From nmav at gnutls.org Sat Apr 2 10:40:30 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 02 Apr 2011 10:40:30 +0200
Subject: gnutls 2.12.1
Message-ID: <4D96E0FE.10200@gnutls.org>
I've just released gnutls 2.12.1. It is a bugfix release.
What's New
==========
** certtool: Generated certificate request with stricter permissions.
Reported by Luca Capello.
** libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov.
** libgnutls: Corrected windows system_errno() function prototype.
** libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand.
** libgnutls: Fix size of gnutls_openpgp_keyid_t by using the
GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From . The list of GNU mirrors can be
found at and a list of GnuTLS mirrors
can be found at .
Here are the BZIP2 compressed sources:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2
http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2.sig
http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos
uid Nikos Mavrogiannopoulos
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Sun Apr 3 01:35:16 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 03 Apr 2011 01:35:16 +0200
Subject: Authority Information Access
In-Reply-To:
References:
Message-ID: <4D97B2B4.2090606@gnutls.org>
On 03/29/2011 03:10 PM, Phil Brooke wrote:
> Hi,
>
> Does GnuTLS have any support for Authority Information Access URIs,
> e.g., for OCSP and CA Issuers, particularly for certtool? I haven't
> found any answers while searching online and looking through the
> 2.12.0 tarball.
If you mean the Authority Information Access CRL extension
it is not supported directly, i.e. there is no special function
to extract this information. There is a function though that
allows you to extract any extension data.
regards,
Nikos
From andrew.wiseman at gmail.com Sun Apr 3 05:20:17 2011
From: andrew.wiseman at gmail.com (Andrew Wiseman)
Date: Sun, 3 Apr 2011 04:20:17 +0100
Subject: sprtool fails
Message-ID:
I've just installed GnuTLS by following the instructions in the manual. I'm
trying to use SRP in my program but have hit a problem with srptool and I
can't seem to find any help about this from Google.
Here is the command I've typed, and the response.
> srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test
Enter password:
Error getting verifier
Cannot _srp_crypt()...
I'm using libgcrypt, and have rebuilt that and gnutls using several
different tweaks, with no luck yet. Does anyone have any pointers for me?
Thanks.
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From nmav at gnutls.org Sun Apr 3 10:59:22 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 03 Apr 2011 10:59:22 +0200
Subject: sprtool fails
In-Reply-To:
References:
Message-ID: <4D9836EA.9030508@gnutls.org>
On 04/03/2011 05:20 AM, Andrew Wiseman wrote:
> srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test
Hello,
I seems you can uncovered a bug in gnutls_srp_verifier(), introduced by
the change to nettle. Thanks for reporting that. I've scheduled a
fix for the next bugfix release. The fix can be found at:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b9d0bb0e37455e2550c4f79631e4bbe203bfe6d3
regards,
Nikos
From andrew.wiseman at gmail.com Sun Apr 3 17:04:45 2011
From: andrew.wiseman at gmail.com (Andrew Wiseman)
Date: Sun, 3 Apr 2011 16:04:45 +0100
Subject: sprtool fails
In-Reply-To: <4D9836EA.9030508@gnutls.org>
References:
<4D9836EA.9030508@gnutls.org>
Message-ID:
On 3 April 2011 09:59, Nikos Mavrogiannopoulos wrote:
> On 04/03/2011 05:20 AM, Andrew Wiseman wrote:
> > srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test
>
> Hello,
> I seems you can uncovered a bug in gnutls_srp_verifier(), introduced by
> the change to nettle. Thanks for reporting that. I've scheduled a
> fix for the next bugfix release. The fix can be found at:
>
>
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b9d0bb0e37455e2550c4f79631e4bbe203bfe6d3
>
>
Thanks, this seems to have fixed the sprtool problem.
But now 'make check' fails with the following. I'd imagine this is related
to the fix in some way as this didn't happen beforehand.
make check-TESTS
make[3]: Entering directory `/root/gnutls-2.12.0/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Failure: Succeeded connection to a server with a client DSA 2048 key and TLS
1.0!
FAIL: testdsa
===================================
1 of 1 test failed
Please report to bug-gnutls at gnu.org
===================================
make[3]: *** [check-TESTS] Error 1
make[3]: Leaving directory `/root/gnutls-2.12.0/tests/dsa'
make[2]: *** [check-am] Error 2
make[2]: Leaving directory `/root/gnutls-2.12.0/tests/dsa'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/root/gnutls-2.12.0/tests'
make: *** [check-recursive] Error 1
Thanks again
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From nmav at gnutls.org Sun Apr 3 17:56:34 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 03 Apr 2011 17:56:34 +0200
Subject: sprtool fails
In-Reply-To:
References: <4D9836EA.9030508@gnutls.org>
Message-ID: <4D9898B2.9090506@gnutls.org>
On 04/03/2011 05:04 PM, Andrew Wiseman wrote:
> Thanks, this seems to have fixed the sprtool problem.
> But now 'make check' fails with the following. I'd imagine this is related
> to the fix in some way as this didn't happen beforehand.
[...]
> FAIL: testdsa
Probably some process has been left listening to port 5559 in your
system. If this isn't the case please let me know.
regards,
Nikos
From andrew.wiseman at gmail.com Mon Apr 4 04:56:41 2011
From: andrew.wiseman at gmail.com (Andrew Wiseman)
Date: Mon, 4 Apr 2011 03:56:41 +0100
Subject: sprtool fails
In-Reply-To: <4D9898B2.9090506@gnutls.org>
References:
<4D9836EA.9030508@gnutls.org>
<4D9898B2.9090506@gnutls.org>
Message-ID:
> > Thanks, this seems to have fixed the sprtool problem.
> > But now 'make check' fails with the following. ?I'd imagine this is related
> > to the fix in some way as this didn't happen beforehand.
> [...]
> > FAIL: testdsa
>
> Probably some process has been left listening to port 5559 in your
> system. If this isn't the case please let me know.
]> netstat -anp | grep 5559
tcp 0 0 :::5559 :::*
LISTEN 28171/lt-gnutls-ser
]> kill 28171
]> make check
...all tests pass
So that did the trick. Thanks again!
Andrew
From tbaldarelli at wmsvision.com Thu Apr 7 20:50:57 2011
From: tbaldarelli at wmsvision.com (Tony Baldarelli)
Date: Thu, 7 Apr 2011 14:50:57 -0400
Subject: gnutls installation problems
Message-ID: <012301cbf554$bbc9e5a0$335db0e0$@com>
I am installing gnutls on a linux machine, and am having some problems.?
