From shengwl at uci.edu Thu Mar 1 06:42:38 2012 From: shengwl at uci.edu (Shengwei (William) Li) Date: Wed, 29 Feb 2012 21:42:38 -0800 Subject: how to compile GnuTLS In-Reply-To: References: Message-ID: <80EDCE0E-477C-4CC3-8287-87F9328C293C@uci.edu> Hi Peter, Same here when I tried to install it on my Mac with Snow Leopard. Although I have not successfully installed it, this post might be helpful for you: http://stackoverflow.com/questions/7965990/why-cant-nettle-2-4s-configure-find-gmp-5-0-2 Eventually, I installed it on 32-bit Ubuntu in Virtualbox. Regards, Shengwei (William) Li On Feb 29, 2012, at 10:32 AM, Peter Penzov wrote: > I trying to compile GnuTLS. These are the steps: > I use Centos 6.2 x86_64 > > I downloaded Nettle 2.4 > > [root at localhost opt]# wget http://www.lysator.liu.se/~nisse/archive/nettle-2.4.tar.gz > [root at localhost nettle-2.4]# tar zxvf nettle-2.4.tar.gz > [root at localhost nettle-2.4]# cd nettle-2.4 > [root at localhost nettle-2.4]# ./configure --enable-shared --prefix=/usr > > Version: nettle 2.4 > Host type: x86_64-unknown-linux-gnu > ABI: 64 > Assembly files: x86_64 > Install prefix: /usr > Library directory: ${exec_prefix}/lib64 > Compiler: gcc > Shared libraries: yes > Public key crypto: no > > > I run the command make and make install > > > I downloaded the latest GnuTLS > > ./configure --with-libnettle-prefix=/usr > > hecking for shared library run path origin... done > checking whether to use nettle... yes > checking for libnettle... no > configure: error: > *** > *** Libnettle 2.4 was not found. > > What am I missing? > > > Best wishes > Peter > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > https://lists.gnu.org/mailman/listinfo/help-gnutls -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at fuchsschwanzdomain.de Thu Mar 1 09:52:26 2012 From: lists at fuchsschwanzdomain.de (Sven Geggus) Date: Thu, 1 Mar 2012 08:52:26 +0000 (UTC) Subject: Smartcard + pkcs11 = segmentation fault... References: <20120229141932.GA4435@geggus.net> Message-ID: Nikos Mavrogiannopoulos wrote: > Could you try using valgrind or gdb to pinpoint the crash? Hm, looks like the proprietary library has some issues, but also does gnutls: (proprietary library warnings about uninitialised values skipped) Object 0: URL: pkcs11:library-description=Cryptographic%20Token%20Interface;library-manufacturer=A.E.T.%20Europe%20B.V.;model=3384110107000000;manufacturer=A.E.T.%20Europe%20B.V.;serial=00113C3800009B09;token=Fraunhofer-Smartcard;object=Secude%20Token%20ID;object-type=data Type: Data Label: Secude Token ID ==19018== Invalid read of size 1 ==19018== at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443) ==19018== by 0x4E75D41: pkcs11_get_info (pkcs11.c:409) ==19018== by 0x40424D: pkcs11_list (pkcs11.c:193) ==19018== by 0x403750: main (p11tool.c:135) ==19018== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==19018== ==19018== ==19018== Process terminating with default action of signal 11 (SIGSEGV) ==19018== Access not within mapped region at address 0x0 ==19018== at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443) ==19018== by 0x4E75D41: pkcs11_get_info (pkcs11.c:409) ==19018== by 0x40424D: pkcs11_list (pkcs11.c:193) ==19018== by 0x403750: main (p11tool.c:135) ==19018== If you believe this happened as a result of a stack ==19018== overflow in your program's main thread (unlikely but ==19018== possible), you can try to increase the size of the ==19018== main thread stack using the --main-stacksize= flag. ==19018== The main thread stack size used in this run was 8388608. ==19018== ==19018== HEAP SUMMARY: ==19018== in use at exit: 551,735 bytes in 1,892 blocks ==19018== total heap usage: 14,940 allocs, 13,048 frees, 8,311,394 bytes allocated ==19018== ==19018== LEAK SUMMARY: ==19018== definitely lost: 4 bytes in 1 blocks ==19018== indirectly lost: 0 bytes in 0 blocks ==19018== possibly lost: 288 bytes in 1 blocks ==19018== still reachable: 551,443 bytes in 1,890 blocks ==19018== suppressed: 0 bytes in 0 blocks ==19018== Rerun with --leak-check=full to see details of leaked memory ==19018== ==19018== For counts of detected and suppressed errors, rerun with: -v ==19018== ERROR SUMMARY: 34 errors from 15 contexts (suppressed: 25 from 7) Killed > Could you also try whether that issue occurs in gnutls 3.0.14? Jepp, I just compiled gnutls-3.0.14 from sources. Same Problem here. BTW "p11tool --login --list-certs" seems to work. Regards Sven -- Software patents are the software project equivalent of land mines: Each design decision carries a risk of stepping on a patent, which can destroy your project. (Richard M. Stallman) /me is giggls at ircnet, http://sven.gegg.us/ on the Web From peter.penzov at gmail.com Thu Mar 1 10:00:37 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Thu, 1 Mar 2012 11:00:37 +0200 Subject: how to compile GnuTLS In-Reply-To: <80EDCE0E-477C-4CC3-8287-87F9328C293C@uci.edu> References: <80EDCE0E-477C-4CC3-8287-87F9328C293C@uci.edu> Message-ID: configure:8798: checking for libnettle configure:8820: gcc -std=gnu99 -o conftest -g -O2 conftest.c /usr/lib/libnettle.so /usr/lib/libhogweed.so -lgmp >&5 /usr/bin/ld: cannot find -lgmp collect2: ld returned 1 exit status configure:8820: $? = 1 configure: failed program was: configure:8830: result: no configure:8856: error: *** *** Libnettle 2.4 was not found. I install gmp-devel. The problem is fixed. On Thu, Mar 1, 2012 at 7:42 AM, Shengwei (William) Li wrote: > Hi Peter, > > Same here when I tried to install it on my Mac with Snow Leopard. > > Although I have not successfully installed it, this post might be helpful > for you: > > http://stackoverflow.com/questions/7965990/why-cant-nettle-2-4s-configure-find-gmp-5-0-2 > > Eventually, I installed it on 32-bit Ubuntu in Virtualbox. > > Regards, > > Shengwei (William) Li > > On Feb 29, 2012, at 10:32 AM, Peter Penzov wrote: > > I trying to compile GnuTLS. These are the steps: > I use Centos 6.2 x86_64 > > I downloaded Nettle 2.4 > > [root at localhost opt]# wget > http://www.lysator.liu.se/~nisse/archive/nettle-2.4.tar.gz > [root at localhost nettle-2.4]# tar zxvf nettle-2.4.tar.gz > [root at localhost nettle-2.4]# cd nettle-2.4 > [root at localhost nettle-2.4]# ./configure --enable-shared --prefix=/usr > > Version: nettle 2.4 > Host type: x86_64-unknown-linux-gnu > ABI: 64 > Assembly files: x86_64 > Install prefix: /usr > Library directory: ${exec_prefix}/lib64 > Compiler: gcc > Shared libraries: yes > Public key crypto: no > > > I run the command make and make install > > > I downloaded the latest GnuTLS > > ./configure --with-libnettle-prefix=/usr > > hecking for shared library run path origin... done > checking whether to use nettle... yes > checking for libnettle... no > configure: error: > *** > *** Libnettle 2.4 was not found. > > What am I missing? > > > Best wishes > Peter > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > https://lists.gnu.org/mailman/listinfo/help-gnutls > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Thu Mar 1 10:23:23 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 1 Mar 2012 10:23:23 +0100 Subject: Smartcard + pkcs11 = segmentation fault... In-Reply-To: References: <20120229141932.GA4435@geggus.net> Message-ID: To my understanding the token contains an object without an ID. Could you add below this code (after else if (version != NULL)) http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/pkcs11.c;h=83fad64b893c0e79d26428a539a6f2ab3db13f02;hb=gnutls_2_12_x#l398 the following: else { *output_size = 0; if (output) output[0] = 0; return 0; } This would allow printing that object without crashing. regards, Nikos On Thu, Mar 1, 2012 at 9:52 AM, Sven Geggus wrote: > Nikos Mavrogiannopoulos wrote: > >> Could you try using valgrind or gdb to pinpoint the crash? > > Hm, looks like the proprietary library has some issues, but also does gnutls: > > (proprietary library warnings about uninitialised values skipped) > > Object 0: > ? ? ? ?URL: pkcs11:library-description=Cryptographic%20Token%20Interface;library-manufacturer=A.E.T.%20Europe%20B.V.;model=3384110107000000;manufacturer=A.E.T.