From shengwl at uci.edu  Thu Mar  1 06:42:38 2012
From: shengwl at uci.edu (Shengwei (William) Li)
Date: Wed, 29 Feb 2012 21:42:38 -0800
Subject: how to compile GnuTLS
In-Reply-To: <CAJm-giuEDXMgX7H2UZVY83NSCMc227jOKznwbCE85xz7wmoJdQ@mail.gmail.com>
References: <CAJm-giuEDXMgX7H2UZVY83NSCMc227jOKznwbCE85xz7wmoJdQ@mail.gmail.com>
Message-ID: <80EDCE0E-477C-4CC3-8287-87F9328C293C@uci.edu>

Hi Peter,

Same here when I tried to install it on my Mac with Snow Leopard.

Although I have not successfully installed it, this post might be helpful for you:
http://stackoverflow.com/questions/7965990/why-cant-nettle-2-4s-configure-find-gmp-5-0-2

Eventually, I installed it on 32-bit Ubuntu in Virtualbox.

Regards,

Shengwei (William) Li

On Feb 29, 2012, at 10:32 AM, Peter Penzov wrote:

> I trying to compile GnuTLS. These are the steps:
> I use Centos 6.2 x86_64
> 
> I downloaded Nettle 2.4
> 
> [root at localhost opt]# wget http://www.lysator.liu.se/~nisse/archive/nettle-2.4.tar.gz
> [root at localhost nettle-2.4]# tar zxvf nettle-2.4.tar.gz 
> [root at localhost nettle-2.4]# cd nettle-2.4
> [root at localhost nettle-2.4]# ./configure --enable-shared --prefix=/usr
> 
> Version:           nettle 2.4
>   Host type:         x86_64-unknown-linux-gnu
>   ABI:               64
>   Assembly files:    x86_64
>   Install prefix:    /usr
>   Library directory: ${exec_prefix}/lib64
>   Compiler:          gcc
>   Shared libraries:  yes
>   Public key crypto: no
> 
> 
> I run the command make and make install
> 
> 
> I downloaded the latest GnuTLS
> 
>  ./configure --with-libnettle-prefix=/usr
> 
> hecking for shared library run path origin... done
> checking whether to use nettle... yes
> checking for libnettle... no
> configure: error: 
>   ***
>   *** Libnettle 2.4 was not found.
> 
> What am I missing?
> 
> 
> Best wishes 
> Peter
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> https://lists.gnu.org/mailman/listinfo/help-gnutls

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120229/3a84a206/attachment.htm>

From lists at fuchsschwanzdomain.de  Thu Mar  1 09:52:26 2012
From: lists at fuchsschwanzdomain.de (Sven Geggus)
Date: Thu, 1 Mar 2012 08:52:26 +0000 (UTC)
Subject: Smartcard + pkcs11 = segmentation fault...
References: <20120229141932.GA4435@geggus.net>
	<CAJU7zaL1GQKX+jZN74dk-uBVqX0zJqyQv6=226XGFCE9HO3dGg@mail.gmail.com>
Message-ID: <jindca$qlk$1@ultimate100.geggus.net>

Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> Could you try using valgrind or gdb to pinpoint the crash?

Hm, looks like the proprietary library has some issues, but also does gnutls:

(proprietary library warnings about uninitialised values skipped)

Object 0:
	URL: pkcs11:library-description=Cryptographic%20Token%20Interface;library-manufacturer=A.E.T.%20Europe%20B.V.;model=3384110107000000;manufacturer=A.E.T.%20Europe%20B.V.;serial=00113C3800009B09;token=Fraunhofer-Smartcard;object=Secude%20Token%20ID;object-type=data
	Type: Data
	Label: Secude Token ID
==19018== Invalid read of size 1
==19018==    at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443)
==19018==    by 0x4E75D41: pkcs11_get_info (pkcs11.c:409)
==19018==    by 0x40424D: pkcs11_list (pkcs11.c:193)
==19018==    by 0x403750: main (p11tool.c:135)
==19018==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==19018== 
==19018== 
==19018== Process terminating with default action of signal 11 (SIGSEGV)
==19018==  Access not within mapped region at address 0x0
==19018==    at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443)
==19018==    by 0x4E75D41: pkcs11_get_info (pkcs11.c:409)
==19018==    by 0x40424D: pkcs11_list (pkcs11.c:193)
==19018==    by 0x403750: main (p11tool.c:135)
==19018==  If you believe this happened as a result of a stack
==19018==  overflow in your program's main thread (unlikely but
==19018==  possible), you can try to increase the size of the
==19018==  main thread stack using the --main-stacksize= flag.
==19018==  The main thread stack size used in this run was 8388608.
==19018== 
==19018== HEAP SUMMARY:
==19018==     in use at exit: 551,735 bytes in 1,892 blocks
==19018==   total heap usage: 14,940 allocs, 13,048 frees, 8,311,394 bytes
allocated
==19018== 
==19018== LEAK SUMMARY:
==19018==    definitely lost: 4 bytes in 1 blocks
==19018==    indirectly lost: 0 bytes in 0 blocks
==19018==      possibly lost: 288 bytes in 1 blocks
==19018==    still reachable: 551,443 bytes in 1,890 blocks
==19018==         suppressed: 0 bytes in 0 blocks
==19018== Rerun with --leak-check=full to see details of leaked memory
==19018== 
==19018== For counts of detected and suppressed errors, rerun with: -v
==19018== ERROR SUMMARY: 34 errors from 15 contexts (suppressed: 25 from 7)
Killed

> Could you also try whether that issue occurs in gnutls 3.0.14?

Jepp, I just compiled gnutls-3.0.14 from sources. Same Problem here.

BTW "p11tool --login --list-certs" seems to work.

Regards

Sven

-- 
Software patents are the software project equivalent of land mines: Each
design decision carries a risk of stepping on a patent, which can destroy
your project. (Richard M. Stallman)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web



From peter.penzov at gmail.com  Thu Mar  1 10:00:37 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Thu, 1 Mar 2012 11:00:37 +0200
Subject: how to compile GnuTLS
In-Reply-To: <80EDCE0E-477C-4CC3-8287-87F9328C293C@uci.edu>
References: <CAJm-giuEDXMgX7H2UZVY83NSCMc227jOKznwbCE85xz7wmoJdQ@mail.gmail.com>
	<80EDCE0E-477C-4CC3-8287-87F9328C293C@uci.edu>
Message-ID: <CAJm-giuk=GsX9mgw19quetcv1dLu1uveRRL-OS6pa3y0crb7sQ@mail.gmail.com>

    configure:8798: checking for libnettle
    configure:8820: gcc -std=gnu99 -o conftest -g -O2   conftest.c
/usr/lib/libnettle.so /usr/lib/libhogweed.so -lgmp >&5
    /usr/bin/ld: cannot find -lgmp
    collect2: ld returned 1 exit status
    configure:8820: $? = 1
    configure: failed program was:
    configure:8830: result: no
    configure:8856: error:
      ***
      *** Libnettle 2.4 was not found.

I install gmp-devel. The problem is fixed.




On Thu, Mar 1, 2012 at 7:42 AM, Shengwei (William) Li <shengwl at uci.edu>wrote:

> Hi Peter,
>
> Same here when I tried to install it on my Mac with Snow Leopard.
>
> Although I have not successfully installed it, this post might be helpful
> for you:
>
> http://stackoverflow.com/questions/7965990/why-cant-nettle-2-4s-configure-find-gmp-5-0-2
>
> Eventually, I installed it on 32-bit Ubuntu in Virtualbox.
>
> Regards,
>
> Shengwei (William) Li
>
> On Feb 29, 2012, at 10:32 AM, Peter Penzov wrote:
>
> I trying to compile GnuTLS. These are the steps:
> I use Centos 6.2 x86_64
>
> I downloaded Nettle 2.4
>
> [root at localhost opt]# wget
> http://www.lysator.liu.se/~nisse/archive/nettle-2.4.tar.gz
> [root at localhost nettle-2.4]# tar zxvf nettle-2.4.tar.gz
> [root at localhost nettle-2.4]# cd nettle-2.4
> [root at localhost nettle-2.4]# ./configure --enable-shared --prefix=/usr
>
> Version:           nettle 2.4
>   Host type:         x86_64-unknown-linux-gnu
>   ABI:               64
>   Assembly files:    x86_64
>   Install prefix:    /usr
>   Library directory: ${exec_prefix}/lib64
>   Compiler:          gcc
>   Shared libraries:  yes
>   Public key crypto: no
>
>
> I run the command make and make install
>
>
> I downloaded the latest GnuTLS
>
>  ./configure --with-libnettle-prefix=/usr
>
> hecking for shared library run path origin... done
> checking whether to use nettle... yes
> checking for libnettle... no
> configure: error:
>   ***
>   *** Libnettle 2.4 was not found.
>
> What am I missing?
>
>
> Best wishes
> Peter
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> https://lists.gnu.org/mailman/listinfo/help-gnutls
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120301/babe59fb/attachment.htm>

From nmav at gnutls.org  Thu Mar  1 10:23:23 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 1 Mar 2012 10:23:23 +0100
Subject: Smartcard + pkcs11 = segmentation fault...
In-Reply-To: <jindca$qlk$1@ultimate100.geggus.net>
References: <20120229141932.GA4435@geggus.net>
	<CAJU7zaL1GQKX+jZN74dk-uBVqX0zJqyQv6=226XGFCE9HO3dGg@mail.gmail.com>
	<jindca$qlk$1@ultimate100.geggus.net>
Message-ID: <CAJU7zaL8qkBGV6oPUx2BH-YTUtd3qKU-URmOq0K3ybGMjPABmA@mail.gmail.com>