Here is the config summary ( after running ./configure --with-libgcrypt ):
??????????????? configure: summary of build options:
??????????????? ? version:????????? 2.12.1 shared 44:9:18
??????????????? ? Host type:??????? i686-pc-linux-gnu
??????????????? ? Install prefix:?? /usr/local
??????????????? ? Compiler:???????? gcc -std=gnu99
??????????????? ? Warning flags:??? errors:? warnings:
??????????????? ??Library types:??? Shared=yes, Static=yes
??????????????? ? Valgrind:???????? yes valgrind -q
??????????????? ? Guile wrappers:?? no
??????????????? ? C++ library:????? yes
??????????????? ? OpenSSL library:? yes
??????????????? ? /dev/crypto:????? no
??????????????? ? Crypto library:?? libgcrypt
Here is the end of the ?make? command:
??????????????? copying selected object files to avoid basename conflicts...
??????????????? ? CXX??? libgnutlsxx_la-gnutlsxx.lo
??????????????? ? CXXLD? libgnutlsxx.la
??????????????? /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION
script
??????????????? collect2: ld returned 1 exit status
??????????????? make[4]: *** [libgnutlsxx.la] Error 1
??????????????? make[4]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
??????????????? make[3]: *** [all-recursive] Error 1
??????????????? make[3]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
??????????????? make[2]: *** [all] Error 2
??????????????? make[2]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
??????????????? make[1]: *** [all-recursive] Error 1
??????????????? make[1]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1'
??????????????? make: *** [all] Error 2
??????????????? [root at wms162 gnutls-2.12.1]#
?
Here is the output of the ?make check? command:
[root at wms162 gnutls-2.12.1]# make check
Making check in lib
make[1]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
Making check in gl
make[2]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
make? check-recursive
make[3]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
Making check in tests
make[4]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make? check-recursive
make[5]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
Making check in .
make[6]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make? libtests.a test-alloca-opt test-binary-io test-byteswap test-c-ctype
test-errno test-fcntl-h test-fseeko test-ftello test-ftello3 test-func
test-memchr test-netdb test-read-file test-snprintf test-sockets
test-stdbool test-stddef test-stdint test-stdio test-stdlib test-string
test-strings test-strverscmp test-sys_socket test-sys_stat test-time
test-unistd test-vasnprintf test-vasprintf test-verify test-vsnprintf
make[7]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[7]: `libtests.a' is up to date.
make[7]: `test-alloca-opt' is up to date.
make[7]: `test-binary-io' is up to date.
make[7]: `test-byteswap' is up to date.
make[7]: `test-c-ctype' is up to date.
make[7]: `test-errno' is up to date.
make[7]: `test-fcntl-h' is up to date.
make[7]: `test-fseeko' is up to date.
make[7]: `test-ftello' is up to date.
make[7]: `test-ftello3' is up to date.
make[7]: `test-func' is up to date.
make[7]: `test-memchr' is up to date.
make[7]: `test-netdb' is up to date.
make[7]: `test-read-file' is up to date.
make[7]: `test-snprintf' is up to date.
make[7]: `test-sockets' is up to date.
make[7]: `test-stdbool' is up to date.
make[7]: `test-stddef' is up to date.
make[7]: `test-stdint' is up to date.
make[7]: `test-stdio' is up to date.
make[7]: `test-stdlib' is up to date.
make[7]: `test-string' is up to date.
make[7]: `test-strings' is up to date.
make[7]: `test-strverscmp' is up to date.
make[7]: `test-sys_socket' is up to date.
make[7]: `test-sys_stat' is up to date.
make[7]: `test-time' is up to date.
make[7]: `test-unistd' is up to date.
make[7]: `test-vasnprintf' is up to date.
make[7]: `test-vasprintf' is up to date.
? CC???? test-verify.o
? CCLD?? test-verify
make[7]: `test-vsnprintf' is up to date.
make[7]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make? check-TESTS
make[7]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
PASS: test-alloca-opt
PASS: test-binary-io.sh
PASS: test-byteswap
PASS: test-c-ctype
PASS: test-errno
PASS: test-fcntl-h
PASS: test-fseeko.sh
Skipping test: ungetc cannot handle arbitrary bytes
SKIP: test-fseeko2.sh
test-ftello.c:113: assertion failed
./test-ftello.sh: line 3:? 6972 Aborted????????????????
./test-ftello${EXEEXT} 1 <"$srcdir/test-ftello.sh"
FAIL: test-ftello.sh
Skipping test: ungetc cannot handle arbitrary bytes
SKIP: test-ftello2.sh
PASS: test-ftello3
PASS: test-func
PASS: test-memchr
PASS: test-netdb
PASS: test-read-file
PASS: test-snprintf
PASS: test-sockets
PASS: test-stdbool
PASS: test-stddef
PASS: test-stdint
PASS: test-stdio
PASS: test-stdlib
PASS: test-string
PASS: test-strings
PASS: test-strverscmp
PASS: test-sys_socket
PASS: test-sys_stat
PASS: test-time
PASS: test-unistd
PASS: test-vasnprintf
PASS: test-vasprintf
PASS: test-verify
PASS: test-verify.sh
PASS: test-vsnprintf
===================================
1 of 32 tests failed
(2 tests were not run)
Please report to bug-gnutls at gnu.org
===================================
make[7]: *** [check-TESTS] Error 1
make[7]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[6]: *** [check-am] Error 2
make[6]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[5]: *** [check-recursive] Error 1
make[5]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[4]: *** [check] Error 2
make[4]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[3]: *** [check-recursive] Error 1
make[3]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
make[2]: *** [check] Error 2
make[2]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make: *** [check-recursive] Error 1
[root at wms162 gnutls-2.12.1]#
So what am I doing wrong?
Tony
From tbaldarelli at wmsvision.com Fri Apr 8 00:23:36 2011
From: tbaldarelli at wmsvision.com (Tony Baldarelli)
Date: Thu, 7 Apr 2011 18:23:36 -0400
Subject: gnutls installation problems
In-Reply-To: <012301cbf554$bbc9e5a0$335db0e0$@com>
References: <012301cbf554$bbc9e5a0$335db0e0$@com>
Message-ID: <013c01cbf572$70ea9610$52bfc230$@com>
I don't know if this helps, but I have tried this on 2 separate Linux boxes,
with the same exact results.