%20Europe%20B.V.;serial=00113C3800009B09;token=Fraunhofer-Smartcard;object=Secude%20Token%20ID;object-type=data > ? ? ? ?Type: Data > ? ? ? ?Label: Secude Token ID > ==19018== Invalid read of size 1 > ==19018== ? ?at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443) > ==19018== ? ?by 0x4E75D41: pkcs11_get_info (pkcs11.c:409) > ==19018== ? ?by 0x40424D: pkcs11_list (pkcs11.c:193) > ==19018== ? ?by 0x403750: main (p11tool.c:135) > ==19018== ?Address 0x0 is not stack'd, malloc'd or (recently) free'd > ==19018== > ==19018== > ==19018== Process terminating with default action of signal 11 (SIGSEGV) > ==19018== ?Access not within mapped region at address 0x0 > ==19018== ? ?at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443) > ==19018== ? ?by 0x4E75D41: pkcs11_get_info (pkcs11.c:409) > ==19018== ? ?by 0x40424D: pkcs11_list (pkcs11.c:193) > ==19018== ? ?by 0x403750: main (p11tool.c:135) > ==19018== ?If you believe this happened as a result of a stack > ==19018== ?overflow in your program's main thread (unlikely but > ==19018== ?possible), you can try to increase the size of the > ==19018== ?main thread stack using the --main-stacksize= flag. > ==19018== ?The main thread stack size used in this run was 8388608. > ==19018== > ==19018== HEAP SUMMARY: > ==19018== ? ? in use at exit: 551,735 bytes in 1,892 blocks > ==19018== ? total heap usage: 14,940 allocs, 13,048 frees, 8,311,394 bytes > allocated > ==19018== > ==19018== LEAK SUMMARY: > ==19018== ? ?definitely lost: 4 bytes in 1 blocks > ==19018== ? ?indirectly lost: 0 bytes in 0 blocks > ==19018== ? ? ?possibly lost: 288 bytes in 1 blocks > ==19018== ? ?still reachable: 551,443 bytes in 1,890 blocks > ==19018== ? ? ? ? suppressed: 0 bytes in 0 blocks > ==19018== Rerun with --leak-check=full to see details of leaked memory > ==19018== > ==19018== For counts of detected and suppressed errors, rerun with: -v > ==19018== ERROR SUMMARY: 34 errors from 15 contexts (suppressed: 25 from 7) > Killed > >> Could you also try whether that issue occurs in gnutls 3.0.14? > > Jepp, I just compiled gnutls-3.0.14 from sources. Same Problem here. > > BTW "p11tool --login --list-certs" seems to work. > > Regards > > Sven > > -- > Software patents are the software project equivalent of land mines: Each > design decision carries a risk of stepping on a patent, which can destroy > your project. (Richard M. Stallman) > /me is giggls at ircnet, http://sven.gegg.us/ on the Web > > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > https://lists.gnu.org/mailman/listinfo/help-gnutls From lists at fuchsschwanzdomain.de Thu Mar 1 12:14:18 2012 From: lists at fuchsschwanzdomain.de (Sven Geggus) Date: Thu, 1 Mar 2012 11:14:18 +0000 (UTC) Subject: Smartcard + pkcs11 = segmentation fault... References: <20120229141932.GA4435@geggus.net> Message-ID: Nikos Mavrogiannopoulos wrote: > To my understanding the token contains an object without an ID. > Could you add below this code (after else if (version != NULL)) > http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/pkcs11.c;h=83fad64b893c0e79d26428a539a6f2ab3db13f02;hb=gnutls_2_12_x#l398 > the following: > else > { > *output_size = 0; > if (output) output[0] = 0; > return 0; > } > > This would allow printing that object without crashing. This gives a compiler error, but this slightly different Version does compile and makes "p11tool --login --list-all" work! gnutls-3.0.14/ > diff -u ./lib/pkcs11.c.orig ./lib/pkcs11.c --- ./lib/pkcs11.c.orig 2012-02-23 08:43:11.000000000 +0100 +++ ./lib/pkcs11.c 2012-03-01 12:07:14.864362795 +0100 @@ -400,7 +400,14 @@ (int)version->minor); terminate = 1; } - + else + { + *output_size = 0; + // if (output) output[0] = 0; + if (output) output = NULL; + return 0; + } + if (hexify) { /* terminate is assumed with hexify */ Thanks Sven -- "Das Einzige wovor wir Angst haben m?ssen ist die Angst selbst" (Franklin D. Roosevelt) /me is giggls at ircnet, http://sven.gegg.us/ on the Web From nmav at gnutls.org Thu Mar 1 12:18:09 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 1 Mar 2012 12:18:09 +0100 Subject: Smartcard + pkcs11 = segmentation fault... In-Reply-To: References: <20120229141932.GA4435@geggus.net> Message-ID: On Thu, Mar 1, 2012 at 12:14 PM, Sven Geggus wrote: > This gives a compiler error, but this slightly different Version does > compile and makes "p11tool --login --list-all" work! May I see the output if it is not private? I would be interested to know what kind of object doesn't have an id. regards, Nikos From simon at josefsson.org Thu Mar 1 12:22:01 2012 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 01 Mar 2012 12:22:01 +0100 Subject: Error Code -56 In-Reply-To: (Mihir Kulkarni's message of "Tue, 28 Feb 2012 19:46:58 -0800") References: Message-ID: <87boogsh0m.fsf@latte.josefsson.org> Mihir Kulkarni writes: > Hello, > We are trying out with Gnutls. We have created a dummy extension Foobar > following the steps given in the manual. We are using > "_gnutls_ext_set_session_data" in the client and then using > "_gnutls_ext_get_session_data" in the server to retrieve the data. The > value gets set correctly in client but when we retrieve it in the server, > the get function returns -56 as error code. Our implementation of Foobar > extension is almost similar to server-name extension already present in > Gnutls. > Can someone give some clarification as to what might be going wrong? Do let > me know if more information is needed. The error -56 means GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, see gnutls.h. Try running the server with debug logging and enabled, and in particular, try to find exactly where the -56 error is triggered. /Simon From peter.penzov at gmail.com Thu Mar 1 13:07:55 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Thu, 1 Mar 2012 14:07:55 +0200 Subject: Error in gnutls-3.0.14 compilation Message-ID: Hi, I tried to compile gnutls-3.0.14 on Centos 6.2 x86_64 This is the error log: make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' ./errcodes > error_codes.texi-tmp mv -f error_codes.texi-tmp error_codes.texi make ./printlist make[5]: Entering directory `/opt/gnu/gnutls-3.0.14/doc' CC printlist.o CCLD printlist make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' ./printlist > algorithms.texi-tmp mv -f algorithms.texi-tmp algorithms.texi make ./alert-printlist make[5]: Entering directory `/opt/gnu/gnutls-3.0.14/doc' CC alert-printlist.o CCLD alert-printlist make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' ./alert-printlist > alerts.texi-tmp mv -f alerts.texi-tmp alerts.texi echo "" > enums.texi-tmp for i in ../lib/includes/gnutls/abstract.h ../lib/includes/gnutls/compat.h ../lib/includes/gnutls/crypto.h ../lib/includes/gnutls/dtls.h ../lib/includes/gnutls/gnutls.h ../lib/includes/gnutls/gnutlsxx.h ../lib/includes/gnutls/ocsp.h ../lib/includes/gnutls/openpgp.h ../lib/includes/gnutls/pkcs11.h ../lib/includes/gnutls/pkcs12.h ../lib/includes/gnutls/x509.h; do \ echo -n "Creating documentation for $i... " && \ ./scripts/gdoc -texinfo $i >> enums.texi-tmp && \ echo "ok"; \ done Creating documentation for ../lib/includes/gnutls/abstract.h... warning: 230: Cannot understand prototype: 'typedef struct gnutls_pcert_st ' ok Creating documentation for ../lib/includes/gnutls/compat.h... ok Creating documentation for ../lib/includes/gnutls/crypto.h... ok Creating documentation for ../lib/includes/gnutls/dtls.h... warning: 62: Cannot understand prototype: 'typedef struct ' ok Creating documentation for ../lib/includes/gnutls/gnutls.h... ok Creating documentation for ../lib/includes/gnutls/gnutlsxx.h... ok Creating documentation for ../lib/includes/gnutls/ocsp.h... ok Creating documentation for ../lib/includes/gnutls/openpgp.h... ok Creating documentation for ../lib/includes/gnutls/pkcs11.h... ok Creating documentation for ../lib/includes/gnutls/pkcs12.h... ok Creating documentation for ../lib/includes/gnutls/x509.h... ok mv -f enums.texi-tmp enums.texi make compare-makefile make[5]: Entering directory `/opt/gnu/gnutls-3.0.14/doc' ENUMS=`grep '^@c ' enums.texi | sed 's/@c //g' | sort`; \ STR=""; \ for i in $ENUMS; do \ STR="$STR\nENUMS += enums/$i"; \ done; \ grep -v -e '^ENUMS += ' ./Makefile.am | \ perl -p -e "s,^ENUMS =,ENUMS =$STR," > tmp-compare-makefile; \ diff -u ./Makefile.am tmp-compare-makefile rm -f tmp-compare-makefile make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' mkdir enums mkdir: cannot create directory `enums': File exists make[4]: [stamp_enums] Error 1 (ignored) ./scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums restore=: && backupdir=".am$$" && \ am__cwd=`pwd` && CDPATH="${ZSH_VERSION+.}:" && cd . && \ rm -rf $backupdir && mkdir $backupdir && \ if (/bin/sh /opt/gnu/gnutls-3.0.14/build-aux/missing --run makeinfo --version) >/dev/null 2>&1; then \ for f in gnutls.info gnutls.info-[0-9] gnutls.info-[0-9][0-9] gnutls.i[0-9] gnutls.i[0-9][0-9]; do \ if test -f $f; then mv $f $backupdir; restore=mv; else :; fi; \ done; \ else :; fi && \ cd "$am__cwd"; \ if /bin/sh /opt/gnu/gnutls-3.0.14/build-aux/missing --run makeinfo -I ../doc -I . \ -o gnutls.info gnutls.texi; \ then \ rc=0; \ CDPATH="${ZSH_VERSION+.