From edortizq at gmail.com Sat Dec 1 05:34:50 2007 From: edortizq at gmail.com (Edgar Ortiz) Date: Fri, 30 Nov 2007 23:34:50 -0500 Subject: [Help-gnutls] libgnutls.so.13 and libgnutls.so.13(GNUTLS_1_3) Message-ID: <2aecde9f0711302034j3af34c70s64ad46988784764e@mail.gmail.com> > I'm a newbe in linux, I've installed a SLES 10 distribution and I'm trying > to install now freetds, I've found the freetds-0.64-33.1.i586.rpm but when > try to install the rpm get the next message: > error: Failed dependencies: > libgnutls.so.13 is needed by freetds-0.64-33.1.i586 > libgnutls.so.13(GNUTLS_1_3) is needed by freetds-0.64-33.1.i586 > My question is how do I get this rpm's or what can I do to install the > software asked for freetds; I prefer an rpm because I never has installed a > program compiling it. I was looking for the files over the Internet with no > results. > Thank's for your help. > > Sorry, my english is very bad, it's not my native language. -------------- next part -------------- An HTML attachment was scrubbed... URL: From simon at josefsson.org Sat Dec 1 10:28:37 2007 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 01 Dec 2007 10:28:37 +0100 Subject: [Help-gnutls] Re: libgnutls.so.13 and libgnutls.so.13(GNUTLS_1_3) In-Reply-To: <2aecde9f0711302034j3af34c70s64ad46988784764e@mail.gmail.com> (Edgar Ortiz's message of "Fri, 30 Nov 2007 23:34:50 -0500") References: <2aecde9f0711302034j3af34c70s64ad46988784764e@mail.gmail.com> Message-ID: <87y7ce9322.fsf@mocca.josefsson.org> This is something you'll have to ask the SLES 10 people about. Maybe there are some SLES 10 users on this list that can help though. Possibly rpmfind.net can help too, I found this: http://rpmfind.net//linux/RPM/suse/updates/10.0/i386/rpm/i586/gnutls-1.2.5-3.4.i586.html /Simon "Edgar Ortiz" writes: >> I'm a newbe in linux, I've installed a SLES 10 distribution and I'm trying >> to install now freetds, I've found the freetds-0.64-33.1.i586.rpm but > when >> try to install the rpm get the next message: >> error: Failed dependencies: >> libgnutls.so.13 is needed by freetds-0.64-33.1.i586 >> libgnutls.so.13(GNUTLS_1_3) is needed by freetds-0.64-33.1.i586 >> My question is how do I get this rpm's or what can I do to install the >> software asked for freetds; I prefer an rpm because I never has > installed a >> program compiling it. I was looking for the files over the Internet > with no >> results. >> Thank's for your help. >> >> Sorry, my english is very bad, it's not my native language. > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > http://lists.gnu.org/mailman/listinfo/help-gnutls From kristian.martens at freenet.de Sat Dec 1 10:58:08 2007 From: kristian.martens at freenet.de (Kristian Martens) Date: Sat, 1 Dec 2007 10:58:08 +0100 Subject: [Help-gnutls] Load Server private key problem Message-ID: <005201c83400$ae5ffdf0$8c17b8d9@WKristian> Hello, I have a problem in loading a private server key file: gnutls: ASSERT: x509_b64.c:514 gnutls: ASSERT: x509_b64.c:447 gnutls: Could not find '-----BEGIN DSA PRIVATE KEY' gnutls: ASSERT: privkey.c:398 gnutls: ASSERT: gnutls_x509.c:687 gnutls: ASSERT: gnutls_x509.c:736 Set certificate mem: Base64 decoding error. What is the reason? What API do I need to use, to load this file? I use the function "gnutls_certificate_set_x509_key_mem" to load the certificate. With GNUTLS generated PEM files I have no problems. Thanks, Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: server-key.pem Type: application/octet-stream Size: 963 bytes Desc: not available URL: From nmav at gnutls.org Sat Dec 1 11:43:12 2007 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 1 Dec 2007 12:43:12 +0200 Subject: [Help-gnutls] Load Server private key problem In-Reply-To: <005201c83400$ae5ffdf0$8c17b8d9@WKristian> References: <005201c83400$ae5ffdf0$8c17b8d9@WKristian> Message-ID: <200712011243.13095.nmav@gnutls.org> On Saturday 01 December 2007, Kristian Martens wrote: > Hello, > > I have a problem in loading a private server key file: Your private key is encrypted. You can load only plain private keys with gnutls_certificate_set_x509_key_mem. regards, Nikos From kristian.martens at freenet.de Sat Dec 1 18:03:58 2007 From: kristian.martens at freenet.de (Kristian Martens) Date: Sat, 1 Dec 2007 18:03:58 +0100 Subject: [Help-gnutls] Load Server private key problem References: <005201c83400$ae5ffdf0$8c17b8d9@WKristian> <200712011243.13095.nmav@gnutls.org> Message-ID: <006001c8343c$2c3aeb00$8c17b8d9@WKristian> Is there another way (API) to load