mailman.2376.1731983685.18299.gnutls-devel@lists.gnutls.org>



dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1612



## Description of the feature:
Try parsing a certificate with duplicate extensions

## Applications that this feature may be relevant to:
In the interests of predictability, it is probably better to reject certificates with duplicated extensions during validation, but not refuse to parse them.

## Is this feature implemented in other libraries (and which)
OpenSSL allows parsing of certificates with repeated extensions, in order to meet predictability

openssl x509 -in Cert17319379201A1.der -noout -text
Certificate:
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:8C:AE:A9:CD:18:10:47:48:33:5D:C6:AC:2B:6A:29:BB:5F:B4:7D:29
                DirName:/CN=RandomIssuer-1763/C=US/O=RandomOrg-1011
                serial:02:18:94:68:C7
            X509v3 Authority Key Identifier: 
                keyid:8C:AE:A9:CD:18:10:47:48:33:5D:C6:AC:2B:6A:29:BB:5F:B4:7D:29
                DirName:/CN=RandomIssuer-1763/C=US/O=RandomOrg-1011
                serial:02:18:B9:68:C7

certtool -i --inraw --infile Cert17319379201A1.der
import error: Duplicate extension in X.509 certificate.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1612
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/1b926158/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 14:11:05 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 13:11:05 +0000
Subject: [gnutls-devel] GnuTLS | wrong server behaviour with different
 encodings in ECPointFormatList (#1609)
In-Reply-To: <issue_157308402@gitlab.com>
References: <reply-864aded167296677577e7ad5ee5dc36a@gitlab.com>
 <issue_157308402@gitlab.com>
Message-ID: <mailman.2380.1732021906.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1609#note_2218144188


Test script: https://github.com/tlsfuzzer/tlsfuzzer/pull/955

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1609#note_2218144188
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/2817743b/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 14:15:32 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 13:15:32 +0000
Subject: [gnutls-devel] GnuTLS | key usage extension Parse (#1611)
In-Reply-To: <issue_157417744@gitlab.com>
References: <reply-41581a60b39cc5f57ee7aed667392673@gitlab.com>
 <issue_157417744@gitlab.com>
Message-ID: <mailman.2381.1732022144.18299.gnutls-devel@lists.gnutls.org>



Issue was closed by Zolt?n Fridrich
Issue #1611: https://gitlab.com/gnutls/gnutls/-/issues/1611

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1611
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/67f41033/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 14:15:34 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 13:15:34 +0000
Subject: [gnutls-devel] GnuTLS | key usage extension Parse (#1611)
In-Reply-To: <issue_157417744@gitlab.com>
References: <reply-1d1823b98659a457dc14a9ed7d1b138b@gitlab.com>
 <issue_157417744@gitlab.com>
Message-ID: <mailman.2382.1732022175.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1611#note_2218155444


Seems like a duplicate of https://gitlab.com/gnutls/gnutls/-/issues/1608
closing this issue.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1611#note_2218155444
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/ffa17a25/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 18:15:59 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 17:15:59 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2216585255@gitlab.com>
References: <reply-a1f35a9daf2e4f0a4536b3a7c348a2b0@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com> <note_2216585255@gitlab.com>
Message-ID: <mailman.2383.1732036569.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218684139



William Robert wrote
> Even cleaning and doing as you described still yields: make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'. Stop.

Could you attach a complete log of the whole process?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218684139
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/24a66208/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 20:07:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 19:07:33 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2218684139@gitlab.com>
References: <reply-b49af0343b17d516d3762736d5ed138c@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com> <note_2216585255@gitlab.com>
 <note_2218684139@gitlab.com>
Message-ID: <mailman.2388.1732043293.18299.gnutls-devel@lists.gnutls.org>




William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218913237


make dist-xz 2>&1 | tee [gnutls-build.txt](/uploads/a2d16d317c70c91502a1e3e52b7d5339/gnutls-build.txt)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218913237
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/7e3440fd/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 20:56:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 19:56:20 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2218913237@gitlab.com>
References: <reply-7ebf13f4c3da4711926f218791a75da6@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com> <note_2216585255@gitlab.com>
 <note_2218684139@gitlab.com> <note_2218913237@gitlab.com>
Message-ID: <mailman.2389.1732046220.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218989353


That is just `make dist-xz`.
```sh
git clean -fxd && git reset --hard && ./bootstrap && ./configure --disable-silent-rules- -with-included-unistring && make && make dist-xz
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2218989353
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/065bd332/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 21:25:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 20:25:46 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y for
 ed25519 keys. (!30)
References: <reply-8e179dcad908eeded7a595ef360b7518@gitlab.com>
Message-ID: <mailman.2390.1732047986.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/30

Branches: eddsa-keys-without-y to master
Author:   Vivien Kraus Would Rather Not Be On Gitlab_com




I noticed that Ed25519 keys do not have a two-coordinate public key, and gnutls expects the Y parameter to always be NULL (in and out). In Guile, we should pass #f instead, don?t you think?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/ee83bcae/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 21:36:06 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 20:36:06 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <merge_request_344074941@gitlab.com>
References: <reply-b80bc3e57d2b6e248624b468a55ccc65@gitlab.com>
 <merge_request_344074941@gitlab.com>
Message-ID: <mailman.2391.1732048576.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/guile/-/merge_requests/30 was reviewed by Simon Josefsson

--
  
Simon Josefsson started a new discussion on guile/tests/eddsa-key-without-y.scm: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219031846

 > +;;; GnuTLS --- Guile bindings for GnuTLS
 > +;;; Copyright (C) 2011-2022 Free Software Foundation, Inc.

Add 2023+2024?


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/30a37efb/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 21:36:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 20:36:54 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <merge_request_344074941@gitlab.com>
References: <reply-52e97ed29f33ac8ae384f0fb0fb5bf5c@gitlab.com>
 <merge_request_344074941@gitlab.com>
Message-ID: <mailman.2392.1732048625.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219032880


Sounds good generally, no strong opinion nor particularly careful review by me, but I'm happy to merge it.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219032880
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/bad12ccb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:11:33 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:11:33 +0000
Subject: [gnutls-devel] Guile-GnuTLS | Draft: ECC: do not expect a value
 for y for ed25519 keys. (!30)
In-Reply-To: <merge_request_344074941@gitlab.com>
References: <reply-64a30d3f184843f95bb78d1c59c71bb8@gitlab.com>
 <merge_request_344074941@gitlab.com>
Message-ID: <mailman.2396.1732050734.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !30 as draft

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/13b9f37a/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:12:32 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:12:32 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <merge_request_344074941@gitlab.com>
References: <reply-f89ef9fce8449c828d7c394a58790533@gitlab.com>
 <merge_request_344074941@gitlab.com>
Message-ID: <mailman.2397.1732050793.18299.gnutls-devel@lists.gnutls.org>



Vivien Kraus Would Rather Not Be On Gitlab_com marked merge request !30 as ready

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/21daffab/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:13:24 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:13:24 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <note_2219083470@gitlab.com>
References: <reply-fc8491a02d2c80fd38cef6db9f544d03@gitlab.com>
 <merge_request_344074941@gitlab.com> <note_2219031846@gitlab.com>
 <note_2219083470@gitlab.com>
Message-ID: <mailman.2398.1732050814.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion on guile/tests/eddsa-key-without-y.scm: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219091302

 > +;;; GnuTLS --- Guile bindings for GnuTLS
 > +;;; Copyright (C) 2011-2022 Free Software Foundation, Inc.

Sorry I copied the file without changing the date. I also removed some unused imports, so it is not a copy-paste anymore.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219091302
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/f57618f7/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:14:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:14:54 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <note_2219032880@gitlab.com>
References: <reply-540c019de28e13438267d97e68ca8067@gitlab.com>
 <merge_request_344074941@gitlab.com> <note_2219032880@gitlab.com>
Message-ID: <mailman.2399.1732050904.18299.gnutls-devel@lists.gnutls.org>




Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219093942


It kind of works without this change, because gnutls accepts an empty datum instead of NULL (the manual says you should pass NULL). But it?s less confusing if we allow #f from guile.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219093942
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/95c6f3c2/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:16:40 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:16:40 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <note_2219091302@gitlab.com>
References: <reply-0b8fd5ed5c6e567be6b7b37cf560c994@gitlab.com>
 <merge_request_344074941@gitlab.com> <note_2219031846@gitlab.com>
 <note_2219083470@gitlab.com> <note_2219091302@gitlab.com>
Message-ID: <mailman.2400.1732051010.18299.gnutls-devel@lists.gnutls.org>