To my understanding the token contains an object without an ID.
Could you add below this code (after else if (version != NULL))
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/pkcs11.c;h=83fad64b893c0e79d26428a539a6f2ab3db13f02;hb=gnutls_2_12_x#l398
the following:
else
  {
    *output_size = 0;
    if (output) output[0] = 0;
    return 0;
  }

This would allow printing that object without crashing.

regards,
Nikos

On Thu, Mar 1, 2012 at 9:52 AM, Sven Geggus <lists at fuchsschwanzdomain.de> wrote:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>
>> Could you try using valgrind or gdb to pinpoint the crash?
>
> Hm, looks like the proprietary library has some issues, but also does gnutls:
>
> (proprietary library warnings about uninitialised values skipped)
>
> Object 0:
> ? ? ? ?URL: pkcs11:library-description=Cryptographic%20Token%20Interface;library-manufacturer=A.E.T.%20Europe%20B.V.;model=3384110107000000;manufacturer=A.E.T.%20Europe%20B.V.;serial=00113C3800009B09;token=Fraunhofer-Smartcard;object=Secude%20Token%20ID;object-type=data
> ? ? ? ?Type: Data
> ? ? ? ?Label: Secude Token ID
> ==19018== Invalid read of size 1
> ==19018== ? ?at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443)
> ==19018== ? ?by 0x4E75D41: pkcs11_get_info (pkcs11.c:409)
> ==19018== ? ?by 0x40424D: pkcs11_list (pkcs11.c:193)
> ==19018== ? ?by 0x403750: main (p11tool.c:135)
> ==19018== ?Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==19018==
> ==19018==
> ==19018== Process terminating with default action of signal 11 (SIGSEGV)
> ==19018== ?Access not within mapped region at address 0x0
> ==19018== ? ?at 0x4E653CF: _gnutls_bin2hex (gnutls_str.c:443)
> ==19018== ? ?by 0x4E75D41: pkcs11_get_info (pkcs11.c:409)
> ==19018== ? ?by 0x40424D: pkcs11_list (pkcs11.c:193)
> ==19018== ? ?by 0x403750: main (p11tool.c:135)
> ==19018== ?If you believe this happened as a result of a stack
> ==19018== ?overflow in your program's main thread (unlikely but
> ==19018== ?possible), you can try to increase the size of the
> ==19018== ?main thread stack using the --main-stacksize= flag.
> ==19018== ?The main thread stack size used in this run was 8388608.
> ==19018==
> ==19018== HEAP SUMMARY:
> ==19018== ? ? in use at exit: 551,735 bytes in 1,892 blocks
> ==19018== ? total heap usage: 14,940 allocs, 13,048 frees, 8,311,394 bytes
> allocated
> ==19018==
> ==19018== LEAK SUMMARY:
> ==19018== ? ?definitely lost: 4 bytes in 1 blocks
> ==19018== ? ?indirectly lost: 0 bytes in 0 blocks
> ==19018== ? ? ?possibly lost: 288 bytes in 1 blocks
> ==19018== ? ?still reachable: 551,443 bytes in 1,890 blocks
> ==19018== ? ? ? ? suppressed: 0 bytes in 0 blocks
> ==19018== Rerun with --leak-check=full to see details of leaked memory
> ==19018==
> ==19018== For counts of detected and suppressed errors, rerun with: -v
> ==19018== ERROR SUMMARY: 34 errors from 15 contexts (suppressed: 25 from 7)
> Killed
>
>> Could you also try whether that issue occurs in gnutls 3.0.14?
>
> Jepp, I just compiled gnutls-3.0.14 from sources. Same Problem here.
>
> BTW "p11tool --login --list-certs" seems to work.
>
> Regards
>
> Sven
>
> --
> Software patents are the software project equivalent of land mines: Each
> design decision carries a risk of stepping on a patent, which can destroy
> your project. (Richard M. Stallman)
> /me is giggls at ircnet, http://sven.gegg.us/ on the Web
>
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> https://lists.gnu.org/mailman/listinfo/help-gnutls



From lists at fuchsschwanzdomain.de  Thu Mar  1 12:14:18 2012
From: lists at fuchsschwanzdomain.de (Sven Geggus)
Date: Thu, 1 Mar 2012 11:14:18 +0000 (UTC)
Subject: Smartcard + pkcs11 = segmentation fault...
References: <20120229141932.GA4435@geggus.net>
	<CAJU7zaL1GQKX+jZN74dk-uBVqX0zJqyQv6=226XGFCE9HO3dGg@mail.gmail.com>
	<jindca$qlk$1@ultimate100.geggus.net>
	<CAJU7zaL8qkBGV6oPUx2BH-YTUtd3qKU-URmOq0K3ybGMjPABmA@mail.gmail.com>
Message-ID: <jinlma$t27$1@ultimate100.geggus.net>

Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> To my understanding the token contains an object without an ID.
> Could you add below this code (after else if (version != NULL))
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/pkcs11.c;h=83fad64b893c0e79d26428a539a6f2ab3db13f02;hb=gnutls_2_12_x#l398
> the following:
> else
>  {
>    *output_size = 0;
>    if (output) output[0] = 0;
>    return 0;
>  }
> 
> This would allow printing that object without crashing.

This gives a compiler error, but this slightly different Version does
compile and makes "p11tool --login --list-all" work!

 gnutls-3.0.14/ > diff -u ./lib/pkcs11.c.orig ./lib/pkcs11.c
--- ./lib/pkcs11.c.orig	2012-02-23 08:43:11.000000000 +0100
+++ ./lib/pkcs11.c	2012-03-01 12:07:14.864362795 +0100
@@ -400,7 +400,14 @@
                          (int)version->minor);
       terminate = 1;
     }
-
+  else
+    {
+      *output_size = 0;
+      // if (output) output[0] = 0;
+      if (output) output = NULL;
+      return 0;
+    }
+    
   if (hexify)
     {
       /* terminate is assumed with hexify */

Thanks

Sven

-- 
"Das Einzige wovor wir Angst haben m?ssen ist die Angst selbst"
						(Franklin D. Roosevelt)

/me is giggls at ircnet, http://sven.gegg.us/ on the Web



From nmav at gnutls.org  Thu Mar  1 12:18:09 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 1 Mar 2012 12:18:09 +0100
Subject: Smartcard + pkcs11 = segmentation fault...
In-Reply-To: <jinlma$t27$1@ultimate100.geggus.net>
References: <20120229141932.GA4435@geggus.net>
	<CAJU7zaL1GQKX+jZN74dk-uBVqX0zJqyQv6=226XGFCE9HO3dGg@mail.gmail.com>
	<jindca$qlk$1@ultimate100.geggus.net>
	<CAJU7zaL8qkBGV6oPUx2BH-YTUtd3qKU-URmOq0K3ybGMjPABmA@mail.gmail.com>
	<jinlma$t27$1@ultimate100.geggus.net>
Message-ID: <CAJU7zaJzvrJrRukjrjhR967yoD9RnERmDbO8OREOPzCx001bJg@mail.gmail.com>

On Thu, Mar 1, 2012 at 12:14 PM, Sven Geggus
<lists at fuchsschwanzdomain.de> wrote:

> This gives a compiler error, but this slightly different Version does
> compile and makes "p11tool --login --list-all" work!

May I see the output if it is not private? I would be interested to
know what kind of object doesn't have an id.

regards,
Nikos



From simon at josefsson.org  Thu Mar  1 12:22:01 2012
From: simon at josefsson.org (Simon Josefsson)
Date: Thu, 01 Mar 2012 12:22:01 +0100
Subject: Error Code -56
In-Reply-To: <CAF1RuCGDsqhv1jOtLct0z8inMvFb34b0pq51O98pwsYyRaJTyA@mail.gmail.com>
	(Mihir Kulkarni's message of "Tue, 28 Feb 2012 19:46:58 -0800")
References: <CAF1RuCGDsqhv1jOtLct0z8inMvFb34b0pq51O98pwsYyRaJTyA@mail.gmail.com>
Message-ID: <87boogsh0m.fsf@latte.josefsson.org>

Mihir Kulkarni <mihirk.31 at gmail.com> writes:

> Hello,
> We are trying out with Gnutls. We have created a dummy extension Foobar
> following the steps given in the manual. We are using
> "_gnutls_ext_set_session_data" in the client and then using
> "_gnutls_ext_get_session_data" in the server to retrieve the data. The
> value gets set correctly in client but when we retrieve it in the server,
> the get function returns -56 as error code. Our implementation of Foobar
> extension is almost similar to server-name extension already present in
> Gnutls.
> Can someone give some clarification as to what might be going wrong? Do let
> me know if more information is needed.

The error -56 means GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, see gnutls.h.
Try running the server with debug logging and enabled, and in
particular, try to find exactly where the -56 error is triggered.