encrypted keys by providing a password? ----- Original Message ----- From: "Nikos Mavrogiannopoulos" To: Cc: "Kristian Martens" Sent: Saturday, December 01, 2007 11:43 AM Subject: Re: [Help-gnutls] Load Server private key problem > On Saturday 01 December 2007, Kristian Martens wrote: >> Hello, >> >> I have a problem in loading a private server key file: > > Your private key is encrypted. You can load only plain private keys with > gnutls_certificate_set_x509_key_mem. > > regards, > Nikos > From nmav at gnutls.org Sat Dec 1 18:15:12 2007 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 1 Dec 2007 19:15:12 +0200 Subject: [Help-gnutls] Load Server private key problem In-Reply-To: <006001c8343c$2c3aeb00$8c17b8d9@WKristian> References: <005201c83400$ae5ffdf0$8c17b8d9@WKristian> <200712011243.13095.nmav@gnutls.org> <006001c8343c$2c3aeb00$8c17b8d9@WKristian> Message-ID: <200712011915.12633.nmav@gnutls.org> On Saturday 01 December 2007, Kristian Martens wrote: > Is there another way (API) to load encrypted keys by providing a password? Yes. Check the pkcs12 and pkcs8 functions at the manual. Note that your current key was encrypted with openssl's way so it is not supported. regards, Nikos From simon at josefsson.org Mon Dec 3 12:35:37 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 03 Dec 2007 12:35:37 +0100 Subject: [Help-gnutls] Re: Load Server private key problem In-Reply-To: <200712011915.12633.nmav@gnutls.org> (Nikos Mavrogiannopoulos's message of "Sat, 1 Dec 2007 19:15:12 +0200") References: <005201c83400$ae5ffdf0$8c17b8d9@WKristian> <200712011243.13095.nmav@gnutls.org> <006001c8343c$2c3aeb00$8c17b8d9@WKristian> <200712011915.12633.nmav@gnutls.org> Message-ID: <87myssm2nq.fsf@mocca.josefsson.org> Nikos Mavrogiannopoulos writes: > On Saturday 01 December 2007, Kristian Martens wrote: > >> Is there another way (API) to load encrypted keys by providing a password? > > Yes. Check the pkcs12 and pkcs8 functions at the manual. Note that your > current key was encrypted with openssl's way so it is not supported. I think OpenSSL can convert it to PKCS#8 format using 'openssl pkcs8 -topk8' or something like that. I wouldn't store my keys in openssl's proprietary encrypted format, so you'd might want to consider using the PKCS#8 format generally. /Simon From simon at josefsson.org Mon Dec 3 12:37:31 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 03 Dec 2007 12:37:31 +0100 Subject: [Help-gnutls] Re: libgnutls.so.13 and libgnutls.so.13(GNUTLS_1_3) In-Reply-To: <2aecde9f0712011253q7bf59cd1l2fce05cbd25b8e26@mail.gmail.com> (Edgar Ortiz's message of "Sat, 1 Dec 2007 15:53:42 -0500") References: <2aecde9f0711302034j3af34c70s64ad46988784764e@mail.gmail.com> <87y7ce9322.fsf@mocca.josefsson.org> <2aecde9f0712011253q7bf59cd1l2fce05cbd25b8e26@mail.gmail.com> Message-ID: <87ir3gm2kk.fsf@mocca.josefsson.org> Ah, I see. The libgnutls.so.13 file is built from more recent GnuTLS releases, it seems the SLES 10 release only contains the old libgnutls.so.12. Try downloading the latest GnuTLS 2.0.x stable release and build it for yourself, it should install a libgnutls.so.13. Then you can force the dependency-check when installing the RPM. /Simon "Edgar Ortiz" writes: > Thank you Simon, I ready tried with these file, it provides > libgnutls.so.12but I need the > libgnutls.so.13 files. > Somebody knows where can I find this file, even if I have to compile it. > I'll be really helpful for me. > > > 2007/12/1, Simon Josefsson : >> >> This is something you'll have to ask the SLES 10 people about. Maybe >> there are some SLES 10 users on this list that can help though. >> Possibly rpmfind.net can help too, I found this: >> >> >> http://rpmfind.net//linux/RPM/suse/updates/10.0/i386/rpm/i586/gnutls-1.2.5-3.4.i586.html >> >> /Simon >> >> "Edgar Ortiz" writes: >> >> >> I'm a newbe in linux, I've installed a SLES 10 distribution and I'm >> trying >> >> to install now freetds, I've found the freetds-0.64-33.1.i586.rpm but >> > when >> >> try to install the rpm get the next message: >> >> error: Failed dependencies: >> >> libgnutls.so.13 is needed by freetds-0.64-33.1.i586 >> >> libgnutls.so.13(GNUTLS_1_3) is needed by freetds-0.64-33.1.i586 >> >> My question is how do I get this rpm's or what can I do to install the >> >> software asked for freetds; I prefer an rpm because I never has >> > installed a >> >> program compiling it. I was looking for the files over the Internet >> > with no >> >> results. >> >> Thank's for your help. >> >> >> >> Sorry, my english is very