From jas at extundo.com Wed Nov 1 09:38:19 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 01 Nov 2006 09:38:19 +0100 Subject: [Help-gnutls] Re: avoiding signals completely In-Reply-To: (Daniel Stenberg's message of "Tue\, 31 Oct 2006 22\:48\:25 +0100 \(CET\)") References: <87iri0sg88.fsf@latte.josefsson.org> Message-ID: <8764dztvd0.fsf@latte.josefsson.org> Daniel Stenberg writes: > On Tue, 31 Oct 2006, Simon Josefsson wrote: > >> Hi! I believe the design here is that GnuTLS should use the socket >> and the send function as-is, and if that isn't acceptable, you can >> write a replacement for send (which may simply be a dummy function >> that call send with an additional flag) and tell GnuTLS to use it by >> calling gnutls_transport_set_push_function. So you can achieve what >> you want today by using these hooks. > > Aha, I hadn't paid enough attention and > gnutls_transport_set_push_function() had slipped my mind. Thanks a lot > for pointing it out to me. > > I guess this also makes GnuTLS totally ignore the socket I set to it > with gnutls_transport_set_ptr() so that I can instead pass my own > private struct to the callback by using that function (I mean if I > change both push and pull)? Yes, I believe so. /Simon From jas at extundo.com Mon Nov 6 12:50:51 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 06 Nov 2006 12:50:51 +0100 Subject: [Help-gnutls] GnuTLS 1.4.5 Message-ID: <873b8wlrok.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.4.5, a bugfix release on the stable 1.4 branch. This version is what we recommend for those who need a stable version of GnuTLS. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. Noteworthy changes since 1.4.4: ** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS ** version, try to negotiate the highest version support by the GnuTLS server, ** instead of the lowest. Reported by . ** Fix typo in doc/examples/ex-serv-pgp.c. Reported by Adam Langley" . Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ Here are the compressed sources (3.9MB): ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.4.5.tar.bz2 http://josefsson.org/gnutls/releases/gnutls-1.4.5.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.4.5.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.4.5.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 49a468de975ee6d10778ac43884ea4febb03d9dc gnutls-1.4.5.tar.bz2 e4527fcd9a7f48ebdf562910f8cb5a281ee9bef9 gnutls-1.4.5.tar.bz2.sig 68fd8ef740c55497f888c73ca833c0a1591b5ba0b2514aee4f506eb4 gnutls-1.4.5.tar.bz2 65416c5219e33532d5404e04c9b9a2e57fd3a42fa95c9ae9494f0199 gnutls-1.4.5.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Tue Nov 7 11:55:28 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 07 Nov 2006 11:55:28 +0100 Subject: [Help-gnutls] Review of C++ interface: help wanted Message-ID: <87zmb3o7a7.fsf@latte.josefsson.org> Hi all! Nikos installed some C++ APIs for GnuTLS some time ago, and I haven't seen any feedback on this. Is there someone who knows about C++ that is willing to help improve the C++ interface? I believe Nikos does not have time to work on this now. Writing some C++ example code that connects to a server using the C++ API would help a lot. Improving the implementation of the C++ API would also be useful... To simplify review, here is the complete header file and source code for the C++ API. It is not a lot of code... It would be nice to have at least one C++ example before the 1.6.0 release, since the new C++ API is one one of the main new features. /Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutlsxx.h Type: text/x-chdr Size: 12971 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutlsxx.cpp Type: text/x-c++src Size: 24227 bytes Desc: not available URL: From jas at extundo.com Tue Nov 7 13:38:45 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 07 Nov 2006 13:38:45 +0100 Subject: [Help-gnutls] GnuTLS 1.5.4 aka 1.6.0rc1 - experimental Message-ID: <87r6wfo2i2.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.5.4, a release on the current development branch. We still recommend the 1.4.x branch as the stable version. This release is a release candidate for the next major stable release, 1.6.0. Please test this release as if it were a stable release, and report any regressions since the 1.4.x branch. Hopefully we can release 1.6.0 in a week or so. One goal with the 1.5.x branch is to make Windows x86 a supported platform for GnuTLS. We do this by providing a binary Windows installer of GnuTLS, cross-compiled from GNU/Linux using MinGW and NSIS. The installer is (lightly) tested on Windows 2000 and Windows XP. It is possible to develop applications in Visual Studio or MinGW that links to the library. See http://josefsson.org/gnutls4win/ for more information on the Windows releases. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. Noteworthy changes since 1.5.3: ** New API functions to set errno in push/pull functions. Under Windows, setting the errno variable in a push/pull replacement may end up setting the wrong errno variable, and GnuTLS send/recv functions become confused about the real errno returned from a failed push/pull function. Therefor, we have added two APIs to set the errno variable used by GnuTLS. The APIs can also help to keep things thread-safe, by avoiding potentially global variables. Typically, instead of setting errno in your push/pull function, you will call one of these functions. It is recommended to use gnutls_transport_set_errno, but if you don't have the session variable easily accessible in the push/pull replacement function, you can use gnutls_transport_set_global_errno. Suggested by Tim Kosse . void gnutls_transport_set_errno (gnutls_session_t session, int err); void gnutls_transport_set_global_errno (int err); ** When calling `recv' or `send' Windows errors are handled properly. The Windows recv/send functions doesn't use errno, and GnuTLS now use WSAGetLastError to access the error condition instead. ** Several OpenPGP API fixes. All suggested by ludovic.courtes at laas.fr (Ludovic Court?s). The most important fix is to change the return value of gnutls_openpgp_privkey_get_pk_algorithm and gnutls_openpgp_key_get_pk_algorithm from 'int' to 'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI compatible with 'int'). ** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS ** version, try to negotiate the highest version support by the GnuTLS server, ** instead of the lowest. Reported by . ** Replace old constructs with use of gnulib modules. For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in the code. If the headers doesn't exist on the target system, gnulib will make sure its replacement header files are used instead. ** Fix SOVERSION computation for *.def files. This fixes build errors similar to "No rule to make target `libgnutls-`expr', needed by `all-am'." when building for Windows. ** gnutls_check-version uses strverscmp from gnulib. ** Update of gnulib files. ** API and ABI modifications: gnutls_transport_set_errno: ADD gnutls_transport_set_global_errno: ADD Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ Here are the compressed sources (4.1MB): ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.5.4.tar.bz2 http://josefsson.org/gnutls/releases/gnutls-1.5.4.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.5.4.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.5.4.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 8d9895023a3939f45de95e84e6e9aa9103713e65 gnutls-1.5.4.tar.bz2 09765fad04e6f6bb27fa2cb338544e3cb50575d0 gnutls-1.5.4.tar.bz2.sig 706e17646b8f0152d64204479ef9c157fd2efef45acf9b3267750a56 gnutls-1.5.4.tar.bz2 38a77f2b3d89f288e88086d06b70b063d183ebe75dfd2ddd91ddd226 gnutls-1.5.4.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Tue Nov 7 13:58:07 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 07 Nov 2006 13:58:07 +0100 Subject: [Help-gnutls] GnuTLS 1.5.4 for Windows Message-ID: <87mz73o1ls.fsf@latte.josefsson.org> Don't forget that GnuTLS is available under Windows! The Windows installer contains the library, binaries for the command line tools and all example programs. The manual, in PDF and HTML formats, together with the GTK-DOC style API reference manual in HTML, are also included. This release uses libgpg-error 1.4, (slightly patched) libgcrypt 1.2.3, libtasn1 0.3.7, and gnutls 1.5.4. The source code for those packages, as well as the build makefile, is also included in the installer, but is not installed by default. For more information, such as an explanation how you can write programs using Visual Studio or MinGW that uses to GnuTLS, see: http://josefsson.org/gnutls4win/ There are two known problems: 1. Some of the command line tools (e.g., gnutls-cli) uses select() to check whether there is data to be read from stdin or from the network. The select function doesn't work with file descriptors under Windows, so this currently does not work. I'm working on solving this. Update! This was improved by 1.5.1, but still not perfect. Reports on that are solicited. 2. Initializing libgcrypt takes a long time on some systems, there has been reports that it can take around 10 seconds. There is a patch for libgcrypt to solve this, and there are non-official libgcrypt DLL's that can be used as a drop-in. See link:http://www.securitypunk.com/libgcrypt/[]. Note that it is not clear whether the patch is the right solution or not. We believe this release fixes some problems with send/recv returning failures, but that needs further testing. This is a release candidate for 1.6.0. We intend to release 1.6.0 even with known Windows bugs, and the goal is to fix them throughout the new stable 1.6.x series, with the help from users. The binary installer and PGP signature: http://josefsson.org/gnutls4win/gnutls-1.5.4.exe (14MB) http://josefsson.org/gnutls4win/gnutls-1.5.4.exe.sig Here are the SHA-1 and SHA-224 checksums: 524f333c97b6147c83b6ca0b46ca143fa42f3588 gnutls-1.5.4.exe bfe70921ad35456e81ca413240b8435f58d805f5 gnutls-1.5.4.exe.sig b8f0331fce44248c9bf28a0529ce9314cc8a206ce37cce3333a0331c gnutls-1.5.4.exe a64f1a421373662e79b96284cc2b760ff1ef891488aa7fddc8c69630 gnutls-1.5.4.exe.sig Happy hacking, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From neale at lanl.gov Thu Nov 9 01:36:43 2006 From: neale at lanl.gov (Neale Pickett) Date: Wed, 8 Nov 2006 17:36:43 -0700 Subject: [Help-gnutls] getting gnutls-serv to work Message-ID: <200611081736.43427.neale@lanl.gov> I'm having trouble getting gnutls-srv to not have a handshake error: zoot$ gnutls-serv --port 5309 -d 4 in another window: zoot$ gnutls-cli-dbg -p 5309 localhost Resolving 'localhost'... Connecting to '127.0.0.1:5309'... Checking for TLS 1.1 support... no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.0 support... no Checking for SSL 3.0 support... no Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 Back in window 1: |<4>| REC[1003acb8]: V2 packet received. Length: 140 |<4>| REC[1003acb8]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[1003acb8]: Received Packet[0] Handshake(22) with length: 140 |<4>| REC[1003acb8]: Decrypted Packet[0] Handshake(22) with length: 140 |<3>| HSK[1003acb8]: CLIENT HELLO(v2) was received [140 bytes] |<3>| HSK[1003acb8]: SSL 2.0 Hello: Client's version: 3.1 |<3>| HSK[1003acb8]: Parsing a version 2.0 client hello. |<2>| ASSERT: gnutls_handshake.c:2674 |<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5 |<2>| ASSERT: gnutls_handshake.c:2674 |<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1 |<2>| ASSERT: gnutls_handshake.c:2674 |<3>| HSK[1003acb8]: Removing ciphersuite: ANON_DH_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[1003acb8]: Removing ciphersuite: RSA_AES_128_CBC_SHA1 |<2>| ASSERT: gnutls_handshake.c:632 |<2>| ASSERT: gnutls_v2_compat.c:171 |<2>| ASSERT: gnutls_handshake.c:1952 |<2>| ASSERT: gnutls_handshake.c:2415 Error in handshake Error: Could not negotiate a supported cipher suite. |<4>| REC: Sending Alert[2|40] - Handshake failed etc. I've tried this with an x509 certificate and private key, but get similar results. I won't detail that attempt because I suspect I just need to call gnutls-serv differently. Right? From jas at extundo.com Tue Nov 14 16:06:20 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 14 Nov 2006 16:06:20 +0100 Subject: [Help-gnutls] Re: getting gnutls-serv to work In-Reply-To: <200611081736.43427.neale@lanl.gov> (Neale Pickett's message of "Wed\, 8 Nov 2006 17\:36\:43 -0700") References: <200611081736.43427.neale@lanl.gov> Message-ID: <87slgmjcer.fsf@latte.josefsson.org> Neale Pickett writes: > I'm having trouble getting gnutls-srv to not have a handshake error: > > zoot$ gnutls-serv --port 5309 -d 4 ... > in another window: > zoot$ gnutls-cli-dbg -p 5309 localhost ... > Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 > > Back in window 1: ... > > etc. > > > I've tried this with an x509 certificate and private key, but get similar > results. I won't detail that attempt because I suspect I just need to call > gnutls-serv differently. Right? I get the same error, and I believe it should work. I suspect there is a bug somewhere, possibly something like anonymous ciphers aren't enabled or working or something. Please debug it further if you want to see it fixed. /Simon From jas at extundo.com Thu Nov 16 15:30:17 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 16 Nov 2006 15:30:17 +0100 Subject: [Help-gnutls] GnuTLS 1.5.5 aka 1.6.0rc2 - last call for 1.6.0 fixes Message-ID: <87zmarwjk6.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.5.5, the (likely) last release on the current development branch. We still recommend the 1.4.x branch as the stable version. This release is the second release candidate for the next major stable release, 1.6.0. It fixes the shared library version, and some minor issues, compared to the last release candidate. Please test this release as if it were a stable release, and report any regressions since the 1.4.x branch. Hopefully, 1.6.0 will be released tomorrow. One goal with the 1.5.x branch is to make Windows x86 a supported platform for GnuTLS. We do this by providing a binary Windows installer of GnuTLS, cross-compiled from GNU/Linux using MinGW and NSIS. The installer is (lightly) tested on Windows 2000 and Windows XP. It is possible to develop applications in Visual Studio or MinGW that links to the library. See http://josefsson.org/gnutls4win/ for more information on the Windows releases. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. Noteworthy changes since 1.5.4: ** Correctly bump shared library version after adding new APIs. This was forgotten in the last release. ** Fix unsigned vs signed problem in ex-x509-info.c example. Reported by Tim Kosse . ** Fix the rsa-md5-collision self test to work for MinGW+Wine. ** Update of gnulib files. ** API and ABI modifications: No changes since last version. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ Here are the compressed sources (4.1MB): ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.5.5.tar.bz2 http://josefsson.org/gnutls/releases/gnutls-1.5.5.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.5.5.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.5.5.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 9a569cc00ce12710d656abf1ab63fab3338bc8e9 gnutls-1.5.5.tar.bz2 1a943fa8dac156ded24fca3eecc2902021a54954 gnutls-1.5.5.tar.bz2.sig baa833f2251f4976ebdf1f233b2084c8e6b4984d150a8ddb0294ee96 gnutls-1.5.5.tar.bz2 8c8ec74d876505c7d8bb78d309a002bbbf4d4f6606f36aa391a392e7 gnutls-1.5.5.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Thu Nov 16 16:01:31 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 16 Nov 2006 16:01:31 +0100 Subject: [Help-gnutls] Libtasn1 0.3.8 Message-ID: <87velfwi44.fsf@latte.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by Shishi to handle Kerberos V5 packets. Version 0.3.8 (released 2006-11-16) - Fix reading of binary files in asn1Decoding, for Windows. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.3MB): ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.8.tar.gz http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.8.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-0.3.8.tar.gz.sig http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.8.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2006-08-14] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2006-08-14] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: fe6dc6ff4673e57e0fc5a3587843583739e381d5 libtasn1-0.3.8.tar.gz 25d8dcf2bc963b0ee6b2c01a518d10e88ef6fbb9 libtasn1-0.3.8.tar.gz.sig 03f311d2a68e561743fe40e3d49472d6647dff83b0b6cdb0350afc73 libtasn1-0.3.8.tar.gz d9c79eb77ef434c498efbabd1749431fd7f98a2478cd6b5d86cce2dc libtasn1-0.3.8.tar.gz.sig Enjoy, Fabio, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Thu Nov 16 16:27:42 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 16 Nov 2006 16:27:42 +0100 Subject: [Help-gnutls] GnuTLS 1.5.5 for Windows Message-ID: <87k61vwgwh.fsf@latte.josefsson.org> Don't forget that GnuTLS is available under Windows! The Windows installer contains the library, binaries for the command line tools and all example programs. The manual, in PDF and HTML formats, together with the GTK-DOC style API reference manual in HTML, are also included. This release uses libgpg-error 1.4, (slightly patched) libgcrypt 1.2.3, libtasn1 0.3.8, and gnutls 1.5.5. The source code for those packages, as well as the build makefile, is also included in the installer, but is not installed by default. For more information, such as an explanation how you can write programs using Visual Studio or MinGW that uses to GnuTLS, see: http://josefsson.org/gnutls4win/ There are two known problems: 1. Some of the command line tools (e.g., gnutls-cli) uses select() to check whether there is data to be read from stdin or from the network. The select function doesn't work with file descriptors under Windows, so this currently does not work. I'm working on solving this. Update! This was improved by 1.5.1, but still not perfect. Reports on that are solicited. 2. Initializing libgcrypt takes a long time on some systems, there has been reports that it can take around 10 seconds. There is a patch for libgcrypt to solve this, and there are non-official libgcrypt DLL's that can be used as a drop-in. See . Note that it is not clear whether the patch is the right solution or not. We believe this release fixes some problems with send/recv returning failures, but that needs further testing. This is a release candidate for 1.6.0. We intend to release 1.6.0 even with known Windows bugs, and the goal is to fix them throughout the new stable 1.6.x series, with the help from users. The binary installer and PGP signature: http://josefsson.org/gnutls4win/gnutls-1.5.5.exe (14MB) http://josefsson.org/gnutls4win/gnutls-1.5.5.exe.sig Here are the SHA-1 and SHA-224 checksums: d7616392d15cd4525d600c37a90b2a53e9c3ae8d gnutls-1.5.5.exe adaaa93778a34a1343a5004d18d7dc04f8b3e2c0 gnutls-1.5.5.exe.sig 46ecd2c930c95e5b2de61b1bd3fc16f10c488cbf77c087d99ef4528d gnutls-1.5.5.exe 39d4db0bd94db8c98220b5a993df57274bfee03e4c61c4f046039e28 gnutls-1.5.5.exe.sig Happy hacking, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Fri Nov 17 15:36:31 2006 From: jas at extundo.com (Simon Josefsson) Date: Fri, 17 Nov 2006 15:36:31 +0100 Subject: [Help-gnutls] GnuTLS 1.6.0 Message-ID: <87k61ucf80.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.6.0! This is the first release on our new stable branch. This version is what we recommend for those who need a stable version of GnuTLS. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. * Version 1.6.0 (released 2006-11-17) ** No changes since 1.5.5. The major changes compared to the 1.4.x branch are: *** A GnuTLS C++ library is part of the official distribution. Currently there are no examples or documentation, but hopefully this will change. See gnutlsxx.h for the API. *** Windows is a supported platform. There are, however, two know bugs. One is related to select() in command line tools (not, nota bene, in the library), the other is a problem with libgcrypt that causes delays. Help is needed to resolve those issues, so we feel we can't delay the release because of this. *** New APIs for custom push/pull function error reporting. The new APIs are gnutls_transport_set_errno and gnutls_transport_set_global_errno. See the release notes for version 1.5.4 for more information. *** Self tests are run under valgrind, if available. See --disable-valgrind. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ Here are the compressed sources (4.1MB): ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.6.0.tar.bz2 http://josefsson.org/gnutls/releases/gnutls-1.6.0.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.6.0.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.6.0.tar.bz2.sig For more information about GnuTLS for Windows: http://josefsson.org/gnutls4win/ The Windows binary installer and PGP signature: http://josefsson.org/gnutls4win/gnutls-1.6.0.exe (14MB) http://josefsson.org/gnutls4win/gnutls-1.6.0.exe.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: b0600815aeae57cfa21cad19c1da8708c5b25d73 gnutls-1.6.0.tar.bz2 2bb0664136929c140cdecc5c1c2834fb3dcd798f gnutls-1.6.0.tar.bz2.sig 8c8126cf922d33a75c5763773a7428b3da24d7cfbd6bea91c71ff43c gnutls-1.6.0.tar.bz2 235c23d67a4f9f214da959db24d105b74df7e0ceba4cedadba503647 gnutls-1.6.0.tar.bz2.sig 6f6c6318d7687052215559644e5756a0a9179105 gnutls-1.6.0.exe 3d85ee7fafc40e06f4f48f9933ca10bb958347bf gnutls-1.6.0.exe.sig 189a95691ec721ddd1efb8a3a933a0eaae4b8962c2602b14cb810811 gnutls-1.6.0.exe 9dcaaa06ffec1c79b5c5e3c542378b3287fae613f6a785231e306436 gnutls-1.6.0.exe.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From john at yarbbles.com Tue Nov 21 02:01:05 2006 From: john at yarbbles.com (John Brooks) Date: Mon, 20 Nov 2006 18:01:05 -0700 Subject: [Help-gnutls] "operation is not possible without initialized secure memory" Message-ID: <45624FD1.8020709@yarbbles.com> I use GnuTLS in an application (ircd) frequently, and this code has been running flawlessly on many systems so far - this particular one, it seems to break on, and as far as I can tell that is not the fault of the system itself. When generating DH params (gnutls_dh_params_generate2), I get a message printed to stderr and then the application exits (code 2): operation is not possible without initialized secure memory Immediately before this, loading the certificate and privkey seems to fail (" ASN1 parser: Error in DER parsing."), but that is not what causes this error (directly, at least). Has anyone else experienced this, or does anyone have any idea why it would be happening? Source for the SSL part of the application can be seen at: http://svn.inspircd.org/index.cgi/trunk/inspircd/src/modules/extra/m_ssl_gnutls.cpp?view=co From jas at extundo.com Tue Nov 21 12:50:29 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 21 Nov 2006 12:50:29 +0100 Subject: [Help-gnutls] Re: "operation is not possible without initialized secure memory" References: <45624FD1.8020709@yarbbles.com> Message-ID: <87ejrxhvcq.fsf@latte.josefsson.org> John Brooks writes: > I use GnuTLS in an application (ircd) frequently, and this code has > been running flawlessly on many systems so far - this particular one, > it seems to break on, and as far as I can tell that is not the fault > of the system itself. > > When generating DH params (gnutls_dh_params_generate2), I get a > message printed to stderr and then the application exits (code 2): > > operation is not possible without initialized secure memory That is a libgcrypt error message. Could it be that you invoke gnutls_dh_params_generate2 before gnutls_global_init? Alternatively, it may be that libgcrypt somehow is initialized before gnutls_global_init is invoked, and then GnuTLS cannot initialize libgcrypt properly. Do you link to any other library that may use libgcrypt? I wish that libgcrypt were more stateless.. /Simon From sydbarrett74 at hotmail.com Tue Nov 21 14:49:03 2006 From: sydbarrett74 at hotmail.com (Victor Escobar) Date: Tue, 21 Nov 2006 08:49:03 -0500 Subject: [Help-gnutls] Compile error Message-ID: Hi all, When I compile the latest source on my macpro (osx 10.4.8), I get the following error: ld: Undefined symbols: __ZN6gnutls11credentials7set_ptrEPv /usr/bin/libtool: internal link edit command failed make[3]: *** [libgnutlsxx.la] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 Please help.