From mrsam at courier-mta.com Sat Jul 2 05:43:28 2011 From: mrsam at courier-mta.com (Sam Varshavchik) Date: Fri, 01 Jul 2011 23:43:28 -0400 Subject: =?UTF-8?Q?gnutls=5Frsa=5Fparams=5Fexport?= =?UTF-8?Q?=5Fpkcs1?= not thread safe Message-ID: A long and painful debugging session seems to indicate that the root of my problems is that gnutls_rsa_params_export_pkcs1() is not thread safe. I was invoking this function with the same gnutls_rsa_params_t, concurrently from multiple threads. The way I'm tracing the logic, my gnutls_params_t gets passed to gnutls_x509_privkey_export(), and then to _gnutls_asn1_encode_rsa(). The first parameter that _gnutls_asn1_encode_rsa receives is a pointer to the "key" member of the structure that gnutls_rsa_params_t points to. It looks to me that _gnutls_asn1_encode_rsa() ends up writing to the "key" member in this fashion. Because I'm exporting gnutls_rsa_params_t concurrently from multiple threads, they end up stomping on each other. And, when 'key' is already populated, _gnutls_asn1_encode_rsa() attempts to free it. That, I believe, is the reason why glibc's is accusing me of double- freeing something, and nuking me from high orbit. Ok, I'll protect the whole thing with my own mutex. Problem solved, I think. But, it just bugs me that I had absolutely no clue that gnutls_rsa_params_export_pkcs1() could possibly be not thread safe. I missed this entirely. I had nothing to suggest that it modifies the gnutls_rsa_params_t. I've read the part of the docs that talk about thread safety, I declare GCRY_THREAD_OPTION_PTHREAD_IMPL and invoke gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread), before gnutls_global_init(), I thought that I had my bases covered; so I'm wondering what else is not thread-safe, and I need to protect it with a mutex. What about gnutls_rsa_params_export_raw()? Is that thread safe? What about gnutls_dh_params_export_pkcs3() and gnutls_dh_params_export_raw()? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From btb at bitrate.net Tue Jul 5 08:41:47 2011 From: btb at bitrate.net (ben thielsen) Date: Tue, 5 Jul 2011 02:41:47 -0400 Subject: priority strings behavior Message-ID: hi- i'm experimenting a bit with setting specific priority strings. i've been reading some of the documentation, namely gnutls.pdf from http://www.gnu.org/software/gnutls/documentation.html and man 1 gnutls-cli, but i think some of the nuances are escaping me. i get the feeling that specifying certain things [specifically, cipher suites] will inherently also enable other certain things - is this true? are the cipher suites just shorthand methods for enabling multiple other specific things at once? is there somewhere documented which settings turn on other settings, and what they are? more specifically, i'd like to enable only the following: protocols: TLS1.2 TLS1.1 certificate types: X.509 OPENPGP ciphers: AES-256-CBC CAMELLIA-256-CBC macs: SHA512 key exchange methods: RSA DHE-DSS DHE-RSA DHE-PSK SRP SRP-DSS SRP-RSA PSK public key algorithms: RSA DSA public key signature algorithms: SIGN-RSA-SHA512 SIGN-DSA-SHA256 compression: DEFLATE NULL but - given the output of gnutls-cli --list: >gnutls-cli --list Cipher suites: TLS_ANON_DH_ARCFOUR_MD5 0x00, 0x18 SSL3.0 TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0 TLS_ANON_DH_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0 TLS_ANON_DH_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0 TLS_ANON_DH_CAMELLIA_128_CBC_SHA1 0x00, 0x46 TLS1.0 TLS_ANON_DH_CAMELLIA_256_CBC_SHA1 0x00, 0x89 TLS1.0 TLS_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8a TLS1.0 TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8b TLS1.0 TLS_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x8c TLS1.0 TLS_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x8d TLS1.0 TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8e TLS1.0 TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8f TLS1.0 TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x90 TLS1.0 TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x91 TLS1.0 TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a TLS1.0 TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d TLS1.0 TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 TLS1.0 TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c TLS1.0 TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b TLS1.0 TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f TLS1.0 TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e TLS1.0 TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 TLS1.0 TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 TLS1.0 TLS_DHE_DSS_ARCFOUR_SHA1 0x00, 0x66 TLS1.0 TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0 TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0 TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0 TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 0x00, 0x44 TLS1.0 TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 0x00, 0x87 TLS1.0 TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0 TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x45 TLS1.0 TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x88 TLS1.0 TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0 TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00, 0x03 SSL3.0 TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL3.0 TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL3.0 TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0 TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 TLS_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x41 TLS1.0 TLS_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x84 TLS1.0 Certificate types: X.509, OPENPGP Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2 Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL Key exchange algorithms: ANON-DH, RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP-DSS, SRP-RSA, SRP, PSK, DHE-PSK Compression: DEFLATE, NULL Public Key Systems: RSA, DSA PK-signatures: RSA-SHA, RSA-SHA256, RSA-SHA384, RSA-SHA512, RSA-RMD160, DSA-SHA, RSA-MD5, RSA-MD2 ...it seems like there's some contradiction between the list of cipher suites and the list of MACs? i can somehow use sha512, but none of the cipher suites can? this particular instance is older: >gnutls-cli -v gnutls-cli (GnuTLS) 2.8.6 ...and i see here http://www.gnu.org/software/gnutls/manual/html_node/All-the-supported-ciphersuites-in-GnuTLS.html#ciphersuites that there appear to be some sha2 algorithms listed in the ciphersuites for perhaps newer versions - but even then, no 512 - just 256? thanks -ben From mike at cchtml.com Tue Jul 5 20:55:43 2011 From: mike at cchtml.com (Michael Cronenworth) Date: Tue, 05 Jul 2011 13:55:43 -0500 Subject: priority strings behavior In-Reply-To: References: Message-ID: <4E135E2F.1010209@cchtml.com> On 07/05/2011 01:41 AM, ben thielsen wrote: > gnutls-cli (GnuTLS) 2.8.6 I know that TLS 1.2 support was not finalized until version 2.10 so I would suggest not using it. The documentation you quote is for version 2.12 so I would also suggest that you use the 2.8 documentation instead. From btb at bitrate.net Sat Jul 9 00:34:51 2011 From: btb at bitrate.net (ben thielsen) Date: Fri, 8 Jul 2011 18:34:51 -0400 Subject: priority strings behavior In-Reply-To: <4E135E2F.1010209@cchtml.com> References: <4E135E2F.1010209@cchtml.com> Message-ID: On Jul 05, 2011, at 14.55, Michael Cronenworth wrote: > On 07/05/2011 01:41 AM, ben thielsen wrote: >> gnutls-cli (GnuTLS) 2.8.6 > > I know that TLS 1.2 support was not finalized until version 2.10 so I would suggest not using it. > > The documentation you quote is for version 2.12 so I would also suggest that you use the 2.8 documentation instead. thanks, yes. i have the documentation for 2.8.6 as well, and i'll take suggestion regarding tls 1.2 under advisement. but my question really was in reference to the relationship between any particular version's list of cipher suites, and the corresponding list of macs. am i misinterpreting what these things mean? if a particular version of gnutl includes things like sha512 in its list of macs, why do the cipher suites appear to not support it? From volanshu at gmail.com Sun Jul 10 12:11:59 2011 From: volanshu at gmail.com (volan shu) Date: Sun, 10 Jul 2011 18:11:59 +0800 Subject: How to reject SSL 3.0 on gnutls 2.12.6 Message-ID: Hi there, I met some issues when using gnutls APIs to setup my server to reject SSL 3.0 requests using "-VERS-SSL3.0". ( My whole priority string is "PERFORMANCE:!ARCFOUR-128:! ARCFOUR-40:-VERS-SSL3.0:%DISABLE_SAFE_RENEGOTIATION".) As in the wireshark capture, I found the handshake was kept on going without a handshake failure alert to be sent to client on gnutls 2.12.6. So I have to planning to use gnutls_certificate_set_retrieve_function in my server to set a callback function who can be used to check the SSL version carried by Client Hello in order for server to reject the SSL3.0 request other than to accept it. But in my call back function, I can't retrieve the X.509 certificate and private key using gnutls_session_t as the index after I searched the gnutls APIs description at http://www.gnu.org/software/gnutls/manual/gnutls.html and the all the examples included. Would you know how can I specify the priority string or how can I achieve this using this callback function or any other alternative can be used instead? Many thanks, Volan -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sat Jul 23 15:47:10 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 23 Jul 2011 15:47:10 +0200 Subject: priority strings behavior In-Reply-To: References: Message-ID: <4E2AD0DE.60907@gnutls.org> On 07/05/2011 08:41 AM, ben thielsen wrote: > hi- > > i'm experimenting a bit with setting specific priority strings. > i've been reading some of the documentation, namely gnutls.pdf from > http://www.gnu.org/software/gnutls/documentation.html and man 1 > gnutls-cli, but i think some of the nuances are escaping me. i get > the feeling that specifying certain things [specifically, cipher > suites] will inherently also enable other certain things - is this > true? are the cipher suites just shorthand methods for enabling > multiple other specific things at once? is there somewhere > documented which settings turn on other settings, and what they are? > > more specifically, i'd like to enable only the following: [...] > ...it seems like there's some contradiction between the list of > cipher suites and the list of MACs? i can somehow use sha512, but > none of the cipher suites can? Gnutls priority strings are flexible and might allow more combinations than the actual ciphersuites. If you want to pick a specific set of algorithms it is better to pick a ciphersuite and