Simon Josefsson commented on a discussion on guile/tests/eddsa-key-without-y.scm: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219096342

 > +;;; GnuTLS --- Guile bindings for GnuTLS
 > +;;; Copyright (C) 2011-2022 Free Software Foundation, Inc.

Thanks!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30#note_2219096342
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/76a390a4/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:19:46 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:19:46 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <merge_request_344074941@gitlab.com>
References: <reply-bb047d0b74a14cb2006c71d5185017e5@gitlab.com>
 <merge_request_344074941@gitlab.com>
Message-ID: <mailman.2403.1732051197.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !30 were resolved by Simon Josefsson

https://gitlab.com/gnutls/guile/-/merge_requests/30

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/ac8cf0fc/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Nov 19 22:20:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 19 Nov 2024 21:20:54 +0000
Subject: [gnutls-devel] Guile-GnuTLS | ECC: do not expect a value for y
 for ed25519 keys. (!30)
In-Reply-To: <merge_request_344074941@gitlab.com>
References: <reply-9b93c7797af67faa3dc1e8954893fe08@gitlab.com>
 <merge_request_344074941@gitlab.com>
Message-ID: <mailman.2404.1732051295.18299.gnutls-devel@lists.gnutls.org>



Merge request !30 was merged
Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/30
Branches: eddsa-keys-without-y to master
Author: Vivien Kraus Would Rather Not Be On Gitlab_com

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/30
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241119/0a425ece/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 08:37:09 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 07:37:09 +0000
Subject: [gnutls-devel] GnuTLS | Certificate parsing differences (#1613)
References: <reply-b3db657be7dca49cdf6887aacba0a15b@gitlab.com>
Message-ID: <mailman.2417.1732088241.18299.gnutls-devel@lists.gnutls.org>



dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1613



## Description of problem:
The results of parsing the certificate using gnutls_x509_crt_import are different from those of parsing the certificate using certtool -i --inraw --infile fd.der

## Version of gnutls used:
gnutls-cli 3.7.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu

## How reproducible:

Steps to Reproduce:

 * one Parse the certificate using gnutls_x509_crt_import
 * two Parse the certificate using certtool -i --inraw --infile Cert1731937920100M2.der
[Cert1731937920100M2.der](/uploads/916d89d6e6698f9c4036db86b169bace/Cert1731937920100M2.der)
## Actual results:
gnutls_x509_crt_import success,return GNUTLS_E_SUCCESS (0)
certtool -i --inraw --infile fd.der throws error:gnutls_x509_ext_import_authority_key_id: ASN1 parser:Error in DER parsing
## Expected results:
gnutls_x509_crt_import Returns an error value

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1613
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/db77e217/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 12:26:00 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 11:26:00 +0000
Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899)
References: <reply-30e4436c3372c2cc9cd659eb8c06ad53@gitlab.com>
Message-ID: <mailman.2420.1732101972.18299.gnutls-devel@lists.gnutls.org>



Kazooba B Lawrence created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899

Project:Branches: kazlaw/gnutls:kazlaw-master-patch-06071 to gnutls/gnutls:master
Author:   Kazooba B Lawrence




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Update errors.c

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/326c1efc/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 12:28:54 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 11:28:54 +0000
Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899)
In-Reply-To: <merge_request_344208068@gitlab.com>
References: <reply-24350232df42ce9d0a2bd5d95e542f62@gitlab.com>
 <merge_request_344208068@gitlab.com>
Message-ID: <mailman.2423.1732102175.18299.gnutls-devel@lists.gnutls.org>




Kazooba B Lawrence commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220034801


Hello, It looked like a typo and try to track this repo down and see if it can be fixed!

![image](/uploads/4cbbce3aadde4d9d7fc35b9e5a27c747/image.png){width=1209 height=361}

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220034801
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/cc03d5c4/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 13:07:04 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 12:07:04 +0000
Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899)
In-Reply-To: <merge_request_344208068@gitlab.com>
References: <reply-41fd614f0467398166afb147e4350200@gitlab.com>
 <merge_request_344208068@gitlab.com>
Message-ID: <mailman.2424.1732104434.18299.gnutls-devel@lists.gnutls.org>




Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220098061


Not sure what the best replacement would be though, since both "was not properly terminated" and "was not terminated properly" increase ambiguity by including the possibility that it wasn't terminated at all. "Was terminated improperly"?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220098061
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/cac1ee19/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 14:13:39 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 13:13:39 +0000
Subject: [gnutls-devel] GnuTLS | Update errors.c (!1899)
In-Reply-To: <merge_request_344208068@gitlab.com>
References: <reply-eaa2ed11b4148e894392fa16b8ed8c26@gitlab.com>