bad, it's not my native language. >> > _______________________________________________ >> > Help-gnutls mailing list >> > Help-gnutls at gnu.org >> > http://lists.gnu.org/mailman/listinfo/help-gnutls >> From kristian.martens at freenet.de Wed Dec 5 00:40:28 2007 From: kristian.martens at freenet.de (kristian.martens at freenet.de) Date: Wed, 05 Dec 2007 00:40:28 +0100 Subject: [Help-gnutls] Re: Re: Load Server private key problem Message-ID: Is there an example available how to use the API for PKCS8 or 12? Thanks, Kris ----- original Nachricht -------- Betreff: Re: Load Server private key problem Gesendet: Mo 03 Dez 2007 12:35:29 CET Von: "Simon Josefsson" > Nikos Mavrogiannopoulos writes: > > > On Saturday 01 December 2007, Kristian Martens wrote: > > > >> Is there another way (API) to load encrypted keys by providing a > password? > > > > Yes. Check the pkcs12 and pkcs8 functions at the manual. Note that your > > current key was encrypted with openssl's way so it is not supported. > > I think OpenSSL can convert it to PKCS#8 format using 'openssl pkcs8 > -topk8' or something like that. I wouldn't store my keys in openssl's > proprietary encrypted format, so you'd might want to consider using the > PKCS#8 format generally. > > /Simon > --- original Nachricht Ende ---- "Jetzt Handykosten senken mit klarmobil - 14 Ct./Min.! Hier klicken" http://produkte.shopping.freenet.de/handy_voip_isdn/klarmobil/index.html?pid=730025 From simon at josefsson.org Wed Dec 5 11:34:17 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 05 Dec 2007 11:34:17 +0100 Subject: [Help-gnutls] Re: Load Server private key problem In-Reply-To: (kristian martens's message of "Wed, 05 Dec 2007 00:40:28 +0100") References: Message-ID: <87d4tla0ra.fsf@mocca.josefsson.org> Check out the manual: http://www.gnu.org/software/gnutls/manual/html_node/PKCS-_002312-structures.html http://www.gnu.org/software/gnutls/manual/html_node/PKCS-_002312-structure-generation.html Also see the source code for the certtool tool, in src/certtool.c, it does both PKCS#8 and PKCS#12 operations. If you develop some code that you think would be useful to include as an example, please consider to contribute it so others can be helped by it! /Simon kristian.martens at freenet.de writes: > Is there an example available how to use the API for PKCS8 or 12? > > Thanks, > Kris > > ----- original Nachricht -------- > > Betreff: Re: Load Server private key problem > Gesendet: Mo 03 Dez 2007 12:35:29 CET > Von: "Simon Josefsson" > >> Nikos Mavrogiannopoulos writes: >> >> > On Saturday 01 December 2007, Kristian Martens wrote: >> > >> >> Is there another way (API) to load encrypted keys by providing a >> password? >> > >> > Yes. Check the pkcs12 and pkcs8 functions at the manual. Note that your >> > current key was encrypted with openssl's way so it is not supported. >> >> I think OpenSSL can convert it to PKCS#8 format using 'openssl pkcs8 >> -topk8' or something like that. I wouldn't store my keys in openssl's >> proprietary encrypted format, so you'd might want to consider using the >> PKCS#8 format generally. >> >> /Simon >> > > --- original Nachricht Ende ---- > > > > > "Jetzt Handykosten senken mit klarmobil - 14 Ct./Min.! Hier klicken" > http://produkte.shopping.freenet.de/handy_voip_isdn/klarmobil/index.html?pid=730025 From dkg-debian.org at fifthhorseman.net Wed Dec 5 15:00:09 2007 From: dkg-debian.org at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Dec 2007 09:00:09 -0500 Subject: [Help-gnutls] scalable logo for gnutls Message-ID: <87abopz1g6.fsf@squeak.fifthhorseman.net> hey folks-- this is mostly trivia, but i just created an svg version of the GnuTLS logo, so that it can be truly scalable. I also used it to create a 16x16 png icon, which can be used as a shortcut icon for any GnuTLS web pages, if it's desired. You can download/view them at: http://lair.fifthhorseman.net/~dkg/src/gnutls/gnutls-logo.svg http://lair.fifthhorseman.net/~dkg/src/gnutls/gnutls-logo-icon.png My impetus for doing this is because I keep too many tabs open in my browser; it's nice to have a visual reminder of what each tab is, and trac.gnutls.org still uses the generic trac icon, which trips me up when i'm looking for it. You can modify the value of "icon =" in the [project] section of $TRACENV/conf/trac.ini if you want to adopt it. Other alternatives: I know that there's already an eps of the logo in git:docs/gnutls-logo.eps, but it appears to just store a bitmap anyway, so it's not truly scalable. I also saw http://www.gnu.org/software/gnutls/graphics/gnutls-logo-icon.png, but it isn't the canonical 16x16 for a web page icon, and it also has some chunky aliasing in it. Hope you find this useful, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From simon at josefsson.org Wed Dec 5 16:35:40 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 05 Dec 2007 16:35:40 +0100 Subject: [Help-gnutls] Re: scalable logo for gnutls In-Reply-To: <87abopz1g6.fsf@squeak.