use the algorithms it consists from. regards, Nikos From nmav at gnutls.org Sat Jul 23 16:18:30 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 23 Jul 2011 16:18:30 +0200 Subject: gnutls_rsa_params_export_pkcs1 not thread safe In-Reply-To: References: Message-ID: <4E2AD836.3020009@gnutls.org> On 07/02/2011 05:43 AM, Sam Varshavchik wrote: > A long and painful debugging session seems to indicate that the root > of my problems is that gnutls_rsa_params_export_pkcs1() is not thread > safe. I was invoking this function with the same > gnutls_rsa_params_t, concurrently from multiple threads. Thanks, there was some optimization in gnutls_rsa_params_t that caused this issue. The attached patch should fix your problem. However do you really need the gnutls_rsa_params_t? They are only used for the RSA-EXPORT ciphersuites that shouldn't be used normally. regards, Nikos -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: patch.txt URL: From nmav at gnutls.org Sat Jul 23 17:13:00 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 23 Jul 2011 17:13:00 +0200 Subject: gnutls 2.99.4 Message-ID: <4E2AE4FC.5060808@gnutls.org> Hello, I've just released gnutls 2.99.4. This is to be considered the final prerelease of 3.0.0. The GnuTLS 2.99.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. The changes since the last development release are: * Version 2.99.4 (released 2011-07-23) ** doc: documentation updates. ** libgnutls: gnutls_rsa_params_t is now identical to gnutls_x509_privkey_t to avoid thread-safety issues. Reported by Sam Varshavchik. ** libgnutls: Added compatibility mode with /etc/gnutls/pkcs11.conf ** libgnutls: license upgraded to LGPLv3 ** libgnutls: gnutls_srp_verifier() returns data allocated with gnutls_malloc() for consistency. ** API and ABI modifications: No changes since last version. Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.4.tar.xz ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.4.tar.xz Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.4.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.4.tar.xz.sig regards, Nikos From mrsam at courier-mta.com Sat Jul 23 17:27:27 2011 From: mrsam at courier-mta.com (Sam Varshavchik) Date: Sat, 23 Jul 2011 11:27:27 -0400 Subject: =?UTF-8?Q?gnutls=5Frsa=5Fparams=5Fexport=5Fpkcs1?= not thread safe References: <4E2AD836.3020009@gnutls.org> Message-ID: Nikos Mavrogiannopoulos writes: > On 07/02/2011 05:43 AM, Sam Varshavchik wrote: > > A long and painful debugging session seems to indicate that the root > > of my problems is that gnutls_rsa_params_export_pkcs1() is not thread > > safe. I was invoking this function with the same > > gnutls_rsa_params_t, concurrently from multiple threads. > > Thanks, there was some optimization in gnutls_rsa_params_t that caused > this issue. The attached patch should fix your problem. > > However do you really need the gnutls_rsa_params_t? They are only > used for the RSA-EXPORT ciphersuites that shouldn't be used normally. I know -- this is some middleware that pregenerates temporary RSA keys, in case they are actually needed. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From nmav at gnutls.org Sat Jul 23 20:30:07 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 23 Jul 2011 20:30:07 +0200 Subject: gnutls_rsa_params_export_pkcs1 not thread safe In-Reply-To: References: <4E2AD836.3020009@gnutls.org> Message-ID: <4E2B132F.6040404@gnutls.org> On 07/23/2011 05:27 PM, Sam Varshavchik wrote: >> > A long and painful debugging session seems to indicate that the root >> > of my problems is that gnutls_rsa_params_export_pkcs1() is not thread >> > safe. I was invoking this function with the same >> > gnutls_rsa_params_t, concurrently from multiple threads. >> Thanks, there was some optimization in gnutls_rsa_params_t that caused >> this issue. The attached patch should fix your problem. >> However do you really need the gnutls_rsa_params_t? They are only >> used for the RSA-EXPORT ciphersuites that shouldn't be used normally. > > I know -- this is some middleware that pregenerates temporary RSA keys, > in case they are actually needed. A quick fix for that without requiring a new version of gnutls would be to use a gnutls_x509_privkey_t and generate 512-bit RSA keys to export. That would be thread safe and equivalent in functionality. regards, Nikos From leandrosansilva at gmail.com Tue Jul 26 20:36:14 2011 From: leandrosansilva at gmail.com (Leandro Santiago) Date: Tue, 26 Jul 2011 15:36:14 -0300 Subject: how to encrypt raw data using public rsa key and gnutls API? Message-ID: Hello to all. I'm new with gnutls, and I have a small class which get the rsa private key from a pem encoded file (generated by openssl) and this class uses openssl. The problem is now I have to reimplement this class but using gnutls (or libgcrypt, I don't know). The second problem is I can't find how to do it using these libraries. So I need to known if you can help me. So my what I need to do is, step by step: open a file which a rsa public key (I have only the public key) encoded with pem (os even get the content in a char*, or in der format) and use this key to encoder a sequence of bytes. I don't need the keys I am already using are compatible with the new implementation. My class can be found in the adress http://dl.dropbox.com/u/3550969/kde-inconsistences/encrypt.tar.bz2 It depends only on openssl and boost-thread. I compile with success on Ubuntu 11.04 320bit Thanks From nmav at gnutls.org Fri Jul 29 22:33:39 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 29 Jul 2011 22:33:39 +0200 Subject: GnuTLS 3.0.0 released Message-ID: <4E331923.1030503@gnutls.org> We are proud to announce a new stable GnuTLS release: Version 3.0.0. GnuTLS is a modern C library that implements the standard network security protocol Transport Layer Security (TLS), for use by network applications. GnuTLS is developed for GNU/Linux, but works on many Unix-like systems and comes with a binary installer for Windows. The GnuTLS library is distributed under the terms of the GNU Lesser General Public License version 3 (or later). The "extra" GnuTLS library (which contains), the OpenSSL compatibility library, the self tests and the command line tools are all distributed under the GNU Genera Public License version 3.0 (or later). The manual is distributed under the GNU Free Documentation License version 1.3 (or later). The project page of the library is available at: http://www.gnutls.org and http://www.gnu.org/software/gnutls/ What's New ========== Version 3.0.0 is the first stable release on the 3.0.x branch and is the result of 11 months of work on the experimental 2.99.x branch. The GnuTLS 3.0.x branch replaces the GnuTLS 2.12.x branch as the supported stable branch, although we will continue to support GnuTLS 2.12.x for some time. ** libgnutls: license upgraded to LGPLv3 ** libgnutls: depends on nettle 2.2. ** libgnutls: Added Datagram TLS 1.0 support. ** libgnutls: Added Elliptic curve support. Requires priority strings: +CURVE-ALL: to add all supported curves +ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate +ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate +ANON-ECDHE: to add anonymous ECDH ** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489). ** libgnutls: Added AES in GCM mode ** libgnutls: Added SUITEB128 and SUITEB192 priority strings to enable the NSA SuiteB cryptography ciphersuites. ** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ instruction. Uses Andy Polyakov's assembly code. ** libgnutls: Added gnutls_global_set_audit_log_function() that allows to get important auditing information including the corresponding session. That might be useful to block DoS or other attacker from specific IPs. ** libgnutls: gnutls_transport_set_lowat() is no more. ** libgnutls: Added gnutls_certificate_set_retrieve_function2() to set a callback to retrieve a certificate. The certificate is received in a format that requires no processing from gnutls thus it is suitable when performance is required. ** libgnutls: Simplified the handling of handshake messages to be hashed. Instead of hashing during the handshake process we now keep the data until handshake is over and hash them on request. This uses more memory but eliminates issues with TLS 1.2 and simplifies code. ** libgnutls: LZO support was removed. ** libgnutls: gnutls_srp_verifier() returns data allocated with gnutls_malloc() for consistency. ** libgnutls-openssl: modified to use modern gnutls' functions. This introduces an ABI incompatibility with previous versions. ** libgnutls: gnutls_rsa_params_t is now identical to gnutls_x509_privkey_t to avoid thread-safety issues. Reported by Sam Varshavchik. ** libgnutls: Added new PKCS #11 flags to force an object being private or not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) ** libgnutls: Added gnutls_x509_crq_verify() to allow verification of the self signature in a certificate request. This allows verifying whether the owner of the private key is the generator of the request. ** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies the self signature of the request. ** libgnutls: Added gnutls_pubkey_verify_data2() that will verify data provided the signature algorithm. ** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and gnutls_x509_trust_list_verify_named_crt() that allow having a list of certificates in the trusted list that will be associated with a name (e.g. server name) and will not be used as CAs. ** libgnutls: PKCS #11 back-end rewritten to use p11-kit http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by Stef Walter. ** libgnutls: Uses a single configure file and a single gnulib library to save space. ** libgnutlsxx: The C++ interface returns exception on every error and not only on fatal ones. This allows easier handling of errors. ** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored the PSK callback. ** libgnutls: SRP and PSK are no longer set on the default priorities. They have to be explicitly set. ** libgnutls: During handshake message verification using DSS use the hash algorithm required by it. ** libgnutls: writev_emu: stop on the first incomplete write. Patch by Sjoerd Simons. ** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. ** libgnutls-extra: Inner application extension was removed. It was never standardized nor published as an RFC. ** libgnutls: Added new certificate verification functions, that can provide more details and are more efficient. Check gnutls_x509_trust_list_*. ** certtool: Uses the new certificate verification functions for --verify-chain. ** certtool: Added new certificate verification functionality using the --verify option. Combined with --load-ca-certificate it can verify a certificate chain against a list of certificates. ** libgnutls: Fix zlib handling in gnutls.pc. Patch by Andreas Metzler. ** certtool: bug fixes in certificate request generation. Patch by Petr P?sa?. ** API and ABI modifications: gnutls_pubkey_verify_data2: ADDED gnutls_ecc_curve_get: ADDED gnutls_x509_trust_list_add_named_crt: ADDED gnutls_x509_trust_list_verify_named_crt: ADDED gnutls_x509_privkey_verify_data: REMOVED gnutls_crypto_bigint_register: REMOVED gnutls_crypto_cipher_register: REMOVED gnutls_crypto_digest_register: REMOVED gnutls_crypto_mac_register: REMOVED gnutls_crypto_pk_register: REMOVED gnutls_crypto_rnd_register: REMOVED gnutls_crypto_single_cipher_register: REMOVED gnutls_crypto_single_digest_register: REMOVED gnutls_crypto_single_mac_register: REMOVED gnutls_certificate_get_issuer: ADDED gnutls_x509_trust_list_get_issuer: ADDED gnutls_x509_crq_verify: ADDED gnutls_global_set_audit_log_function: ADDED gnutls_ecc_curve_get_name: ADDED gnutls_ecc_curve_get_size: ADDED gnutls_x509_privkey_import_ecc_raw: ADDED gnutls_x509_privkey_export_ecc_raw: ADDED gnutls_global_set_time_function: ADDED gnutls_dtls_set_timeouts: ADDED gnutls_dtls_get_mtu: ADDED gnutls_dtls_get_data_mtu: ADDED gnutls_dtls_set_mtu: ADDED gnutls_dtls_cookie_send: ADDED gnutls_dtls_cookie_verify: ADDED gnutls_dtls_prestate_set: ADDED gnutls_x509_trust_list_verify_crt: ADDED gnutls_x509_trust_list_add_crls: ADDED gnutls_x509_trust_list_add_cas: ADDED gnutls_x509_trust_list_init: ADDED gnutls_x509_trust_list_deinit: ADDED gnutls_cipher_add_auth: ADDED gnutls_cipher_tag: ADDED gnutls_pcert_list_import_x509_raw: ADDED gnutls_psk_netconf_derive_key: REMOVED gnutls_certificate_verify_peers: REMOVED gnutls_session_set_finished_function: REMOVED gnutls_ext_register: REMOVED gnutls_certificate_get_x509_crls: REMOVED gnutls_certificate_get_x509_cas: REMOVED gnutls_certificate_get_openpgp_keyring: REMOVED gnutls_session_get_server_random: REMOVED gnutls_session_get_client_random: REMOVED gnutls_session_get_master_secret: REMOVED gnutls_ia_allocate_client_credentials: REMOVED gnutls_ia_allocate_server_credentials: REMOVED gnutls_ia_enable: REMOVED gnutls_ia_endphase_send: REMOVED gnutls_ia_extract_inner_secret: REMOVED gnutls_ia_free_client_credentials: REMOVED gnutls_ia_free_server_credentials: REMOVED gnutls_ia_generate_challenge: REMOVED gnutls_ia_get_client_avp_ptr: REMOVED gnutls_ia_get_server_avp_ptr: REMOVED gnutls_ia_handshake: REMOVED gnutls_ia_handshake_p: REMOVED gnutls_ia_permute_inner_secret: REMOVED gnutls_ia_recv: REMOVED gnutls_ia_send: REMOVED gnutls_ia_set_client_avp_function: REMOVED gnutls_ia_set_client_avp_ptr: REMOVED gnutls_ia_set_server_avp_function: REMOVED gnutls_ia_set_server_avp_ptr: REMOVED gnutls_ia_verify_endphase: REMOVED GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code GNUTLS_KX_ECDHE_RSA: New key exchange method GNUTLS_KX_ECDHE_ECDSA: New key exchange method GNUTLS_KX_ANON_ECDH: New key exchange method GNUTLS_KX_ECDHE_PSK: New key exchange method GNUTLS_PK_ECC: New public key algorithm GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm GNUTLS_ECC_CURVE_INVALID: New curve definition GNUTLS_ECC_CURVE_SECP224R1: New curve definition GNUTLS_ECC_CURVE_SECP256R1: New curve definition GNUTLS_ECC_CURVE_SECP384R1: New curve definition GNUTLS_ECC_CURVE_SECP521R1: New curve definition GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag. GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag. GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From and a list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.0.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.0.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.0.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.0.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] Documentation ============= The GnuTLS manual is available electronically at: http://www.gnu.org/software/gnutls/documentation.html and a paper copy can be obtained at: http://www.lulu.com/product/paperback/the-gnutls-manual/16356050 Community ========= If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: http://lists.gnu.org/mailman/listinfo/help-gnutls If you wish to participate in the development of GnuTLS, you are invited to join our gnutls-dev mailing list, see: http://lists.gnu.org/mailman/listinfo/gnutls-devel Internationalization ==================== The GnuTLS library messages have been translated into Czech, Dutch, French, German, Italian, Malay, Polish, Simplified Chinese, Swedish, and Vietnamese. We welcome the addition of more translations. From totony123 at gmail.com Fri Jul 29 23:38:45 2011 From: totony123 at gmail.com (Daryl Anthony Chouinard) Date: Fri, 29 Jul 2011 17:38:45 -0400 Subject: Setting gnutls to use nettle instead of libgcrypt Message-ID: Hi, I'm having problems using a program which uses gnutls. (my /var/log/user.log is full of "[...] aria2c: Libgcrypt warning: missing initialization - please fix the application"). Note : aria2c is a download manager which uses gnutls. As libgcrypt seems a bit deprecated with gnutls, I'd like to use nettle instead, to see if the application gets fixed. I have nettle installed (uh, pacman, Archlinux's package manager, is telling me that it's installed), but gnutls is using libgcrypt (which is a xorg-server dependency, so I can't really uninstall it). Anyone know how I can