}:" && cd .; \ else \ rc=$?; \ CDPATH="${ZSH_VERSION+.}:" && cd . && \ $restore $backupdir/* `echo "./gnutls.info" | sed 's|[^/]*$||'`; \ fi; \ rm -rf $backupdir; exit $rc /opt/gnu/gnutls-3.0.14/doc//cha-internals.texi:43: Cross reference to nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-examples.texi:95: Cross reference to nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1338: Cross reference to nonexistent node `gnutls_pk_bits_to_sec_param' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1336: Cross reference to nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1257: Cross reference to nonexistent node `gnutls_rnd' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1252: Cross reference to nonexistent node `gnutls_rnd' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1252: Cross reference to nonexistent node `gnutls_hash_fast' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1251: Cross reference to nonexistent node `gnutls_hash_get_len' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1250: Cross reference to nonexistent node `gnutls_hash_deinit' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1249: Cross reference to nonexistent node `gnutls_hash_output' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1248: Cross reference to nonexistent node `gnutls_hash' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1247: Cross reference to nonexistent node `gnutls_hash_init' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1247: Cross reference to nonexistent node `gnutls_hmac_fast' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1246: Cross reference to nonexistent node `gnutls_hmac_get_len' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1245: Cross reference to nonexistent node `gnutls_hmac_deinit' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1244: Cross reference to nonexistent node `gnutls_hmac_output' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1243: Cross reference to nonexistent node `gnutls_hmac' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1242: Cross reference to nonexistent node `gnutls_hmac_init' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1233: Cross reference to nonexistent node `gnutls_cipher_tag' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1232: Cross reference to nonexistent node `gnutls_cipher_add_auth' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1231: Cross reference to nonexistent node `gnutls_cipher_deinit' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1230: Cross reference to nonexistent node `gnutls_cipher_set_iv' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1229: Cross reference to nonexistent node `gnutls_cipher_decrypt2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1228: Cross reference to nonexistent node `gnutls_cipher_encrypt2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1227: Cross reference to nonexistent node `gnutls_cipher_init' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1117: Cross reference to nonexistent node `gnutls_session_channel_binding' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1103: Cross reference to nonexistent node `gnutls_prf_raw' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1092: Cross reference to nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1085: Cross reference to nonexistent node `gnutls_prf' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1077: Cross reference to nonexistent node `gnutls_certificate_set_params_function' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1074: Cross reference to nonexistent node `gnutls_rsa_params_export_pkcs1' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1073: Cross reference to nonexistent node `gnutls_rsa_params_import_pkcs1' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1072: Cross reference to nonexistent node `gnutls_certificate_set_rsa_export_params' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1071: Cross reference to nonexistent node `gnutls_rsa_params_generate2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1052: Cross reference to nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1049: Cross reference to nonexistent node `gnutls_anon_set_server_dh_params' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1048: Cross reference to nonexistent node `gnutls_certificate_set_dh_params' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1047: Cross reference to nonexistent node `gnutls_dh_params_import_pkcs3' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1046: Cross reference to nonexistent node `gnutls_dh_params_generate2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1043: Cross reference to nonexistent node `gnutls_anon_set_server_dh_params' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1042: Cross reference to nonexistent node `gnutls_certificate_set_dh_params' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1040: Cross reference to nonexistent node `gnutls_dh_params_import_pkcs3' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1039: Cross reference to nonexistent node `gnutls_dh_params_generate2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1026: Cross reference to nonexistent node `gnutls_session_resumption_requested' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1025: Cross reference to nonexistent node `gnutls_session_ticket_key_generate' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1024: Cross reference to nonexistent node `gnutls_session_ticket_enable_server' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1021: Cross reference to nonexistent node `gnutls_session_ticket_enable_server' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1019: Cross reference to nonexistent node `gnutls_session_ticket_key_generate' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1017: Cross reference to nonexistent node `gnutls_db_check_entry' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1019: Cross reference to nonexistent node `gnutls_db_set_remove_function' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1018: Cross reference to nonexistent node `gnutls_db_set_ptr' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1017: Cross reference to nonexistent node `gnutls_db_set_store_function' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1016: Cross reference to nonexistent node `gnutls_db_set_retrieve_function' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1012: Cross reference to nonexistent node `gnutls_db_check_entry' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1002: Cross reference to nonexistent node `gnutls_session_is_resumed' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1000: Cross reference to nonexistent node `gnutls_session_ticket_enable_client' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:996: Cross reference to nonexistent node `gnutls_session_ticket_enable_client' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:990: Cross reference to nonexistent node `gnutls_session_set_data' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:989: Cross reference to nonexistent node `gnutls_session_get_id' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:988: Cross reference to nonexistent node `gnutls_session_get_data' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:985: Cross reference to nonexistent node `gnutls_session_set_data' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:748: Cross reference to nonexistent node `gnutls_priority_set' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:747: Cross reference to nonexistent node `gnutls_priority_set_direct' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:734: Cross reference to nonexistent node `gnutls_alert_get_name' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:733: Cross reference to nonexistent node `gnutls_error_to_alert' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:731: Cross reference to nonexistent node `gnutls_alert_send' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:729: Cross reference to nonexistent node `gnutls_alert_get' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:726: Cross reference to nonexistent node `gnutls_alert_send' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:725: Cross reference to nonexistent node `gnutls_record_recv' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:725: Cross reference to nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:715: Cross reference to nonexistent node `gnutls_deinit' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:714: Cross reference to nonexistent node `gnutls_bye' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:711: Cross reference to nonexistent node `gnutls_deinit' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:707: Cross reference to nonexistent node `gnutls_bye' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:705: Cross reference to nonexistent node `gnutls_record_get_direction' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:704: Cross reference to nonexistent node `gnutls_record_check_pending' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:700: Cross reference to nonexistent node `gnutls_record_check_pending' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:697: Cross reference to nonexistent node `gnutls_record_check_pending' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:696: Cross reference to nonexistent node `gnutls_record_recv_seq' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:689: Cross reference to nonexistent node `gnutls_error_is_fatal' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:687: Cross reference to nonexistent node `gnutls_record_recv' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:685: Cross reference to nonexistent node `gnutls_record_send' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:680: Cross reference to nonexistent node `gnutls_error_is_fatal' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:674: Cross reference to nonexistent node `gnutls_certificate_verify_peers2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:669: Cross reference to nonexistent node `gnutls_certificate_verify_peers2' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:668: Cross reference to nonexistent node `gnutls_certificate_set_verify_function' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:664: Cross reference to nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:656: Cross reference to nonexistent node `gnutls_dtls_get_data_mtu' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:655: Cross reference to nonexistent node `gnutls_dtls_get_mtu' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:654: Cross reference to nonexistent node `gnutls_dtls_set_mtu' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:644: Cross reference to nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:644: Cross reference to nonexistent node `gnutls_dtls_prestate_set' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:643: Cross reference to nonexistent node `gnutls_dtls_cookie_verify' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:642: Cross reference to nonexistent node `gnutls_dtls_cookie_send' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:641: Cross reference to nonexistent node `gnutls_key_generate' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:637: Cross reference to nonexistent node `gnutls_dtls_prestate_set' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:635: Cross reference to nonexistent node `gnutls_dtls_cookie_verify' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:633: Cross reference to nonexistent node `gnutls_dtls_cookie_send' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:623: Cross reference to nonexistent node `gnutls_init' (perhaps incorrect sectioning?). /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:618: Cross reference to nonexistent node `gnutls_record_recv' (perhaps incorrect sectioning?). Too many errors! Gave up. make[4]: *** [gnutls.info] Error 1 make[4]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/opt/gnu/gnutls-3.0.14' make: *** [all] Error 2 [root at Testserver gnutls-3.0.14]# -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Thu Mar 1 17:37:10 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 01 Mar 2012 17:37:10 +0100 Subject: Error in gnutls-3.0.14 compilation In-Reply-To: References: Message-ID: <4F4FA5B6.10309@gnutls.org> On 03/01/2012 01:07 PM, Peter Penzov wrote: > Hi, > I tried to compile gnutls-3.0.14 on Centos 6.2 x86_64 > > This is the error log: [...] > /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1336: Cross reference to > nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect > sectioning?). Hello, The documentation has problems building in 3.0.14. Nevertheless the library and the applications are properly built. You can use the website to download the required documentation. regards, Nikos From peter.penzov at gmail.com Thu Mar 1 17:38:58 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Thu, 1 Mar 2012 18:38:58 +0200 Subject: Error in gnutls-3.0.14 compilation In-Reply-To: <4F4FA5B6.10309@gnutls.org> References: <4F4FA5B6.10309@gnutls.org> Message-ID: How I can disable the documentation build during compilation time to skip this error? On Thu, Mar 1, 2012 at 6:37 PM, Nikos Mavrogiannopoulos wrote: > On 03/01/2012 01:07 PM, Peter Penzov wrote: > > > Hi, > > I tried to compile gnutls-3.0.14 on Centos 6.2 x86_64 > > > > This is the error log: > [...] > > /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1336: Cross reference to > > nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect > > sectioning?). > > > Hello, > The documentation has problems building in 3.0.14. Nevertheless the > library and the applications are properly built. You can use the > website to download the required documentation. > > regards, > Nikos > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Thu Mar 1 18:20:21 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 01 Mar 2012 18:20:21 +0100 Subject: Error in gnutls-3.0.14 compilation In-Reply-To: References: <4F4FA5B6.10309@gnutls.org> Message-ID: <4F4FAFD5.2010001@gnutls.org> On 03/01/2012 05:38 PM, Peter Penzov wrote: > How I can disable the documentation build during compilation time to skip > this error? You cannot but anything that you need is already built. What you can do to avoid the error is to do a "Make -C gl && make -C lib && make -C src". regards, Nikos From peter.penzov at gmail.com Thu Mar 1 21:59:12 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Thu, 1 Mar 2012 22:59:12 +0200 Subject: SRP passwd.conf file Message-ID: Hi, I want to implement SRP server and client with GnuTLS. I'm trying to compile and run the examples in GnuTLS. I have two questions: 1. I created passwd.conf file where I suppose that the server looks for password files. Would you tell me in what format I have to store there the passwords? Just very simple example how this file must look like. 2. I want to store the SRP user and password into database not passd.conf file. I looked at the server source code and I found that the function gnutls_srp_set_server_credentials_file is used to retrieve the user credentials from file. I found in GnuTLS documentation that gnutls_srp_set_server_credentials_function can be used for username and extraction from database. Am I correct? Best wishes -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.penzov at gmail.com Thu Mar 1 22:51:24 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Thu, 1 Mar 2012 23:51:24 +0200 Subject: Error in GnuTLS example Message-ID: Hi, I'm trying to run the example ex-serv-srp.c I get this error: [root at localhost test]# ./server Echo Server ready. Listening to port '5556'. - connection from 127.0.0.1, port 38141 *** glibc detected *** ./server: double free or corruption (fasttop): 0x095cd5c0 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6ea31)[0x89ba31] /usr/local/lib/libgnutls.so.28(+0x90bd9)[0xdf9bd9] /usr/local/lib/libgnutls.so.28(+0x9095a)[0xdf995a] /usr/local/lib/libgnutls.so.28(+0x1e878)[0xd87878] /usr/local/lib/libgnutls.so.28(+0x1c1a8)[0xd851a8] /usr/local/lib/libgnutls.so.28(gnutls_handshake+0x47)[0xd85937] ./server[0x8049040] /lib/libc.so.6(__libc_start_main+0xe6)[0x843ce6] ./server[0x8048c51] ======= Memory map: ======== 002ab000-002ac000 r-xp 00000000 00:00 0 [vdso] 00521000-0053f000 r-xp 00000000 fd:00 131042 /lib/ld-2.12.so 0053f000-00540000 r--p 0001d000 fd:00 131042 /lib/ld-2.12.so 00540000-00541000 rw-p 0001e000 fd:00 131042 /lib/ld-2.12.so 005f4000-00640000 r-xp 00000000 fd:00 4823 /usr/lib/sse2/libgmp.so.3.5.0 00640000-00643000 rw-p 0004b000 fd:00 4823 /usr/lib/sse2/libgmp.so.3.5.0 00733000-0074a000 r-xp 00000000 fd:00 131073 /lib/libpthread-2.12.so 0074a000-0074b000 r--p 00016000 fd:00 131073 /lib/libpthread-2.12.so 0074b000-0074c000 rw-p 00017000 fd:00 131073 /lib/libpthread-2.12.so 0074c000-0074e000 rw-p 00000000 00:00 0 0082d000-009b6000 r-xp 00000000 fd:00 131049 /lib/libc-2.12.so 009b6000-009b7000 ---p 00189000 fd:00 131049 /lib/libc-2.12.so 009b7000-009b9000 r--p 00189000 fd:00 131049 /lib/libc-2.12.so 009b9000-009ba000 rw-p 0018b000 fd:00 131049 /lib/libc-2.12.so 009ba000-009bd000 rw-p 00000000 00:00 0 00c47000-00c64000 r-xp 00000000 fd:00 131015 /lib/libgcc_s-4.4.6-20110824.so.1 00c64000-00c65000 rw-p 0001d000 fd:00 131015 /lib/libgcc_s-4.4.6-20110824.so.1 00d69000-00e51000 r-xp 00000000 fd:00 18887 /usr/local/lib/libgnutls.so.28.3.0 00e51000-00e57000 rw-p 000e7000 fd:00 18887 /usr/local/lib/libgnutls.so.28.3.0 00ecc000-00ed3000 r-xp 00000000 fd:00 131077 /lib/librt-2.12.so 00ed3000-00ed4000 r--p 00006000 fd:00 131077 /lib/librt-2.12.so 00ed4000-00ed5000 rw-p 00007000 fd:00 131077 /lib/librt-2.12.so 08048000-0804a000 r-xp 00000000 fd:00 281891 /opt/test/server 0804a000-0804b000 rw-p 00001000 fd:00 281891 /opt/test/server 095c0000-095e1000 rw-p 00000000 00:00 0 [heap] b77dc000-b77de000 rw-p 00000000 00:00 0 b77e2000-b77e7000 rw-p 00000000 00:00 0 bfa32000-bfa47000 rw-p 00000000 00:00 0 [stack] Aborted [root at localhost test]# Is this a bug? Best wishes -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Fri Mar 2 00:32:34 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 02 Mar 2012 00:32:34 +0100 Subject: Error in GnuTLS example In-Reply-To: References: Message-ID: <4F500712.9090907@gnutls.org> On 03/01/2012 10:51 PM, Peter Penzov wrote: > Hi, > I'm trying to run the example ex-serv-srp.c I get this error: > > [root at localhost test]# ./server > Echo Server ready. Listening to port '5556'. > > - connection from 127.0.0.1, port 38141 > *** glibc detected *** ./server: double free or corruption (fasttop): > 0x095cd5c0 *** [...] > Is this a bug? You are right it is a bug. Thanks for reporting it. Unfortunately there is no work-around, but will be solved on the next release. regards, Nikos From peter.penzov at gmail.com Fri Mar 2 00:46:06 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Fri, 2 Mar 2012 01:46:06 +0200 Subject: How to compile GnuTLS examples using headers from custom build Message-ID: Hi, I want to compile GnuTLS examples. I use this command to compile example: gcc -o server ex-serv-srp.c -lgnutls -Wall -Werror -g The problem is that I have default gnutls-2.8.5-4.el6.i686 package installed on Centos 6.2. I suppose that when I try to compile the example with -lgnutls argument the headers from the installed rpm are used. I want to use headers from my custom build which is compiled in /opt/gnutls-3.0.8. and /usr/local/lib/libgnutls.so. Where I can find the header files into the gnutls build direcotry? How I can include them during compilation time? Best wishes -------------- next part -------------- An HTML attachment was scrubbed... URL: From bradh at frogmouth.net Fri Mar 2 00:56:34 2012 From: bradh at frogmouth.net (Brad Hards) Date: Fri, 2 Mar 2012 10:56:34 +1100 Subject: How to compile GnuTLS examples using headers from custom build In-Reply-To: References: Message-ID: <201203021056.34664.bradh@frogmouth.net> On Friday 02 March 2012 10:46:06 Peter Penzov wrote: > I want to use headers from my custom build which is compiled in > /opt/gnutls-3.0.8. and /usr/local/lib/libgnutls.so. Where I can find the > header files into the gnutls build direcotry? It depends on how you built it, but if the library was installed to /usr/local/lib, then the headers are probably in /usr/local/include. If not, re-run the installation and inspect the file / directory locations. > How I can include them during compilation time? The -I (upper case i) option to gcc will allow this. Consult the gcc manual page for more details. Brad From peter.penzov at gmail.com Fri Mar 2 02:56:21 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Fri, 2 Mar 2012 03:56:21 +0200 Subject: How to run the ex-serv-psk.c example Message-ID: I'm trying to run the example ex-serv-psk.c from gnutls 3.0.14. I generated self signed certificate using these commands: certtool --generate-privkey --outfile key.pem certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem I compiled the examples ex-serv-psk.c and ex-client-psk.c. When I try to run them I get this error: [root at localhost test]# ./server Server ready. Listening to port '5556'. - connection from 127.0.0.1, port 38184 *** Handshake has failed (The TLS connection was non-properly terminated.) [root at localhost test]# ./client *** Handshake failed GnuTLS error: Insufficient credentials for that request. [root at localhost test]# Is it do I need something else to run these examples? I modified some o #define KEYFILE "key.pem" #define CERTFILE "cert.pem" #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define CRLFILE "crl.pem" How I must create CAFILE and CRLFILE? I created self-signed certificate. Do I need these files in this case? Best wishes -------------- next part -------------- An HTML attachment was scrubbed... URL: From simon at josefsson.org Fri Mar 2 14:16:52 2012 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 02 Mar 2012 14:16:52 +0100 Subject: Error Code -56 In-Reply-To: (Karthik Ragunath's message of "Thu, 1 Mar 2012 16:01:57 -0800") References: <87boogsh0m.fsf@latte.josefsson.org> Message-ID: <87pqcvp2gr.fsf@latte.josefsson.org> Karthik Ragunath writes: > Hi Simon, > The error -56 is actually triggered as the return value in the following > call > ret =_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_FOOBAR, > &epriv); > at the client side before we try to set the relevant data in the set method > of the extension. Sounds like you mixed up the directionality, clients usually send extension data before receiving it, so it is normal for there to be no extension data in a client that is sending. Try skipping the above step and just let the client send its data. Use wireshark to check that the extension was sent. Then work on the server side... /Simon > > We are trying to use the server name extension as a guide to build our own > extension > > I guess we are missing something to register/enable the extension, but we > followed the instructions as specified in the manual. > > Would be greatly helpful if you could help us troubleshoot the issue. > > Thanks, > Karthik > > >> >> ---------- Forwarded message ---------- >> From: Simon Josefsson >> Date: Thu, Mar 1, 2012 at 3:22 AM >> Subject: Re: Error Code -56 >> To: Mihir Kulkarni >> Cc: help-gnutls at gnu.org >> >> >> Mihir Kulkarni writes: >> >> > Hello, >> > We are trying out with Gnutls. We have created a dummy extension Foobar >> > following the steps given in the manual. We are using >> > "_gnutls_ext_set_session_data" in the client and then using >> > "_gnutls_ext_get_session_data" in the server to retrieve the data. The >> > value gets set correctly in client but when we retrieve it in the server, >> > the get function returns -56 as error code. Our implementation of Foobar >> > extension is almost similar to server-name extension already present in >> > Gnutls. >> > Can someone give some clarification as to what might be going wrong? Do >> let >> > me know if more information is needed. >> >> The error -56 means GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, see gnutls.h. >> Try running the server with debug logging and enabled, and in >> particular, try to find exactly where the -56 error is triggered. >> >> /Simon >> >> From nmav at gnutls.org Fri Mar 2 19:22:00 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 02 Mar 2012 19:22:00 +0100 Subject: gnutls 2.12.16 Message-ID: <4F510FC8.6030505@gnutls.org> Hello, I've just released gnutls 2.12.17. It includes several bug fixes. Version 2.12.17 (released 2012-03-02) ** libgnutls: Corrections in record packet parsing. Reported by Matthew Hall. ** libgnutls: Fixes in SRP authentication. ** libgnutls: Added function to force explicit reinitialization of PKCS #11 modules. This is required on the child process after a fork. ** libgnutls: PKCS #11 objects that do not have ID no longer crash listing. Reported by Sven Geggus. ** API and ABI modifications: gnutls_pkcs11_reinit: Added Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Fri Mar 2 19:37:04 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 02 Mar 2012 19:37:04 +0100 Subject: How to run the ex-serv-psk.c example In-Reply-To: References: Message-ID: <4F511350.6070507@gnutls.org> On 03/02/2012 02:56 AM, Peter Penzov wrote: > I'm trying to run the example ex-serv-psk.c from gnutls 3.0.14. > > I generated self signed certificate using these commands: > > certtool --generate-privkey --outfile key.pem > certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem > > I compiled the examples ex-serv-psk.c and ex-client-psk.c. When I try to > run them I get this error: > > [root at localhost test]# ./server > Server ready. Listening to port '5556'. > > - connection from 127.0.0.1, port 38184 > *** Handshake has failed (The TLS connection was non-properly terminated.) You can connect to the example server using gnutls-cli. The example client requires to add "+PSK" to the priority string. I've corrected it on the documentation. > Is it do I need something else to run these examples? > I modified some o > #define KEYFILE "key.pem" > #define CERTFILE "cert.pem" > #define CAFILE "/etc/ssl/certs/ca-certificates.crt" > #define CRLFILE "crl.pem" > How I must create CAFILE and CRLFILE? I created self-signed certificate. Do > I need these files in this case? CAFILE and CRLFILE are not currently used in the currently supported PSK ciphersuites so you could ignore them. I didn't remove them because it is planned for the RSA-PSK ciphersuite to be added which will use them. regards, Nikos From nmav at gnutls.org Fri Mar 2 19:42:05 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 02 Mar 2012 19:42:05 +0100 Subject: gnutls 3.0.15 Message-ID: <4F51147D.4090907@gnutls.org> Hello, I've just released gnutls 3.0.15. This is a bug-fix release on the current stable branch. * Version 3.0.15 (released 2012-03-02) ** test suite: Only run under valgrind in the development system (the full git repository) ** command line apps: Link with local libopts if the installed is an old one. ** libgnutls: Eliminate double free during SRP authentication. Reported by Peter Penzov. ** libgnutls: Corrections in record packet parsing. Reported by Matthew Hall. ** libgnutls: Cryptodev updates and fixes. ** libgnutls: Corrected issue with select() that affected FreeBSD. This prevented establishing DTLS sessions. Reported by Andreas Metzler. ** libgnutls: Corrected rehandshake and resumption operations in DTLS. Reported by Sean Buckheister. ** libgnutls: PKCS #11 objects that do not have ID no longer crash listing. Reported by Sven Geggus. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From . The list of GNU mirrors can be found at and a list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.15.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.15.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From peter.penzov at gmail.com Fri Mar 2 22:09:07 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Fri, 2 Mar 2012 23:09:07 +0200 Subject: Received corrupted data(-54). Closing the connection. Message-ID: Hi, I'm working on a example with GnuTLS - ex-serv-x509.c. I made a loop insight the client which makes a connection with the server and sends 200 times simple string. The interesting part in when I type Ctrl+C and I kill the client I get this error on the server? [root at localhost test]# ./server Server ready. Listening to port '5556'. - connection from 127.0.0.1, port 41441 - Handshake was completed *** Received corrupted data(-54). Closing the connection. [root at localhost test]# Why the server crashes when I kill the client? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Fri Mar 2 22:26:56 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 02 Mar 2012 22:26:56 +0100 Subject: Received corrupted data(-54). Closing the connection. In-Reply-To: References: Message-ID: <4F513B20.3080809@gnutls.org> On 03/02/2012 10:09 PM, Peter Penzov wrote: > Hi, > I'm working on a example with GnuTLS - ex-serv-x509.c. I made a loop > insight the client which makes a connection with the server and sends 200 > times simple string. The interesting part in when I type Ctrl+C and I kill > the client I get this error on the server? > > [root at localhost test]# ./server > Server ready. Listening to port '5556'. > > - connection from 127.0.0.1, port 41441 > - Handshake was completed > *** Received corrupted data(-54). Closing the connection. > Why the server crashes when I kill the client? This is not a crash. This is an error from your server. In your case gnutls propagated an error from recv() to your server. Whether to accept more connections or exit is up to your application. In TLS it is recommended to terminate the sessions on the TLS layer as in: http://www.gnu.org/software/gnutls/manual/html_node/Data-transfer-and-termination.html#Data-transfer-and-termination regards, Nikos From peter.penzov at gmail.com Sun Mar 4 18:56:34 2012 From: peter.penzov at gmail.com (Peter Penzov) Date: Sun, 4 Mar 2012 19:56:34 +0200 Subject: Examples with GnuTLS and Java Message-ID: Hi, I'm looking for examples with GnuTLS and Java. Are there any links with examples which you can recommend me? Best wishes -------------- next part -------------- An HTML attachment was scrubbed... URL: From mrsam at courier-mta.com Sun Mar 4 19:52:12 2012 From: mrsam at courier-mta.com (Sam Varshavchik) Date: Sun, 04 Mar 2012 13:52:12 -0500 Subject: Examples with GnuTLS and Java References: Message-ID: Peter Penzov writes: > Hi, > ?? I'm looking for examples with GnuTLS and Java. Are there any links with > examples which you can recommend me? GnuTLS is a C library. Java has its own implementation of SSL and TLS. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From mihirk at uci.edu Fri Mar 9 04:09:33 2012 From: mihirk at uci.edu (Mihir Kulkarni) Date: Thu, 8 Mar 2012 19:09:33 -0800 Subject: Unable to access contents of "gnutls_session_int" in client code Message-ID: Hello, I am using the simple client with anonymous authentication code given on the gnutls page. In the code after the line: *gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",* * NULL);* when I try to access contents of session like "*session->internals.priorities.cipher.priority[0]" *or any other variable from the structure "priorities", it throws me a "dereferencing pointer to incomplete type error". I tried using these lines in X.509 authentication code for client too. But it gives me the same error. 1. Am I trying to access the contents at the wrong location? 2. Is it that "session" is not filled with the values I'm trying to access? Please let me know where I'm going wrong. Thank you in advance. regards, Mihir Kulkarni Graduate Student University of California, Irvine https://sites.google.com/site/mihirkulkarni31/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Fri Mar 9 09:33:05 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 09 Mar 2012 09:33:05 +0100 Subject: Unable to access contents of "gnutls_session_int" in client code In-Reply-To: References: Message-ID: <4F59C041.5090807@gnutls.org> On 03/09/2012 04:09 AM, Mihir Kulkarni wrote: > Hello, > I am using the simple client with anonymous authentication code given on > the gnutls page. In the code after the line: > *gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",* > * NULL);* > when I try to access contents of session like > "*session->internals.priorities.cipher.priority[0]" > *or any other variable from the structure "priorities", it throws me a > "dereferencing pointer to incomplete type error". I tried using these lines > in X.509 authentication code for client too. But it gives me the same error. > 1. Am I trying to access the contents at the wrong location? This is what an API is about. You can only access the session using the documented functions. > 2. Is it that "session" is not filled with the values I'm trying to access? It is the correct. If you need to access the session anyway you can only do it by modifying the gnutls source code by adding a new function. regards, Nikos From lists at fuchsschwanzdomain.de Thu Mar 15 12:57:04 2012 From: lists at fuchsschwanzdomain.de (Sven Geggus) Date: Thu, 15 Mar 2012 11:57:04 +0000 (UTC) Subject: Verifying server certificate failed?! Message-ID: Hello, calling https://iad.iosb.fraunhofer.de/~geg/ using a Webbrowser gives me a valid TLS connection. So does "gnutls-cli iad.iosb.fraunhofer.de -p 443" But calling the following dows not work: gnutls-cli iad.iosb.fraunhofer.de -p 443 --x509cafile /etc/ssl/certs/ca-certificates.crt Processed 142 CA certificate(s). Resolving 'iad.iosb.fraunhofer.de'... Connecting to '153.96.8.17:443'... *** Verifying server certificate failed... *** Fatal error: Error in the certificate. *** Handshake has failed GnuTLS error: Error in the certificate. Is this a Bug in gnutls or a missconfiguration of my Apache Server? Sven -- The source code is not comprehensible (found in bug section of man 8 telnetd on Redhat Linux) /me is giggls at ircnet, http://sven.gegg.us/ on the Web From rich at kde.org Thu Mar 15 13:53:39 2012 From: rich at kde.org (Richard Moore) Date: Thu, 15 Mar 2012 12:53:39 +0000 Subject: Verifying server certificate failed?! In-Reply-To: References: Message-ID: Your chain file includes the root certificate as well as the intermediate certificate. You should not be transmitting that one (though I think GnuTLS should ignore it and would regard it as a bug if it doesn't). Cheers Rich. On 15 March 2012 11:57, Sven Geggus wrote: > Hello, > > calling https://iad.iosb.fraunhofer.de/~geg/ using a Webbrowser gives me a > valid TLS connection. > > So does "gnutls-cli iad.iosb.fraunhofer.de -p 443" > > But calling the following dows not work: > gnutls-cli iad.iosb.fraunhofer.de -p 443 --x509cafile /etc/ssl/certs/ca-certificates.crt > Processed 142 CA certificate(s). > Resolving 'iad.iosb.fraunhofer.de'... > Connecting to '153.96.8.17:443'... > *** Verifying server certificate failed... > *** Fatal error: Error in the certificate. > *** Handshake has failed > GnuTLS error: Error in the certificate. > > Is this a Bug in gnutls or a missconfiguration of my Apache Server? > > Sven > > -- > The source code is not comprehensible > ? ? ? ? ? ? ? ? (found in bug section of man 8 telnetd on Redhat Linux) > > /me is giggls at ircnet, http://sven.gegg.us/ on the Web > > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > https://lists.gnu.org/mailman/listinfo/help-gnutls From lists at fuchsschwanzdomain.de Thu Mar 15 16:19:08 2012 From: lists at fuchsschwanzdomain.de (Sven Geggus) Date: Thu, 15 Mar 2012 15:19:08 +0000 (UTC) Subject: Verifying server certificate failed?! References: Message-ID: Richard Moore wrote: > Your chain file includes the root certificate as well as the > intermediate certificate. You should not be transmitting that one There has been one unrelated certificate (the one for the User CA) in the chain which caused the problem. Sending the root cert is probably tolerated. I did not check this. What I have now is the following: SSLCertificateChainFile /path/to/file/with/all/intermediate/certs SSLCACertificateFile /path/to/file/with/all/certs/including/root Anything else causes trouble. My first try has been to put all certificates into one file and point SSLCertificateChainFile and SSLCACertificateFile to this file. So I definitely think gnutls should be more tolerant about certificates which are not in use but provided anyway. Regards Sven -- "In my opinion MS is a lot better at making money than it is at making good operating systems" (Linus Torvalds, August 1997) /me is giggls at ircnet, http://sven.gegg.us/ on the Web From nmav at gnutls.org Thu Mar 15 19:05:40 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 15 Mar 2012 19:05:40 +0100 Subject: Verifying server certificate failed?! In-Reply-To: References: Message-ID: <4F622F74.9020608@gnutls.org> On 03/15/2012 04:19 PM, Sven Geggus wrote: > So I definitely think gnutls should be more tolerant about > certificates which are not in use but provided anyway. I don't think this is a good idea. The protocol exactly specifies which certificates should be present. It does not allow any kind of additional information to be present so by providing it you violate the protocol. On the practical side, a simpler parser allows for simpler code and thus less bugs. regards, Nikos From lists at fuchsschwanzdomain.de Thu Mar 15 23:11:02 2012 From: lists at fuchsschwanzdomain.de (Sven Geggus) Date: Thu, 15 Mar 2012 22:11:02 +0000 (UTC) Subject: Verifying server certificate failed?! References: <4F622F74.9020608@gnutls.org> Message-ID: Nikos Mavrogiannopoulos wrote: > I don't think this is a good idea. The protocol exactly specifies which > certificates should be present. It does not allow any kind of additional > information to be present so by providing it you violate the protocol. RFC documents are not set in stone. Quite the opposite, their sole purpose is to enable interoperability. So if breaking the rules is good for interoperability the RFC should be changed in the first place. Back to the original discussion. FF, chrome and even IE do not care about the unnecessary certificates at all. > On the practical side, a simpler parser allows for simpler code and > thus less bugs. *granted* Sven -- "Der wichtigste Aspekt, den Sie vor der Entscheidung f?r ein Open Source-Betriebssystem bedenken sollten, ist, dass Sie kein Windows-Betriebssystem erhalten." (von http://www.dell.de/ubuntu) /me is giggls at ircnet, http://sven.gegg.us/ on the Web From tzz at lifelogs.com Fri Mar 16 13:00:54 2012 From: tzz at lifelogs.com (Ted Zlatanov) Date: Fri, 16 Mar 2012 08:00:54 -0400 Subject: Verifying server certificate failed?! References: <4F622F74.9020608@gnutls.org> Message-ID: <871uosah6x.fsf@lifelogs.com> On Thu, 15 Mar 2012 19:05:40 +0100 Nikos Mavrogiannopoulos wrote: NM> On 03/15/2012 04:19 PM, Sven Geggus wrote: >> So I definitely think gnutls should be more tolerant about >> certificates which are not in use but provided anyway. NM> I don't think this is a good idea. The protocol exactly specifies which NM> certificates should be present. It does not allow any kind of additional NM> information to be present so by providing it you violate the protocol. NM> On the practical side, a simpler parser allows for simpler code and NM> thus less bugs. Could the error message be improved, if that doesn't complicate the code too much? Ted From rich at kde.org Fri Mar 16 13:26:56 2012 From: rich at kde.org (Richard Moore) Date: Fri, 16 Mar 2012 12:26:56 +0000 Subject: Verifying server certificate failed?! In-Reply-To: <4F622F74.9020608@gnutls.org> References: <4F622F74.9020608@gnutls.org> Message-ID: On 15 March 2012 18:05, Nikos Mavrogiannopoulos wrote: > On 03/15/2012 04:19 PM, Sven Geggus wrote: > >> So I definitely think gnutls should be more tolerant about > >> certificates which are not in use but provided anyway. > > > I don't think this is a good idea. The protocol exactly specifies which > certificates should be present. It does not allow any kind of additional > information to be present so by providing it you violate the protocol. > > On the practical side, a simpler parser allows for simpler code and > thus less bugs. I can see your point, but for compatibility reasons all browsers generally cache intermediate certificates and will automatically use them should a site fail to provide them, and in addition they will skip any extra certificates a site may send. If gnutls doesn't either do this automatically, or at least provide a means for applications to do so then it is going to lead to a bunch of frustrated and confused users. Having spent quite a lot of time explaining how to address missing intermediate certificates even to the administrators of banking web sites, I think it will be a lot easier all round to accept a little more complexity in this part of the code. Cheers Rich. From nmav at gnutls.org Fri Mar 16 18:41:09 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 16 Mar 2012 18:41:09 +0100 Subject: gnutls 2.12.18 Message-ID: <4F637B35.9040402@gnutls.org> Hello, I've just released gnutls 2.12.18. It includes several bug fixes. Version 2.12.18 (released 2012-03-16) ** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release). ** Corrected SRP-RSA ciphersuites when used under TLS 1.2. ** Fixed leaks in key generation. Reported by Sam Varshavchik, patch by Tomas Mraz. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From and a list of GnuTLS mirrors can be found at . Here are the BZIP2 compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2 Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Fri Mar 16 18:46:36 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 16 Mar 2012 18:46:36 +0100 Subject: gnutls 3.0.16 Message-ID: <4F637C7C.2080105@gnutls.org> Hello, I've just released gnutls 3.0.16. This is a bug-fix release on the current stable branch. * Version 3.0.16 (released 2012-03-16) ** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release). ** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2. ** libgnutls: included assembler files for MacOSX. ** p11tool: Small fixes in handling of the --private command line option. ** certtool: The template option allows for setting the domain component (DC) option of the distinguished name, and the ocsp_uri as well as the ca_issuers_uri options. ** API and ABI modifications: gnutls_x509_crt_set_authority_info_access: Added Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From . The list of GNU mirrors can be found at and a list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.16.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.16.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sat Mar 17 10:08:42 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Mar 2012 10:08:42 +0100 Subject: gnutls 3.0.17 Message-ID: <4F64549A.2030201@gnutls.org> Hello, I've just released gnutls 3.0.17, which fixes a build problem in the included programs of 3.0.16. * Version 3.0.17 (released 2012-03-17) ** command line apps: Always link with local libopts. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From . The list of GNU mirrors can be found at and a list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.17.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.17.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sat Mar 17 13:19:52 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Mar 2012 13:19:52 +0100 Subject: google summer of code Message-ID: <4F648168.4030601@gnutls.org> Hello, I've put some ideas for projects for google summer of code (we'll participate via GNU) at: http://www.gnu.org/software/gnutls/soc.html If you have any other suggestions or willing to participate as a mentor please let me know as soon (we need a backup mentor). regards, Nikos From nmav at gnutls.org Sat Mar 17 13:47:54 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Mar 2012 13:47:54 +0100 Subject: Verifying server certificate failed?! In-Reply-To: References: <4F622F74.9020608@gnutls.org> Message-ID: <4F6487FA.7030107@gnutls.org> On 03/16/2012 01:26 PM, Richard Moore wrote: >> >> On the practical side, a simpler parser allows for simpler code >> and thus less bugs. > I can see your point, but for compatibility reasons all browsers > generally cache intermediate certificates and will automatically use > them should a site fail to provide them, and in addition they will > skip any extra certificates a site may send. If gnutls doesn't > either do this automatically, or at least provide a means for > applications to do so then it is going to lead to a bunch of > frustrated and confused users. gnutls is tolerant and if the correct chain is provided in the front of the list then it will verify the chain and not complain. The problem is if there is no proper chain e.g if certificates are thrown in a random order. > Having spent quite a lot of time explaining how to address missing > intermediate certificates even to the administrators of banking web > sites, I think it will be a lot easier all round to accept a little > more complexity in this part of the code. I understand. It should have been though that their software should have reordered the provided list or should have failed due to an unordered list (gnutls servers don't allow you to provide illegal chains). It is not currently in my todo list, but if there is a simple an clean patch to re-order the certificate list prior to verification I'll accept it. regards, Nikos From dkg at fifthhorseman.net Sat Mar 17 17:51:15 2012 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sat, 17 Mar 2012 12:51:15 -0400 Subject: google summer of code In-Reply-To: <4F648168.4030601@gnutls.org> References: <4F648168.4030601@gnutls.org> Message-ID: <4F64C103.2020004@fifthhorseman.net> On 03/17/2012 08:19 AM, Nikos Mavrogiannopoulos wrote: > Hello, > I've put some ideas for projects for google summer of code (we'll > participate via GNU) at: > http://www.gnu.org/software/gnutls/soc.html > > If you have any other suggestions or willing to participate as a mentor > please let me know as soon (we need a backup mentor). I'd be willing to act as a backup mentor, if you think that'd be appropriate. --dkg From nmav at gnutls.org Sat Mar 17 20:56:51 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Mar 2012 20:56:51 +0100 Subject: google summer of code In-Reply-To: <4F64C103.2020004@fifthhorseman.net> References: <4F648168.4030601@gnutls.org> <4F64C103.2020004@fifthhorseman.net> Message-ID: <4F64EC83.709@gnutls.org> On 03/17/2012 05:51 PM, Daniel Kahn Gillmor wrote: >> I've put some ideas for projects for google summer of code (we'll >> participate via GNU) at: >> http://www.gnu.org/software/gnutls/soc.html >> If you have any other suggestions or willing to participate as a mentor >> please let me know as soon (we need a backup mentor). > I'd be willing to act as a backup mentor, if you think that'd be > appropriate. Thank you Daniel. I've added you. From nmav at gnutls.org Sun Mar 18 19:43:35 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 18 Mar 2012 19:43:35 +0100 Subject: google summer of code In-Reply-To: <4F648168.4030601@gnutls.org> References: <4F648168.4030601@gnutls.org> Message-ID: <4F662CD7.20006@gnutls.org> On 03/17/2012 01:19 PM, Nikos Mavrogiannopoulos wrote: > Hello, > I've put some ideas for projects for google summer of code (we'll > participate via GNU) at: > http://www.gnu.org/software/gnutls/soc.html Please feel free to forward our ideas page to interested students! regards, Nikos From carson at wistly.net Tue Mar 20 14:23:47 2012 From: carson at wistly.net (Carson Chittom) Date: Tue, 20 Mar 2012 08:23:47 -0500 Subject: gnutls 3.0.17 References: <4F64549A.2030201@gnutls.org> Message-ID: <4pobrrz9r0.fsf@wistly.net> Nikos Mavrogiannopoulos writes: > Hello, > I've just released gnutls 3.0.17, which fixes a build problem > in the included programs of 3.0.16. > > * Version 3.0.17 (released 2012-03-17) > > ** command line apps: Always link with local libopts. I'm guessing that this is the problem I'm seeing with the Win32 binary of 3.0.16 from http://homes.esat.kuleuven.be/~nikos/gnutls-win32/ as running gnutls-cli gives me the error (on WinXP, if it matters): Automated Options Processing Error! gnutls-cli called AutoOpts function with structure version 36:0:4. This exceeds the compiled library version: AO_CURRENT:AO_REVISION:AO_A E Would it be possible, then, to update the Win32 binary? Or am I off base as to the problem here? With many thanks, Carson Chittom From nmav at gnutls.org Tue Mar 20 18:37:16 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 20 Mar 2012 18:37:16 +0100 Subject: gnutls 3.0.17 In-Reply-To: <4pobrrz9r0.fsf@wistly.net> References: <4F64549A.2030201@gnutls.org> <4pobrrz9r0.fsf@wistly.net> Message-ID: <4F68C04C.10402@gnutls.org> On 03/20/2012 02:23 PM, Carson Chittom wrote: > I'm guessing that this is the problem I'm seeing with the Win32 binary > of 3.0.16 from http://homes.esat.kuleuven.be/~nikos/gnutls-win32/ as > running gnutls-cli gives me the error (on WinXP, if it matters): > > Automated Options Processing Error! > gnutls-cli called AutoOpts function with structure version 36:0:4. > This exceeds the compiled library version: AO_CURRENT:AO_REVISION:AO_A > E > > Would it be possible, then, to update the Win32 binary? updated. regards, Nikos From carson at wistly.net Tue Mar 20 18:47:44 2012 From: carson at wistly.net (Carson Chittom) Date: Tue, 20 Mar 2012 12:47:44 -0500 Subject: gnutls 3.0.17 References: <4F64549A.2030201@gnutls.org> <4pobrrz9r0.fsf@wistly.net> <4F68C04C.10402@gnutls.org> Message-ID: <4py5qvxiyn.fsf@mspb.ms.gov> Nikos Mavrogiannopoulos writes: >> Would it be possible, then, to update the Win32 binary? > > > updated. Thanks! Runs without error. From randomproof at fastmail.us Fri Mar 23 17:27:40 2012 From: randomproof at fastmail.us (Steven Hudson) Date: Fri, 23 Mar 2012 09:27:40 -0700 Subject: Option to disable encryption? Message-ID: <4F6CA47C.4060200@fastmail.us> I was wondering if I can include an option to disable encryption by doing this: gnutls_priority_set_direct(session, "NONE:+COMP-ALL", NULL); This would allow me to use the compression option but not encryption? Or would this just fail to connect? From nmav at gnutls.org Sat Mar 24 01:25:08 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 24 Mar 2012 01:25:08 +0100 Subject: Option to disable encryption? In-Reply-To: <4F6CA47C.4060200@fastmail.us> References: <4F6CA47C.4060200@fastmail.us> Message-ID: <4F6D1464.1040804@gnutls.org> On 03/23/2012 05:27 PM, Steven Hudson wrote: > I was wondering if I can include an option to disable encryption by > doing this: > gnutls_priority_set_direct(session, "NONE:+COMP-ALL", NULL); > > This would allow me to use the compression option but not encryption? Or > would this just fail to connect? It is not that simple. You need to use the NULL cipher to disable encryption. An example could be: "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS-ALL:+KX-ALL" regards, Nikos