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 05 Dec 2007 09:00:09 -0500") References: <87abopz1g6.fsf@squeak.fifthhorseman.net> Message-ID: <878x49upbn.fsf@mocca.josefsson.org> Daniel Kahn Gillmor writes: > hey folks-- > > this is mostly trivia, but i just created an svg version of the GnuTLS > logo, so that it can be truly scalable. I also used it to create a > 16x16 png icon, which can be used as a shortcut icon for any GnuTLS > web pages, if it's desired. > > You can download/view them at: > > http://lair.fifthhorseman.net/~dkg/src/gnutls/gnutls-logo.svg > http://lair.fifthhorseman.net/~dkg/src/gnutls/gnutls-logo-icon.png Great, thanks! I saved them into: http://www.gnu.org/software/gnutls/graphics/ I renamed your gnutls-logo-icon.png to gnutls-logo-icon2.png to avoid name collision. > My impetus for doing this is because I keep too many tabs open in my > browser; it's nice to have a visual reminder of what each tab is, and > trac.gnutls.org still uses the generic trac icon, which trips me up > when i'm looking for it. > > You can modify the value of "icon =" in the [project] section > of $TRACENV/conf/trac.ini if you want to adopt it. Done, thanks. Let me know if it isn't working. Thanks, Simon From dkg-debian.org at fifthhorseman.net Wed Dec 5 17:41:21 2007 From: dkg-debian.org at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Dec 2007 11:41:21 -0500 Subject: [Help-gnutls] fix for documentation of gnutls_x509_crt_get_pk_rsa_raw in lib/x509/x509.c Message-ID: <873auhm6vi.fsf@squeak.fifthhorseman.net> Hey folks-- Just learning my way around the GnuTLS codebase, and stumbled across what looks like a think-o in the documentation. Hopefully this the correct fix. [0 dkg at squeak lib]$ git diff | cat diff --git a/lib/x509/x509.c b/lib/x509/x509.c index a60e909..19e53ce 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -2502,7 +2502,7 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, * @m: will hold the modulus * @e: will hold the public exponent * - * This function will export the RSA private key's parameters found in the given + * This function will export the RSA public key's parameters found in the given * structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * [0 dkg at squeak lib]$ Full copyright assignment to the FSF of this amazing patch is fine with me ;) Thanks for the great tool! Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From dkg-debian.org at fifthhorseman.net Wed Dec 5 21:01:36 2007 From: dkg-debian.org at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 05 Dec 2007 15:01:36 -0500 Subject: [Help-gnutls] Re: scalable logo for gnutls In-Reply-To: <878x49upbn.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Wed\, 05 Dec 2007 16\:35\:40 +0100") References: <87abopz1g6.fsf@squeak.fifthhorseman.net> <878x49upbn.fsf@mocca.josefsson.org> Message-ID: <873augzza7.fsf@squeak.fifthhorseman.net> On Wed 2007-12-05 10:35:40 -0500, Simon Josefsson wrote: > Great, thanks! I saved them into: > > http://www.gnu.org/software/gnutls/graphics/ > > I renamed your gnutls-logo-icon.png to gnutls-logo-icon2.png to > avoid name collision. Sounds good. Feel free to put the svg under revision control if you want it. It could be used to generate the other image files with a couple inkscape or imagemagick directives in docs/Makefile as well, if you don't mind the extra build dependency. > Daniel Kahn Gillmor writes: > >> You can modify the value of "icon =" in the [project] section >> of $TRACENV/conf/trac.ini if you want to adopt it. > > Done, thanks. Works perfectly, and it solves my original problem. Thanks! --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From simon at josefsson.org Thu Dec 6 13:30:28 2007 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 06 Dec 2007 13:30:28 +0100 Subject: [Help-gnutls] Re: fix for documentation of gnutls_x509_crt_get_pk_rsa_raw in lib/x509/x509.c In-Reply-To: <873auhm6vi.fsf@squeak.