/Simon



From peter.penzov at gmail.com  Thu Mar  1 13:07:55 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Thu, 1 Mar 2012 14:07:55 +0200
Subject: Error in gnutls-3.0.14 compilation
Message-ID: <CAJm-givOB5So_1cyjM1LEpz4iej1FCUbP6bVzt1GJSGLsatiNw@mail.gmail.com>

Hi,
  I tried to compile gnutls-3.0.14 on Centos 6.2 x86_64

This is the error log:


make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
./errcodes > error_codes.texi-tmp
mv -f error_codes.texi-tmp error_codes.texi
make ./printlist
make[5]: Entering directory `/opt/gnu/gnutls-3.0.14/doc'
  CC     printlist.o
  CCLD   printlist
make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
./printlist > algorithms.texi-tmp
mv -f algorithms.texi-tmp algorithms.texi
make ./alert-printlist
make[5]: Entering directory `/opt/gnu/gnutls-3.0.14/doc'
  CC     alert-printlist.o
  CCLD   alert-printlist
make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
./alert-printlist > alerts.texi-tmp
mv -f alerts.texi-tmp alerts.texi
echo "" > enums.texi-tmp
for i in ../lib/includes/gnutls/abstract.h ../lib/includes/gnutls/compat.h
../lib/includes/gnutls/crypto.h ../lib/includes/gnutls/dtls.h
../lib/includes/gnutls/gnutls.h ../lib/includes/gnutls/gnutlsxx.h
../lib/includes/gnutls/ocsp.h ../lib/includes/gnutls/openpgp.h
../lib/includes/gnutls/pkcs11.h ../lib/includes/gnutls/pkcs12.h
../lib/includes/gnutls/x509.h; do \
        echo -n "Creating documentation for $i... " && \
        ./scripts/gdoc -texinfo $i >> enums.texi-tmp && \
        echo "ok"; \
    done
Creating documentation for ../lib/includes/gnutls/abstract.h... warning:
230: Cannot understand prototype: 'typedef struct gnutls_pcert_st '
ok
Creating documentation for ../lib/includes/gnutls/compat.h... ok
Creating documentation for ../lib/includes/gnutls/crypto.h... ok
Creating documentation for ../lib/includes/gnutls/dtls.h... warning: 62:
Cannot understand prototype: 'typedef struct   '
ok
Creating documentation for ../lib/includes/gnutls/gnutls.h... ok
Creating documentation for ../lib/includes/gnutls/gnutlsxx.h... ok
Creating documentation for ../lib/includes/gnutls/ocsp.h... ok
Creating documentation for ../lib/includes/gnutls/openpgp.h... ok
Creating documentation for ../lib/includes/gnutls/pkcs11.h... ok
Creating documentation for ../lib/includes/gnutls/pkcs12.h... ok
Creating documentation for ../lib/includes/gnutls/x509.h... ok
mv -f enums.texi-tmp enums.texi
make compare-makefile
make[5]: Entering directory `/opt/gnu/gnutls-3.0.14/doc'
ENUMS=`grep '^@c ' enums.texi | sed 's/@c //g' | sort`; \
    STR=""; \
    for i in $ENUMS; do \
        STR="$STR\nENUMS += enums/$i"; \
    done; \
    grep -v -e '^ENUMS += ' ./Makefile.am | \
        perl -p -e "s,^ENUMS =,ENUMS =$STR," > tmp-compare-makefile; \
    diff -u ./Makefile.am tmp-compare-makefile
rm -f tmp-compare-makefile
make[5]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
mkdir enums
mkdir: cannot create directory `enums': File exists
make[4]: [stamp_enums] Error 1 (ignored)
./scripts/split-texi.pl enums enum < enums.texi
echo stamp_enums > stamp_enums
restore=: && backupdir=".am$$" && \
    am__cwd=`pwd` && CDPATH="${ZSH_VERSION+.}:" && cd . && \
    rm -rf $backupdir && mkdir $backupdir && \
    if (/bin/sh /opt/gnu/gnutls-3.0.14/build-aux/missing --run makeinfo
--version) >/dev/null 2>&1; then \
      for f in gnutls.info gnutls.info-[0-9] gnutls.info-[0-9][0-9]
gnutls.i[0-9] gnutls.i[0-9][0-9]; do \
        if test -f $f; then mv $f $backupdir; restore=mv; else :; fi; \
      done; \
    else :; fi && \
    cd "$am__cwd"; \
    if /bin/sh /opt/gnu/gnutls-3.0.14/build-aux/missing --run makeinfo -I
../doc  -I . \
     -o gnutls.info gnutls.texi; \
    then \
      rc=0; \
      CDPATH="${ZSH_VERSION+.}:" && cd .; \
    else \
      rc=$?; \
      CDPATH="${ZSH_VERSION+.}:" && cd . && \
      $restore $backupdir/* `echo "./gnutls.info" | sed 's|[^/]*$||'`; \
    fi; \
    rm -rf $backupdir; exit $rc
/opt/gnu/gnutls-3.0.14/doc//cha-internals.texi:43: Cross reference to
nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-examples.texi:95: Cross reference to
nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1338: Cross reference to
nonexistent node `gnutls_pk_bits_to_sec_param' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1336: Cross reference to
nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1257: Cross reference to
nonexistent node `gnutls_rnd' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1252: Cross reference to
nonexistent node `gnutls_rnd' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1252: Cross reference to
nonexistent node `gnutls_hash_fast' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1251: Cross reference to
nonexistent node `gnutls_hash_get_len' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1250: Cross reference to
nonexistent node `gnutls_hash_deinit' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1249: Cross reference to
nonexistent node `gnutls_hash_output' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1248: Cross reference to
nonexistent node `gnutls_hash' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1247: Cross reference to
nonexistent node `gnutls_hash_init' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1247: Cross reference to
nonexistent node `gnutls_hmac_fast' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1246: Cross reference to
nonexistent node `gnutls_hmac_get_len' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1245: Cross reference to
nonexistent node `gnutls_hmac_deinit' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1244: Cross reference to
nonexistent node `gnutls_hmac_output' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1243: Cross reference to
nonexistent node `gnutls_hmac' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1242: Cross reference to
nonexistent node `gnutls_hmac_init' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1233: Cross reference to
nonexistent node `gnutls_cipher_tag' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1232: Cross reference to
nonexistent node `gnutls_cipher_add_auth' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1231: Cross reference to
nonexistent node `gnutls_cipher_deinit' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1230: Cross reference to
nonexistent node `gnutls_cipher_set_iv' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1229: Cross reference to
nonexistent node `gnutls_cipher_decrypt2' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1228: Cross reference to
nonexistent node `gnutls_cipher_encrypt2' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1227: Cross reference to
nonexistent node `gnutls_cipher_init' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1117: Cross reference to
nonexistent node `gnutls_session_channel_binding' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1103: Cross reference to
nonexistent node `gnutls_prf_raw' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1092: Cross reference to
nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1085: Cross reference to
nonexistent node `gnutls_prf' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1077: Cross reference to
nonexistent node `gnutls_certificate_set_params_function' (perhaps
incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1074: Cross reference to
nonexistent node `gnutls_rsa_params_export_pkcs1' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1073: Cross reference to
nonexistent node `gnutls_rsa_params_import_pkcs1' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1072: Cross reference to
nonexistent node `gnutls_certificate_set_rsa_export_params' (perhaps
incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1071: Cross reference to
nonexistent node `gnutls_rsa_params_generate2' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1052: Cross reference to
nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1049: Cross reference to
nonexistent node `gnutls_anon_set_server_dh_params' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1048: Cross reference to
nonexistent node `gnutls_certificate_set_dh_params' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1047: Cross reference to
nonexistent node `gnutls_dh_params_import_pkcs3' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1046: Cross reference to
nonexistent node `gnutls_dh_params_generate2' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1043: Cross reference to
nonexistent node `gnutls_anon_set_server_dh_params' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1042: Cross reference to
nonexistent node `gnutls_certificate_set_dh_params' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1040: Cross reference to
nonexistent node `gnutls_dh_params_import_pkcs3' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1039: Cross reference to
nonexistent node `gnutls_dh_params_generate2' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1026: Cross reference to
nonexistent node `gnutls_session_resumption_requested' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1025: Cross reference to
nonexistent node `gnutls_session_ticket_key_generate' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1024: Cross reference to
nonexistent node `gnutls_session_ticket_enable_server' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1021: Cross reference to
nonexistent node `gnutls_session_ticket_enable_server' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1019: Cross reference to
nonexistent node `gnutls_session_ticket_key_generate' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1017: Cross reference to
nonexistent node `gnutls_db_check_entry' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1019: Cross reference to
nonexistent node `gnutls_db_set_remove_function' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1018: Cross reference to
nonexistent node `gnutls_db_set_ptr' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1017: Cross reference to
nonexistent node `gnutls_db_set_store_function' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1016: Cross reference to
nonexistent node `gnutls_db_set_retrieve_function' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1012: Cross reference to
nonexistent node `gnutls_db_check_entry' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1002: Cross reference to
nonexistent node `gnutls_session_is_resumed' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1000: Cross reference to
nonexistent node `gnutls_session_ticket_enable_client' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:996: Cross reference to
nonexistent node `gnutls_session_ticket_enable_client' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:990: Cross reference to
nonexistent node `gnutls_session_set_data' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:989: Cross reference to
nonexistent node `gnutls_session_get_id' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:988: Cross reference to
nonexistent node `gnutls_session_get_data' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:985: Cross reference to
nonexistent node `gnutls_session_set_data' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:748: Cross reference to
nonexistent node `gnutls_priority_set' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:747: Cross reference to
nonexistent node `gnutls_priority_set_direct' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:734: Cross reference to
nonexistent node `gnutls_alert_get_name' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:733: Cross reference to
nonexistent node `gnutls_error_to_alert' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:731: Cross reference to
nonexistent node `gnutls_alert_send' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:729: Cross reference to
nonexistent node `gnutls_alert_get' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:726: Cross reference to
nonexistent node `gnutls_alert_send' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:725: Cross reference to
nonexistent node `gnutls_record_recv' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:725: Cross reference to
nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:715: Cross reference to
nonexistent node `gnutls_deinit' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:714: Cross reference to
nonexistent node `gnutls_bye' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:711: Cross reference to
nonexistent node `gnutls_deinit' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:707: Cross reference to
nonexistent node `gnutls_bye' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:705: Cross reference to
nonexistent node `gnutls_record_get_direction' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:704: Cross reference to
nonexistent node `gnutls_record_check_pending' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:700: Cross reference to
nonexistent node `gnutls_record_check_pending' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:697: Cross reference to
nonexistent node `gnutls_record_check_pending' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:696: Cross reference to
nonexistent node `gnutls_record_recv_seq' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:689: Cross reference to
nonexistent node `gnutls_error_is_fatal' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:687: Cross reference to
nonexistent node `gnutls_record_recv' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:685: Cross reference to
nonexistent node `gnutls_record_send' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:680: Cross reference to
nonexistent node `gnutls_error_is_fatal' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:674: Cross reference to
nonexistent node `gnutls_certificate_verify_peers2' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:669: Cross reference to
nonexistent node `gnutls_certificate_verify_peers2' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:668: Cross reference to
nonexistent node `gnutls_certificate_set_verify_function' (perhaps
incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:664: Cross reference to
nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:656: Cross reference to
nonexistent node `gnutls_dtls_get_data_mtu' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:655: Cross reference to
nonexistent node `gnutls_dtls_get_mtu' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:654: Cross reference to
nonexistent node `gnutls_dtls_set_mtu' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:644: Cross reference to
nonexistent node `gnutls_handshake' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:644: Cross reference to
nonexistent node `gnutls_dtls_prestate_set' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:643: Cross reference to
nonexistent node `gnutls_dtls_cookie_verify' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:642: Cross reference to
nonexistent node `gnutls_dtls_cookie_send' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:641: Cross reference to
nonexistent node `gnutls_key_generate' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:637: Cross reference to
nonexistent node `gnutls_dtls_prestate_set' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:635: Cross reference to
nonexistent node `gnutls_dtls_cookie_verify' (perhaps incorrect
sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:633: Cross reference to
nonexistent node `gnutls_dtls_cookie_send' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:623: Cross reference to
nonexistent node `gnutls_init' (perhaps incorrect sectioning?).
/opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:618: Cross reference to
nonexistent node `gnutls_record_recv' (perhaps incorrect sectioning?).
Too many errors!  Gave up.
make[4]: *** [gnutls.info] Error 1
make[4]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/opt/gnu/gnutls-3.0.14/doc'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/gnu/gnutls-3.0.14'
make: *** [all] Error 2
[root at Testserver gnutls-3.0.14]#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120301/28521fb7/attachment.htm>