Also, this is not obvious below, but I am using the following versions:
gnutls-2.12.1
libgcrypt-1.4.6
libgpg-error-1.9
Tell me if you need more information to tell me what is happening. Thanks.
I appreciate any help I can get.
?
Tony
-----Original Message-----
From: help-gnutls-bounces+tbaldarelli=wmsvision.com at gnu.org
[mailto:help-gnutls-bounces+tbaldarelli=wmsvision.com at gnu.org] On Behalf Of
Tony Baldarelli
Sent: Thursday, April 07, 2011 2:51 PM
To: help-gnutls at gnu.org
Subject: gnutls installation problems
I am installing gnutls on a linux machine, and am having some problems.?
Here is the config summary ( after running ./configure --with-libgcrypt ):
??????????????? configure: summary of build options:
??????????????? ? version:????????? 2.12.1 shared 44:9:18
??????????????? ? Host type:??????? i686-pc-linux-gnu
??????????????? ? Install prefix:?? /usr/local
??????????????? ? Compiler:???????? gcc -std=gnu99
??????????????? ? Warning flags:??? errors:? warnings:
??????????????? ??Library types:??? Shared=yes, Static=yes
??????????????? ? Valgrind:???????? yes valgrind -q
??????????????? ? Guile wrappers:?? no
??????????????? ? C++ library:????? yes
??????????????? ? OpenSSL library:? yes
??????????????? ? /dev/crypto:????? no
??????????????? ? Crypto library:?? libgcrypt
Here is the end of the ?make? command:
??????????????? copying selected object files to avoid basename conflicts...
??????????????? ? CXX??? libgnutlsxx_la-gnutlsxx.lo
??????????????? ? CXXLD? libgnutlsxx.la
??????????????? /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION
script
??????????????? collect2: ld returned 1 exit status
??????????????? make[4]: *** [libgnutlsxx.la] Error 1
??????????????? make[4]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
??????????????? make[3]: *** [all-recursive] Error 1
??????????????? make[3]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
??????????????? make[2]: *** [all] Error 2
??????????????? make[2]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
??????????????? make[1]: *** [all-recursive] Error 1
??????????????? make[1]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1'
??????????????? make: *** [all] Error 2
??????????????? [root at wms162 gnutls-2.12.1]#
?
Here is the output of the ?make check? command:
[root at wms162 gnutls-2.12.1]# make check
Making check in lib
make[1]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
Making check in gl
make[2]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
make? check-recursive
make[3]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
Making check in tests
make[4]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make? check-recursive
make[5]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
Making check in .
make[6]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make? libtests.a test-alloca-opt test-binary-io test-byteswap test-c-ctype
test-errno test-fcntl-h test-fseeko test-ftello test-ftello3 test-func
test-memchr test-netdb test-read-file test-snprintf test-sockets
test-stdbool test-stddef test-stdint test-stdio test-stdlib test-string
test-strings test-strverscmp test-sys_socket test-sys_stat test-time
test-unistd test-vasnprintf test-vasprintf test-verify test-vsnprintf
make[7]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[7]: `libtests.a' is up to date.
make[7]: `test-alloca-opt' is up to date.
make[7]: `test-binary-io' is up to date.
make[7]: `test-byteswap' is up to date.
make[7]: `test-c-ctype' is up to date.
make[7]: `test-errno' is up to date.
make[7]: `test-fcntl-h' is up to date.
make[7]: `test-fseeko' is up to date.
make[7]: `test-ftello' is up to date.
make[7]: `test-ftello3' is up to date.
make[7]: `test-func' is up to date.
make[7]: `test-memchr' is up to date.
make[7]: `test-netdb' is up to date.
make[7]: `test-read-file' is up to date.
make[7]: `test-snprintf' is up to date.
make[7]: `test-sockets' is up to date.
make[7]: `test-stdbool' is up to date.
make[7]: `test-stddef' is up to date.
make[7]: `test-stdint' is up to date.
make[7]: `test-stdio' is up to date.
make[7]: `test-stdlib' is up to date.
make[7]: `test-string' is up to date.
make[7]: `test-strings' is up to date.
make[7]: `test-strverscmp' is up to date.
make[7]: `test-sys_socket' is up to date.
make[7]: `test-sys_stat' is up to date.
make[7]: `test-time' is up to date.
make[7]: `test-unistd' is up to date.
make[7]: `test-vasnprintf' is up to date.
make[7]: `test-vasprintf' is up to date.
? CC???? test-verify.o
? CCLD?? test-verify
make[7]: `test-vsnprintf' is up to date.
make[7]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make? check-TESTS
make[7]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
PASS: test-alloca-opt
PASS: test-binary-io.sh
PASS: test-byteswap
PASS: test-c-ctype
PASS: test-errno
PASS: test-fcntl-h
PASS: test-fseeko.sh
Skipping test: ungetc cannot handle arbitrary bytes
SKIP: test-fseeko2.sh
test-ftello.c:113: assertion failed
./test-ftello.sh: line 3:? 6972 Aborted????????????????
./test-ftello${EXEEXT} 1 <"$srcdir/test-ftello.sh"
FAIL: test-ftello.sh
Skipping test: ungetc cannot handle arbitrary bytes
SKIP: test-ftello2.sh
PASS: test-ftello3
PASS: test-func
PASS: test-memchr
PASS: test-netdb
PASS: test-read-file
PASS: test-snprintf
PASS: test-sockets
PASS: test-stdbool
PASS: test-stddef
PASS: test-stdint
PASS: test-stdio
PASS: test-stdlib
PASS: test-string
PASS: test-strings
PASS: test-strverscmp
PASS: test-sys_socket
PASS: test-sys_stat
PASS: test-time
PASS: test-unistd
PASS: test-vasnprintf
PASS: test-vasprintf
PASS: test-verify
PASS: test-verify.sh
PASS: test-vsnprintf
===================================
1 of 32 tests failed
(2 tests were not run)
Please report to bug-gnutls at gnu.org
===================================
make[7]: *** [check-TESTS] Error 1
make[7]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[6]: *** [check-am] Error 2
make[6]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[5]: *** [check-recursive] Error 1
make[5]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[4]: *** [check] Error 2
make[4]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests'
make[3]: *** [check-recursive] Error 1
make[3]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
make[2]: *** [check] Error 2
make[2]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make: *** [check-recursive] Error 1
[root at wms162 gnutls-2.12.1]#
So what am I doing wrong?
Tony
_______________________________________________
Help-gnutls mailing list
Help-gnutls at gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls
From nmav at gnutls.org Fri Apr 8 00:49:04 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 08 Apr 2011 00:49:04 +0200
Subject: gnutls installation problems
In-Reply-To: <012301cbf554$bbc9e5a0$335db0e0$@com>
References: <012301cbf554$bbc9e5a0$335db0e0$@com>
Message-ID: <4D9E3F60.80502@gnutls.org>
On 04/07/2011 08:50 PM, Tony Baldarelli wrote:
> I am installing gnutls on a linux machine, and am having some problems.
> Here is the config summary ( after running ./configure --with-libgcrypt ):
[...]
> So what am I doing wrong?
It looks like a problem in gnulib. You can ignore it. If you want to run
the gnutls test suite, do cd tests && make check
regards,
Nikos
From tbaldarelli at wmsvision.com Fri Apr 8 16:29:46 2011
From: tbaldarelli at wmsvision.com (Tony Baldarelli)
Date: Fri, 8 Apr 2011 10:29:46 -0400
Subject: gnutls installation problems
In-Reply-To: <4D9E3F60.80502@gnutls.org>
References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org>
Message-ID: <014001cbf5f9$695bb230$3c131690$@com>
Thanks. The problem is that "make install" does not work. Do you need to
see any errors from the "make" or "make install" command to understand, or
does that make sense?
?
Tony
-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On
Behalf Of Nikos Mavrogiannopoulos
Sent: Thursday, April 07, 2011 6:49 PM
To: Tony Baldarelli
Cc: help-gnutls at gnu.org
Subject: Re: gnutls installation problems
On 04/07/2011 08:50 PM, Tony Baldarelli wrote:
> I am installing gnutls on a linux machine, and am having some problems.
> Here is the config summary ( after running ./configure --with-libgcrypt ):
[...]
> So what am I doing wrong?
It looks like a problem in gnulib. You can ignore it. If you want to run
the gnutls test suite, do cd tests && make check
regards,
Nikos
From tbaldarelli at wmsvision.com Fri Apr 8 16:56:58 2011
From: tbaldarelli at wmsvision.com (Tony Baldarelli)
Date: Fri, 8 Apr 2011 10:56:58 -0400
Subject: gnutls installation problems
In-Reply-To: <4D9E3F60.80502@gnutls.org>
References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org>
Message-ID: <014601cbf5fd$362b75e0$a28261a0$@com>
Ok, I think it will help if I give some logging portions that I think are
helpful. So here they are.
Config summary ( after running ./conmfigure --with-libgcrypt ), purely for
completeness:
configure: summary of build options ( see
https://docs.google.com/leaf?id=0ByXBOuIPIVA0M2IwZTEyNTAtMTA0Ny00MTMyLThhODg
tNjNjZDEwMjk5NzUz&hl=en&authkey=CJ2U07kC ):
version: 2.12.1 shared 44:9:18
Host type: i686-pc-linux-gnu
Install prefix: /usr/local
Compiler: gcc -std=gnu99
Warning flags: errors: warnings:
Library types: Shared=yes, Static=yes
Valgrind: yes valgrind -q
Guile wrappers: no
C++ library: yes
OpenSSL library: yes
/dev/crypto: no
Crypto library: libgcrypt
End of "make" command log ( see
https://docs.google.com/leaf?id=0ByXBOuIPIVA0NDg4NWFiZDEtZGI3MS00ZjEwLTgzYzY
tNmU0ZmIwNWFlZWE4&hl=en&authkey=CMD3ppkF ):
copying selected object files to avoid basename conflicts...
CXX libgnutlsxx_la-gnutlsxx.lo
CXXLD libgnutlsxx.la
/usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script
collect2: ld returned 1 exit status
make[4]: *** [libgnutlsxx.la] Error 1
make[4]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1'
make: *** [all] Error 2
End of "make install" log ( see
https://docs.google.com/leaf?id=0ByXBOuIPIVA0NjY1YjIzNTctYjdiYS00YjY1LWI0NDk
tOGU3Zjk5MWQ2Nzk0&hl=en&authkey=CNzQ3rEM ):
make[2]: Entering directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
CXXLD libgnutlsxx.la
/usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script
collect2: ld returned 1 exit status
make[2]: *** [libgnutlsxx.la] Error 1
make[2]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory
`/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib'
make: *** [install-recursive] Error 1
?
Tony
-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On
Behalf Of Nikos Mavrogiannopoulos
Sent: Thursday, April 07, 2011 6:49 PM
To: Tony Baldarelli
Cc: help-gnutls at gnu.org
Subject: Re: gnutls installation problems
On 04/07/2011 08:50 PM, Tony Baldarelli wrote:
> I am installing gnutls on a linux machine, and am having some problems.
> Here is the config summary ( after running ./configure --with-libgcrypt ):
[...]
> So what am I doing wrong?
It looks like a problem in gnulib. You can ignore it. If you want to run
the gnutls test suite, do cd tests && make check
regards,
Nikos
From nmav at gnutls.org Fri Apr 8 17:36:23 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 08 Apr 2011 17:36:23 +0200
Subject: gnutls installation problems
In-Reply-To: <014601cbf5fd$362b75e0$a28261a0$@com>
References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org>
<014601cbf5fd$362b75e0$a28261a0$@com>
Message-ID: <4D9F2B77.9080402@gnutls.org>
On 04/08/2011 04:56 PM, Tony Baldarelli wrote:
> Ok, I think it will help if I give some logging portions that I think are
> helpful. So here they are.
[...]
> CXXLD libgnutlsxx.la
> /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script
> collect2: ld returned 1 exit status
What is the output of "ld --version" in your system?
Is it some special linux system?
regards,
Nikos
From tbaldarelli at wmsvision.com Fri Apr 8 17:46:22 2011
From: tbaldarelli at wmsvision.com (Tony Baldarelli)
Date: Fri, 8 Apr 2011 11:46:22 -0400
Subject: gnutls installation problems
In-Reply-To: <4D9F2B77.9080402@gnutls.org>
References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org>
<014601cbf5fd$362b75e0$a28261a0$@com> <4D9F2B77.9080402@gnutls.org>
Message-ID: <014901cbf604$1d81a990$5884fcb0$@com>
Newer machine ld --version:
[tonyb:v9_odbc:V3_18]> ld --version
GNU ld version 2.13.90.0.18 20030206
Copyright 2002 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the
terms of
the GNU General Public License. This program has absolutely no
warranty.
[tonyb:v9_odbc:V3_18]>
Older machine ld --version:
[tonyb:v9_odbc:V3_18]> ld --version
GNU ld 2.10.91
Copyright 2001 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the
terms of
the GNU General Public License. This program has absolutely no
warranty.
Supported emulations:
elf_i386
i386linux
elf_i386_glibc21
[tonyb:v9_odbc:V3_18]>
Nothing particularly special about either Linux system that I know of.
Here is some basic system info for older system:
[tonyb:v9_odbc:V3_18]> cat /etc/issue
Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.20-28.7 on an i686
[tonyb:v9_odbc:V3_18]> uname -r
2.4.20-28.7
[tonyb:v9_odbc:V3_18]>
Here is some basic system information for the newer machine:
[tonyb:v9_odbc:V3_18]> cat /etc/issue
Red Hat Linux release 9 (Shrike)
Kernel \r on an \m
[tonyb:v9_odbc:V3_18]> uname -r
2.4.20-8smp
[tonyb:v9_odbc:V3_18]>
Thanks.
?
Tony
-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On
Behalf Of Nikos Mavrogiannopoulos
Sent: Friday, April 08, 2011 11:36 AM
To: Tony Baldarelli
Cc: help-gnutls at gnu.org
Subject: Re: gnutls installation problems
On 04/08/2011 04:56 PM, Tony Baldarelli wrote:
> Ok, I think it will help if I give some logging portions that I think are
> helpful. So here they are.
[...]
> CXXLD libgnutlsxx.la
> /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script
> collect2: ld returned 1 exit status
What is the output of "ld --version" in your system?
Is it some special linux system?
regards,
Nikos
From nmav at gnutls.org Fri Apr 8 17:53:13 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 08 Apr 2011 17:53:13 +0200
Subject: gnutls installation problems
In-Reply-To: <014901cbf604$1d81a990$5884fcb0$@com>
References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org>
<014601cbf5fd$362b75e0$a28261a0$@com> <4D9F2B77.9080402@gnutls.org>
<014901cbf604$1d81a990$5884fcb0$@com>
Message-ID: <4D9F2F69.2020507@gnutls.org>
On 04/08/2011 05:46 PM, Tony Baldarelli wrote:
> Newer machine ld --version:
> [tonyb:v9_odbc:V3_18]> ld --version
> GNU ld version 2.13.90.0.18 20030206
It's not that new :). Could you try: --disable-ld-version-script
as an option to configure?
regards,
Nikos
From tbaldarelli at wmsvision.com Fri Apr 8 18:16:49 2011
From: tbaldarelli at wmsvision.com (Tony Baldarelli)
Date: Fri, 8 Apr 2011 12:16:49 -0400
Subject: gnutls installation problems
In-Reply-To: <4D9F2F69.2020507@gnutls.org>
References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org>
<014601cbf5fd$362b75e0$a28261a0$@com> <4D9F2B77.9080402@gnutls.org>
<014901cbf604$1d81a990$5884fcb0$@com> <4D9F2F69.2020507@gnutls.org>
Message-ID: <014d01cbf608$5e03a6e0$1a0af4a0$@com>
"Newer" being a relative term :-), your idea worked on both machines. So I
guess the root cause is some "ld" version differences between what gnutls
wants and what I have?
Here is what I did, that worked on both machines ( obviously, I ran "make
clean" and "make distclean" after running "make install" ):
./configure --with-libgcrypt --disable-ld-version-script
make
make install
Thanks so much for your help.
?
Tony
-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On
Behalf Of Nikos Mavrogiannopoulos
Sent: Friday, April 08, 2011 11:53 AM
To: Tony Baldarelli
Cc: help-gnutls at gnu.org
Subject: Re: gnutls installation problems
On 04/08/2011 05:46 PM, Tony Baldarelli wrote:
> Newer machine ld --version:
> [tonyb:v9_odbc:V3_18]> ld --version
> GNU ld version 2.13.90.0.18 20030206
It's not that new :). Could you try: --disable-ld-version-script
as an option to configure?
regards,
Nikos
From nmav at gnutls.org Fri Apr 8 18:43:07 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 08 Apr 2011 18:43:07 +0200
Subject: gnutls 2.12.2
Message-ID: <4D9F3B1B.8030301@gnutls.org>
I've just released gnutls 2.12.2. No new features, but several
bug fixes.
What's New
==========
* Version 2.12.2 (released 2011-04-08)
** libgnutls: Several updates and fixes for win32. Patches by LRN.
** libgnutls: Several bug and memory leak fixes.
** srptool: Accepts the -d option to enable debugging.
** libgnutls: Corrected bug in gnutls_srp_verifier() that prevented
the allocation of a verifier. Reported by Andrew Wiseman.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From and a list of GnuTLS mirrors
can be found at .
Here are the BZIP2 compressed sources:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2
http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2.sig
http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Sat Apr 9 10:05:56 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 09 Apr 2011 10:05:56 +0200
Subject: gnutls 2.99.0
Message-ID: <4DA01364.3010306@gnutls.org>
Hello,
The GnuTLS 2.99.x branch is NOT what you want for your stable system.
It is intended for developers and experienced users.
This is an update release that includes features such as Datagram TLS
AES-GCM and more.
This release includes documentation for the usage of DTLS as part
of the main GnuTLS manual, but the major changes are summarized by
this commit:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=08a1b04b3d049a4a44132c0bce0c017c0c70f892
The changes since the last stable branch are:
* Version 2.99.0 (released 2011-04-09)
** libgnutls: Added Datagram TLS support.
** libgnutls: Uses a single configure file and a single
gnulib library to save space.
** libgnutls: Several bug fixes.
** libgnutls: gnutls_transport_set_lowat() is no more.
** libgnutls-openssl: modified to use modern gnutls' functions.
This introduces an ABI incompatibility with previous versions.
** libgnutls: Corrected signature generation and verification
in the Certificate Verify message when in TLS 1.2. Reported
by Todd A. Ouska.
** libgnutlsxx: The C++ interface returns exception on
every error and not only on fatal ones. This allows easier
handling of errors.
** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored
the PSK callback.
** libgnutls: SRP and PSK are no longer set on the default priorities.
They have to be explicitly set.
** libgnutls: During handshake message verification using DSS
use the hash algorithm required by it.
** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION
on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH.
** libgnutls: Added GCM mode (interoperates with tls.secg.org)
** libgnutls-extra: Inner application extension was removed.
It was never standardized nor published as an RFC.
** libgnutls: Added new certificate verification functions, that
can provide more details and are more efficient. Check
gnutls_x509_trust_list_*.
** certtool: Uses the new certificate verification functions for
--verify-chain.
** certtool: Added new certificate verification functionality
using the --verify option. Combined with --load-ca-certificate
it can verify a certificate chain against a list of certificates.
** API and ABI modifications:
gnutls_dtls_set_timeouts: ADDED
gnutls_dtls_get_mtu: ADDED
gnutls_dtls_get_data_mtu: ADDED
gnutls_dtls_set_mtu: ADDED
gnutls_dtls_cookie_send: ADDED
gnutls_dtls_cookie_verify: ADDED
gnutls_dtls_prestate_set: ADDED
gnutls_x509_trust_list_verify_crt: ADDED
gnutls_x509_trust_list_add_crls: ADDED
gnutls_x509_trust_list_add_cas: ADDED
gnutls_x509_trust_list_init: ADDED
gnutls_x509_trust_list_deinit: ADDED
gnutls_cipher_add_auth: ADDED
gnutls_cipher_tag: ADDED
gnutls_psk_netconf_derive_key: REMOVED
gnutls_certificate_verify_peers: REMOVED
gnutls_session_set_finished_function: REMOVED
gnutls_ext_register: REMOVED
gnutls_certificate_get_x509_crls: REMOVED
gnutls_certificate_get_x509_cas: REMOVED
gnutls_certificate_get_openpgp_keyring: REMOVED
gnutls_session_get_server_random: REMOVED
gnutls_session_get_client_random: REMOVED
gnutls_session_get_master_secret: REMOVED
gnutls_ia_allocate_client_credentials: REMOVED
gnutls_ia_allocate_server_credentials: REMOVED
gnutls_ia_enable: REMOVED
gnutls_ia_endphase_send: REMOVED
gnutls_ia_extract_inner_secret: REMOVED
gnutls_ia_free_client_credentials: REMOVED
gnutls_ia_free_server_credentials: REMOVED
gnutls_ia_generate_challenge: REMOVED
gnutls_ia_get_client_avp_ptr: REMOVED
gnutls_ia_get_server_avp_ptr: REMOVED
gnutls_ia_handshake: REMOVED
gnutls_ia_handshake_p: REMOVED
gnutls_ia_permute_inner_secret: REMOVED
gnutls_ia_recv: REMOVED
gnutls_ia_send: REMOVED
gnutls_ia_set_client_avp_function: REMOVED
gnutls_ia_set_client_avp_ptr: REMOVED
gnutls_ia_set_server_avp_function: REMOVED
gnutls_ia_set_server_avp_ptr: REMOVED
gnutls_ia_verify_endphase: REMOVED
Here are the compressed sources:
ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.0.tar.bz2
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.0.tar.bz2
Here is the OpenPGP signature:
ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.0.tar.bz2.sig
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.0.tar.bz2.sig
regards,
Nikos
From nmav at gnutls.org Sat Apr 9 11:41:55 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 09 Apr 2011 11:41:55 +0200
Subject: gnutls 2.99.0
In-Reply-To: <4DA01364.3010306@gnutls.org>
References: <4DA01364.3010306@gnutls.org>
Message-ID: <4DA029E3.8090607@gnutls.org>
On 04/09/2011 10:05 AM, Nikos Mavrogiannopoulos wrote:
> This is an update release that includes features such as Datagram TLS
> AES-GCM and more.
For the support of AES-GCM you need the libnettle library from
the cvs. There are instructions to obtain it at:
http://www.lysator.liu.se/~nisse/nettle/
regards,
Nikos
From derleader at abv.bg Mon Apr 18 22:54:59 2011
From: derleader at abv.bg (derleader mail)
Date: Mon, 18 Apr 2011 23:54:59 +0300 (EEST)
Subject: Full Examples of GnuTLS
Message-ID: <1505647038.785197.1303160099954.JavaMail.apache@mail22.abv.bg>
Hi,
I'm looking for full examples of GnuTLS - implementation of multithreaded daemon Server which listens for connections and clients.
I also need an implementation where server can connect to the clients.
Regards
Peter
-----------------------------------------------------------------
????????? ???????!?????? ???:???-??????? ? ????? ??????
http://novatv.bg/shows/view/742/%D0%A7%D0%B5%D1%80%D0%B5%D1%88%D0%BA%D0%B0%D1%82%D0%B0-%D0%BD%D0%B0-%D1%82%D0%BE%D1%80%D1%82%D0%B0%D1%82%D0%B0/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From nmav at gnutls.org Fri Apr 22 14:10:30 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 22 Apr 2011 14:10:30 +0200
Subject: gnutls 2.12.3
Message-ID: <4DB17036.2080504@gnutls.org>
Hello,
I've just released gnutls 2.12.3.
What's New
==========
* libgnutls: Several minor bugfixes.
* libgnutls: Restored HMAC-MD5 for compatibility. Although considered
weak, several sites require it for connection. It is enabled for
"NORMAL" and "PERFORMANCE" priority strings.
* libgnutls: depend on libdl.
* libgnutls: gnutls_transport_set_global_errno() was deprecated.
Use your system's errno fascility or gnutls_transport_set_errno().
* gnutls-cli: Correction with usage of select to check for
pending data in gnutls sessions. It now uses
gnutls_record_check_pending(). Reported by Herbert J. Skuhra.
* tests: More fixes and updates for win32. Patches by LRN.
* libgnutls: Several files unnecessarily included ; this has
been fixed.
** API and ABI modifications:
gnutls_transport_set_global_errno: DEPRECATED
Getting the Software
====================
GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From and a list of GnuTLS mirrors
can be found at .
Here are the BZIP2 compressed sources:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2
http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2.sig
http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Sat Apr 23 11:12:25 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 23 Apr 2011 11:12:25 +0200
Subject: gnutls 2.99.1
Message-ID: <4DB297F9.3060809@gnutls.org>
Hello,
The GnuTLS 2.99.x branch is NOT what you want for your stable system.
It is intended for developers and experienced users.
The changes since the development release are:
* Version 2.99.1 (released 2011-04-23)
** libgnutls: Added support for AES-NI if detected. Uses
Andy Polyakov's AES-NI code.
* libgnutls: Restored HMAC-MD5 for compatibility. Although considered
weak, several sites require it for connection. It is enabled for
"NORMAL" and "PERFORMANCE" priority strings.
* libgnutls: depend on libdl.
** libgnutls-extra: Dropped support of LZO compression via liblzo.
** libgnutls: gnutls_transport_set_global_errno() was removed. This
function required GnuTLS to access system specific data, for no reason.
Use gnutls_transport_set_errno(), or your system's errno fascility
instead.
** libgnutls: Added gnutls_certificate_set_retrieve_function2()
to set a callback to retrieve a certificate. The certificate is
received in a format that requires no processing from gnutls thus
it is suitable when performance is required.
** API and ABI modifications:
gnutls_transport_set_global_errno: REMOVED
gnutls_certificate_set_retrieve_function2: ADDED
Here are the compressed sources:
ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.1.tar.bz2
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.1.tar.bz2
Here is the OpenPGP signature:
ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.1.tar.bz2.sig
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.1.tar.bz2.sig
regards,
Nikos
From ludo at gnu.org Sat Apr 23 23:47:09 2011
From: ludo at gnu.org (Ludovic =?iso-8859-1?Q?Court=E8s?=)
Date: Sat, 23 Apr 2011 23:47:09 +0200
Subject: gnutls 2.99.1 drops LZO support
References: <4DB297F9.3060809@gnutls.org>
Message-ID: <87zkngwsgy.fsf@gnu.org>
Hello,
Nikos Mavrogiannopoulos writes:
> ** libgnutls-extra: Dropped support of LZO compression via liblzo.
Out of curiosity, what were the reasons for this decision?
Thanks,
Ludo?.
From nmav at gnutls.org Sun Apr 24 23:38:14 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 24 Apr 2011 23:38:14 +0200
Subject: gnutls 2.99.1 drops LZO support
In-Reply-To: <87zkngwsgy.fsf@gnu.org>
References: <4DB297F9.3060809@gnutls.org> <87zkngwsgy.fsf@gnu.org>
Message-ID: <4DB49846.3010709@gnutls.org>
On 04/23/2011 11:47 PM, Ludovic Court?s wrote:
> Hello,
>> ** libgnutls-extra: Dropped support of LZO compression via liblzo.
> Out of curiosity, what were the reasons for this decision?
No reason to have it either. It was an experimental custom extension
that had no chance of becoming standard due to LZO being described only
by source code. There are better compression algorithms to use today,
but as it seems compression with TLS in general never took off.
regards,
Nikos
From derleader at abv.bg Mon Apr 25 00:02:05 2011
From: derleader at abv.bg (derleader mail)
Date: Mon, 25 Apr 2011 01:02:05 +0300 (EEST)
Subject: Optimize GNUTLS for performance
Message-ID: <1141392392.950170.1303682525377.JavaMail.apache@mail22.abv.bg>
Hi,
I'm interested is it possible to optimize GNUTLS for performance?
Regards
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From bradh at frogmouth.net Mon Apr 25 01:44:20 2011
From: bradh at frogmouth.net (Brad Hards)
Date: Mon, 25 Apr 2011 09:44:20 +1000
Subject: Optimize GNUTLS for performance
In-Reply-To: <1141392392.950170.1303682525377.JavaMail.apache@mail22.abv.bg>
References: <1141392392.950170.1303682525377.JavaMail.apache@mail22.abv.bg>
Message-ID: <201104250944.20678.bradh@frogmouth.net>
On Mon, 25 Apr 2011 08:02:05 am derleader mail wrote:
> I'm interested is it possible to optimize GNUTLS for performance?
I'm sure it is possible to change GnuTLS.
What do you mean by performance in this case (e.g. throughput, latency, cpu
efficiency, something else)?
What are you willing to trade off?
What is the environment?
What is the threat model?
Brad
From bradh at frogmouth.net Mon Apr 25 11:59:38 2011
From: bradh at frogmouth.net (Brad Hards)
Date: Mon, 25 Apr 2011 19:59:38 +1000
Subject: Optimize GNUTLS for performance
In-Reply-To: <909456949.954313.1303724224007.JavaMail.apache@mail22.abv.bg>
References: <909456949.954313.1303724224007.JavaMail.apache@mail22.abv.bg>
Message-ID: <201104251959.39002.bradh@frogmouth.net>
On Monday 25 April 2011 19:37:04 you wrote:
> >What is the threat model?
>
> i'm not familiar with that. What do you mean?
What are you protecting against? If there is no threat, you can optimise away
things that slow it down (like encryption). Does this matter to you?
If you don't understand the threat, how can you possibly decide what tradeoffs
to make?
Brad
From marlam at marlam.de Mon Apr 25 20:57:28 2011
From: marlam at marlam.de (Martin Lambers)
Date: Mon, 25 Apr 2011 20:57:28 +0200
Subject: GnuTLS priority strings
Message-ID: <4DB5C418.4050303@marlam.de>
Hi all,
I have some trouble with priority strings since
gnutls_protocol_set_priority() is deprecated:
Both msmtp and mpop can pass user-specified priority strings to GnuTLS,
and both also provide the independent option to force SSLv3.
Up until now, I could specifiy the priority string with
gnutls_priority_set_direct() and subsequently use
gnutls_protocol_set_priority() to force SSLv3, and this worked as expected.
To avoid using a deprecated function, I now need to force SSLv3 by
extending a given priority string.
I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g.
"NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still
results in other TLS versions being enabled. Apparently later entries do
not override previous entries. So how should this be done instead?
Regards,
Martin
From nmav at gnutls.org Mon Apr 25 21:13:49 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 25 Apr 2011 21:13:49 +0200
Subject: GnuTLS priority strings
In-Reply-To: <4DB5C418.4050303@marlam.de>
References: <4DB5C418.4050303@marlam.de>
Message-ID: <4DB5C7ED.3060403@gnutls.org>
On 04/25/2011 08:57 PM, Martin Lambers wrote:
> Hi all,
>
> I have some trouble with priority strings since
> gnutls_protocol_set_priority() is deprecated:
> Both msmtp and mpop can pass user-specified priority strings to GnuTLS,
> and both also provide the independent option to force SSLv3.
> Up until now, I could specifiy the priority string with
> gnutls_priority_set_direct() and subsequently use
> gnutls_protocol_set_priority() to force SSLv3, and this worked as expected.
> To avoid using a deprecated function, I now need to force SSLv3 by
> extending a given priority string.
> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g.
> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still
> results in other TLS versions being enabled. Apparently later entries do
> not override previous entries. So how should this be done instead?
The way you describe is the correct one. If I try this priority string
to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could
it be that you overwrite the priorities by calling some other priority
function later?
regards,
Nikos
From marlam at marlam.de Mon Apr 25 21:34:29 2011
From: marlam at marlam.de (Martin Lambers)
Date: Mon, 25 Apr 2011 21:34:29 +0200
Subject: GnuTLS priority strings
In-Reply-To: <4DB5C7ED.3060403@gnutls.org>
References: <4DB5C418.4050303@marlam.de> <4DB5C7ED.3060403@gnutls.org>
Message-ID: <4DB5CCC5.2070605@marlam.de>
Hi Nikos,
On 25/04/11 21:13, Nikos Mavrogiannopoulos wrote:
> On 04/25/2011 08:57 PM, Martin Lambers wrote:
>> I have some trouble with priority strings since
>> gnutls_protocol_set_priority() is deprecated:
>> Both msmtp and mpop can pass user-specified priority strings to GnuTLS,
>> and both also provide the independent option to force SSLv3.
>> Up until now, I could specifiy the priority string with
>> gnutls_priority_set_direct() and subsequently use
>> gnutls_protocol_set_priority() to force SSLv3, and this worked as expected.
>> To avoid using a deprecated function, I now need to force SSLv3 by
>> extending a given priority string.
>> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g.
>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still
>> results in other TLS versions being enabled. Apparently later entries do
>> not override previous entries. So how should this be done instead?
>
> The way you describe is the correct one. If I try this priority string
> to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could
> it be that you overwrite the priorities by calling some other priority
> function later?
Thanks for your help. The error was that I used "VERS-TLS-ALL" with
GnuTLS 2.8.6, which silently ignored this. I then tried with GnuTLS
2.10.5 on a different system, and that complained about it. At that
point did I realize that VERS-TLS-ALL is only available in GnuTLS 2.12.x...
So now I append ":-VERS-TLS-ALL:+VERS-SSL3.0" with GnuTLS >= 2.12, and
":-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0" with GnuTLS <
2.12, and this seems to work fine.
Martin
From nmav at gnutls.org Tue Apr 26 20:31:56 2011
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Tue, 26 Apr 2011 20:31:56 +0200
Subject: GnuTLS priority strings
In-Reply-To: <4DB5CCC5.2070605@marlam.de>
References: <4DB5C418.4050303@marlam.de> <4DB5C7ED.3060403@gnutls.org>
<4DB5CCC5.2070605@marlam.de>
Message-ID: <4DB70F9C.1030203@gnutls.org>
On 04/25/2011 09:34 PM, Martin Lambers wrote:
>>> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g.
>>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still
>>> results in other TLS versions being enabled. Apparently later entries do
>>> not override previous entries. So how should this be done instead?
>>
>> The way you describe is the correct one. If I try this priority string
>> to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could
>> it be that you overwrite the priorities by calling some other priority
>> function later?
> Thanks for your help. The error was that I used "VERS-TLS-ALL" with
> GnuTLS 2.8.6, which silently ignored this. I then tried with GnuTLS
> 2.10.5 on a different system, and that complained about it. At that
> point did I realize that VERS-TLS-ALL is only available in GnuTLS 2.12.x...
> So now I append ":-VERS-TLS-ALL:+VERS-SSL3.0" with GnuTLS >= 2.12, and
> ":-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0" with GnuTLS <
> 2.12, and this seems to work fine.
If you do this for compatibility you might want to try "NORMAL:%COMPAT"
instead of disabling protocol versions (if you are a server). If you
are a client you might want to disable TLS 1.1 and TLS 1.2 as a
number of servers refuse to talk if presented with version numbers
they don't understand. I'm not aware though of any server having
issues with TLS 1.0.
regards,
Nikos
From marlam at marlam.de Tue Apr 26 23:24:56 2011
From: marlam at marlam.de (Martin Lambers)
Date: Tue, 26 Apr 2011 23:24:56 +0200
Subject: GnuTLS priority strings
In-Reply-To: <4DB70F9C.1030203@gnutls.org>
References: <4DB5C418.4050303@marlam.de> <4DB5C7ED.3060403@gnutls.org>
<4DB5CCC5.2070605@marlam.de> <4DB70F9C.1030203@gnutls.org>
Message-ID: <4DB73828.2070406@marlam.de>
On 26/04/11 20:31, Nikos Mavrogiannopoulos wrote:
>>>> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g.
>>>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still
>>>> results in other TLS versions being enabled. Apparently later entries do
>>>> not override previous entries. So how should this be done instead?
>>>
>>> The way you describe is the correct one. If I try this priority string
>>> to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could
>>> it be that you overwrite the priorities by calling some other priority
>>> function later?
>> Thanks for your help. The error was that I used "VERS-TLS-ALL" with
>> GnuTLS 2.8.6, which silently ignored this. I then tried with GnuTLS
>> 2.10.5 on a different system, and that complained about it. At that
>> point did I realize that VERS-TLS-ALL is only available in GnuTLS 2.12.x...
>> So now I append ":-VERS-TLS-ALL:+VERS-SSL3.0" with GnuTLS >= 2.12, and
>> ":-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0" with GnuTLS <
>> 2.12, and this seems to work fine.
>
> If you do this for compatibility you might want to try "NORMAL:%COMPAT"
> instead of disabling protocol versions (if you are a server). If you
> are a client you might want to disable TLS 1.1 and TLS 1.2 as a
> number of servers refuse to talk if presented with version numbers
> they don't understand. I'm not aware though of any server having
> issues with TLS 1.0.
I'm a client, and I do this only if the user specified the force_sslv3
option. This option was added ca. 5 years ago to work around problems
with servers that were called "ancient" already at that time. I doubt
that it is still relevant today, but I don't want to remove this option
if it can be avoided; someone might still use it.
Martin