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 05 Dec 2007 11:41:21 -0500") References: <873auhm6vi.fsf@squeak.fifthhorseman.net> Message-ID: <877ijsypi3.fsf@mocca.josefsson.org> Daniel Kahn Gillmor writes: > Hey folks-- > > Just learning my way around the GnuTLS codebase, and stumbled across > what looks like a think-o in the documentation. Hopefully this the > correct fix. Thanks, applied. /Simon > [0 dkg at squeak lib]$ git diff | cat > diff --git a/lib/x509/x509.c b/lib/x509/x509.c > index a60e909..19e53ce 100644 > --- a/lib/x509/x509.c > +++ b/lib/x509/x509.c > @@ -2502,7 +2502,7 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, > * @m: will hold the modulus > * @e: will hold the public exponent > * > - * This function will export the RSA private key's parameters found in the given > + * This function will export the RSA public key's parameters found in the given > * structure. The new parameters will be allocated using > * gnutls_malloc() and will be stored in the appropriate datum. > * > [0 dkg at squeak lib]$ > > Full copyright assignment to the FSF of this amazing patch is fine > with me ;) > > Thanks for the great tool! > > Regards, > > --dkg > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > http://lists.gnu.org/mailman/listinfo/help-gnutls From simon at josefsson.org Mon Dec 10 00:28:37 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2007 00:28:37 +0100 Subject: [Help-gnutls] GnuTLS presentation at FSCONS Message-ID: <877ijnjvmi.fsf@mocca.josefsson.org> I gave a presentation about GnuTLS at FSCONS on December 8th, and the presentation is available online: http://josefsson.org/fscons/fscons-gnutls.pdf For info about FSCONS (although over for now), see: http://fscons.org/ The organizers will put videos of the presentation online eventually, and I'll follow up with a link to it when it is available. /Simon From simon at josefsson.org Mon Dec 10 17:13:22 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 10 Dec 2007 17:13:22 +0100 Subject: [Help-gnutls] Libtasn1 1.2 Message-ID: <87sl2a34v1.fsf@mocca.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by Shishi to handle Kerberos V5 packets. Version 1.2 (released 2007-12-10) - Update gnulib files. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.5MB): ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-1.2.tar.gz http://josefsson.org/gnutls/releases/libtasn1/libtasn1-1.2.tar.gz Here are GPG detached signatures using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/libtasn1/libtasn1-1.2.tar.gz.sig http://josefsson.org/gnutls/releases/libtasn1/libtasn1-1.2.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2008-06-30] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2008-06-30] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: f423ee15405e4bc21052733f19d0abdc6f909da8 libtasn1-1.2.tar.gz 5bdcd006b46bb881939c4d6c608c2f952c0ce38a libtasn1-1.2.tar.gz.sig 693c8298ecdc852c7c83b3477a657903d129cef8c70ec7bd6d9ffbaf libtasn1-1.2.tar.gz 110f283c2d3d91cc1ab7105461f313cfd113df5be648c878ba2c1fa5 libtasn1-1.2.tar.gz.sig Happy hacking, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From simon at josefsson.org Wed Dec 12 16:41:08 2007 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 12 Dec 2007 16:41:08 +0100 Subject: [Help-gnutls] Re: Dear Ser. In-Reply-To: <484584.98685.qm@web32703.mail.mud.yahoo.com> (oh youngsup's message of "Tue, 4 Dec 2007 23:31:43 -0800 (PST)") References: <484584.98685.qm@web32703.mail.mud.yahoo.com> Message-ID: <87lk7zncob.fsf@mocca.josefsson.org> Hi. I'm cc'ing help-gnutls so that others can participate and help. You should check the manual: http://www.gnu.org/software/gnutls/manual/html_node/index.html In particular the example clients: http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html Btw, you may want to look at MSMTP: http://msmtp.sf.net/ which is a SMTP-client with TLS support. /Simon oh youngsup writes: > Dear . > > I'm a korea student and my majer comput science . > > I wan't ask something for GnuTLS because > I'm try to make SMTP Client (same as MUAs) . > > So I had success for made of SMTP Client . > But Some case of SMTP Server donsn't work because there are using the TLS > So I wan't to using the GnuTLS for support the TLS . > > It's made baes on the RFC reference, just using the Socket and port. > > Plz Could you tell me the soulation for me, > I'm already Install of GnuTLS on my linux muchine but I don't understand that how can i use GnuTLS > > Plz Let me know send an e-mail > > Thank You > > BR > Youngsup OH > > > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ From simon at josefsson.org Fri Dec 14 13:31:42 2007 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 14 Dec 2007 13:31:42 +0100 Subject: [Help-gnutls] GnuTLS 2.2.0 Message-ID: <87fxy5a24x.fsf@mocca.josefsson.org> We are pleased to announce a new stable GnuTLS release: Version 2.2.0. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. GnuTLS is developed for GNU/Linux, but works on many Unix-like systems and comes with a binary installer for Windows. The core GnuTLS library is distribute under the terms of the GNU Lesser General Public License version 2.1 (or later). The "extra" GnuTLS libraries -- which contains OpenPGP and TLS/IA support, LZO compression, the OpenSSL compatibility library -- and the self tests and command line tools are distributed under the GNU General Public License version 3.0 (or later). The manual is distributed under the GNU Free Documentation License version 1.2 (or later). The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ What's New ========== Major changes compared to the v2.0 branch: * SRP support aligned with newly published RFC 5054. * OpenPGP support aligned with newly published RFC 5081. * Support for DSA2 keys. * Support for Camellia cipher. * Support for Opaque PRF Input extension. * PKCS#8 parser now handle DSA keys. * Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc. Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier versions, such as 2.01 which is included with GnuTLS, is available under GPLv2 or later. If this incompatibility causes problems, we recommend you to disable LZO using --without-lzo. LZO compression is not a standard TLS compression algorithm, so the impact should be minimal. * Functions for disabling record protocol padding. Works around bugs on Nokia/Ericsson phones. * New functions gnutls_priority_set() for setting cipher priorities easily. Priorities like "COMPAT" also enables other work arounds, such as disabling padding. * Other minor improvements and bug fixes. Minor changes compared to the latest v2.1.8 release candidate: * Update internal copy of libtasn1 to version 1.2. * Certtool --verify-chain now handle inputs larger than 64kb. This fixes the self-test "rsa-md5-collision" under MinGW+Wine with recent versions of libgcrypt. The problem was that Wine with the libgcrypt RNG generates huge amounts of debugging output. * Translation updates. Added Dutch translation. Updated Polish and Swedish translation. Backwards incompatible API/ABI changes in GnuTLS 2.2 ==================================================== To adapt to changes in the TLS extension specifications for OpenPGP and SRP, the GnuTLS API had to be modified. This means breaking the API and ABI backwards compatibility. That is something we try to avoid unless it is necessary. We decided to also remove the already deprecated stub functions for X.509 to XML conversion and TLS authorization (see below) when we had the opportunity. Generally, most applications does not need to be modified. Just re-compile them against the latest GnuTLS release, and it should work fine. Applications that use the OpenPGP or SRP features needs to be modified. Below is a list of the modified APIs and discussion of what the minimal things you need to modify in your application to make it work with GnuTLS 2.2. Note that GnuTLS 2.2 also introduces new APIs -- such as gnutls_set_priority() that is superior to gnutls_set_default_priority() -- that you may want to start using. However, using those new APIs is not required to use GnuTLS 2.2 since the old functions continue are still supported. This text only discuss what you minimally have to modify. XML related changes ------------------- The function `gnutls_x509_crt_to_xml' has been removed. It has been deprecated and only returned an error code since GnuTLS version 1.2.11. Nobody has complained, so users doesn't seem to miss the functionality. We don't know of any other library to convert X.509 certificates into XML format, but we decided (long ago) that GnuTLS isn't the right place for this kind of functionality. If you want help to find some other library to use here, please explain and discuss your use case on help-gnutls at gnu.org. TLS Authorization related changes --------------------------------- Everything related to TLS authorizations have been removed, they were only stub functions that returned an error code: GNUTLS_SUPPLEMENTAL_AUTHZ_DATA gnutls_authz_data_format_type_t gnutls_authz_recv_callback_func gnutls_authz_send_callback_func gnutls_authz_enable gnutls_authz_send_x509_attr_cert gnutls_authz_send_saml_assertion gnutls_authz_send_x509_attr_cert_url gnutls_authz_send_saml_assertion_url SRP related changes ------------------- The callback gnutls_srp_client_credentials_function has a new prototype, and its semantic has changed. You need to rewrite the callback, see the updated function documentation and SRP example code (doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more information. The alert codes GNUTLS_A_MISSING_SRP_USERNAME and GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is used. There are #define's to map the old names to the new. You may run into problems if you have a switch-case with cases for both SRP alerts, since they are now mapped to the same value. The solution is to drop the SRP alerts from such switch cases, as they are now deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY. OpenPGP related changes ----------------------- The function `gnutls_certificate_set_openpgp_keyserver' have been removed. There is no replacement functionality inside GnuTLS. If you need keyserver functionality, consider using the GnuPG tools. All functions, types, and error codes related to OpenPGP trustdb format have been removed. The trustdb format is a non-standard GnuPG-specific format, and we recommend you to use key rings instead. The following have been removed: gnutls_certificate_set_openpgp_trustdb gnutls_openpgp_trustdb_init gnutls_openpgp_trustdb_deinit gnutls_openpgp_trustdb_import gnutls_openpgp_key_verify_trustdb gnutls_openpgp_trustdb_t GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED The following functions has an added parameter of the (new) type `gnutls_openpgp_crt_fmt_t'. The type specify the format of the data (binary or base64). The functions are: gnutls_certificate_set_openpgp_key_file gnutls_certificate_set_openpgp_key_mem gnutls_certificate_set_openpgp_keyring_mem gnutls_certificate_set_openpgp_keyring_file To improve terminology and align with the X.509 interface, some functions have been renamed. Compatibility mappings exists. The old and new names of the affected functions and types are: Old name New name gnutls_openpgp_key_t gnutls_openpgp_crt_t gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT gnutls_openpgp_key_init gnutls_openpgp_crt_init gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit gnutls_openpgp_key_import gnutls_openpgp_crt_import gnutls_openpgp_key_export gnutls_openpgp_crt_export gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname gnutls_openpgp_send_key gnutls_openpgp_send_cert Getting the Software ==================== GnuTLS may be downloaded from one of the mirror sites or direct from . The list of mirrors can be found at . Note, that GnuPG is not available at ftp.gnu.org. Here are the BZIP2 compressed sources (4.8MB): ftp://ftp.gnutls.org/pub/gnutls/gnutls-2.2.0.tar.bz2 http://josefsson.org/gnutls/releases/gnutls-2.2.0.tar.bz2 Here are OpenPGP detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/gnutls-2.2.0.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-2.2.0.tar.bz2.sig Note, that we don't distribute gzip compressed tarballs. In order to check that the version of GnuTLS which you are going to install is an original and unmodified one, you should verify the OpenPGP signature. You can use the command gpg --verify gnutls-2.2.0.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. The signing key can be identified with the following information: pub 1280R/B565716F 2002-05-05 [expires: 2008-06-30] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2008-06-30] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Alternatively, after successfully verifying the OpenPGP signature of this announcement, you could verify that the files match the following checksum values. The values are for SHA-1 and SHA-224 respectively: f0024abb61ee07e2ad00943098a439e0e7656742 gnutls-2.2.0.tar.bz2 d446c0fe0888b734f533692d1108af53f90ee5a128625efb05a8e908 gnutls-2.2.0.tar.bz2 Documentation ============= The manual is available online at: http://www.gnu.org/software/gnutls/documentation.html In particular the following formats are available: HTML: http://www.gnu.org/software/gnutls/manual/html_node/index.html PDF: http://www.gnu.org/software/gnutls/manual/gnutls.pdf For developers there is a GnuTLS API reference manual formatted using the GTK-DOC tools: http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html Community ========= If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . If you wish to participate in the development of GnuTLS, you are invited to join our gnutls-dev mailing list, see: . Windows installer ================= GnuTLS has been ported to the Windows operating system, and a binary installer is available. The installer contains DLLs for application development, manuals, examples, and source code. The installer consists of libgpg-error 1.6, libgcrypt 1.4.0, libtasn1 1.2, opencdk 0.6.6, and GnuTLS 2.2.0. For more information about GnuTLS for Windows: http://josefsson.org/gnutls4win/ The Windows binary installer and PGP signature: http://josefsson.org/gnutls4win/gnutls-2.2.0.exe (14MB) http://josefsson.org/gnutls4win/gnutls-2.2.0.exe.sig The checksum values for SHA-1 and SHA-224 are: 1821cab6dbe81ba1e7eda92f4debd3a789949205 gnutls-2.2.0.exe 7572f61e07eded8e1c96f8ffed3f26991384dcd18995f657962fc972 gnutls-2.2.0.exe Internationalization ==================== GnuTLS messages have been translated into Dutch, German, Malay, Polish and Swedish. We welcome the addition of more translations. Support ======= Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. The GnuTLS service directory is available at: http://www.gnu.org/software/gnutls/commercial.html Happy Hacking, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From beuc at beuc.net Thu Dec 20 16:28:02 2007 From: beuc at beuc.net (Sylvain Beucler) Date: Thu, 20 Dec 2007 16:28:02 +0100 Subject: [Help-gnutls] Public key export Message-ID: <20071220152802.GA27045@perso.beuc.net> Hi, I'm using Authentic (http://authentic.labs.libre-entreprise.org/) which asks the user to generate a private key and send in to public counterpart. I know how to do it with OpenSSL: $ openssl rsa -pubout -in sp-priv.pem writing RSA key -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcMulh/Ul0MRYjmeA5xfA3Q75Z MNqh2EqT2iP6vHXQ/DJpSsmBPZCoj0+T//IXWh210FZjQbSf7jVCmHU0dSted26z HvciHPE3caUxDZWcWQBSeLrDTnUSHDyYWL4e4YnrXjN5ieM8PEUIel/mMNCpvvxx 689fUMrkZXjP/9JxzwIDAQAB -----END PUBLIC KEY----- but I'm willing to switch to GnuTLS :) Is there a way to do it with GnuTLS? I didn't find a way to do so with certtool. Thanks, -- Sylvain From nmav at gnutls.org Thu Dec 20 20:28:56 2007 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 20 Dec 2007 21:28:56 +0200 Subject: [Help-gnutls] Public key export In-Reply-To: <20071220152802.GA27045@perso.beuc.net> References: <20071220152802.GA27045@perso.beuc.net> Message-ID: <200712202128.57073.nmav@gnutls.org> On Thursday 20 December 2007, Sylvain Beucler wrote: > Hi, > > I'm using Authentic (http://authentic.labs.libre-entreprise.org/) > which asks the user to generate a private key and send in to public > counterpart. > I know how to do it with OpenSSL: > $ openssl rsa -pubout -in sp-priv.pem Indeed certtool is mostly certificate oriented. As I check now, I don't see functions to handle public keys, unless they are in certificate containers (pgp or x509). How is the public key this site program asks used? Will a certificate request, or a certificate (pgp or x509) be more appropriate? regards, Nikos From beuc at beuc.net Thu Dec 20 20:44:02 2007 From: beuc at beuc.net (Sylvain Beucler) Date: Thu, 20 Dec 2007 20:44:02 +0100 Subject: [Help-gnutls] Public key export In-Reply-To: <200712202128.57073.nmav@gnutls.org> References: <20071220152802.GA27045@perso.beuc.net> <200712202128.57073.nmav@gnutls.org> Message-ID: <20071220194402.GA28994@perso.beuc.net> On Thu, Dec 20, 2007 at 09:28:56PM +0200, Nikos Mavrogiannopoulos wrote: > On Thursday 20 December 2007, Sylvain Beucler wrote: > > Hi, > > > > I'm using Authentic (http://authentic.labs.libre-entreprise.org/) > > which asks the user to generate a private key and send in to public > > counterpart. > > I know how to do it with OpenSSL: > > $ openssl rsa -pubout -in sp-priv.pem > > Indeed certtool is mostly certificate oriented. As I check now, I don't see > functions to handle public keys, unless they are in certificate containers > (pgp or x509). How is the public key this site program asks used? Will a > certificate request, or a certificate (pgp or x509) be more appropriate? I don't know the internal of Authentic. The key is meant for signing. The public key appears in the "Identity Provider" metadata that you provide the "Service Provider" with: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMOvmRSnHbS/xJAEMvUrqjxCq1 YOr1wo8vsH8Qw8ef/mdmeQMFOPKaUItz0c6o9MH+rVQRIE/hhU38UlAGOJ0fDiJf bJfTFPW4omY0aThNxdJB8ywzQIbcIQ9bM4Xc0aUV0wmtXZPgEsxF6oRY3iwQWsGX UznLYk+zWl4Qa49wiQIDAQAB -----END PUBLIC KEY----- [...] This kind of file is specified by Liberty Alliance (http://projectliberty.org/). -- Sylvain