 <merge_request_344208068@gitlab.com>
Message-ID: <mailman.2425.1732108430.18299.gnutls-devel@lists.gnutls.org>




Kazooba B Lawrence commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220215060


https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220098061

I definitely see your point

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1899#note_2220215060
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/189296ef/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 18:29:20 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 17:29:20 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2218989353@gitlab.com>
References: <reply-37aa7fc16f62411222cad0bf3fc142c0@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com> <note_2216585255@gitlab.com>
 <note_2218684139@gitlab.com> <note_2218913237@gitlab.com>
 <note_2218989353@gitlab.com>
Message-ID: <mailman.2428.1732123801.18299.gnutls-devel@lists.gnutls.org>




William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220727792


Ahh you wanted all of the commands :-p attached.
```bash
git clean -fxd && (git reset --hard && ./bootstrap && ./configure --disable-silent-rules- -with-included-unistring && make && make dist-xz) 2>&1 | tee gnutls-build-2.txt
```
[gnutls-build-2.txt](/uploads/8c4acc9386540dca2b1473e581d9d48f/gnutls-build-2.txt)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220727792
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/8413e010/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 19:53:37 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 18:53:37 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2220727792@gitlab.com>
References: <reply-0e8a029f47c58858cbdcfac7c4d80fd2@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com> <note_2216585255@gitlab.com>
 <note_2218684139@gitlab.com> <note_2218913237@gitlab.com>
 <note_2218989353@gitlab.com> <note_2220727792@gitlab.com>
Message-ID: <mailman.2429.1732128859.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220830673


This ends with:
> make[3]: *** No rule to make target 'libdane/libgnutls-dane.la', needed by 'abi-check-latest'.  Stop.

Which is caused by
```
checking for unbound library... no
configure: WARNING:
***
*** libunbound was not found. Libdane will not be built.
*** 
````

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220830673
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/eb88f432/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Nov 20 21:02:43 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 20 Nov 2024 20:02:43 +0000
Subject: [gnutls-devel] GnuTLS | make dist fails (#1610)
In-Reply-To: <note_2220830673@gitlab.com>
References: <reply-f1c1e6bf3dc73e12a57aca3da543a984@gitlab.com>
 <issue_157386200@gitlab.com> <note_2214420941@gitlab.com>
 <note_2216580176@gitlab.com> <note_2216585255@gitlab.com>
 <note_2218684139@gitlab.com> <note_2218913237@gitlab.com>
 <note_2218989353@gitlab.com> <note_2220727792@gitlab.com>
 <note_2220830673@gitlab.com>
Message-ID: <mailman.2432.1732133004.18299.gnutls-devel@lists.gnutls.org>




William Roberts commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220906616


You should never get through configure and have a mystery error in a make target, patch incoming for that. The other issue here, is that the errcodes build that depends on the library should trigger the build of the library, but it's not.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1610#note_2220906616
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241120/9adbef3a/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 21 08:13:03 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 21 Nov 2024 07:13:03 +0000
Subject: [gnutls-devel] GnuTLS | Certificate verification error (#1614)
References: <reply-f8b1978213403c8679041d7d5f97020d@gitlab.com>
Message-ID: <mailman.2433.1732173225.18299.gnutls-devel@lists.gnutls.org>



dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1614



## Description of problem:
A malformed subnet mask in a name constraints extension passes validation with gnutls

## Version of gnutls used:
gnutls-cli 3.7.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu

## How reproducible:

Steps to Reproduce:

certtool --verify --infile E_mask.pem --load-ca-certificate E_maskCA.pem
[CA.pem](/uploads/f0c8c31a4ca2183268e21a719ea13402/CA.pem)
[cert.pem](/uploads/c614d24ec414d01009cbc53713ed2113/cert.pem)

## Actual results:
Chain validation output: Verified. The certificate is trusted.

## Expected results:
verify failed

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1614
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241121/c3dbcb47/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Nov 21 08:16:40 2024
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 21 Nov 2024 07:16:40 +0000
Subject: [gnutls-devel] GnuTLS | Name constraints extension parsing failed
 (#1615)
References: <reply-1b5ba496a30bd5710f5e004d520dd4de@gitlab.com>
Message-ID: <mailman.2434.1732173441.18299.gnutls-devel@lists.gnutls.org>



dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1615



## Description of problem:
The certtool -i command failed to successfully parse the Nameconstrains extension

## Version of gnutls used:
gnutls-cli 3.7.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu

## How reproducible:

Steps to Reproduce:
certtool -i --infile test.pem


## Actual results:
![image](/uploads/f20b030a45ecea99a589a772895987dc/image.png)

## Expected results:
![image](/uploads/1b8be4d237eb5bedc2b15a0dc0ef8509/image.png)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1615
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241121/08cd509a/attachment.html>