From nmav at gnutls.org  Thu Mar  1 17:37:10 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 01 Mar 2012 17:37:10 +0100
Subject: Error in gnutls-3.0.14 compilation
In-Reply-To: <CAJm-givOB5So_1cyjM1LEpz4iej1FCUbP6bVzt1GJSGLsatiNw@mail.gmail.com>
References: <CAJm-givOB5So_1cyjM1LEpz4iej1FCUbP6bVzt1GJSGLsatiNw@mail.gmail.com>
Message-ID: <4F4FA5B6.10309@gnutls.org>

On 03/01/2012 01:07 PM, Peter Penzov wrote:

> Hi,
>   I tried to compile gnutls-3.0.14 on Centos 6.2 x86_64
> 
> This is the error log:
[...]
> /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1336: Cross reference to
> nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect
> sectioning?).


Hello,
 The documentation has problems building in 3.0.14. Nevertheless the
library and the applications are properly built. You can use the
website to download the required documentation.

regards,
Nikos




From peter.penzov at gmail.com  Thu Mar  1 17:38:58 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Thu, 1 Mar 2012 18:38:58 +0200
Subject: Error in gnutls-3.0.14 compilation
In-Reply-To: <4F4FA5B6.10309@gnutls.org>
References: <CAJm-givOB5So_1cyjM1LEpz4iej1FCUbP6bVzt1GJSGLsatiNw@mail.gmail.com>
	<4F4FA5B6.10309@gnutls.org>
Message-ID: <CAJm-givb2Bv-k1t9==Z0y9ApPfrwmp7ycm38CQVcOR-x0v_Y9A@mail.gmail.com>

How I can disable the documentation build during compilation time to skip
this error?

On Thu, Mar 1, 2012 at 6:37 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org>wrote:

> On 03/01/2012 01:07 PM, Peter Penzov wrote:
>
> > Hi,
> >   I tried to compile gnutls-3.0.14 on Centos 6.2 x86_64
> >
> > This is the error log:
> [...]
> > /opt/gnu/gnutls-3.0.14/doc//cha-gtls-app.texi:1336: Cross reference to
> > nonexistent node `gnutls_sec_param_to_pk_bits' (perhaps incorrect
> > sectioning?).
>
>
> Hello,
>  The documentation has problems building in 3.0.14. Nevertheless the
> library and the applications are properly built. You can use the
> website to download the required documentation.
>
> regards,
> Nikos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120301/cfa7bade/attachment.htm>

From nmav at gnutls.org  Thu Mar  1 18:20:21 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 01 Mar 2012 18:20:21 +0100
Subject: Error in gnutls-3.0.14 compilation
In-Reply-To: <CAJm-givb2Bv-k1t9==Z0y9ApPfrwmp7ycm38CQVcOR-x0v_Y9A@mail.gmail.com>
References: <CAJm-givOB5So_1cyjM1LEpz4iej1FCUbP6bVzt1GJSGLsatiNw@mail.gmail.com>	<4F4FA5B6.10309@gnutls.org>
	<CAJm-givb2Bv-k1t9==Z0y9ApPfrwmp7ycm38CQVcOR-x0v_Y9A@mail.gmail.com>
Message-ID: <4F4FAFD5.2010001@gnutls.org>

On 03/01/2012 05:38 PM, Peter Penzov wrote:

> How I can disable the documentation build during compilation time to skip
> this error?


You cannot but anything that you need is already built. What you can do
to avoid the error is to do a "Make -C gl && make -C lib && make -C src".

regards,
Nikos




From peter.penzov at gmail.com  Thu Mar  1 21:59:12 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Thu, 1 Mar 2012 22:59:12 +0200
Subject: SRP passwd.conf file
Message-ID: <CAJm-givqCfbya4+m+b=YwUO_86O919PvqW6UUHnU17Yi3m6HtA@mail.gmail.com>

Hi,
  I want to implement SRP server and client with GnuTLS. I'm trying to
compile and run the examples in GnuTLS. I have two questions:
1. I created passwd.conf file where I suppose that the server looks for
password files. Would you tell me in what format I have to store there the
passwords? Just very simple example how this file must look like.

2. I want to store the SRP user and password into database not passd.conf
file. I looked at the server source code and I found that the function
gnutls_srp_set_server_credentials_file is used to retrieve the user
credentials from file. I found in GnuTLS documentation  that
gnutls_srp_set_server_credentials_function can be used for username and
extraction from database. Am I correct?

Best wishes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120301/e6cff626/attachment.htm>

From peter.penzov at gmail.com  Thu Mar  1 22:51:24 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Thu, 1 Mar 2012 23:51:24 +0200
Subject: Error in GnuTLS example
Message-ID: <CAJm-gitYAKkxr=aBdu=2L-vCsePGDL5Cz2v-Z=M7JX7Aky6wCQ@mail.gmail.com>

Hi,
  I'm trying to run the example ex-serv-srp.c I get this error:

[root at localhost test]# ./server
Echo Server ready. Listening to port '5556'.

- connection from 127.0.0.1, port 38141
*** glibc detected *** ./server: double free or corruption (fasttop):
0x095cd5c0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6ea31)[0x89ba31]
/usr/local/lib/libgnutls.so.28(+0x90bd9)[0xdf9bd9]
/usr/local/lib/libgnutls.so.28(+0x9095a)[0xdf995a]
/usr/local/lib/libgnutls.so.28(+0x1e878)[0xd87878]
/usr/local/lib/libgnutls.so.28(+0x1c1a8)[0xd851a8]
/usr/local/lib/libgnutls.so.28(gnutls_handshake+0x47)[0xd85937]
./server[0x8049040]
/lib/libc.so.6(__libc_start_main+0xe6)[0x843ce6]
./server[0x8048c51]
======= Memory map: ========
002ab000-002ac000 r-xp 00000000 00:00 0          [vdso]
00521000-0053f000 r-xp 00000000 fd:00 131042     /lib/ld-2.12.so
0053f000-00540000 r--p 0001d000 fd:00 131042     /lib/ld-2.12.so
00540000-00541000 rw-p 0001e000 fd:00 131042     /lib/ld-2.12.so
005f4000-00640000 r-xp 00000000 fd:00 4823
/usr/lib/sse2/libgmp.so.3.5.0
00640000-00643000 rw-p 0004b000 fd:00 4823
/usr/lib/sse2/libgmp.so.3.5.0
00733000-0074a000 r-xp 00000000 fd:00 131073     /lib/libpthread-2.12.so
0074a000-0074b000 r--p 00016000 fd:00 131073     /lib/libpthread-2.12.so
0074b000-0074c000 rw-p 00017000 fd:00 131073     /lib/libpthread-2.12.so
0074c000-0074e000 rw-p 00000000 00:00 0
0082d000-009b6000 r-xp 00000000 fd:00 131049     /lib/libc-2.12.so
009b6000-009b7000 ---p 00189000 fd:00 131049     /lib/libc-2.12.so
009b7000-009b9000 r--p 00189000 fd:00 131049     /lib/libc-2.12.so
009b9000-009ba000 rw-p 0018b000 fd:00 131049     /lib/libc-2.12.so
009ba000-009bd000 rw-p 00000000 00:00 0
00c47000-00c64000 r-xp 00000000 fd:00 131015
/lib/libgcc_s-4.4.6-20110824.so.1
00c64000-00c65000 rw-p 0001d000 fd:00 131015
/lib/libgcc_s-4.4.6-20110824.so.1
00d69000-00e51000 r-xp 00000000 fd:00 18887
/usr/local/lib/libgnutls.so.28.3.0
00e51000-00e57000 rw-p 000e7000 fd:00 18887
/usr/local/lib/libgnutls.so.28.3.0
00ecc000-00ed3000 r-xp 00000000 fd:00 131077     /lib/librt-2.12.so
00ed3000-00ed4000 r--p 00006000 fd:00 131077     /lib/librt-2.12.so
00ed4000-00ed5000 rw-p 00007000 fd:00 131077     /lib/librt-2.12.so
08048000-0804a000 r-xp 00000000 fd:00 281891     /opt/test/server
0804a000-0804b000 rw-p 00001000 fd:00 281891     /opt/test/server
095c0000-095e1000 rw-p 00000000 00:00 0          [heap]
b77dc000-b77de000 rw-p 00000000 00:00 0
b77e2000-b77e7000 rw-p 00000000 00:00 0
bfa32000-bfa47000 rw-p 00000000 00:00 0          [stack]
Aborted
[root at localhost test]#


Is this a bug?

Best wishes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120301/6150004f/attachment.htm>

From nmav at gnutls.org  Fri Mar  2 00:32:34 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 02 Mar 2012 00:32:34 +0100
Subject: Error in GnuTLS example
In-Reply-To: <CAJm-gitYAKkxr=aBdu=2L-vCsePGDL5Cz2v-Z=M7JX7Aky6wCQ@mail.gmail.com>
References: <CAJm-gitYAKkxr=aBdu=2L-vCsePGDL5Cz2v-Z=M7JX7Aky6wCQ@mail.gmail.com>
Message-ID: <4F500712.9090907@gnutls.org>

On 03/01/2012 10:51 PM, Peter Penzov wrote:

> Hi,
>   I'm trying to run the example ex-serv-srp.c I get this error:
> 
> [root at localhost test]# ./server
> Echo Server ready. Listening to port '5556'.
> 
> - connection from 127.0.0.1, port 38141
> *** glibc detected *** ./server: double free or corruption (fasttop):
> 0x095cd5c0 ***
[...]
> Is this a bug?


You are right it is a bug. Thanks for reporting it. Unfortunately there
is no work-around, but will be solved on the next release.

regards,
Nikos



From peter.penzov at gmail.com  Fri Mar  2 00:46:06 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Fri, 2 Mar 2012 01:46:06 +0200
Subject: How to compile GnuTLS examples using headers from custom build
Message-ID: <CAJm-giuT2KZa7d0FSJmB5AkHXYEuREbE+fWZ=nawRXzHUPB0vA@mail.gmail.com>

Hi,
   I want to compile GnuTLS examples. I use this command to compile example:

gcc -o server ex-serv-srp.c  -lgnutls  -Wall -Werror -g

The problem is that I have default gnutls-2.8.5-4.el6.i686 package
installed on Centos 6.2. I suppose that when I try to compile the example
with -lgnutls argument the headers from the installed rpm are used.

I want to use headers from my custom build which is compiled in
/opt/gnutls-3.0.8. and /usr/local/lib/libgnutls.so. Where I can find the
header files into the gnutls build direcotry?
How I can include them during compilation time?

Best wishes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120302/820f8bae/attachment.htm>

From bradh at frogmouth.net  Fri Mar  2 00:56:34 2012
From: bradh at frogmouth.net (Brad Hards)
Date: Fri, 2 Mar 2012 10:56:34 +1100
Subject: How to compile GnuTLS examples using headers from custom build
In-Reply-To: <CAJm-giuT2KZa7d0FSJmB5AkHXYEuREbE+fWZ=nawRXzHUPB0vA@mail.gmail.com>
References: <CAJm-giuT2KZa7d0FSJmB5AkHXYEuREbE+fWZ=nawRXzHUPB0vA@mail.gmail.com>
Message-ID: <201203021056.34664.bradh@frogmouth.net>

On Friday 02 March 2012 10:46:06 Peter Penzov wrote:
> I want to use headers from my custom build which is compiled in
> /opt/gnutls-3.0.8. and /usr/local/lib/libgnutls.so. Where I can find the
> header files into the gnutls build direcotry?
It depends on how you built it, but if the library was installed to 
/usr/local/lib, then the headers are probably in /usr/local/include. If not, 
re-run the installation and inspect the file / directory locations.

> How I can include them during compilation time?
The -I (upper case i) option to gcc will allow this. Consult the gcc manual 
page for more details.

Brad



From peter.penzov at gmail.com  Fri Mar  2 02:56:21 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Fri, 2 Mar 2012 03:56:21 +0200
Subject: How to run the ex-serv-psk.c example
Message-ID: <CAJm-givdbBx40bPm1TXygh08UASjfw-e2qN1amz8LgK5L9UboQ@mail.gmail.com>

I'm trying to run the example ex-serv-psk.c from gnutls 3.0.14.

I generated self signed certificate using these commands:

certtool --generate-privkey --outfile key.pem
certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem

 I compiled the examples ex-serv-psk.c and ex-client-psk.c. When I try to
run them I get this error:

[root at localhost test]# ./server
Server ready. Listening to port '5556'.

- connection from 127.0.0.1, port 38184
*** Handshake has failed (The TLS connection was non-properly terminated.)


[root at localhost test]# ./client
*** Handshake failed
GnuTLS error: Insufficient credentials for that request.
[root at localhost test]#

Is it do I need something else to run these examples?
I modified some o
#define KEYFILE "key.pem"
#define CERTFILE "cert.pem"
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define CRLFILE "crl.pem"

How I must create CAFILE and CRLFILE? I created self-signed certificate. Do
I need these files in this case?

Best wishes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120302/778f67c0/attachment.htm>

From simon at josefsson.org  Fri Mar  2 14:16:52 2012
From: simon at josefsson.org (Simon Josefsson)
Date: Fri, 02 Mar 2012 14:16:52 +0100
Subject: Error Code -56
In-Reply-To: <CA+oneTypsJPTMaBSgQunM2ZSeDeszKKwE5HU4Q-Z387mrwJNrQ@mail.gmail.com>
	(Karthik Ragunath's message of "Thu, 1 Mar 2012 16:01:57 -0800")
References: <CAF1RuCGDsqhv1jOtLct0z8inMvFb34b0pq51O98pwsYyRaJTyA@mail.gmail.com>
	<87boogsh0m.fsf@latte.josefsson.org>
	<CAF1RuCFU=RrHXssz7FV5ifqkJC=trGwE+CyyOLXJsNZcXu2Tqg@mail.gmail.com>
	<CA+oneTypsJPTMaBSgQunM2ZSeDeszKKwE5HU4Q-Z387mrwJNrQ@mail.gmail.com>
Message-ID: <87pqcvp2gr.fsf@latte.josefsson.org>

Karthik Ragunath <btechit.kragu at gmail.com> writes:

> Hi Simon,
> The error -56 is actually triggered as the return value in the following
> call
> ret =_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_FOOBAR,
>                                   &epriv);
> at the client side before we try to set the relevant data in the set method
> of the extension.

Sounds like you mixed up the directionality, clients usually send
extension data before receiving it, so it is normal for there to be no
extension data in a client that is sending.  Try skipping the above step
and just let the client send its data.  Use wireshark to check that the
extension was sent.  Then work on the server side...

/Simon


>
> We are trying to use the server name extension as a guide to build our own
> extension
>
> I guess we are missing something to register/enable the extension, but we
> followed the instructions as specified in the manual.
>
> Would be greatly helpful if you could help us troubleshoot the issue.
>
> Thanks,
> Karthik
>
>
>>
>> ---------- Forwarded message ----------
>> From: Simon Josefsson <simon at josefsson.org>
>> Date: Thu, Mar 1, 2012 at 3:22 AM
>> Subject: Re: Error Code -56
>> To: Mihir Kulkarni <mihirk.31 at gmail.com>
>> Cc: help-gnutls at gnu.org
>>
>>
>> Mihir Kulkarni <mihirk.31 at gmail.com> writes:
>>
>> > Hello,
>> > We are trying out with Gnutls. We have created a dummy extension Foobar
>> > following the steps given in the manual. We are using
>> > "_gnutls_ext_set_session_data" in the client and then using
>> > "_gnutls_ext_get_session_data" in the server to retrieve the data. The
>> > value gets set correctly in client but when we retrieve it in the server,
>> > the get function returns -56 as error code. Our implementation of Foobar
>> > extension is almost similar to server-name extension already present in
>> > Gnutls.
>> > Can someone give some clarification as to what might be going wrong? Do
>> let
>> > me know if more information is needed.
>>
>> The error -56 means GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, see gnutls.h.
>> Try running the server with debug logging and enabled, and in
>> particular, try to find exactly where the -56 error is triggered.
>>
>> /Simon
>>
>>



From nmav at gnutls.org  Fri Mar  2 19:22:00 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 02 Mar 2012 19:22:00 +0100
Subject: gnutls 2.12.16
Message-ID: <4F510FC8.6030505@gnutls.org>

Hello,
 I've just released gnutls 2.12.17. It includes several
bug fixes.

Version 2.12.17 (released 2012-03-02)

** libgnutls: Corrections in record packet parsing.
Reported by Matthew Hall.

** libgnutls: Fixes in SRP authentication.

** libgnutls: Added function to force explicit reinitialization
of PKCS #11 modules. This is required on the child process after
a fork.

** libgnutls: PKCS #11 objects that do not have ID
no longer crash listing. Reported by Sven Geggus.

** API and ABI modifications:
gnutls_pkcs11_reinit: Added


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/?.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the BZIP2 compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.17.tar.bz2.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Fri Mar  2 19:37:04 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 02 Mar 2012 19:37:04 +0100
Subject: How to run the ex-serv-psk.c example
In-Reply-To: <CAJm-givdbBx40bPm1TXygh08UASjfw-e2qN1amz8LgK5L9UboQ@mail.gmail.com>
References: <CAJm-givdbBx40bPm1TXygh08UASjfw-e2qN1amz8LgK5L9UboQ@mail.gmail.com>
Message-ID: <4F511350.6070507@gnutls.org>

On 03/02/2012 02:56 AM, Peter Penzov wrote:

> I'm trying to run the example ex-serv-psk.c from gnutls 3.0.14.
> 
> I generated self signed certificate using these commands:
> 
> certtool --generate-privkey --outfile key.pem
> certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem
> 
>  I compiled the examples ex-serv-psk.c and ex-client-psk.c. When I try to
> run them I get this error:
> 
> [root at localhost test]# ./server
> Server ready. Listening to port '5556'.
> 
> - connection from 127.0.0.1, port 38184
> *** Handshake has failed (The TLS connection was non-properly terminated.)

You can connect to the example server using gnutls-cli. The example
client requires to add "+PSK" to the priority string. I've corrected
it on the documentation.

> Is it do I need something else to run these examples?
> I modified some o
> #define KEYFILE "key.pem"
> #define CERTFILE "cert.pem"
> #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
> #define CRLFILE "crl.pem"
> How I must create CAFILE and CRLFILE? I created self-signed certificate. Do
> I need these files in this case?


CAFILE and CRLFILE are not currently used in the currently supported
PSK ciphersuites so you could ignore them. I didn't remove them because
it is planned for the RSA-PSK ciphersuite to be added which will use
them.

regards,
Nikos



From nmav at gnutls.org  Fri Mar  2 19:42:05 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 02 Mar 2012 19:42:05 +0100
Subject: gnutls 3.0.15
Message-ID: <4F51147D.4090907@gnutls.org>

Hello,
 I've just released gnutls 3.0.15. This is a bug-fix release on the
current stable branch.

* Version 3.0.15 (released 2012-03-02)

** test suite: Only run under valgrind in the development
system (the full git repository)

** command line apps: Link with local libopts if the
installed is an old one.

** libgnutls: Eliminate double free during SRP
authentication. Reported by Peter Penzov.

** libgnutls: Corrections in record packet parsing.
Reported by Matthew Hall.

** libgnutls: Cryptodev updates and fixes.

** libgnutls: Corrected issue with select() that affected
FreeBSD. This prevented establishing DTLS sessions.
Reported by Andreas Metzler.

** libgnutls: Corrected rehandshake and resumption
operations in DTLS. Reported by Sean Buckheister.

** libgnutls: PKCS #11 objects that do not have ID
no longer crash listing. Reported by Sven Geggus.

** API and ABI modifications:
No changes since last version.

Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.15.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.15.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.15.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From peter.penzov at gmail.com  Fri Mar  2 22:09:07 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Fri, 2 Mar 2012 23:09:07 +0200
Subject: Received corrupted data(-54). Closing the connection.
Message-ID: <CAJm-gitAqJaxM+LaQY31Cq03xk=gMR6EigMduJ6YtNk3myffCQ@mail.gmail.com>

Hi,
  I'm working on a example with GnuTLS - ex-serv-x509.c. I made a loop
insight the client which makes a connection with the server and sends 200
times simple string. The interesting part in when I type Ctrl+C and I kill
the client I get this error on the server?

[root at localhost test]# ./server
Server ready. Listening to port '5556'.

- connection from 127.0.0.1, port 41441
- Handshake was completed

*** Received corrupted data(-54). Closing the connection.


[root at localhost test]#

Why the server crashes when I kill the client?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120302/3c56a84e/attachment.htm>

From nmav at gnutls.org  Fri Mar  2 22:26:56 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 02 Mar 2012 22:26:56 +0100
Subject: Received corrupted data(-54). Closing the connection.
In-Reply-To: <CAJm-gitAqJaxM+LaQY31Cq03xk=gMR6EigMduJ6YtNk3myffCQ@mail.gmail.com>
References: <CAJm-gitAqJaxM+LaQY31Cq03xk=gMR6EigMduJ6YtNk3myffCQ@mail.gmail.com>
Message-ID: <4F513B20.3080809@gnutls.org>

On 03/02/2012 10:09 PM, Peter Penzov wrote:

> Hi,
>   I'm working on a example with GnuTLS - ex-serv-x509.c. I made a loop
> insight the client which makes a connection with the server and sends 200
> times simple string. The interesting part in when I type Ctrl+C and I kill
> the client I get this error on the server?
> 
> [root at localhost test]# ./server
> Server ready. Listening to port '5556'.
> 
> - connection from 127.0.0.1, port 41441
> - Handshake was completed
> *** Received corrupted data(-54). Closing the connection.
> Why the server crashes when I kill the client?


This is not a crash. This is an error from your server.
In your case gnutls propagated an error from recv() to
your server. Whether to accept more connections or exit
is up to your application.

In TLS it is recommended to terminate the sessions on
the TLS layer as in:
http://www.gnu.org/software/gnutls/manual/html_node/Data-transfer-and-termination.html#Data-transfer-and-termination

regards,
Nikos



From peter.penzov at gmail.com  Sun Mar  4 18:56:34 2012
From: peter.penzov at gmail.com (Peter Penzov)
Date: Sun, 4 Mar 2012 19:56:34 +0200
Subject: Examples with GnuTLS and Java
Message-ID: <CAJm-gis2Qo6BGMZU1YPjV8kuqrtaAjwnBs7JzYvVArbwwj+xoA@mail.gmail.com>

Hi,
   I'm looking for examples with GnuTLS and Java. Are there any links with
examples which you can recommend me?

Best wishes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120304/046ecc23/attachment.htm>

From mrsam at courier-mta.com  Sun Mar  4 19:52:12 2012
From: mrsam at courier-mta.com (Sam Varshavchik)
Date: Sun, 04 Mar 2012 13:52:12 -0500
Subject: Examples with GnuTLS and Java
References: <CAJm-gis2Qo6BGMZU1YPjV8kuqrtaAjwnBs7JzYvVArbwwj+xoA@mail.gmail.com>
Message-ID: <cone.1330887132.913802.6963.1000@monster.email-scan.com>

Peter Penzov writes:

> Hi,
> ?? I'm looking for examples with GnuTLS and Java. Are there any links with  
> examples which you can recommend me?

GnuTLS is a C library. Java has its own implementation of SSL and TLS.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20120304/ccf87245/attachment.pgp>

From mihirk at uci.edu  Fri Mar  9 04:09:33 2012
From: mihirk at uci.edu (Mihir Kulkarni)
Date: Thu, 8 Mar 2012 19:09:33 -0800
Subject: Unable to access contents of "gnutls_session_int" in client code
Message-ID: <CAF1RuCEUM1S6B4PA5nwQMMAYGPvYFTzr3VeX1q4h1DO3cSqHtw@mail.gmail.com>

Hello,
I am using the simple client with anonymous authentication code given on
the gnutls page. In the code after the line:
*gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",*
*                              NULL);*
when I try to access contents of session like
"*session->internals.priorities.cipher.priority[0]"
*or any other variable from the structure "priorities", it throws me a
"dereferencing pointer to incomplete type error". I tried using these lines
in X.509 authentication code for client too. But it gives me the same error.
1. Am I trying to access the contents at the wrong location?
2. Is it that "session" is not filled with the values I'm trying to access?

Please let me know where I'm going wrong. Thank you in advance.

regards,
Mihir Kulkarni
Graduate Student
University of California, Irvine
https://sites.google.com/site/mihirkulkarni31/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120308/8fe3e4c2/attachment.htm>

From nmav at gnutls.org  Fri Mar  9 09:33:05 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 09 Mar 2012 09:33:05 +0100
Subject: Unable to access contents of "gnutls_session_int" in client code
In-Reply-To: <CAF1RuCEUM1S6B4PA5nwQMMAYGPvYFTzr3VeX1q4h1DO3cSqHtw@mail.gmail.com>
References: <CAF1RuCEUM1S6B4PA5nwQMMAYGPvYFTzr3VeX1q4h1DO3cSqHtw@mail.gmail.com>
Message-ID: <4F59C041.5090807@gnutls.org>

On 03/09/2012 04:09 AM, Mihir Kulkarni wrote:

> Hello,
> I am using the simple client with anonymous authentication code given on
> the gnutls page. In the code after the line:
> *gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",*
> *                              NULL);*
> when I try to access contents of session like
> "*session->internals.priorities.cipher.priority[0]"
> *or any other variable from the structure "priorities", it throws me a
> "dereferencing pointer to incomplete type error". I tried using these lines
> in X.509 authentication code for client too. But it gives me the same error.
> 1. Am I trying to access the contents at the wrong location?


This is what an API is about. You can only access the session using the
documented functions.

> 2. Is it that "session" is not filled with the values I'm trying to access?

It is the correct. If you need to access the session anyway you can only
do it by modifying the gnutls source code by adding a new function.

regards,
Nikos



From lists at fuchsschwanzdomain.de  Thu Mar 15 12:57:04 2012
From: lists at fuchsschwanzdomain.de (Sven Geggus)
Date: Thu, 15 Mar 2012 11:57:04 +0000 (UTC)
Subject: Verifying server certificate failed?!
Message-ID: <jjsleg$ibu$1@ultimate100.geggus.net>

Hello,

calling https://iad.iosb.fraunhofer.de/~geg/ using a Webbrowser gives me a
valid TLS connection.