configure gnutls to use nettle instead of libgcrypt (Or how I can fix this error message without the need to (submit a patch)/edit gnutls' source code) ? Thanks in advance, Totony -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradh at frogmouth.net Sat Jul 30 01:41:07 2011 From: bradh at frogmouth.net (Brad Hards) Date: Sat, 30 Jul 2011 09:41:07 +1000 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: References: Message-ID: <201107300941.07726.bradh@frogmouth.net> On Saturday 30 July 2011 07:38:45 Daryl Anthony Chouinard wrote: > I have nettle installed (uh, pacman, Archlinux's package manager, is > telling me that it's installed) Which versions of nettle and gnutls are you using? gnutls appears quite picky about its nettle versions, so possibly you aren't using nettle because of that. Brad From totony123 at gmail.com Sat Jul 30 02:52:45 2011 From: totony123 at gmail.com (Totony) Date: Fri, 29 Jul 2011 20:52:45 -0400 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: <201107300941.07726.bradh@frogmouth.net> References: <201107300941.07726.bradh@frogmouth.net> Message-ID: I'm using gnutls version 2.12.7-2 and nettle version 2.1-1 Actually, nettle is linked to gnutls, so I think gnutls is using nettle, through the program I'm using looks to be using libgcrypt (because it's linked to libgcrypt), but the help forums of that program seems to say they're using the crypto of gnutls. Quite complicated situation >.> (That program is aria2). Do you know how I can know which crypto backend gnutls is using ? 2011/7/29 Brad Hards > On Saturday 30 July 2011 07:38:45 Daryl Anthony Chouinard wrote: > > I have nettle installed (uh, pacman, Archlinux's package manager, is > > telling me that it's installed) > Which versions of nettle and gnutls are you using? gnutls appears quite > picky > about its nettle versions, so possibly you aren't using nettle because of > that. > > Brad > > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > https://lists.gnu.org/mailman/listinfo/help-gnutls > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradh at frogmouth.net Sat Jul 30 03:08:15 2011 From: bradh at frogmouth.net (Brad Hards) Date: Sat, 30 Jul 2011 11:08:15 +1000 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: References: <201107300941.07726.bradh@frogmouth.net> Message-ID: <201107301108.15314.bradh@frogmouth.net> On Saturday 30 July 2011 10:52:45 Totony wrote: > I'm using gnutls version 2.12.7-2 and nettle version 2.1-1 That -2 and -1 thing is a packaging thing, so its possible that your distro is applying patches. The backend depends on how gnutls was built - I don't think you can change it at runtime. > Actually, nettle is linked to gnutls, so I think gnutls is using nettle, Really? Can you show what ldd /usr/lib/libnettle.so (or whatever nettle library path) outputs? > through the program I'm using looks to be using libgcrypt (because it's > linked to libgcrypt), but the help forums of that program seems to say > they're using the crypto of gnutls. Quite complicated situation >.> > (That program is aria2). Perhaps you need to ask aria2 developers. > Do you know how I can know which crypto backend gnutls is using ? What does ldd on the gnutls libraries show? Brad From totony123 at gmail.com Sat Jul 30 03:18:58 2011 From: totony123 at gmail.com (Totony) Date: Fri, 29 Jul 2011 21:18:58 -0400 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: <201107301108.15314.bradh@frogmouth.net> References: <201107300941.07726.bradh@frogmouth.net> <201107301108.15314.bradh@frogmouth.net> Message-ID: Oops, I said "nettle is linked to gnutls", but I meant "gnutls is linked to nettle". root: ldd /usr/lib/libgnutls.so linux-vdso.so.1 => (0x00007fff95fff000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007ff8dc78b000) libnettle.so.4 => /usr/lib/libnettle.so.4 (0x00007ff8dc568000) libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007ff8dc2fb000) libhogweed.so.2 => /usr/lib/libhogweed.so.2 (0x00007ff8dc0e9000) libz.so.1 => /usr/lib/libz.so.1 (0x00007ff8dbed1000) libdl.so.2 => /lib/libdl.so.2 (0x00007ff8dbccc000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007ff8dbaaf000) libc.so.6 => /lib/libc.so.6 (0x00007ff8db74e000) /lib/ld-linux-x86-64.so.2 (0x00007ff8dcc74000) root: ldd /usr/bin/aria2 linux-vdso.so.1 => (0x00007fffbe1ff000) librt.so.1 => /lib/librt.so.1 (0x00007ff5b7c9a000) libz.so.1 => /usr/lib/libz.so.1 (0x00007ff5b7a82000) libcares.so.2 => /usr/lib/libcares.so.2 (0x00007ff5b7873000) ->libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007ff5b75f6000) ->libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007ff5b7334000) libsqlite3.so.0 => /usr/lib/libsqlite3.so.0 (0x00007ff5b7095000) libxml2.so.2 => /usr/lib/libxml2.so.2 (0x00007ff5b6d42000) libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007ff5b6a38000) libm.so.6 => /lib/libm.so.6 (0x00007ff5b67b6000) libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007ff5b65a0000) libc.so.6 => /lib/libc.so.6 (0x00007ff5b623f000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007ff5b6022000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00007ff5b5e1f000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007ff5b5c0f000) libnettle.so.4 => /usr/lib/libnettle.so.4 (0x00007ff5b59ec000) libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007ff5b5780000) libhogweed.so.2 => /usr/lib/libhogweed.so.2 (0x00007ff5b556e000) libdl.so.2 => /lib/libdl.so.2 (0x00007ff5b536a000) /lib/ld-linux-x86-64.so.2 (0x00007ff5b7ea2000) So, gnutls have no reason to use libgcrypt ? (Even if the program that uses gnutls link libgcrypt ?) I think I will fill a bug report to the package (it's not normal that aria2 is linked to libgcrypt if it uses gnutls, is it ?). 2011/7/29 Brad Hards > On Saturday 30 July 2011 10:52:45 Totony wrote: > > I'm using gnutls version 2.12.7-2 and nettle version 2.1-1 > That -2 and -1 thing is a packaging thing, so its possible that your distro > is > applying patches. The backend depends on how gnutls was built - I don't > think > you can change it at runtime. > > > Actually, nettle is linked to gnutls, so I think gnutls is using nettle, > Really? Can you show what > ldd /usr/lib/libnettle.so > (or whatever nettle library path) outputs? > > > through the program I'm using looks to be using libgcrypt (because it's > > linked to libgcrypt), but the help forums of that program seems to say > > they're using the crypto of gnutls. Quite complicated situation >.> > > (That program is aria2). > Perhaps you need to ask aria2 developers. > > > Do you know how I can know which crypto backend gnutls is using ? > What does ldd on the gnutls libraries show? > > Brad > > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > https://lists.gnu.org/mailman/listinfo/help-gnutls > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradh at frogmouth.net Sat Jul 30 03:55:20 2011 From: bradh at frogmouth.net (Brad Hards) Date: Sat, 30 Jul 2011 11:55:20 +1000 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: References: <201107301108.15314.bradh@frogmouth.net> Message-ID: <201107301155.20907.bradh@frogmouth.net> On Saturday 30 July 2011 11:18:58 Totony wrote: > root: ldd /usr/lib/libgnutls.so > linux-vdso.so.1 => (0x00007fff95fff000) > libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007ff8dc78b000) > libnettle.so.4 => /usr/lib/libnettle.so.4 (0x00007ff8dc568000) > libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007ff8dc2fb000) > libhogweed.so.2 => /usr/lib/libhogweed.so.2 (0x00007ff8dc0e9000) > libz.so.1 => /usr/lib/libz.so.1 (0x00007ff8dbed1000) > libdl.so.2 => /lib/libdl.so.2 (0x00007ff8dbccc000) > libpthread.so.0 => /lib/libpthread.so.0 (0x00007ff8dbaaf000) > libc.so.6 => /lib/libc.so.6 (0x00007ff8db74e000) > /lib/ld-linux-x86-64.so.2 (0x00007ff8dcc74000) Is this /usr/lib/libgnutls.so a symlink to /usr/lib/libgnutls.so.26? > root: ldd /usr/bin/aria2 > linux-vdso.so.1 => (0x00007fffbe1ff000) > librt.so.1 => /lib/librt.so.1 (0x00007ff5b7c9a000) > libz.so.1 => /usr/lib/libz.so.1 (0x00007ff5b7a82000) > libcares.so.2 => /usr/lib/libcares.so.2 (0x00007ff5b7873000) > ->libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007ff5b75f6000) > ->libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007ff5b7334000) > libnettle.so.4 => /usr/lib/libnettle.so.4 (0x00007ff5b59ec000) This says that loading aria2 will load both gcrypt and nettle. Perhaps aria2 is using them both, and only one is via libgnutls. > So, gnutls have no reason to use libgcrypt ? (Even if the program that uses > gnutls link libgcrypt ?) It depends on how gnutls was built. > I think I will fill a bug report to the package (it's not normal that aria2 > is linked to libgcrypt if it uses gnutls, is it ?). It may not be a direct linkage. You have made a big assumption about the relationship between libgcrypt and aria2 - that is is via gnutls. The ldd output for /usr/lib/libgnutls.so above suggests that assumption is wrong. Brad From totony123 at gmail.com Sat Jul 30 07:53:49 2011 From: totony123 at gmail.com (Totony) Date: Sat, 30 Jul 2011 01:53:49 -0400 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: <201107301155.20907.bradh@frogmouth.net> References: <201107301108.15314.bradh@frogmouth.net> <201107301155.20907.bradh@frogmouth.net> Message-ID: >Is this /usr/lib/libgnutls.so a symlink to /usr/lib/libgnutls.so.26? libgnutls.so.26 is linked to libgnutls.so.26.21.1 (so is libgnutls.so) libgnutls.so -> libgnutls.so.26.21.1 >This says that loading aria2 will load both gcrypt and nettle. Perhaps aria2 is using them both, and only one is via libgnutls. Maybe :S (/investigation of aria2 code planned). (Through, what would be the use of using 2 different crypto backends with different wrappers ? Compatibility ?) >You have made a big assumption about the relationship between libgcrypt and >aria2 - that is is via gnutls. The ldd output for /usr/lib/libgnutls.so above >suggests that assumption is wrong. I assumed this for quite good reasons, but I think I will recheck this today. (The maintainer of the Git branch of aria2 I am using said this : "It seems initialization error of gnutls(which initializes libgcrypt internally), but I've never met this before". So, even if I'm not really invested in the coding of that program, I assumed that they used gnutls to take care of the libgcrypt related scripts (I checked the code a bit, and found calls of the gnutls functions too)). Source : http://sourceforge.net/apps/phpbb/aria2/viewtopic.php?f=2&t=135 and https://github.com/tatsuhiro-t/aria2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sat Jul 30 08:11:48 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 30 Jul 2011 08:11:48 +0200 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: References: <201107301108.15314.bradh@frogmouth.net> <201107301155.20907.bradh@frogmouth.net> Message-ID: <4E33A0A4.20404@gnutls.org> On 07/30/2011 07:53 AM, Totony wrote: >> You have made a big assumption about the relationship between >> libgcrypt and aria2 - that is is via gnutls. The ldd output for >> /usr/lib/libgnutls.so > above >> suggests that assumption is wrong. > I assumed this for quite good reasons, but I think I will recheck > this today. (The maintainer of the Git branch of aria2 I am using > said this : "It seems initialization error of gnutls(which > initializes libgcrypt internally), but I've never met this before". > So, even if I'm not really invested in the coding of that program, I > assumed that they used gnutls to take care of the libgcrypt related > scripts (I checked the code a bit, and found calls of the gnutls > functions too)). Source : > http://sourceforge.net/apps/phpbb/aria2/viewtopic.php?f=2&t=135 and > https://github.com/tatsuhiro-t/aria2 As I noticed from your previous mails GnuTLS is linked with nettle (only). It might be that aria is using libgcrypt and was depending on gnutls to initialize it that is no longer the case. This is why you see the error message. regards, Nikos From bradh at frogmouth.net Sat Jul 30 08:12:47 2011 From: bradh at frogmouth.net (Brad Hards) Date: Sat, 30 Jul 2011 16:12:47 +1000 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: References: <201107301155.20907.bradh@frogmouth.net> Message-ID: <201107301612.47430.bradh@frogmouth.net> On Saturday 30 July 2011 15:53:49 Totony wrote: > Maybe :S (/investigation of aria2 code planned). > (Through, what would be the use of using 2 different crypto backends with > different wrappers ? Compatibility ?) Possibly needs to do some lower crypto operation (e.g. a sha1 operation) and using libgcrypt (directly) was an easy way to do it. > I assumed this for quite good reasons, but I think I will recheck this > today. > (The maintainer of the Git branch of aria2 I am using said this : "It seems > initialization error of gnutls(which initializes libgcrypt internally), but > I've never met this before". So, even if I'm not really invested in the > coding of that program, I assumed that they used gnutls to take care of the > libgcrypt related scripts (I checked the code a bit, and found calls of the > gnutls functions too)). > Source : http://sourceforge.net/apps/phpbb/aria2/viewtopic.php?f=2&t=135 > and https://github.com/tatsuhiro-t/aria2 It was probably true when gnutls always used gcrypt. Its now (another) bad assumption. In any case, this doesn't look like anything to do with gnutls. Brad From totony123 at gmail.com Sat Jul 30 18:38:08 2011 From: totony123 at gmail.com (Totony) Date: Sat, 30 Jul 2011 12:38:08 -0400 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: <4E33A0A4.20404@gnutls.org> References: <201107301108.15314.bradh@frogmouth.net> <201107301155.20907.bradh@frogmouth.net> <4E33A0A4.20404@gnutls.org> Message-ID: Ok, thanks for your help, I think that would be the problem too. (Maybe the addition of nettle just broke the compatibility with aria2). One last question : Is it possible to ask gnutls to init libgcrypt instead of nettle (using a function) ? (Even if gnutls is not linked to libgcrypt, if the executed program calls the init function of gnutls for libgcrypt, it should work, shouldn't it ?) -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradh at frogmouth.net Sun Jul 31 07:05:10 2011 From: bradh at frogmouth.net (Brad Hards) Date: Sun, 31 Jul 2011 15:05:10 +1000 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: References: <4E33A0A4.20404@gnutls.org> Message-ID: <201107311505.10559.bradh@frogmouth.net> On Sunday 31 July 2011 02:38:08 Totony wrote: > Ok, thanks for your help, I think that would be the problem too. > (Maybe the addition of nettle just broke the compatibility with aria2). > > One last question : Is it possible to ask gnutls to init libgcrypt instead > of nettle (using a function) ? This makes no sense to me. gcrypt might not even be installed. > (Even if gnutls is not linked to libgcrypt, if the executed program calls > the init function of gnutls for libgcrypt, it should work, shouldn't it ?) Unless you're going to make all kinds of dynamic linking assumptions, it can't. The linker should complain that you're calling a function that you're not linking to. The function prototypes for gcrypt initialisation won't be present (because you don't include headers for code you don't use). Fix aria2 to either initialise gcrypt or use nettle. Brad From totony123 at gmail.com Sun Jul 31 21:07:31 2011 From: totony123 at gmail.com (Totony) Date: Sun, 31 Jul 2011 15:07:31 -0400 Subject: Setting gnutls to use nettle instead of libgcrypt In-Reply-To: <201107311505.10559.bradh@frogmouth.net> References: <4E33A0A4.20404@gnutls.org> <201107311505.10559.bradh@frogmouth.net> Message-ID: Thanks for your help, it was a problem where aria2 assumed libgcrypt was initialized with gnutls. (As you pointed out) It got fixed by the project maintener. P.S : > This makes no sense to me. gcrypt might not even be installed. I was hoping I could do a temporary fix x) (Without having to search how to init libgcrypt as I didn't even know where I would've put it (I'm not involved in the coding of aria2)). -------------- next part -------------- An HTML attachment was scrubbed... URL: