From nmav at gnutls.org Sun Jun 16 10:01:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Jun 16 10:01:02 2002 Subject: [gnutls-dev]gnutls test client Message-ID: <20020616075927.GA10682@gnutls.org> I've found a program called siege which is supposed to stress web servers. It also supported ssl3 support (with openssl). I wanted to test gnutls as a client and thus I modified this and added support for gnutls. I've currently only tested some differences between algorithms (as expected the rsa-arcfour-md5 combination was the faster one), and differences between protocols (for some reason rsa-arcfour-md5 was much faster if used in SSL3 than TLS1). I have not tried checking the performance of compression algorithms yet (I'll probably check LZO[1] soon). The patched with gnutls siege program can be found at http://members.hellug.gr/nmav/siege-gnutls. [0]. http://www.joedog.org/siege/index.shtml [1]. http://www.oberhumer.com/opensource/lzo/ -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From andrew at mcdonald.org.uk Sun Jun 16 16:11:02 2002 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Sun Jun 16 16:11:02 2002 Subject: [gnutls-dev]OpenSSL compatible interface to GNUTLS Message-ID: <20020616141151.GE470@mcdonald.org.uk> FYI, I've just written the start of a shim layer to allow programs written to use OpenSSL to use gnutls instead. At the moment it only contains enough functions to allow slrn to compile with gnutls rather than OpenSSL, and the error handling probably isn't correct. This seems a useful temporary solution for those GPL programs that already contain OpenSSL support (but probably can't be distributed linked against OpenSSL because of the license conflicts). I might try to expand this at some point, but I certainly don't plan on doing a complete OpenSSL interface to gnutls. It is at: -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From nmav at gnutls.org Sun Jun 16 18:34:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Jun 16 18:34:01 2002 Subject: [gnutls-dev]OpenSSL compatible interface to GNUTLS In-Reply-To: <20020616141151.GE470@mcdonald.org.uk> References: <20020616141151.GE470@mcdonald.org.uk> Message-ID: <20020616163305.GC2055@gnutls.org> On Sun, Jun 16, 2002 at 03:11:51PM +0100, Andrew McDonald wrote: > FYI, I've just written the start of a shim layer to allow programs > written to use OpenSSL to use gnutls instead. At the moment it only > contains enough functions to allow slrn to compile with gnutls rather > than OpenSSL, and the error handling probably isn't correct. > This seems a useful temporary solution for those GPL programs that > already contain OpenSSL support (but probably can't be distributed > linked against OpenSSL because of the license conflicts). I've just added the files into gnutls-extra library. They will be included in the next release (probably 0.5.0). > -- > Andrew McDonald > E-mail: andrew at mcdonald.org.uk > http://www.mcdonald.org.uk/andrew/ -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Fri Jun 21 14:59:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Jun 21 14:59:01 2002 Subject: [gnutls-dev]xml gurus needed Message-ID: <20020621125714.GA12236@gnutls.org> Hello, We have been working on extending gnutls' capabilities to return more of X.509 certificate stuff, and OpenPGP key stuff. It seems that the less bloatware way to do this is to export both of them in an XML format, and let the application deal with it. Attached is an example of an X.509 certificate converted to an XML format (preserving some of the X.509 tags). What do you think of it? Is it useful to applications with xml capability? Any suggestions for improvement? -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org -------------- next part -------------- 02 01 1 2 840 113549 1 1 4 0500 2 5 4 6 GR 2 5 4 8 Attiki 2 5 4 7 Athina 2 5 4 10 GNUTLS 2 5 4 11 GNUTLS dev. 2 5 4 3 GNUTLS TEST CA 1 2 840 113549 1 9 1 gnutls-dev at gnupg.org 010707101845Z 020707101845Z 2 5 4 6 GR 2 5 4 8 Attiki 2 5 4 7 Athina 2 5 4 10 GNUTLS 2 5 4 11 GNUTLS dev. 2 5 4 3 localhost 1 2 840 113549 1 9 1 root at localhost 1 2 840 113549 1 1 1 0500 30818902818100D00B49EBB226D951F5CC57072199DDF287683D2DA1A0EFCC96BFF73164777C78C3991E92EDA66584E7B97BAB4BE68D595D225557E01E7E57B5C35C04B491948C5C427AD588D8C6989764996D6D44E17B65CCFC86F3B4842DE559B730C1DE3AEF1CE1A328AFF8A357EBA911E1F7E8FC1598E21E4BF721748C587F50CF46157D950203010001 2 5 29 35 FALSE 30168014EFEE94ABC8CA577F5313DB76DC1A950093BAF3C9 2 5 29 37 FALSE 302B06082B0601050507030106082B06010505070302060A2B0601040182370A030306096086480186F8420401 2 5 29 19 TRUE 3000 1 2 840 113549 1 1 4 0500 B73945273AF2A395EC54BF5DC669D953885A9D811A3B92909D24792D36A44EC27E1C463AF8738BEFD29B311CCE8C6D9661BEC30911DAABB39B8813382B32D2E259581EBCD26C495C083984763966FF35D1DEFE432891E610C85072578DA7423244A8F5997B41A1F44E61F4F22C94375775055A5E72F25D5E4557467A91BD4251 From wk at gnupg.org Fri Jun 21 15:37:01 2002 From: wk at gnupg.org (Werner Koch) Date: Fri Jun 21 15:37:01 2002 Subject: [gnutls-dev]xml gurus needed In-Reply-To: <20020621125714.GA12236@gnutls.org> (Nikos Mavroyanopoulos's message of "Fri, 21 Jun 2002 15:57:14 +0300") References: <20020621125714.GA12236@gnutls.org> Message-ID: <87d6ukbvoc.fsf@alberti.gnupg.de> On Fri, 21 Jun 2002 15:57:14 +0300, Nikos Mavroyanopoulos said: > Attached is an example of an X.509 certificate converted to an XML > format (preserving some of the X.509 tags). What do you think of > it? Is it useful to applications with xml capability? Any suggestions So you need to include a full XML parser into any application to manage TLS configuration. XML is a prett loated format and I don't see what you gain from mapping an (bloated and ugly) ASN.1 format to XML. The X.509 DER is better defined than any XML rendering can be. So it depends on what you want todowith the certificate. If it is just for displaying the information a more straigtforward format woul be more easier for the calling application. For all other purposes you better return the DER formatted one which has the advantage that you can actually *do* something with the certificate. On another note: GPG_ME_ provides an abstract interface to any public keys and it might be a neat idea to follow the structure of that API closely or even employ GPG_SM_ as certificate manager. Salam-Shalom, Werner From nmav at gnutls.org Fri Jun 21 18:12:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Jun 21 18:12:01 2002 Subject: [gnutls-dev]xml gurus needed In-Reply-To: <87d6ukbvoc.fsf@alberti.gnupg.de> References: <20020621125714.GA12236@gnutls.org> <87d6ukbvoc.fsf@alberti.gnupg.de> Message-ID: <20020621161029.GA715@gnutls.org> On Fri, Jun 21, 2002 at 03:36:35PM +0200, Werner Koch wrote: > > Attached is an example of an X.509 certificate converted to an XML > > format (preserving some of the X.509 tags). What do you think of > > it? Is it useful to applications with xml capability? Any suggestions > So you need to include a full XML parser into any application to > manage TLS configuration. XML is a prett loated format and I don't > see what you gain from mapping an (bloated and ugly) ASN.1 format to > XML. The X.509 DER is better defined than any XML rendering can be. What do you mean here? The xml output is not for the application to verify the certificate or so. It is about displaying parts of the certificate that cannot be extracted with the available functions. Given that and that more and more applications have XML capability I think some may be benefited [0]. [0] But I do not hold my breath. I expect such application developers to comment out. > So it depends on what you want todowith the certificate. If it is > just for displaying the information a more straigtforward format woul > be more easier for the calling application. For all other purposes Which format is more straightforward? X.509 certificates are very very complex to be mapped 1-1 in any simple format. > you better return the DER formatted one which has the advantage that > you can actually *do* something with the certificate. The DER format is still supported, what we are talking here is about a convertion from der to xml. > On another note: GPG_ME_ provides an abstract interface to any public > keys and it might be a neat idea to follow the structure of that API > closely or even employ GPG_SM_ as certificate manager. I will check it. > Salam-Shalom, > > Werner -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Mon Jun 24 22:39:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Jun 24 22:39:02 2002 Subject: [gnutls-dev]gnutls 0.4.4 Message-ID: <20020624203730.GA25105@gnutls.org> I've just released gnutls 0.4.4 which corrects a bug in PKCS-1 RSA encryption. The bug prevented gnutls from encrypting using RSA keys of some specific size, and resulted in a handshake failure. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From mie at mimos.my Tue Jun 25 11:48:01 2002 From: mie at mimos.my (Khairul Azmi Abu Bakar) Date: Tue Jun 25 11:48:01 2002 Subject: [gnutls-dev]Compiling error Message-ID: <20020624164338.Q74366-100000@pine.mimos.my> Hi, Now sure if this is the right place to get some help. Tried to compile the latest gnutls-0.4.3 but end up to get this error messages I tried to find if KEYDB_HD is defined anywhere by doing grep KEYDB_HD but could not get any. Thanks in advance. gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -g -O2 -O2 -finline-functions -fexpensive-optimizations -fomit-frame-pointer -pipe -c gnutls_openpgp.c -MT gnutls_openpgp.lo -MD -MP -MF .deps/gnutls_openpgp.TPlo -fPIC -DPIC -o .libs/gnutls_openpgp.lo gnutls_openpgp.c:122: parse error before `kbx_to_keydb' gnutls_openpgp.c: In function `kbx_to_keydb': gnutls_openpgp.c:124: `KEYDB_HD' undeclared (first use in this function) gnutls_openpgp.c:124: (Each undeclared identifier is reported only once gnutls_openpgp.c:124: for each function it appears in.) gnutls_openpgp.c:124: parse error before `khd' gnutls_openpgp.c:127: warning: return makes integer from pointer without a cast gnutls_openpgp.c:129: `khd' undeclared (first use in this function) gnutls_openpgp.c:131: warning: return makes integer from pointer without a cast gnutls_openpgp.c: In function `kbnode_to_datum': gnutls_openpgp.c:223: `PACKET' undeclared (first use in this function) gnutls_openpgp.c:223: parse error before `pkt' gnutls_openpgp.c: At top level: gnutls_openpgp.c:226: parse error before `if' gnutls_openpgp.c:230: invalid type argument of `->' gnutls_openpgp.c:230: parse error before `)' gnutls_openpgp.c:235: redefinition of `rc' gnutls_openpgp.c:224: `rc' previously defined here gnutls_openpgp.c:235: `a' undeclared here (not in a function) gnutls_openpgp.c:235: `pkt' undeclared here (not in a function) From nmav at gnutls.org Tue Jun 25 16:43:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Tue Jun 25 16:43:02 2002 Subject: [gnutls-dev]Compiling error In-Reply-To: <20020624164338.Q74366-100000@pine.mimos.my> References: <20020624164338.Q74366-100000@pine.mimos.my> Message-ID: <20020625144055.GB892@gnutls.org> On Mon, Jun 24, 2002 at 04:48:38PM +0800, Khairul Azmi Abu Bakar wrote: > Hi, > Now sure if this is the right place to get some help. Tried to compile the > latest gnutls-0.4.3 but end up to get this error messages > I tried to find if KEYDB_HD is defined anywhere by doing grep KEYDB_HD > but could not get any. Thanks in advance. Unfortunately gnutls 0.4.x does not work with opencdk 0.2.x. Use the --disable-openpgp-authentication as a configure parameter, or get an older opencdk version, or wait for a new gnutls version. (you've got plenty of options with gnutls :) -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org