From yskim90 at gmail.com Mon Aug 4 16:18:19 2014 From: yskim90 at gmail.com (Youngsok Kim) Date: Mon, 4 Aug 2014 23:18:19 +0900 Subject: [gnutls-help] Obtaining client_write_{MAC_secret, key, IV} via gnutls_prf() function Message-ID: Hello, Could anyone provide assistance with obtaining client_write_{MAC_secret,key,IV} of an active TLS/SSL session? I'm trying to obtain these values for offload the data encryption and decryption routines to an accelerator without modifying GnuTLS's source codes. According to TLS 1.0 RFC (#2246), we can obtain the key_block containing the values using PRF. Thus, I used gnutls_prf() function to obtain the key_block as follows: // obtain 'key_block' unsigned long key_block_size = hash_size * 2 + key_size * 2 + IV_size * 2; unsigned char key_block[key_block_size]; err = gnutls_prf(m_session, 13, "key expansion", 1, 0, NULL, key_block_size, (char *)key_block); if (err != GNUTLS_E_SUCCESS) { fprintf(stderr, "ERROR: %s() failed!\n", "gnutls_prf"); gnutls_perror(err); exit(-1); } where hash_size, key_size, and IV_size are 20, 16, and 16, respectively as I'm using TLS v1.0 with TLS_RSA_WITH_AES_128_CBC_SHA. Then, client_write_MAC_secret, client_write_key, client_write_IV should be key_block[0:19], key_block[40:55], and key_block[72:87], respectively. However, it seems like I am getting incorrect client_write_key and client_write_IV. The data encrypted with the obtained key and IV does not match the one I get with gnutls_record_send() function. It's definitely not the encryption & decryption problem as I am using gnutls_cipher_{encrypt,decrypt} for now and verified their correctness separately. Am I using gnutls_prf() function in a wrong way? Otherwise, are hash_size, key_size, and IV_size I am using somewhat wrong for TLS_RSA_WITH_AES_128_CBC_SHA? FYI, I'm using GnuTLS v3.3.6. Any help would be greatly appreciated. Thanks, Youngsok -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Tue Aug 5 02:15:05 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 05 Aug 2014 02:15:05 +0200 Subject: [gnutls-help] Obtaining client_write_{MAC_secret, key, IV} via gnutls_prf() function In-Reply-To: References: Message-ID: <1407197705.2378.12.camel@nomad.lan> On Mon, 2014-08-04 at 23:18 +0900, Youngsok Kim wrote: > Hello, > Could anyone provide assistance with obtaining > client_write_{MAC_secret,key,IV} of an active TLS/SSL session? I'm > trying to obtain these values for offload the data encryption and > decryption routines to an accelerator without modifying GnuTLS's > source codes. There is no straightforward way to export the TLS session secrets. Which accelerator do you use for off-loading? gnutls supports cryptodev and more can be registered using gnutls_crypto_single_cipher_register(), gnutls_crypto_single_mac_register() etc. If you are using one with free software drivers consider contributing it back with that API. A direct way to extract the calculated secrets (which is recommended for debugging only as it will break on any future upgrade of gnutls) is to export gnutls_session_int and security_parameters in your program. > // obtain 'key_block' > unsigned long key_block_size = hash_size * 2 + key_size * 2 + > IV_size * 2; > unsigned char key_block[key_block_size]; > err = gnutls_prf(m_session, 13, "key expansion", 1, 0, NULL, > key_block_size, (char *)key_block); I believe the 4th variable should be zero (the client random is first). Note also that this construction will only work if you negotiate TLS 1.0 or later. regards, Nikos From Venkata.Chaitanya at GainSpan.com Tue Aug 5 08:47:41 2014 From: Venkata.Chaitanya at GainSpan.com (Venkata Chaitanya) Date: Mon, 4 Aug 2014 23:47:41 -0700 Subject: [gnutls-help] TLS