From nmav at gnutls.org Sat Apr 2 10:40:30 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 02 Apr 2011 10:40:30 +0200 Subject: gnutls 2.12.1 Message-ID: <4D96E0FE.10200@gnutls.org> I've just released gnutls 2.12.1. It is a bugfix release. What's New ========== ** certtool: Generated certificate request with stricter permissions. Reported by Luca Capello. ** libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. ** libgnutls: Corrected windows system_errno() function prototype. ** libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. ** libgnutls: Fix size of gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From . The list of GNU mirrors can be found at and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.1.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos uid Nikos Mavrogiannopoulos sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sun Apr 3 01:35:16 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 03 Apr 2011 01:35:16 +0200 Subject: Authority Information Access In-Reply-To: References: Message-ID: <4D97B2B4.2090606@gnutls.org> On 03/29/2011 03:10 PM, Phil Brooke wrote: > Hi, > > Does GnuTLS have any support for Authority Information Access URIs, > e.g., for OCSP and CA Issuers, particularly for certtool? I haven't > found any answers while searching online and looking through the > 2.12.0 tarball. If you mean the Authority Information Access CRL extension it is not supported directly, i.e. there is no special function to extract this information. There is a function though that allows you to extract any extension data. regards, Nikos From andrew.wiseman at gmail.com Sun Apr 3 05:20:17 2011 From: andrew.wiseman at gmail.com (Andrew Wiseman) Date: Sun, 3 Apr 2011 04:20:17 +0100 Subject: sprtool fails Message-ID: I've just installed GnuTLS by following the instructions in the manual. I'm trying to use SRP in my program but have hit a problem with srptool and I can't seem to find any help about this from Google. Here is the command I've typed, and the response. > srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test Enter password: Error getting verifier Cannot _srp_crypt()... I'm using libgcrypt, and have rebuilt that and gnutls using several different tweaks, with no luck yet. Does anyone have any pointers for me? Thanks. Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sun Apr 3 10:59:22 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 03 Apr 2011 10:59:22 +0200 Subject: sprtool fails In-Reply-To: References: Message-ID: <4D9836EA.9030508@gnutls.org> On 04/03/2011 05:20 AM, Andrew Wiseman wrote: > srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test Hello, I seems you can uncovered a bug in gnutls_srp_verifier(), introduced by the change to nettle. Thanks for reporting that. I've scheduled a fix for the next bugfix release. The fix can be found at: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b9d0bb0e37455e2550c4f79631e4bbe203bfe6d3 regards, Nikos From andrew.wiseman at gmail.com Sun Apr 3 17:04:45 2011 From: andrew.wiseman at gmail.com (Andrew Wiseman) Date: Sun, 3 Apr 2011 16:04:45 +0100 Subject: sprtool fails In-Reply-To: <4D9836EA.9030508@gnutls.org> References: <4D9836EA.9030508@gnutls.org> Message-ID: On 3 April 2011 09:59, Nikos Mavrogiannopoulos wrote: > On 04/03/2011 05:20 AM, Andrew Wiseman wrote: > > srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test > > Hello, > I seems you can uncovered a bug in gnutls_srp_verifier(), introduced by > the change to nettle. Thanks for reporting that. I've scheduled a > fix for the next bugfix release. The fix can be found at: > > > http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b9d0bb0e37455e2550c4f79631e4bbe203bfe6d3 > > Thanks, this seems to have fixed the sprtool problem. But now 'make check' fails with the following. I'd imagine this is related to the fix in some way as this didn't happen beforehand. make check-TESTS make[3]: Entering directory `/root/gnutls-2.12.0/tests/dsa' Checking various DSA key sizes Checking DSA-1024 with TLS 1.0 Checking server DSA-1024 with client DSA-1024 and TLS 1.0 Processed 1 client certificates... Processed 1 client X.509 certificates... Checking server DSA-1024 with client DSA-2048 and TLS 1.0 Failure: Succeeded connection to a server with a client DSA 2048 key and TLS 1.0! FAIL: testdsa =================================== 1 of 1 test failed Please report to bug-gnutls at gnu.org =================================== make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/root/gnutls-2.12.0/tests/dsa' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/root/gnutls-2.12.0/tests/dsa' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/root/gnutls-2.12.0/tests' make: *** [check-recursive] Error 1 Thanks again Andrew -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sun Apr 3 17:56:34 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 03 Apr 2011 17:56:34 +0200 Subject: sprtool fails In-Reply-To: References: <4D9836EA.9030508@gnutls.org> Message-ID: <4D9898B2.9090506@gnutls.org> On 04/03/2011 05:04 PM, Andrew Wiseman wrote: > Thanks, this seems to have fixed the sprtool problem. > But now 'make check' fails with the following. I'd imagine this is related > to the fix in some way as this didn't happen beforehand. [...] > FAIL: testdsa Probably some process has been left listening to port 5559 in your system. If this isn't the case please let me know. regards, Nikos From andrew.wiseman at gmail.com Mon Apr 4 04:56:41 2011 From: andrew.wiseman at gmail.com (Andrew Wiseman) Date: Mon, 4 Apr 2011 03:56:41 +0100 Subject: sprtool fails In-Reply-To: <4D9898B2.9090506@gnutls.org> References: <4D9836EA.9030508@gnutls.org> <4D9898B2.9090506@gnutls.org> Message-ID: > > Thanks, this seems to have fixed the sprtool problem. > > But now 'make check' fails with the following. ?I'd imagine this is related > > to the fix in some way as this didn't happen beforehand. > [...] > > FAIL: testdsa > > Probably some process has been left listening to port 5559 in your > system. If this isn't the case please let me know. ]> netstat -anp | grep 5559 tcp 0 0 :::5559 :::* LISTEN 28171/lt-gnutls-ser ]> kill 28171 ]> make check ...all tests pass So that did the trick. Thanks again! Andrew From tbaldarelli at wmsvision.com Thu Apr 7 20:50:57 2011 From: tbaldarelli at wmsvision.com (Tony Baldarelli) Date: Thu, 7 Apr 2011 14:50:57 -0400 Subject: gnutls installation problems Message-ID: <012301cbf554$bbc9e5a0$335db0e0$@com> I am installing gnutls on a linux machine, and am having some problems.? Here is the config summary ( after running ./configure --with-libgcrypt ): ??????????????? configure: summary of build options: ??????????????? ? version:????????? 2.12.1 shared 44:9:18 ??????????????? ? Host type:??????? i686-pc-linux-gnu ??????????????? ? Install prefix:?? /usr/local ??????????????? ? Compiler:???????? gcc -std=gnu99 ??????????????? ? Warning flags:??? errors:? warnings: ??????????????? ??Library types:??? Shared=yes, Static=yes ??????????????? ? Valgrind:???????? yes valgrind -q ??????????????? ? Guile wrappers:?? no ??????????????? ? C++ library:????? yes ??????????????? ? OpenSSL library:? yes ??????????????? ? /dev/crypto:????? no ??????????????? ? Crypto library:?? libgcrypt Here is the end of the ?make? command: ??????????????? copying selected object files to avoid basename conflicts... ??????????????? ? CXX??? libgnutlsxx_la-gnutlsxx.lo ??????????????? ? CXXLD? libgnutlsxx.la ??????????????? /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script ??????????????? collect2: ld returned 1 exit status ??????????????? make[4]: *** [libgnutlsxx.la] Error 1 ??????????????? make[4]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' ??????????????? make[3]: *** [all-recursive] Error 1 ??????????????? make[3]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' ??????????????? make[2]: *** [all] Error 2 ??????????????? make[2]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' ??????????????? make[1]: *** [all-recursive] Error 1 ??????????????? make[1]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1' ??????????????? make: *** [all] Error 2 ??????????????? [root at wms162 gnutls-2.12.1]# ? Here is the output of the ?make check? command: [root at wms162 gnutls-2.12.1]# make check Making check in lib make[1]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' Making check in gl make[2]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' make? check-recursive make[3]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' Making check in tests make[4]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make? check-recursive make[5]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' Making check in . make[6]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make? libtests.a test-alloca-opt test-binary-io test-byteswap test-c-ctype test-errno test-fcntl-h test-fseeko test-ftello test-ftello3 test-func test-memchr test-netdb test-read-file test-snprintf test-sockets test-stdbool test-stddef test-stdint test-stdio test-stdlib test-string test-strings test-strverscmp test-sys_socket test-sys_stat test-time test-unistd test-vasnprintf test-vasprintf test-verify test-vsnprintf make[7]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[7]: `libtests.a' is up to date. make[7]: `test-alloca-opt' is up to date. make[7]: `test-binary-io' is up to date. make[7]: `test-byteswap' is up to date. make[7]: `test-c-ctype' is up to date. make[7]: `test-errno' is up to date. make[7]: `test-fcntl-h' is up to date. make[7]: `test-fseeko' is up to date. make[7]: `test-ftello' is up to date. make[7]: `test-ftello3' is up to date. make[7]: `test-func' is up to date. make[7]: `test-memchr' is up to date. make[7]: `test-netdb' is up to date. make[7]: `test-read-file' is up to date. make[7]: `test-snprintf' is up to date. make[7]: `test-sockets' is up to date. make[7]: `test-stdbool' is up to date. make[7]: `test-stddef' is up to date. make[7]: `test-stdint' is up to date. make[7]: `test-stdio' is up to date. make[7]: `test-stdlib' is up to date. make[7]: `test-string' is up to date. make[7]: `test-strings' is up to date. make[7]: `test-strverscmp' is up to date. make[7]: `test-sys_socket' is up to date. make[7]: `test-sys_stat' is up to date. make[7]: `test-time' is up to date. make[7]: `test-unistd' is up to date. make[7]: `test-vasnprintf' is up to date. make[7]: `test-vasprintf' is up to date. ? CC???? test-verify.o ? CCLD?? test-verify make[7]: `test-vsnprintf' is up to date. make[7]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make? check-TESTS make[7]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' PASS: test-alloca-opt PASS: test-binary-io.sh PASS: test-byteswap PASS: test-c-ctype PASS: test-errno PASS: test-fcntl-h PASS: test-fseeko.sh Skipping test: ungetc cannot handle arbitrary bytes SKIP: test-fseeko2.sh test-ftello.c:113: assertion failed ./test-ftello.sh: line 3:? 6972 Aborted???????????????? ./test-ftello${EXEEXT} 1 <"$srcdir/test-ftello.sh" FAIL: test-ftello.sh Skipping test: ungetc cannot handle arbitrary bytes SKIP: test-ftello2.sh PASS: test-ftello3 PASS: test-func PASS: test-memchr PASS: test-netdb PASS: test-read-file PASS: test-snprintf PASS: test-sockets PASS: test-stdbool PASS: test-stddef PASS: test-stdint PASS: test-stdio PASS: test-stdlib PASS: test-string PASS: test-strings PASS: test-strverscmp PASS: test-sys_socket PASS: test-sys_stat PASS: test-time PASS: test-unistd PASS: test-vasnprintf PASS: test-vasprintf PASS: test-verify PASS: test-verify.sh PASS: test-vsnprintf =================================== 1 of 32 tests failed (2 tests were not run) Please report to bug-gnutls at gnu.org =================================== make[7]: *** [check-TESTS] Error 1 make[7]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[6]: *** [check-am] Error 2 make[6]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[5]: *** [check-recursive] Error 1 make[5]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[4]: *** [check] Error 2 make[4]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[3]: *** [check-recursive] Error 1 make[3]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' make[2]: *** [check] Error 2 make[2]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make: *** [check-recursive] Error 1 [root at wms162 gnutls-2.12.1]# So what am I doing wrong? Tony From tbaldarelli at wmsvision.com Fri Apr 8 00:23:36 2011 From: tbaldarelli at wmsvision.com (Tony Baldarelli) Date: Thu, 7 Apr 2011 18:23:36 -0400 Subject: gnutls installation problems In-Reply-To: <012301cbf554$bbc9e5a0$335db0e0$@com> References: <012301cbf554$bbc9e5a0$335db0e0$@com> Message-ID: <013c01cbf572$70ea9610$52bfc230$@com> I don't know if this helps, but I have tried this on 2 separate Linux boxes, with the same exact results. Also, this is not obvious below, but I am using the following versions: gnutls-2.12.1 libgcrypt-1.4.6 libgpg-error-1.9 Tell me if you need more information to tell me what is happening. Thanks. I appreciate any help I can get. ? Tony -----Original Message----- From: help-gnutls-bounces+tbaldarelli=wmsvision.com at gnu.org [mailto:help-gnutls-bounces+tbaldarelli=wmsvision.com at gnu.org] On Behalf Of Tony Baldarelli Sent: Thursday, April 07, 2011 2:51 PM To: help-gnutls at gnu.org Subject: gnutls installation problems I am installing gnutls on a linux machine, and am having some problems.? Here is the config summary ( after running ./configure --with-libgcrypt ): ??????????????? configure: summary of build options: ??????????????? ? version:????????? 2.12.1 shared 44:9:18 ??????????????? ? Host type:??????? i686-pc-linux-gnu ??????????????? ? Install prefix:?? /usr/local ??????????????? ? Compiler:???????? gcc -std=gnu99 ??????????????? ? Warning flags:??? errors:? warnings: ??????????????? ??Library types:??? Shared=yes, Static=yes ??????????????? ? Valgrind:???????? yes valgrind -q ??????????????? ? Guile wrappers:?? no ??????????????? ? C++ library:????? yes ??????????????? ? OpenSSL library:? yes ??????????????? ? /dev/crypto:????? no ??????????????? ? Crypto library:?? libgcrypt Here is the end of the ?make? command: ??????????????? copying selected object files to avoid basename conflicts... ??????????????? ? CXX??? libgnutlsxx_la-gnutlsxx.lo ??????????????? ? CXXLD? libgnutlsxx.la ??????????????? /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script ??????????????? collect2: ld returned 1 exit status ??????????????? make[4]: *** [libgnutlsxx.la] Error 1 ??????????????? make[4]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' ??????????????? make[3]: *** [all-recursive] Error 1 ??????????????? make[3]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' ??????????????? make[2]: *** [all] Error 2 ??????????????? make[2]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' ??????????????? make[1]: *** [all-recursive] Error 1 ??????????????? make[1]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1' ??????????????? make: *** [all] Error 2 ??????????????? [root at wms162 gnutls-2.12.1]# ? Here is the output of the ?make check? command: [root at wms162 gnutls-2.12.1]# make check Making check in lib make[1]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' Making check in gl make[2]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' make? check-recursive make[3]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' Making check in tests make[4]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make? check-recursive make[5]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' Making check in . make[6]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make? libtests.a test-alloca-opt test-binary-io test-byteswap test-c-ctype test-errno test-fcntl-h test-fseeko test-ftello test-ftello3 test-func test-memchr test-netdb test-read-file test-snprintf test-sockets test-stdbool test-stddef test-stdint test-stdio test-stdlib test-string test-strings test-strverscmp test-sys_socket test-sys_stat test-time test-unistd test-vasnprintf test-vasprintf test-verify test-vsnprintf make[7]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[7]: `libtests.a' is up to date. make[7]: `test-alloca-opt' is up to date. make[7]: `test-binary-io' is up to date. make[7]: `test-byteswap' is up to date. make[7]: `test-c-ctype' is up to date. make[7]: `test-errno' is up to date. make[7]: `test-fcntl-h' is up to date. make[7]: `test-fseeko' is up to date. make[7]: `test-ftello' is up to date. make[7]: `test-ftello3' is up to date. make[7]: `test-func' is up to date. make[7]: `test-memchr' is up to date. make[7]: `test-netdb' is up to date. make[7]: `test-read-file' is up to date. make[7]: `test-snprintf' is up to date. make[7]: `test-sockets' is up to date. make[7]: `test-stdbool' is up to date. make[7]: `test-stddef' is up to date. make[7]: `test-stdint' is up to date. make[7]: `test-stdio' is up to date. make[7]: `test-stdlib' is up to date. make[7]: `test-string' is up to date. make[7]: `test-strings' is up to date. make[7]: `test-strverscmp' is up to date. make[7]: `test-sys_socket' is up to date. make[7]: `test-sys_stat' is up to date. make[7]: `test-time' is up to date. make[7]: `test-unistd' is up to date. make[7]: `test-vasnprintf' is up to date. make[7]: `test-vasprintf' is up to date. ? CC???? test-verify.o ? CCLD?? test-verify make[7]: `test-vsnprintf' is up to date. make[7]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make? check-TESTS make[7]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' PASS: test-alloca-opt PASS: test-binary-io.sh PASS: test-byteswap PASS: test-c-ctype PASS: test-errno PASS: test-fcntl-h PASS: test-fseeko.sh Skipping test: ungetc cannot handle arbitrary bytes SKIP: test-fseeko2.sh test-ftello.c:113: assertion failed ./test-ftello.sh: line 3:? 6972 Aborted???????????????? ./test-ftello${EXEEXT} 1 <"$srcdir/test-ftello.sh" FAIL: test-ftello.sh Skipping test: ungetc cannot handle arbitrary bytes SKIP: test-ftello2.sh PASS: test-ftello3 PASS: test-func PASS: test-memchr PASS: test-netdb PASS: test-read-file PASS: test-snprintf PASS: test-sockets PASS: test-stdbool PASS: test-stddef PASS: test-stdint PASS: test-stdio PASS: test-stdlib PASS: test-string PASS: test-strings PASS: test-strverscmp PASS: test-sys_socket PASS: test-sys_stat PASS: test-time PASS: test-unistd PASS: test-vasnprintf PASS: test-vasprintf PASS: test-verify PASS: test-verify.sh PASS: test-vsnprintf =================================== 1 of 32 tests failed (2 tests were not run) Please report to bug-gnutls at gnu.org =================================== make[7]: *** [check-TESTS] Error 1 make[7]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[6]: *** [check-am] Error 2 make[6]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[5]: *** [check-recursive] Error 1 make[5]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[4]: *** [check] Error 2 make[4]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl/tests' make[3]: *** [check-recursive] Error 1 make[3]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' make[2]: *** [check] Error 2 make[2]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib/gl' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make: *** [check-recursive] Error 1 [root at wms162 gnutls-2.12.1]# So what am I doing wrong? Tony _______________________________________________ Help-gnutls mailing list Help-gnutls at gnu.org http://lists.gnu.org/mailman/listinfo/help-gnutls From nmav at gnutls.org Fri Apr 8 00:49:04 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 08 Apr 2011 00:49:04 +0200 Subject: gnutls installation problems In-Reply-To: <012301cbf554$bbc9e5a0$335db0e0$@com> References: <012301cbf554$bbc9e5a0$335db0e0$@com> Message-ID: <4D9E3F60.80502@gnutls.org> On 04/07/2011 08:50 PM, Tony Baldarelli wrote: > I am installing gnutls on a linux machine, and am having some problems. > Here is the config summary ( after running ./configure --with-libgcrypt ): [...] > So what am I doing wrong? It looks like a problem in gnulib. You can ignore it. If you want to run the gnutls test suite, do cd tests && make check regards, Nikos From tbaldarelli at wmsvision.com Fri Apr 8 16:29:46 2011 From: tbaldarelli at wmsvision.com (Tony Baldarelli) Date: Fri, 8 Apr 2011 10:29:46 -0400 Subject: gnutls installation problems In-Reply-To: <4D9E3F60.80502@gnutls.org> References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org> Message-ID: <014001cbf5f9$695bb230$3c131690$@com> Thanks. The problem is that "make install" does not work. Do you need to see any errors from the "make" or "make install" command to understand, or does that make sense? ? Tony -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos Sent: Thursday, April 07, 2011 6:49 PM To: Tony Baldarelli Cc: help-gnutls at gnu.org Subject: Re: gnutls installation problems On 04/07/2011 08:50 PM, Tony Baldarelli wrote: > I am installing gnutls on a linux machine, and am having some problems. > Here is the config summary ( after running ./configure --with-libgcrypt ): [...] > So what am I doing wrong? It looks like a problem in gnulib. You can ignore it. If you want to run the gnutls test suite, do cd tests && make check regards, Nikos From tbaldarelli at wmsvision.com Fri Apr 8 16:56:58 2011 From: tbaldarelli at wmsvision.com (Tony Baldarelli) Date: Fri, 8 Apr 2011 10:56:58 -0400 Subject: gnutls installation problems In-Reply-To: <4D9E3F60.80502@gnutls.org> References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org> Message-ID: <014601cbf5fd$362b75e0$a28261a0$@com> Ok, I think it will help if I give some logging portions that I think are helpful. So here they are. Config summary ( after running ./conmfigure --with-libgcrypt ), purely for completeness: configure: summary of build options ( see https://docs.google.com/leaf?id=0ByXBOuIPIVA0M2IwZTEyNTAtMTA0Ny00MTMyLThhODg tNjNjZDEwMjk5NzUz&hl=en&authkey=CJ2U07kC ): version: 2.12.1 shared 44:9:18 Host type: i686-pc-linux-gnu Install prefix: /usr/local Compiler: gcc -std=gnu99 Warning flags: errors: warnings: Library types: Shared=yes, Static=yes Valgrind: yes valgrind -q Guile wrappers: no C++ library: yes OpenSSL library: yes /dev/crypto: no Crypto library: libgcrypt End of "make" command log ( see https://docs.google.com/leaf?id=0ByXBOuIPIVA0NDg4NWFiZDEtZGI3MS00ZjEwLTgzYzY tNmU0ZmIwNWFlZWE4&hl=en&authkey=CMD3ppkF ): copying selected object files to avoid basename conflicts... CXX libgnutlsxx_la-gnutlsxx.lo CXXLD libgnutlsxx.la /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script collect2: ld returned 1 exit status make[4]: *** [libgnutlsxx.la] Error 1 make[4]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make[2]: *** [all] Error 2 make[2]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1' make: *** [all] Error 2 End of "make install" log ( see https://docs.google.com/leaf?id=0ByXBOuIPIVA0NjY1YjIzNTctYjdiYS00YjY1LWI0NDk tOGU3Zjk5MWQ2Nzk0&hl=en&authkey=CNzQ3rEM ): make[2]: Entering directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' CXXLD libgnutlsxx.la /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script collect2: ld returned 1 exit status make[2]: *** [libgnutlsxx.la] Error 1 make[2]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make[1]: *** [install-recursive] Error 1 make[1]: Leaving directory `/other/wms.source/src/lib/3rdParty/gnutls-2.12.1/lib' make: *** [install-recursive] Error 1 ? Tony -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos Sent: Thursday, April 07, 2011 6:49 PM To: Tony Baldarelli Cc: help-gnutls at gnu.org Subject: Re: gnutls installation problems On 04/07/2011 08:50 PM, Tony Baldarelli wrote: > I am installing gnutls on a linux machine, and am having some problems. > Here is the config summary ( after running ./configure --with-libgcrypt ): [...] > So what am I doing wrong? It looks like a problem in gnulib. You can ignore it. If you want to run the gnutls test suite, do cd tests && make check regards, Nikos From nmav at gnutls.org Fri Apr 8 17:36:23 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 08 Apr 2011 17:36:23 +0200 Subject: gnutls installation problems In-Reply-To: <014601cbf5fd$362b75e0$a28261a0$@com> References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org> <014601cbf5fd$362b75e0$a28261a0$@com> Message-ID: <4D9F2B77.9080402@gnutls.org> On 04/08/2011 04:56 PM, Tony Baldarelli wrote: > Ok, I think it will help if I give some logging portions that I think are > helpful. So here they are. [...] > CXXLD libgnutlsxx.la > /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script > collect2: ld returned 1 exit status What is the output of "ld --version" in your system? Is it some special linux system? regards, Nikos From tbaldarelli at wmsvision.com Fri Apr 8 17:46:22 2011 From: tbaldarelli at wmsvision.com (Tony Baldarelli) Date: Fri, 8 Apr 2011 11:46:22 -0400 Subject: gnutls installation problems In-Reply-To: <4D9F2B77.9080402@gnutls.org> References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org> <014601cbf5fd$362b75e0$a28261a0$@com> <4D9F2B77.9080402@gnutls.org> Message-ID: <014901cbf604$1d81a990$5884fcb0$@com> Newer machine ld --version: [tonyb:v9_odbc:V3_18]> ld --version GNU ld version 2.13.90.0.18 20030206 Copyright 2002 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. [tonyb:v9_odbc:V3_18]> Older machine ld --version: [tonyb:v9_odbc:V3_18]> ld --version GNU ld 2.10.91 Copyright 2001 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. Supported emulations: elf_i386 i386linux elf_i386_glibc21 [tonyb:v9_odbc:V3_18]> Nothing particularly special about either Linux system that I know of. Here is some basic system info for older system: [tonyb:v9_odbc:V3_18]> cat /etc/issue Red Hat Linux release 7.1 (Seawolf) Kernel 2.4.20-28.7 on an i686 [tonyb:v9_odbc:V3_18]> uname -r 2.4.20-28.7 [tonyb:v9_odbc:V3_18]> Here is some basic system information for the newer machine: [tonyb:v9_odbc:V3_18]> cat /etc/issue Red Hat Linux release 9 (Shrike) Kernel \r on an \m [tonyb:v9_odbc:V3_18]> uname -r 2.4.20-8smp [tonyb:v9_odbc:V3_18]> Thanks. ? Tony -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos Sent: Friday, April 08, 2011 11:36 AM To: Tony Baldarelli Cc: help-gnutls at gnu.org Subject: Re: gnutls installation problems On 04/08/2011 04:56 PM, Tony Baldarelli wrote: > Ok, I think it will help if I give some logging portions that I think are > helpful. So here they are. [...] > CXXLD libgnutlsxx.la > /usr/bin/ld:./libgnutlsxx.map:31: parse error in VERSION script > collect2: ld returned 1 exit status What is the output of "ld --version" in your system? Is it some special linux system? regards, Nikos From nmav at gnutls.org Fri Apr 8 17:53:13 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 08 Apr 2011 17:53:13 +0200 Subject: gnutls installation problems In-Reply-To: <014901cbf604$1d81a990$5884fcb0$@com> References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org> <014601cbf5fd$362b75e0$a28261a0$@com> <4D9F2B77.9080402@gnutls.org> <014901cbf604$1d81a990$5884fcb0$@com> Message-ID: <4D9F2F69.2020507@gnutls.org> On 04/08/2011 05:46 PM, Tony Baldarelli wrote: > Newer machine ld --version: > [tonyb:v9_odbc:V3_18]> ld --version > GNU ld version 2.13.90.0.18 20030206 It's not that new :). Could you try: --disable-ld-version-script as an option to configure? regards, Nikos From tbaldarelli at wmsvision.com Fri Apr 8 18:16:49 2011 From: tbaldarelli at wmsvision.com (Tony Baldarelli) Date: Fri, 8 Apr 2011 12:16:49 -0400 Subject: gnutls installation problems In-Reply-To: <4D9F2F69.2020507@gnutls.org> References: <012301cbf554$bbc9e5a0$335db0e0$@com> <4D9E3F60.80502@gnutls.org> <014601cbf5fd$362b75e0$a28261a0$@com> <4D9F2B77.9080402@gnutls.org> <014901cbf604$1d81a990$5884fcb0$@com> <4D9F2F69.2020507@gnutls.org> Message-ID: <014d01cbf608$5e03a6e0$1a0af4a0$@com> "Newer" being a relative term :-), your idea worked on both machines. So I guess the root cause is some "ld" version differences between what gnutls wants and what I have? Here is what I did, that worked on both machines ( obviously, I ran "make clean" and "make distclean" after running "make install" ): ./configure --with-libgcrypt --disable-ld-version-script make make install Thanks so much for your help. ? Tony -----Original Message----- From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos Sent: Friday, April 08, 2011 11:53 AM To: Tony Baldarelli Cc: help-gnutls at gnu.org Subject: Re: gnutls installation problems On 04/08/2011 05:46 PM, Tony Baldarelli wrote: > Newer machine ld --version: > [tonyb:v9_odbc:V3_18]> ld --version > GNU ld version 2.13.90.0.18 20030206 It's not that new :). Could you try: --disable-ld-version-script as an option to configure? regards, Nikos From nmav at gnutls.org Fri Apr 8 18:43:07 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 08 Apr 2011 18:43:07 +0200 Subject: gnutls 2.12.2 Message-ID: <4D9F3B1B.8030301@gnutls.org> I've just released gnutls 2.12.2. No new features, but several bug fixes. What's New ========== * Version 2.12.2 (released 2011-04-08) ** libgnutls: Several updates and fixes for win32. Patches by LRN. ** libgnutls: Several bug and memory leak fixes. ** srptool: Accepts the -d option to enable debugging. ** libgnutls: Corrected bug in gnutls_srp_verifier() that prevented the allocation of a verifier. Reported by Andrew Wiseman. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.2.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sat Apr 9 10:05:56 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 09 Apr 2011 10:05:56 +0200 Subject: gnutls 2.99.0 Message-ID: <4DA01364.3010306@gnutls.org> Hello, The GnuTLS 2.99.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. This is an update release that includes features such as Datagram TLS AES-GCM and more. This release includes documentation for the usage of DTLS as part of the main GnuTLS manual, but the major changes are summarized by this commit: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=08a1b04b3d049a4a44132c0bce0c017c0c70f892 The changes since the last stable branch are: * Version 2.99.0 (released 2011-04-09) ** libgnutls: Added Datagram TLS support. ** libgnutls: Uses a single configure file and a single gnulib library to save space. ** libgnutls: Several bug fixes. ** libgnutls: gnutls_transport_set_lowat() is no more. ** libgnutls-openssl: modified to use modern gnutls' functions. This introduces an ABI incompatibility with previous versions. ** libgnutls: Corrected signature generation and verification in the Certificate Verify message when in TLS 1.2. Reported by Todd A. Ouska. ** libgnutlsxx: The C++ interface returns exception on every error and not only on fatal ones. This allows easier handling of errors. ** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored the PSK callback. ** libgnutls: SRP and PSK are no longer set on the default priorities. They have to be explicitly set. ** libgnutls: During handshake message verification using DSS use the hash algorithm required by it. ** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. ** libgnutls: Added GCM mode (interoperates with tls.secg.org) ** libgnutls-extra: Inner application extension was removed. It was never standardized nor published as an RFC. ** libgnutls: Added new certificate verification functions, that can provide more details and are more efficient. Check gnutls_x509_trust_list_*. ** certtool: Uses the new certificate verification functions for --verify-chain. ** certtool: Added new certificate verification functionality using the --verify option. Combined with --load-ca-certificate it can verify a certificate chain against a list of certificates. ** API and ABI modifications: gnutls_dtls_set_timeouts: ADDED gnutls_dtls_get_mtu: ADDED gnutls_dtls_get_data_mtu: ADDED gnutls_dtls_set_mtu: ADDED gnutls_dtls_cookie_send: ADDED gnutls_dtls_cookie_verify: ADDED gnutls_dtls_prestate_set: ADDED gnutls_x509_trust_list_verify_crt: ADDED gnutls_x509_trust_list_add_crls: ADDED gnutls_x509_trust_list_add_cas: ADDED gnutls_x509_trust_list_init: ADDED gnutls_x509_trust_list_deinit: ADDED gnutls_cipher_add_auth: ADDED gnutls_cipher_tag: ADDED gnutls_psk_netconf_derive_key: REMOVED gnutls_certificate_verify_peers: REMOVED gnutls_session_set_finished_function: REMOVED gnutls_ext_register: REMOVED gnutls_certificate_get_x509_crls: REMOVED gnutls_certificate_get_x509_cas: REMOVED gnutls_certificate_get_openpgp_keyring: REMOVED gnutls_session_get_server_random: REMOVED gnutls_session_get_client_random: REMOVED gnutls_session_get_master_secret: REMOVED gnutls_ia_allocate_client_credentials: REMOVED gnutls_ia_allocate_server_credentials: REMOVED gnutls_ia_enable: REMOVED gnutls_ia_endphase_send: REMOVED gnutls_ia_extract_inner_secret: REMOVED gnutls_ia_free_client_credentials: REMOVED gnutls_ia_free_server_credentials: REMOVED gnutls_ia_generate_challenge: REMOVED gnutls_ia_get_client_avp_ptr: REMOVED gnutls_ia_get_server_avp_ptr: REMOVED gnutls_ia_handshake: REMOVED gnutls_ia_handshake_p: REMOVED gnutls_ia_permute_inner_secret: REMOVED gnutls_ia_recv: REMOVED gnutls_ia_send: REMOVED gnutls_ia_set_client_avp_function: REMOVED gnutls_ia_set_client_avp_ptr: REMOVED gnutls_ia_set_server_avp_function: REMOVED gnutls_ia_set_server_avp_ptr: REMOVED gnutls_ia_verify_endphase: REMOVED Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.0.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.0.tar.bz2 Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.0.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.0.tar.bz2.sig regards, Nikos From nmav at gnutls.org Sat Apr 9 11:41:55 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 09 Apr 2011 11:41:55 +0200 Subject: gnutls 2.99.0 In-Reply-To: <4DA01364.3010306@gnutls.org> References: <4DA01364.3010306@gnutls.org> Message-ID: <4DA029E3.8090607@gnutls.org> On 04/09/2011 10:05 AM, Nikos Mavrogiannopoulos wrote: > This is an update release that includes features such as Datagram TLS > AES-GCM and more. For the support of AES-GCM you need the libnettle library from the cvs. There are instructions to obtain it at: http://www.lysator.liu.se/~nisse/nettle/ regards, Nikos From derleader at abv.bg Mon Apr 18 22:54:59 2011 From: derleader at abv.bg (derleader mail) Date: Mon, 18 Apr 2011 23:54:59 +0300 (EEST) Subject: Full Examples of GnuTLS Message-ID: <1505647038.785197.1303160099954.JavaMail.apache@mail22.abv.bg> Hi, I'm looking for full examples of GnuTLS - implementation of multithreaded daemon Server which listens for connections and clients. I also need an implementation where server can connect to the clients. Regards Peter ----------------------------------------------------------------- ????????? ???????!?????? ???:???-??????? ? ????? ?????? http://novatv.bg/shows/view/742/%D0%A7%D0%B5%D1%80%D0%B5%D1%88%D0%BA%D0%B0%D1%82%D0%B0-%D0%BD%D0%B0-%D1%82%D0%BE%D1%80%D1%82%D0%B0%D1%82%D0%B0/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Fri Apr 22 14:10:30 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 22 Apr 2011 14:10:30 +0200 Subject: gnutls 2.12.3 Message-ID: <4DB17036.2080504@gnutls.org> Hello, I've just released gnutls 2.12.3. What's New ========== * libgnutls: Several minor bugfixes. * libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings. * libgnutls: depend on libdl. * libgnutls: gnutls_transport_set_global_errno() was deprecated. Use your system's errno fascility or gnutls_transport_set_errno(). * gnutls-cli: Correction with usage of select to check for pending data in gnutls sessions. It now uses gnutls_record_check_pending(). Reported by Herbert J. Skuhra. * tests: More fixes and updates for win32. Patches by LRN. * libgnutls: Several files unnecessarily included ; this has been fixed. ** API and ABI modifications: gnutls_transport_set_global_errno: DEPRECATED Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.3.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sat Apr 23 11:12:25 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 23 Apr 2011 11:12:25 +0200 Subject: gnutls 2.99.1 Message-ID: <4DB297F9.3060809@gnutls.org> Hello, The GnuTLS 2.99.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. The changes since the development release are: * Version 2.99.1 (released 2011-04-23) ** libgnutls: Added support for AES-NI if detected. Uses Andy Polyakov's AES-NI code. * libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings. * libgnutls: depend on libdl. ** libgnutls-extra: Dropped support of LZO compression via liblzo. ** libgnutls: gnutls_transport_set_global_errno() was removed. This function required GnuTLS to access system specific data, for no reason. Use gnutls_transport_set_errno(), or your system's errno fascility instead. ** libgnutls: Added gnutls_certificate_set_retrieve_function2() to set a callback to retrieve a certificate. The certificate is received in a format that requires no processing from gnutls thus it is suitable when performance is required. ** API and ABI modifications: gnutls_transport_set_global_errno: REMOVED gnutls_certificate_set_retrieve_function2: ADDED Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.1.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.1.tar.bz2 Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.1.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.1.tar.bz2.sig regards, Nikos From ludo at gnu.org Sat Apr 23 23:47:09 2011 From: ludo at gnu.org (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Sat, 23 Apr 2011 23:47:09 +0200 Subject: gnutls 2.99.1 drops LZO support References: <4DB297F9.3060809@gnutls.org> Message-ID: <87zkngwsgy.fsf@gnu.org> Hello, Nikos Mavrogiannopoulos writes: > ** libgnutls-extra: Dropped support of LZO compression via liblzo. Out of curiosity, what were the reasons for this decision? Thanks, Ludo?. From nmav at gnutls.org Sun Apr 24 23:38:14 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 24 Apr 2011 23:38:14 +0200 Subject: gnutls 2.99.1 drops LZO support In-Reply-To: <87zkngwsgy.fsf@gnu.org> References: <4DB297F9.3060809@gnutls.org> <87zkngwsgy.fsf@gnu.org> Message-ID: <4DB49846.3010709@gnutls.org> On 04/23/2011 11:47 PM, Ludovic Court?s wrote: > Hello, >> ** libgnutls-extra: Dropped support of LZO compression via liblzo. > Out of curiosity, what were the reasons for this decision? No reason to have it either. It was an experimental custom extension that had no chance of becoming standard due to LZO being described only by source code. There are better compression algorithms to use today, but as it seems compression with TLS in general never took off. regards, Nikos From derleader at abv.bg Mon Apr 25 00:02:05 2011 From: derleader at abv.bg (derleader mail) Date: Mon, 25 Apr 2011 01:02:05 +0300 (EEST) Subject: Optimize GNUTLS for performance Message-ID: <1141392392.950170.1303682525377.JavaMail.apache@mail22.abv.bg> Hi, I'm interested is it possible to optimize GNUTLS for performance? Regards Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradh at frogmouth.net Mon Apr 25 01:44:20 2011 From: bradh at frogmouth.net (Brad Hards) Date: Mon, 25 Apr 2011 09:44:20 +1000 Subject: Optimize GNUTLS for performance In-Reply-To: <1141392392.950170.1303682525377.JavaMail.apache@mail22.abv.bg> References: <1141392392.950170.1303682525377.JavaMail.apache@mail22.abv.bg> Message-ID: <201104250944.20678.bradh@frogmouth.net> On Mon, 25 Apr 2011 08:02:05 am derleader mail wrote: > I'm interested is it possible to optimize GNUTLS for performance? I'm sure it is possible to change GnuTLS. What do you mean by performance in this case (e.g. throughput, latency, cpu efficiency, something else)? What are you willing to trade off? What is the environment? What is the threat model? Brad From bradh at frogmouth.net Mon Apr 25 11:59:38 2011 From: bradh at frogmouth.net (Brad Hards) Date: Mon, 25 Apr 2011 19:59:38 +1000 Subject: Optimize GNUTLS for performance In-Reply-To: <909456949.954313.1303724224007.JavaMail.apache@mail22.abv.bg> References: <909456949.954313.1303724224007.JavaMail.apache@mail22.abv.bg> Message-ID: <201104251959.39002.bradh@frogmouth.net> On Monday 25 April 2011 19:37:04 you wrote: > >What is the threat model? > > i'm not familiar with that. What do you mean? What are you protecting against? If there is no threat, you can optimise away things that slow it down (like encryption). Does this matter to you? If you don't understand the threat, how can you possibly decide what tradeoffs to make? Brad From marlam at marlam.de Mon Apr 25 20:57:28 2011 From: marlam at marlam.de (Martin Lambers) Date: Mon, 25 Apr 2011 20:57:28 +0200 Subject: GnuTLS priority strings Message-ID: <4DB5C418.4050303@marlam.de> Hi all, I have some trouble with priority strings since gnutls_protocol_set_priority() is deprecated: Both msmtp and mpop can pass user-specified priority strings to GnuTLS, and both also provide the independent option to force SSLv3. Up until now, I could specifiy the priority string with gnutls_priority_set_direct() and subsequently use gnutls_protocol_set_priority() to force SSLv3, and this worked as expected. To avoid using a deprecated function, I now need to force SSLv3 by extending a given priority string. I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g. "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still results in other TLS versions being enabled. Apparently later entries do not override previous entries. So how should this be done instead? Regards, Martin From nmav at gnutls.org Mon Apr 25 21:13:49 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 25 Apr 2011 21:13:49 +0200 Subject: GnuTLS priority strings In-Reply-To: <4DB5C418.4050303@marlam.de> References: <4DB5C418.4050303@marlam.de> Message-ID: <4DB5C7ED.3060403@gnutls.org> On 04/25/2011 08:57 PM, Martin Lambers wrote: > Hi all, > > I have some trouble with priority strings since > gnutls_protocol_set_priority() is deprecated: > Both msmtp and mpop can pass user-specified priority strings to GnuTLS, > and both also provide the independent option to force SSLv3. > Up until now, I could specifiy the priority string with > gnutls_priority_set_direct() and subsequently use > gnutls_protocol_set_priority() to force SSLv3, and this worked as expected. > To avoid using a deprecated function, I now need to force SSLv3 by > extending a given priority string. > I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g. > "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still > results in other TLS versions being enabled. Apparently later entries do > not override previous entries. So how should this be done instead? The way you describe is the correct one. If I try this priority string to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could it be that you overwrite the priorities by calling some other priority function later? regards, Nikos From marlam at marlam.de Mon Apr 25 21:34:29 2011 From: marlam at marlam.de (Martin Lambers) Date: Mon, 25 Apr 2011 21:34:29 +0200 Subject: GnuTLS priority strings In-Reply-To: <4DB5C7ED.3060403@gnutls.org> References: <4DB5C418.4050303@marlam.de> <4DB5C7ED.3060403@gnutls.org> Message-ID: <4DB5CCC5.2070605@marlam.de> Hi Nikos, On 25/04/11 21:13, Nikos Mavrogiannopoulos wrote: > On 04/25/2011 08:57 PM, Martin Lambers wrote: >> I have some trouble with priority strings since >> gnutls_protocol_set_priority() is deprecated: >> Both msmtp and mpop can pass user-specified priority strings to GnuTLS, >> and both also provide the independent option to force SSLv3. >> Up until now, I could specifiy the priority string with >> gnutls_priority_set_direct() and subsequently use >> gnutls_protocol_set_priority() to force SSLv3, and this worked as expected. >> To avoid using a deprecated function, I now need to force SSLv3 by >> extending a given priority string. >> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g. >> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still >> results in other TLS versions being enabled. Apparently later entries do >> not override previous entries. So how should this be done instead? > > The way you describe is the correct one. If I try this priority string > to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could > it be that you overwrite the priorities by calling some other priority > function later? Thanks for your help. The error was that I used "VERS-TLS-ALL" with GnuTLS 2.8.6, which silently ignored this. I then tried with GnuTLS 2.10.5 on a different system, and that complained about it. At that point did I realize that VERS-TLS-ALL is only available in GnuTLS 2.12.x... So now I append ":-VERS-TLS-ALL:+VERS-SSL3.0" with GnuTLS >= 2.12, and ":-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0" with GnuTLS < 2.12, and this seems to work fine. Martin From nmav at gnutls.org Tue Apr 26 20:31:56 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 26 Apr 2011 20:31:56 +0200 Subject: GnuTLS priority strings In-Reply-To: <4DB5CCC5.2070605@marlam.de> References: <4DB5C418.4050303@marlam.de> <4DB5C7ED.3060403@gnutls.org> <4DB5CCC5.2070605@marlam.de> Message-ID: <4DB70F9C.1030203@gnutls.org> On 04/25/2011 09:34 PM, Martin Lambers wrote: >>> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g. >>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still >>> results in other TLS versions being enabled. Apparently later entries do >>> not override previous entries. So how should this be done instead? >> >> The way you describe is the correct one. If I try this priority string >> to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could >> it be that you overwrite the priorities by calling some other priority >> function later? > Thanks for your help. The error was that I used "VERS-TLS-ALL" with > GnuTLS 2.8.6, which silently ignored this. I then tried with GnuTLS > 2.10.5 on a different system, and that complained about it. At that > point did I realize that VERS-TLS-ALL is only available in GnuTLS 2.12.x... > So now I append ":-VERS-TLS-ALL:+VERS-SSL3.0" with GnuTLS >= 2.12, and > ":-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0" with GnuTLS < > 2.12, and this seems to work fine. If you do this for compatibility you might want to try "NORMAL:%COMPAT" instead of disabling protocol versions (if you are a server). If you are a client you might want to disable TLS 1.1 and TLS 1.2 as a number of servers refuse to talk if presented with version numbers they don't understand. I'm not aware though of any server having issues with TLS 1.0. regards, Nikos From marlam at marlam.de Tue Apr 26 23:24:56 2011 From: marlam at marlam.de (Martin Lambers) Date: Tue, 26 Apr 2011 23:24:56 +0200 Subject: GnuTLS priority strings In-Reply-To: <4DB70F9C.1030203@gnutls.org> References: <4DB5C418.4050303@marlam.de> <4DB5C7ED.3060403@gnutls.org> <4DB5CCC5.2070605@marlam.de> <4DB70F9C.1030203@gnutls.org> Message-ID: <4DB73828.2070406@marlam.de> On 26/04/11 20:31, Nikos Mavrogiannopoulos wrote: >>>> I tried to append ":-VERS-TLS-ALL:+VERS-SSL3.0" (e.g. >>>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0"), but this does not work: it still >>>> results in other TLS versions being enabled. Apparently later entries do >>>> not override previous entries. So how should this be done instead? >>> >>> The way you describe is the correct one. If I try this priority string >>> to gnutls-cli of 2.12.3 I only see SSL 3.0 being advertised. Could >>> it be that you overwrite the priorities by calling some other priority >>> function later? >> Thanks for your help. The error was that I used "VERS-TLS-ALL" with >> GnuTLS 2.8.6, which silently ignored this. I then tried with GnuTLS >> 2.10.5 on a different system, and that complained about it. At that >> point did I realize that VERS-TLS-ALL is only available in GnuTLS 2.12.x... >> So now I append ":-VERS-TLS-ALL:+VERS-SSL3.0" with GnuTLS >= 2.12, and >> ":-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0" with GnuTLS < >> 2.12, and this seems to work fine. > > If you do this for compatibility you might want to try "NORMAL:%COMPAT" > instead of disabling protocol versions (if you are a server). If you > are a client you might want to disable TLS 1.1 and TLS 1.2 as a > number of servers refuse to talk if presented with version numbers > they don't understand. I'm not aware though of any server having > issues with TLS 1.0. I'm a client, and I do this only if the user specified the force_sslv3 option. This option was added ca. 5 years ago to work around problems with servers that were called "ancient" already at that time. I doubt that it is still relevant today, but I don't want to remove this option if it can be avoided; someone might still use it. Martin