So does "gnutls-cli iad.iosb.fraunhofer.de -p 443"

But calling the following dows not work:
gnutls-cli iad.iosb.fraunhofer.de -p 443 --x509cafile /etc/ssl/certs/ca-certificates.crt
Processed 142 CA certificate(s).
Resolving 'iad.iosb.fraunhofer.de'...
Connecting to '153.96.8.17:443'...
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

Is this a Bug in gnutls or a missconfiguration of my Apache Server?

Sven

-- 
The source code is not comprehensible
                 (found in bug section of man 8 telnetd on Redhat Linux)

/me is giggls at ircnet, http://sven.gegg.us/ on the Web



From rich at kde.org  Thu Mar 15 13:53:39 2012
From: rich at kde.org (Richard Moore)
Date: Thu, 15 Mar 2012 12:53:39 +0000
Subject: Verifying server certificate failed?!
In-Reply-To: <jjsleg$ibu$1@ultimate100.geggus.net>
References: <jjsleg$ibu$1@ultimate100.geggus.net>
Message-ID: <CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>

Your chain file includes the root certificate as well as the
intermediate certificate. You should not be transmitting that one
(though I think GnuTLS should ignore it and would regard it as a bug
if it doesn't).

Cheers

Rich.

On 15 March 2012 11:57, Sven Geggus <lists at fuchsschwanzdomain.de> wrote:
> Hello,
>
> calling https://iad.iosb.fraunhofer.de/~geg/ using a Webbrowser gives me a
> valid TLS connection.
>
> So does "gnutls-cli iad.iosb.fraunhofer.de -p 443"
>
> But calling the following dows not work:
> gnutls-cli iad.iosb.fraunhofer.de -p 443 --x509cafile /etc/ssl/certs/ca-certificates.crt
> Processed 142 CA certificate(s).
> Resolving 'iad.iosb.fraunhofer.de'...
> Connecting to '153.96.8.17:443'...
> *** Verifying server certificate failed...
> *** Fatal error: Error in the certificate.
> *** Handshake has failed
> GnuTLS error: Error in the certificate.
>
> Is this a Bug in gnutls or a missconfiguration of my Apache Server?
>
> Sven
>
> --
> The source code is not comprehensible
> ? ? ? ? ? ? ? ? (found in bug section of man 8 telnetd on Redhat Linux)
>
> /me is giggls at ircnet, http://sven.gegg.us/ on the Web
>
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> https://lists.gnu.org/mailman/listinfo/help-gnutls



From lists at fuchsschwanzdomain.de  Thu Mar 15 16:19:08 2012
From: lists at fuchsschwanzdomain.de (Sven Geggus)
Date: Thu, 15 Mar 2012 15:19:08 +0000 (UTC)
Subject: Verifying server certificate failed?!
References: <jjsleg$ibu$1@ultimate100.geggus.net>
	<CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>
Message-ID: <jjt19c$m4i$1@ultimate100.geggus.net>

Richard Moore <rich at kde.org> wrote:

> Your chain file includes the root certificate as well as the
> intermediate certificate. You should not be transmitting that one

There has been one unrelated certificate (the one for the User CA) in the
chain which caused the problem. Sending the root cert is probably tolerated.
I did not check this.

What I have now is the following:
SSLCertificateChainFile /path/to/file/with/all/intermediate/certs
SSLCACertificateFile  /path/to/file/with/all/certs/including/root

Anything else causes trouble. My first try has been to put all certificates
into one file and point SSLCertificateChainFile and SSLCACertificateFile
to this file.

So I definitely think gnutls should be more tolerant about certificates
which are not in use but provided anyway.

Regards

Sven

-- 
"In my opinion MS is a lot better at making money than it is at making good
operating systems" (Linus Torvalds, August 1997)

/me is giggls at ircnet, http://sven.gegg.us/ on the Web



From nmav at gnutls.org  Thu Mar 15 19:05:40 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 15 Mar 2012 19:05:40 +0100
Subject: Verifying server certificate failed?!
In-Reply-To: <jjt19c$m4i$1@ultimate100.geggus.net>
References: <jjsleg$ibu$1@ultimate100.geggus.net>	<CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>
	<jjt19c$m4i$1@ultimate100.geggus.net>
Message-ID: <4F622F74.9020608@gnutls.org>

On 03/15/2012 04:19 PM, Sven Geggus wrote:

> So I definitely think gnutls should be more tolerant about

> certificates which are not in use but provided anyway.


I don't think this is a good idea. The protocol exactly specifies which
certificates should be present. It does not allow any kind of additional
information to be present so by providing it you violate the protocol.

On the practical side, a simpler parser allows for simpler code and
thus less bugs.

regards,
Nikos



From lists at fuchsschwanzdomain.de  Thu Mar 15 23:11:02 2012
From: lists at fuchsschwanzdomain.de (Sven Geggus)
Date: Thu, 15 Mar 2012 22:11:02 +0000 (UTC)
Subject: Verifying server certificate failed?!
References: <jjsleg$ibu$1@ultimate100.geggus.net>
	<CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>
	<jjt19c$m4i$1@ultimate100.geggus.net> <4F622F74.9020608@gnutls.org>
Message-ID: <jjtpdm$v7n$1@ultimate100.geggus.net>

Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> I don't think this is a good idea. The protocol exactly specifies which
> certificates should be present. It does not allow any kind of additional
> information to be present so by providing it you violate the protocol.

RFC documents are not set in stone. Quite the opposite, their sole
purpose is to enable interoperability. So if breaking the rules is
good for interoperability the RFC should be changed in the first
place.

Back to the original discussion. FF, chrome and even IE do not care about
the unnecessary certificates at all.

> On the practical side, a simpler parser allows for simpler code and
> thus less bugs.

*granted*

Sven

-- 
"Der wichtigste Aspekt, den Sie vor der Entscheidung f?r ein Open
Source-Betriebssystem bedenken sollten, ist, dass Sie kein
Windows-Betriebssystem erhalten." (von http://www.dell.de/ubuntu)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web



From tzz at lifelogs.com  Fri Mar 16 13:00:54 2012
From: tzz at lifelogs.com (Ted Zlatanov)
Date: Fri, 16 Mar 2012 08:00:54 -0400
Subject: Verifying server certificate failed?!
References: <jjsleg$ibu$1@ultimate100.geggus.net>
	<CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>
	<jjt19c$m4i$1@ultimate100.geggus.net> <4F622F74.9020608@gnutls.org>
Message-ID: <871uosah6x.fsf@lifelogs.com>

On Thu, 15 Mar 2012 19:05:40 +0100 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: 

NM> On 03/15/2012 04:19 PM, Sven Geggus wrote:
>> So I definitely think gnutls should be more tolerant about
>> certificates which are not in use but provided anyway.

NM> I don't think this is a good idea. The protocol exactly specifies which
NM> certificates should be present. It does not allow any kind of additional
NM> information to be present so by providing it you violate the protocol.

NM> On the practical side, a simpler parser allows for simpler code and
NM> thus less bugs.

Could the error message be improved, if that doesn't complicate the code
too much?

Ted




From rich at kde.org  Fri Mar 16 13:26:56 2012
From: rich at kde.org (Richard Moore)
Date: Fri, 16 Mar 2012 12:26:56 +0000
Subject: Verifying server certificate failed?!
In-Reply-To: <4F622F74.9020608@gnutls.org>
References: <jjsleg$ibu$1@ultimate100.geggus.net>
	<CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>
	<jjt19c$m4i$1@ultimate100.geggus.net> <4F622F74.9020608@gnutls.org>
Message-ID: <CAMp7mVsGgXCLzses6P5GxR4FiHMF6-o5+0HgGQ+kiH+vZkpupQ@mail.gmail.com>

On 15 March 2012 18:05, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On 03/15/2012 04:19 PM, Sven Geggus wrote:
>
>> So I definitely think gnutls should be more tolerant about
>
>> certificates which are not in use but provided anyway.
>
>
> I don't think this is a good idea. The protocol exactly specifies which
> certificates should be present. It does not allow any kind of additional
> information to be present so by providing it you violate the protocol.
>
> On the practical side, a simpler parser allows for simpler code and
> thus less bugs.

I can see your point, but for compatibility reasons all browsers
generally cache intermediate certificates and will automatically use
them should a site fail to provide them, and in addition they will
skip any extra certificates a site may send. If gnutls doesn't either
do this automatically, or at least provide a means for applications to
do so then it is going to lead to a bunch of frustrated and confused
users.

Having spent quite a lot of time explaining how to address missing
intermediate certificates even to the administrators of banking web
sites, I think it will be a lot easier all round to accept a little
more complexity in this part of the code.

Cheers

Rich.



From nmav at gnutls.org  Fri Mar 16 18:41:09 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Mar 2012 18:41:09 +0100
Subject: gnutls 2.12.18
Message-ID: <4F637B35.9040402@gnutls.org>

Hello,
 I've just released gnutls 2.12.18. It includes several
bug fixes.

Version 2.12.18 (released 2012-03-16)

** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release).

** Corrected SRP-RSA ciphersuites when used under TLS 1.2.

** Fixed leaks in key generation. Reported by Sam Varshavchik,
patch by Tomas Mraz.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/?.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the BZIP2 compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.18.tar.bz2.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Fri Mar 16 18:46:36 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Mar 2012 18:46:36 +0100
Subject: gnutls 3.0.16
Message-ID: <4F637C7C.2080105@gnutls.org>

Hello,
 I've just released gnutls 3.0.16. This is a bug-fix release on the
current stable branch.

* Version 3.0.16 (released 2012-03-16)

** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release).

** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2.

** libgnutls: included assembler files for MacOSX.

** p11tool: Small fixes in handling of the --private command
line option.

** certtool: The template option allows for setting the domain
component (DC) option of the distinguished name, and the ocsp_uri
as well as the ca_issuers_uri options.

** API and ABI modifications:
gnutls_x509_crt_set_authority_info_access: Added


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.16.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.16.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.16.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Sat Mar 17 10:08:42 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 17 Mar 2012 10:08:42 +0100
Subject: gnutls 3.0.17
Message-ID: <4F64549A.2030201@gnutls.org>

Hello,
 I've just released gnutls 3.0.17, which fixes a build problem
in the included programs of 3.0.16.

* Version 3.0.17 (released 2012-03-17)

** command line apps: Always link with local libopts.

** API and ABI modifications:
No changes since last version.

Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.17.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.17.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.17.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Sat Mar 17 13:19:52 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 17 Mar 2012 13:19:52 +0100
Subject: google summer of code
Message-ID: <4F648168.4030601@gnutls.org>

Hello,
 I've put some ideas for projects for google summer of code (we'll
participate via GNU) at:
http://www.gnu.org/software/gnutls/soc.html

If you have any other suggestions or willing to participate as a mentor
please let me know as soon (we need a backup mentor).

regards,
Nikos



From nmav at gnutls.org  Sat Mar 17 13:47:54 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 17 Mar 2012 13:47:54 +0100
Subject: Verifying server certificate failed?!
In-Reply-To: <CAMp7mVsGgXCLzses6P5GxR4FiHMF6-o5+0HgGQ+kiH+vZkpupQ@mail.gmail.com>
References: <jjsleg$ibu$1@ultimate100.geggus.net>	<CAMp7mVvSDU2ZBzp5LyhnX1ag41FoOGXS2KxaMYjA6td0U1Absw@mail.gmail.com>	<jjt19c$m4i$1@ultimate100.geggus.net>
	<4F622F74.9020608@gnutls.org>
	<CAMp7mVsGgXCLzses6P5GxR4FiHMF6-o5+0HgGQ+kiH+vZkpupQ@mail.gmail.com>
Message-ID: <4F6487FA.7030107@gnutls.org>

On 03/16/2012 01:26 PM, Richard Moore wrote:

>> 
>> On the practical side, a simpler parser allows for simpler code
>> and thus less bugs.
> I can see your point, but for compatibility reasons all browsers 
> generally cache intermediate certificates and will automatically use 
> them should a site fail to provide them, and in addition they will 
> skip any extra certificates a site may send. If gnutls doesn't
> either do this automatically, or at least provide a means for
> applications to do so then it is going to lead to a bunch of
> frustrated and confused users.


gnutls is tolerant and if the correct chain is provided
in the front of the list then it will verify the chain and not complain.
The problem is if there is no proper chain e.g if certificates are
thrown in a random order.

> Having spent quite a lot of time explaining how to address missing 
> intermediate certificates even to the administrators of banking web 
> sites, I think it will be a lot easier all round to accept a little 
> more complexity in this part of the code.


I understand. It should have been though that their software should
have reordered the provided list or should have failed due to an
unordered list (gnutls servers don't allow you to provide illegal chains).

It is not currently in my todo list, but if there is a simple an clean
patch to re-order the certificate list prior to verification I'll accept it.

regards,
Nikos



From dkg at fifthhorseman.net  Sat Mar 17 17:51:15 2012
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Sat, 17 Mar 2012 12:51:15 -0400
Subject: google summer of code
In-Reply-To: <4F648168.4030601@gnutls.org>
References: <4F648168.4030601@gnutls.org>
Message-ID: <4F64C103.2020004@fifthhorseman.net>

On 03/17/2012 08:19 AM, Nikos Mavrogiannopoulos wrote:
> Hello,
>   I've put some ideas for projects for google summer of code (we'll
> participate via GNU) at:
> http://www.gnu.org/software/gnutls/soc.html
>
> If you have any other suggestions or willing to participate as a mentor
> please let me know as soon (we need a backup mentor).

I'd be willing to act as a backup mentor, if you think that'd be 
appropriate.

	--dkg



From nmav at gnutls.org  Sat Mar 17 20:56:51 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 17 Mar 2012 20:56:51 +0100
Subject: google summer of code
In-Reply-To: <4F64C103.2020004@fifthhorseman.net>
References: <4F648168.4030601@gnutls.org> <4F64C103.2020004@fifthhorseman.net>
Message-ID: <4F64EC83.709@gnutls.org>

On 03/17/2012 05:51 PM, Daniel Kahn Gillmor wrote:

>>   I've put some ideas for projects for google summer of code (we'll
>> participate via GNU) at:
>> http://www.gnu.org/software/gnutls/soc.html
>> If you have any other suggestions or willing to participate as a mentor
>> please let me know as soon (we need a backup mentor).
> I'd be willing to act as a backup mentor, if you think that'd be
> appropriate.


Thank you Daniel. I've added you.




From nmav at gnutls.org  Sun Mar 18 19:43:35 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 18 Mar 2012 19:43:35 +0100
Subject: google summer of code
In-Reply-To: <4F648168.4030601@gnutls.org>
References: <4F648168.4030601@gnutls.org>
Message-ID: <4F662CD7.20006@gnutls.org>

On 03/17/2012 01:19 PM, Nikos Mavrogiannopoulos wrote:

> Hello,
>  I've put some ideas for projects for google summer of code (we'll
> participate via GNU) at:
> http://www.gnu.org/software/gnutls/soc.html


Please feel free to forward our ideas page to interested students!


regards,
Nikos



From carson at wistly.net  Tue Mar 20 14:23:47 2012
From: carson at wistly.net (Carson Chittom)
Date: Tue, 20 Mar 2012 08:23:47 -0500
Subject: gnutls 3.0.17
References: <4F64549A.2030201@gnutls.org>
Message-ID: <4pobrrz9r0.fsf@wistly.net>

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> Hello,
>  I've just released gnutls 3.0.17, which fixes a build problem
> in the included programs of 3.0.16.
>
> * Version 3.0.17 (released 2012-03-17)
>
> ** command line apps: Always link with local libopts.

I'm guessing that this is the problem I'm seeing with the Win32 binary
of 3.0.16 from http://homes.esat.kuleuven.be/~nikos/gnutls-win32/ as
running gnutls-cli gives me the error (on WinXP, if it matters):

        Automated Options Processing Error!
        gnutls-cli called AutoOpts function with structure version 36:0:4.
        This exceeds the compiled library version:  AO_CURRENT:AO_REVISION:AO_A
E

Would it be possible, then, to update the Win32 binary?  Or am I off
base as to the problem here?

With many thanks,
Carson Chittom




From nmav at gnutls.org  Tue Mar 20 18:37:16 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Tue, 20 Mar 2012 18:37:16 +0100
Subject: gnutls 3.0.17
In-Reply-To: <4pobrrz9r0.fsf@wistly.net>
References: <4F64549A.2030201@gnutls.org> <4pobrrz9r0.fsf@wistly.net>
Message-ID: <4F68C04C.10402@gnutls.org>

On 03/20/2012 02:23 PM, Carson Chittom wrote:

> I'm guessing that this is the problem I'm seeing with the Win32 binary
> of 3.0.16 from http://homes.esat.kuleuven.be/~nikos/gnutls-win32/ as
> running gnutls-cli gives me the error (on WinXP, if it matters):
> 
>         Automated Options Processing Error!
>         gnutls-cli called AutoOpts function with structure version 36:0:4.
>         This exceeds the compiled library version:  AO_CURRENT:AO_REVISION:AO_A
> E
> 
> Would it be possible, then, to update the Win32 binary?  


updated.

regards,
Nikos




From carson at wistly.net  Tue Mar 20 18:47:44 2012
From: carson at wistly.net (Carson Chittom)
Date: Tue, 20 Mar 2012 12:47:44 -0500
Subject: gnutls 3.0.17
References: <4F64549A.2030201@gnutls.org> <4pobrrz9r0.fsf@wistly.net>
	<4F68C04C.10402@gnutls.org>
Message-ID: <4py5qvxiyn.fsf@mspb.ms.gov>

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

>> Would it be possible, then, to update the Win32 binary?  
>
>
> updated.

Thanks!  Runs without error.  





From randomproof at fastmail.us  Fri Mar 23 17:27:40 2012
From: randomproof at fastmail.us (Steven Hudson)
Date: Fri, 23 Mar 2012 09:27:40 -0700
Subject: Option to disable encryption?
Message-ID: <4F6CA47C.4060200@fastmail.us>

I was wondering if I can include an option to disable encryption by 
doing this:
gnutls_priority_set_direct(session, "NONE:+COMP-ALL", NULL);

This would allow me to use the compression option but not encryption? 
Or would this just fail to connect?



From nmav at gnutls.org  Sat Mar 24 01:25:08 2012
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 24 Mar 2012 01:25:08 +0100
Subject: Option to disable encryption?
In-Reply-To: <4F6CA47C.4060200@fastmail.us>
References: <4F6CA47C.4060200@fastmail.us>
Message-ID: <4F6D1464.1040804@gnutls.org>

On 03/23/2012 05:27 PM, Steven Hudson wrote:

> I was wondering if I can include an option to disable encryption by
> doing this:
> gnutls_priority_set_direct(session, "NONE:+COMP-ALL", NULL);
> 
> This would allow me to use the compression option but not encryption? Or
> would this just fail to connect?


It is not that simple. You need to use the NULL cipher to disable
encryption. An example could be:
"NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS-ALL:+KX-ALL"

regards,
Nikos