renegotiation Message-ID: <3582894D7E3C1141A7D0D3132B8EC38B386E8A99DB@GS-EX01.GainSpan.LAN> Hi, Can any one assist me configuring TLS renegotiation in gnutls. Thanks, Chaitanya -------------- next part -------------- An HTML attachment was scrubbed... URL: From theoren28 at hotmail.com Sun Aug 10 12:30:57 2014 From: theoren28 at hotmail.com (Oren) Date: Sun, 10 Aug 2014 10:30:57 +0000 (UTC) Subject: [gnutls-help] Building pacemaker without gnutls Message-ID: Hi, Can you support pacemaker without gnutls as it is not FIPS compliant? This dependency may be replaced by openssl, with a configure flag to control this. Thanks, Oren From obscurite at centersierra.fr Wed Aug 20 08:42:43 2014 From: obscurite at centersierra.fr (Hodk) Date: Wed, 20 Aug 2014 08:42:43 +0200 Subject: [gnutls-help] hogweed not found Message-ID: <53F44363.6000405@centersierra.fr> -----BEGIN PGP MESSAGE----- Charset: windows-1252 Version: GnuPG v1.4.11 (GNU/Linux) hQIMA6UX7mqnsbgeAQ//SWuxdJ5/Yb29MYEJW5KMs16g77rKFGAAWitBojprRc2m 20LpY0mcD5Lcpkm0gH9UQKN4ioIdvKxms2STTRHonWlY9aLIcKCO3YMUquNdLR/i vsqcT0QzCRJOfb2HJrIKKTyMtoxnMoaNNUV9VJODolOqLPbIN+isZ45Fb3mBak1H lEBj5eY2fM2TDgAbmvVUkru5hL4glFvG7MI0NTzHziXFtceb3I1YvG9uExCiiQ1B qdL0XK1j839G/ATkPk24gKIM/BaFjf3yk1z2BRRn6GDswe28HBM74xn90cviPN79 tv1j+xw1FZQwxRDzmCrTZv4j94u4wxHPyrkohUiDHN1ZOtHC7rANYm2hA5U/+DtU g5zcIUED+dy0waxkr/MiqtTKhG1aeyWISegoYR4gKd7n0xHW+UPCJCWYeZoHprAP cHdFieZwe/pE6YGiWWRc27fCnh9fueZDuARjc3aJCVuS9dvJS6CSHhtZi6j5vBV1 4jj0W0Blbkfb/96WZrtahpfUlf4xNjxkEHcvZTEQIZtsJCZxmm75D6ds3OR2+d5Q uJQCeE0PqDU5eXUOgwTOcN0VWSlJiG0j7vJ52Cr9Y2pc6f1/BGcs4W/vvFje85Wb D+29FLqy/lRlOftOLotZng7XUUDmjhvstD0ut21udSkr1nijlR+kkAOoGNQaJ8HS 6QE72qWMmW9VYIDh3ap0CqohVHj9ni3O3nNsEE9nHcF4EYyx4WhAyIUjd+uBxScL MwSHRzBOr4LArDf6V1hdBC6QASwK29QzwQPmeNYWKNXMM8SrxgKanHnCdmAV7VLJ 9rzyIaQekkXhynHQ2Dmo0mBVGqz8kfeAT8nfTBt6JBilbqNOn5fWcIELqf0eIZPq z1OuybUoSPXl//hO0gBv4W06Rj1+DX2S0W8ZOG+iAYUNpMxB9HHYuBfBUEXPivK1 L2qhU+vyvEVAj0DKUorkLTinA02wL6afcK12fcSZIeSDsHIPr3Fw2REY+h0qm/CS Y32cT5GIwvQ+eQGfMnsC8ACpzr7i7DVaPhQ0l5A+83bGufAqv9vRouXh3FRJsKEr 40oxBnlZGk2VyBsfBwzP87g6DwXHlBjrY2gFCr/9ZL9Ld64SdJeesuAKDBAhFHf5 dB2MKVVf0ZOG+edvhwOlnxeSMz20mxhRdJKtV1FX1RSueKGEJLcuNpiZQ51kk/i/ ZF8Xjadu0TEspxjrxsql5nP7FfaLs4BoWRJtkLyNGxPYZJYyKPTEqbvN0SSnCjKS DujufZqbKdCwyg1DwFI8gI6W9yckO0WFshZkV2cT1kbSGTTvQQlYabenEcOVPbsD t/pvwug7wPqzhRjL9vLc2lRRlltsbZt9l62go48aQeHKwMr68iCT+vZQ21T8JdSj 2Paz1sYQCsdCtR4JXEP4R8Jop9wWfe2/BY8G+k1E7w6i8feGbJOWW0FHflvSXGQG PX046I8uOW9Rc7n8BVJwI6O8aKQG3gyrALfcOqlOfPBRKHLmnkQwbhdyMvnNI79u vHMJwCt959TMf96QqsMHkuoyl5VgEn9hxGqUcCOb4ojN/4q/jjhgpA6wkKkIfUXF fmbkQGfUXZsi/zONoQMgofemzHv/VrBXs6+SjVjf0gfrH/Sy7xEhokBZpZ63rrxY f56xMZHBf9sIeDnwyesGruhIAa3crZk0A51hAu6NL2sLpPCdkFwSsuTlIq7VhCcb /RaUWLe+G3bfk4zsAxc7wWyZx2n/gdb0GMFaHgnjKQvTqC0VkETLjQ0xNzsHucOw 8eKYNGWj5RlgLOyq9sS1tcYN8PqusFK9IgGWG2qgsKZvdN0Y+6IyeVIciTLdTBym hdyUFDqcZCMyvWT0F+h8rwcqonsyz528D+9yP2tXG/LYe6eMQ3FtN/3CBnNY =Pm12 -----END PGP MESSAGE----- From obscurite at centersierra.fr Wed Aug 20 09:48:28 2014 From: obscurite at centersierra.fr (Hodk) Date: Wed, 20 Aug 2014 09:48:28 +0200 Subject: [gnutls-help] libhogweed Message-ID: <53F452CC.9060703@centersierra.fr> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi , when I write in bash ./configure for gnutls-3.3.6 I get the message: checking for NETTLE... yes checking for HOGWEED... no configure: error: *** *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support. How can I solve this error, please? I have already installed hogweed4 and it does not work Thx. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJT9FLCAAoJEPwZi6wYDMx7MqcP/R1j7v+8AlJFZ55ID0Q3HJsV 4RHEyCtKH80mUkFCJvSFovFkMcwyePcJLf1CyCyS1m1M9GfXs8PvRnByqbGbU6Z1 6bwyMqKrdI+x+qWbvG0qFSUbjJaUtaTsB1KhJFpfYqos6w8z0I3dOHmGDkiUp6z0 DGeh9WSjhoMtR4DdYfejFDLb7wELd9hR/rVtkTYT8RPUvPl5yjuFnLBbbob9KZDL V4Zo7qerBRPmvw7ob27p2izY71PqVo0rGs/iB+PUuh/cf5nvRNa8Ysjz5yhrdGmw V3z0uTOx+ZTzDsncrc+ZhZ+LiLnPjs3EIJSzGgtow6zXGAicNQUTAgn1vf36Ncpj YvrSVPFcXCTzLhVtfOXLtzzPiiT2wC88OWPsgiUK7/CqKUR9n/cKLbSJei8L3JGt XlS/tjzLk3YSRq31DdODS3qy18RyCXhQcIumOK1wwnL4+gOy00Iunkbnlr+83XL0 4O5/onaNsBYQZrAGPKHELWC8eIxxvnrQtD5JoZ1wZqPjewIR04bFx9xpXL0ncOPD 9jHR1sXpfelZXlhWUG2LmbUo0v29MuEjNdNV2SdcHY99VvFFq9Ia0DJvyUfVLFYt 5CuylHY7qCTW3J4AGjxLbw6AU6cBDfRLhM7+QyFiAS7Qq7kRHFC4pClvh8eu1hlv GZeUpG+soK83uICIt/hR =oqP6 -----END PGP SIGNATURE----- From nmav at gnutls.org Wed Aug 20 10:42:37 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 20 Aug 2014 10:42:37 +0200 Subject: [gnutls-help] libhogweed In-Reply-To: <53F452CC.9060703@centersierra.fr> References: <53F452CC.9060703@centersierra.fr> Message-ID: On Wed, Aug 20, 2014 at 9:48 AM, Hodk wrote: > Hi , when I write in bash ./configure for gnutls-3.3.6 I get the message: > > checking for NETTLE... yes > checking for HOGWEED... no > configure: error: > *** > *** Libhogweed (nettle's companion library) was not found. Note that > you must compile nettle with gmp support. > > How can I solve this error, please? I have already installed hogweed4 > and it does not work Hello, What is hogweed4? Gnutls works with nettle 2.7.1, and nettle installs a library that is called libhogweed.so.2. That library is only installed if you have gmp already installed, as stated in the error message. You can verify the version of hogweed present using "pkg-config --modversion hogweed". regards, Nikos From obscurite at centersierra.fr Wed Aug 20 11:12:02 2014 From: obscurite at centersierra.fr (Hodk) Date: Wed, 20 Aug 2014 11:12:02 +0200 Subject: [gnutls-help] libhogweed In-Reply-To: References: <53F452CC.9060703@centersierra.fr> Message-ID: <53F46662.7090504@centersierra.fr> I installed gmp and get this message: Setting up libgmp3c2 (2:4.3.2+dfsg-2ubuntu1) ... Setting up pyecm (2.0-6) ... Setting up python-gmpy (1.14-3build1) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place xxx at xxx:~$ whereis hogweed.so.2 hogweed.so: xxx at xxx:~$ pkg-config --modversion hogweed Package hogweed was not found in the pkg-config search path. Perhaps you should add the directory containing `hogweed.pc' to the PKG_CONFIG_PATH environment variable No package 'hogweed' found When I write in bash "apt-cache search gmp", I get several lib and don't know which one to choose. El 20/08/14 a las 10:42, Nikos Mavrogiannopoulos escibi?: > On Wed, Aug 20, 2014 at 9:48 AM, Hodk wrote: >> Hi , when I write in bash ./configure for gnutls-3.3.6 I get the message: >> >> checking for NETTLE... yes >> checking for HOGWEED... no >> configure: error: >> *** >> *** Libhogweed (nettle's companion library) was not found. Note that >> you must compile nettle with gmp support. >> >> How can I solve this error, please? I have already installed hogweed4 >> and it does not work > Hello, > What is hogweed4? Gnutls works with nettle 2.7.1, and nettle installs > a library that is called libhogweed.so.2. That library is only > installed if you have gmp already installed, as stated in the error > message. You can verify the version of hogweed present using > "pkg-config --modversion hogweed". > > regards, > Nikos From nmav at gnutls.org Wed Aug 20 11:36:43 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 20 Aug 2014 11:36:43 +0200 Subject: [gnutls-help] libhogweed In-Reply-To: <53F46662.7090504@centersierra.fr> References: <53F452CC.9060703@centersierra.fr> <53F46662.7090504@centersierra.fr> Message-ID: On Wed, Aug 20, 2014 at 11:12 AM, Hodk wrote: > I installed gmp and get this message: > Setting up libgmp3c2 (2:4.3.2+dfsg-2ubuntu1) ... You need the libgmp-dev package. > ldconfig deferred processing now taking place > xxx at xxx:~$ whereis hogweed.so.2 hogweed is installed by nettle. You need to re-run configure and install nettle again. regards, Nikos From obscurite at centersierra.fr Wed Aug 20 13:52:59 2014 From: obscurite at centersierra.fr (Hodk) Date: Wed, 20 Aug 2014 13:52:59 +0200 Subject: [gnutls-help] hogweed missing Message-ID: <53F48C1B.1090806@centersierra.fr> I re-run ./configure for nettle-3.0 and libgmp and I still get the message: :~/Downloads/gnutls-3.3.6$ ./configure checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether make supports nested variables... (cached) yes *** *** Checking for compilation programs... checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking whether gcc understands -c and -o together... yes checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for Minix Amsterdam compiler... no checking for ar... ar checking for ranlib... ranlib checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether it is safe to define __EXTENSIONS__... yes checking whether _XOPEN_SOURCE should be defined... no checking for _LARGEFILE_SOURCE value needed for large files... no checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking dependency style of gcc... gcc3 checking the archiver (ar) interface... ar checking for g++... g++ checking whether we are using the GNU C++ compiler... yes checking whether g++ accepts -g... yes checking dependency style of g++... gcc3 checking for bison... bison -y checking for autogen... autogen checking for inline... inline checking for ANSI C header files... (cached) yes checking cpuid.h usability... yes checking cpuid.h presence... yes checking for cpuid.h... yes checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for NETTLE... yes checking for HOGWEED... no configure: error: *** *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support. xxx at xxx:~/Downloads/gnutls-3.3.6$ From nmav at gnutls.org Sun Aug 24 10:01:58 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 24 Aug 2014 10:01:58 +0200 Subject: [gnutls-help] gnutls 3.1.26 Message-ID: <1408867318.1937.1.camel@nomad.lan> Hello, I've just released gnutls 3.1.26. This is a bug-fix release on the previous stable branch. * Version 3.1.26 (released 2014-08-24) ** libgnutls: Do not call the post client hello callback twice when resuming using session tickets. ** libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: when checking the hostname of a certificate with multiple CNs ensure that the "most specific" CN is being used. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. ** p11tool: Added --so-login option to force login as security officer (admin). ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.26.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.26.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.26.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.26.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sun Aug 24 10:03:07 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 24 Aug 2014 10:03:07 +0200 Subject: [gnutls-help] gnutls 3.2.17 Message-ID: <1408867387.1937.2.camel@nomad.lan> Hello, I've just released gnutls 3.2.17. This is a bugfix release on the current stable branch. * Version 3.2.17 (released 2014-08-24) ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: when checking the hostname of a certificate with multiple CNs ensure that the "most specific" CN is being used. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.17.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.17.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.17.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.17.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sun Aug 24 10:04:38 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 24 Aug 2014 10:04:38 +0200 Subject: [gnutls-help] gnutls 3.3.7 Message-ID: <1408867478.1937.3.camel@nomad.lan> Hello, I've just released gnutls 3.3.7. This is a bug-fix release on the next-stable branch. * Version 3.3.7 (released 2014-08-24) ** libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. ** libgnutls: bundle replacements of inet_pton and inet_aton if not available. ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. ** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** p11tool: Added --info parameter. ** certtool: Added --mark-wrap parameter. ** danetool: --check will attempt to retrieve the server's certificate chain and verify against it. ** danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. ** danetool: Added openssl linking exception, to allow linking with libunbound. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added gnutls_pkcs11_privkey_export_pubkey: Added gnutls_pkcs11_obj_flags_get_str: Added gnutls_pkcs11_obj_get_flags: Added Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.7.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.7.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.7.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.7.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From rahul.mondal at atos.net Tue Aug 26 12:47:43 2014 From: rahul.mondal at atos.net (Mondal, Rahul) Date: Tue, 26 Aug 2014 10:47:43 +0000 Subject: [gnutls-help] Issue in GnuTLS windows package Message-ID: <553D072B29AB7744A4BBD318CF3E9CCA2D3ADBA0@SGSGPTS9EN5MSX.ww931.my-it-solutions.net> Hello, We are trying to build a normal client-server model with the "GnuTLS library for windows" in a Windows XP environment. The package is downloaded from ftp://ftp.gnutls.org/gcrypt/gnutls/w32/ from yours' website. The libraries contained in this package are not recognizable by the linker; they are having "*.dll.a" extension. Is there any guide for building the client/server code in Windows XP environment ? Is it the correct package for Windows ? We are referring this website http://www.gnutls.org/download.html/ Any type of guide/help will be appreciated. Regards, Rahul Mondal Bangalore [cid:image004.jpg at 01CF4A83.416F5420] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Picture (Device Independent Bitmap) 1.jpg Type: image/jpeg Size: 2763 bytes Desc: Picture (Device Independent Bitmap) 1.jpg URL: From nmav at gnutls.org Tue Aug 26 15:03:23 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 26 Aug 2014 15:03:23 +0200 Subject: [gnutls-help] Issue in GnuTLS windows package In-Reply-To: <553D072B29AB7744A4BBD318CF3E9CCA2D3ADBA0@SGSGPTS9EN5MSX.ww931.my-it-solutions.net> References: <553D072B29AB7744A4BBD318CF3E9CCA2D3ADBA0@SGSGPTS9EN5MSX.ww931.my-it-solutions.net> Message-ID: On Tue, Aug 26, 2014 at 12:47 PM, Mondal, Rahul wrote: > Hello, > > We are trying to build a normal client-server model with the "*Gnu**TLS > library for windows*" in a Windows XP environment. The package is > downloaded from *ftp://ftp.gnutls.org/gcrypt/gnutls/w32/* > from yours' website. The > libraries contained in this package are not recognizable by the linker; > they are having "**.dll.a*" extension. > These are mingw32 libraries. The dlls are in the bin/ directory. > Is there any guide for building the client/server code in Windows XP > environment ? Is it the correct package for Windows ? > There is the cross.mk is used to cross-compile gnutls for windows in a Linux system. regards, Nikos -------------- next part -------------- An HTML attachment was scrubbed... URL: