From jlodder at ripco.com Mon Nov 3 20:25:19 2003
From: jlodder at ripco.com (John Lodder)
Date: Mon, 3 Nov 2003 13:25:19 -0600 (CST)
Subject: [Help-gnutls] opencdk build error?
Message-ID: <200311031925.hA3JPJ6F000073@shell2.ripco.com>
I'm trying to build opencdk on Solaris 8 using gcc 3.3.2. The build
fails when it gets to the 'tests' subdirectory, with undefined symbol
vasprintf. Same error happens with opencdk 0.5.1 and 0.5.2; I've
appended a snippet from building 0.5.2, below.
Any help appreciated, and apologies if this is a common FAQ,
john.
=====
make[2]: Leaving directory `/local/stuff/tnt/gnutls/opencdk-0.5.2/doc'
Making all in tests
make[2]: Entering directory `/local/stuff/tnt/gnutls/opencdk-0.5.2/tests'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/local/stuff/tnt/gaim/build/include -I/local/stuff/tnt/gaim/build/include -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -MT t-stream.o -MD -MP -MF ".deps/t-stream.Tpo" \
-c -o t-stream.o `test -f 't-stream.c' || echo './'`t-stream.c; \
then mv -f ".deps/t-stream.Tpo" ".deps/t-stream.Po"; \
else rm -f ".deps/t-stream.Tpo"; exit 1; \
fi
t-stream.c: In function `stream_clearsign':
t-stream.c:446: warning: `rc' might be used uninitialized in this function
t-stream.c: In function `test_keydb_routines':
t-stream.c:787: warning: char format, void arg (arg 2)
t-stream.c: At top level:
t-stream.c:424: warning: `stream_verify' defined but not used
t-stream.c:442: warning: `stream_clearsign' defined but not used
/bin/bash ../libtool --mode=link gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -o t-stream t-stream.o ../src/libopencdk.la -L/local/stuff/tnt/gaim/build/lib -lgcrypt -L/local/stuff/tnt/gaim/build/lib -lgpg-error -lz
mkdir .libs
gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -o .libs/t-stream t-stream.o ../src/.libs/libopencdk.so -L/local/stuff/tnt/gaim/build/lib /local/stuff/tnt/gaim/build/lib/libgcrypt.so -lnsl -lsocket /local/stuff/tnt/gaim/build/lib/libgpg-error.so -lz -R/local/stuff/tnt/gaim/build/lib
Undefined first referenced
symbol in file
vasprintf ../src/.libs/libopencdk.so
ld: fatal: Symbol referencing errors. No output written to .libs/t-stream
collect2: ld returned 1 exit status
make[2]: *** [t-stream] Error 1
make[2]: Leaving directory `/local/stuff/tnt/gnutls/opencdk-0.5.2/tests'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/local/stuff/tnt/gnutls/opencdk-0.5.2'
make: *** [all] Error 2
From pete at geckoworks.com Mon Nov 3 22:05:57 2003
From: pete at geckoworks.com (Pete Naylor)
Date: Mon, 3 Nov 2003 13:05:57 -0800
Subject: [Help-gnutls] opencdk build error?
In-Reply-To: <200311031925.hA3JPJ6F000073@shell2.ripco.com>
References: <200311031925.hA3JPJ6F000073@shell2.ripco.com>
Message-ID: <20031103210557.GC813@geckoworks.com>
John Lodder wrote...
> I'm trying to build opencdk on Solaris 8 using gcc 3.3.2. The build
> fails when it gets to the 'tests' subdirectory, with undefined symbol
> vasprintf. Same error happens with opencdk 0.5.1 and 0.5.2; I've
> appended a snippet from building 0.5.2, below.
This is because Solaris 8 doesn't have vasprintf - it's unfortunately
rather common for developers using Linux/FreeBSD etc to make poor
assumptions regarding the availability of such functions. I worked around
it by editing src/misc.c - there's a vasprintf function defined there but
an #ifdef causes it to only be defined on Win32. Remove the #ifdef and
the included vasprintf function works fine for Solaris.
From bortzmeyer at nic.fr Wed Nov 5 13:12:28 2003
From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
Date: Wed, 5 Nov 2003 13:12:28 +0100
Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration?
Message-ID: <20031105121228.GA789@nic.fr>
Hello,
I'm porting echoping from
OpenSSL to GNU TLS and I have a question about looping. echoping can
perform a given test repeatedly. What do I have to do at each
iteration?
I tried, at every iteration:
gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd);
gnutls_handshake (session);
... Work
gnutls_bye (session, GNUTLS_SHUT_RDWR);
But it fails at the second iteration (-10: The specified session has
been invalidated for some reason. (Bad file descriptor)).
I then tried:
gnutls_init(&session, GNU_TLS_CLIENT);
gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd);
gnutls_handshake (session);
... Work
gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR);
gnutls_deinit (session);
And it fails at the second iteration (ASN1 parser: Element was not
found. (Bad file descriptor).
[For the record, OpenSSL has exactly the same problems and the
documentation is quite misleading.]
From nmav at gnutls.org Thu Nov 6 10:12:20 2003
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Thu, 6 Nov 2003 11:12:20 +0200
Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration?
In-Reply-To: <20031105121228.GA789@nic.fr>
References: <20031105121228.GA789@nic.fr>
Message-ID: <20031106091220.GA15901@gnutls.org>
On Wed, Nov 05, 2003 at 01:12:28PM +0100, Stephane Bortzmeyer wrote:
> Hello,
> I tried, at every iteration:
> gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd);
> gnutls_handshake (session);
> ... Work
> gnutls_bye (session, GNUTLS_SHUT_RDWR);
> But it fails at the second iteration (-10: The specified session has
> been invalidated for some reason. (Bad file descriptor)).
Yes, this is not a correct use of a gnutls session.
> I then tried:
> gnutls_init(&session, GNU_TLS_CLIENT);
> gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd);
> gnutls_handshake (session);
> ... Work
> gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR);
> gnutls_deinit (session);
> And it fails at the second iteration (ASN1 parser: Element was not
> found. (Bad file descriptor).
You probably haven't called gnutls_global_init(). In any case try reading
the examples on how to properly initialize a TLS session.
--
Nikos Mavroyanopoulos
From bortzmeyer at nic.fr Thu Nov 6 10:31:26 2003
From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
Date: Thu, 6 Nov 2003 10:31:26 +0100
Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration?
In-Reply-To: <20031106091220.GA15901@gnutls.org>
References: <20031105121228.GA789@nic.fr> <20031106091220.GA15901@gnutls.org>
Message-ID: <20031106093126.GB15525@nic.fr>
On Thu, Nov 06, 2003 at 11:12:20AM +0200,
Nikos Mavroyanopoulos wrote
a message of 34 lines which said:
> > I then tried:
> > gnutls_init(&session, GNU_TLS_CLIENT);
> > gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd);
> > gnutls_handshake (session);
> > ... Work
> > gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR);
> > gnutls_deinit (session);
> > And it fails at the second iteration (ASN1 parser: Element was not
> > found. (Bad file descriptor).
>
> You probably haven't called gnutls_global_init().
Of course I did. I just showed only the instructions that are
loop-specific but, at the beginning of the program, before starting
the loop, I have:
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&xcred);
> In any case try reading the examples on how to properly initialize a
> TLS session.
No example on the Web site covers the case of a loop.
From nmav at gnutls.org Thu Nov 6 11:39:39 2003
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Thu, 6 Nov 2003 12:39:39 +0200
Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration?
In-Reply-To: <20031106093126.GB15525@nic.fr>
References: <20031105121228.GA789@nic.fr> <20031106091220.GA15901@gnutls.org>
<20031106093126.GB15525@nic.fr>
Message-ID: <20031106103939.GA21140@gnutls.org>
On Thu, Nov 06, 2003 at 10:31:26AM +0100, Stephane Bortzmeyer wrote:
> > > gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR);
> > > gnutls_deinit (session);
> > > And it fails at the second iteration (ASN1 parser: Element was not
> > > found. (Bad file descriptor).
> > You probably haven't called gnutls_global_init().
> Of course I did. I just showed only the instructions that are
> loop-specific but, at the beginning of the program, before starting
> the loop, I have:
> gnutls_global_init ();
> gnutls_certificate_allocate_credentials (&xcred);
> > In any case try reading the examples on how to properly initialize a
> > TLS session.
> No example on the Web site covers the case of a loop.
The example in section 5.2.5 (client with resume capability)
connects to a server twice by using a loop. If this doesn't help
either use the following to get more detailed error reporting, or
send a small program to reproduce the error.
static void tls_log_func( int level, const char* str)
{
fprintf(stderr, "|<%d>| %s", level, str);
}
gnutls_global_set_log_function( tls_log_func);
gnutls_global_set_log_level(2);
--
Nikos Mavroyanopoulos
From bortzmeyer at nic.fr Fri Nov 7 14:07:21 2003
From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
Date: Fri, 7 Nov 2003 14:07:21 +0100
Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration?
In-Reply-To: <20031106103939.GA21140@gnutls.org>
References: <20031105121228.GA789@nic.fr> <20031106091220.GA15901@gnutls.org>
<20031106093126.GB15525@nic.fr> <20031106103939.GA21140@gnutls.org>
Message-ID: <20031107130721.GB29701@nic.fr>
On Thu, Nov 06, 2003 at 12:39:39PM +0200,
Nikos Mavroyanopoulos wrote
a message of 37 lines which said:
> The example in section 5.2.5 (client with resume capability)
> connects to a server twice by using a loop.
OK, my fault, I had a gnutls_global_deinit at the wrong place in the
loop. I now have the following structure:
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&xcred);
loop {
gnutls_init (&session, GNUTLS_CLIENT);
gnutls_set_default_priority (session);
gnutls_certificate_type_set_priority (session,
cert_type_priority);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr) sockfd);
gnutls_handshake (session);
Work ...
shutdown()
gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR);
gnutls_deinit (session);
}
gnutls_global_deinit ();
And it works fine. Many thanks.
Those who want to see it:
ftp://ftp.internatif.org/pub/unix/echoping/echoping-5.1-BETA.tar.gz
From bortzmeyer at nic.fr Tue Nov 11 16:15:50 2003
From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
Date: Tue, 11 Nov 2003 16:15:50 +0100
Subject: [Help-gnutls] echoping 5.1 released (now with GNU TLS support)
In-Reply-To: <20031105121228.GA789@nic.fr>
References: <20031105121228.GA789@nic.fr>
Message-ID: <20031111151550.GA2255@nic.fr>
echoping 5.1 now can use GNU
TLS, not only OpenSSL. Why not a list of programs using GNU TLS on
www.gnutls.org?
From ametzler at logic.univie.ac.at Fri Nov 28 14:52:37 2003
From: ametzler at logic.univie.ac.at (Andreas Metzler)
Date: Fri, 28 Nov 2003 13:52:37 +0000 (UTC)
Subject: [Help-gnutls] OpenSSL-like directory of certfiles with hash.0
name/symlink
Message-ID:
Hello,
Does GnuTLS support reading certificates from a directory like OpenSSL
does, i.e. each file contains one certificates and is either named
`openssl x509 -hash -noout -in /cert/file`.0 or has a symlink with this
name pointing to it?
cu andreas
From nmav at gnutls.org Sat Nov 29 12:50:45 2003
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Sat, 29 Nov 2003 13:50:45 +0200
Subject: [Help-gnutls] OpenSSL-like directory of certfiles with hash.0
name/symlink
In-Reply-To:
References:
Message-ID: <20031129115045.GA1099@gnutls.org>
On Fri, Nov 28, 2003 at 01:52:37PM +0000, Andreas Metzler wrote:
> Hello,
> Does GnuTLS support reading certificates from a directory like OpenSSL
> does, i.e. each file contains one certificates and is either named
> `openssl x509 -hash -noout -in /cert/file`.0 or has a symlink with this
> name pointing to it?
Hello Andreas,
No there is no such function.
> cu andreas
--
Nikos Mavroyanopoulos