From nmav at gnutls.org Sun Jun 16 10:01:02 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Sun Jun 16 10:01:02 2002
Subject: [gnutls-dev]gnutls test client
Message-ID: <20020616075927.GA10682@gnutls.org>
I've found a program called siege which is supposed to stress web
servers. It also supported ssl3 support (with openssl). I wanted to test
gnutls as a client and thus I modified this and added support for gnutls.
I've currently only tested some differences between algorithms
(as expected the rsa-arcfour-md5 combination was the faster one), and
differences between protocols (for some reason rsa-arcfour-md5 was much
faster if used in SSL3 than TLS1).
I have not tried checking the performance of compression algorithms yet
(I'll probably check LZO[1] soon).
The patched with gnutls siege program can be found at
http://members.hellug.gr/nmav/siege-gnutls.
[0]. http://www.joedog.org/siege/index.shtml
[1]. http://www.oberhumer.com/opensource/lzo/
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org
From andrew at mcdonald.org.uk Sun Jun 16 16:11:02 2002
From: andrew at mcdonald.org.uk (Andrew McDonald)
Date: Sun Jun 16 16:11:02 2002
Subject: [gnutls-dev]OpenSSL compatible interface to GNUTLS
Message-ID: <20020616141151.GE470@mcdonald.org.uk>
FYI, I've just written the start of a shim layer to allow programs
written to use OpenSSL to use gnutls instead. At the moment it only
contains enough functions to allow slrn to compile with gnutls rather
than OpenSSL, and the error handling probably isn't correct.
This seems a useful temporary solution for those GPL programs that
already contain OpenSSL support (but probably can't be distributed
linked against OpenSSL because of the license conflicts).
I might try to expand this at some point, but I certainly don't plan on
doing a complete OpenSSL interface to gnutls.
It is at:
--
Andrew McDonald
E-mail: andrew at mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/
From nmav at gnutls.org Sun Jun 16 18:34:01 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Sun Jun 16 18:34:01 2002
Subject: [gnutls-dev]OpenSSL compatible interface to GNUTLS
In-Reply-To: <20020616141151.GE470@mcdonald.org.uk>
References: <20020616141151.GE470@mcdonald.org.uk>
Message-ID: <20020616163305.GC2055@gnutls.org>
On Sun, Jun 16, 2002 at 03:11:51PM +0100, Andrew McDonald wrote:
> FYI, I've just written the start of a shim layer to allow programs
> written to use OpenSSL to use gnutls instead. At the moment it only
> contains enough functions to allow slrn to compile with gnutls rather
> than OpenSSL, and the error handling probably isn't correct.
> This seems a useful temporary solution for those GPL programs that
> already contain OpenSSL support (but probably can't be distributed
> linked against OpenSSL because of the license conflicts).
I've just added the files into gnutls-extra library. They will be
included in the next release (probably 0.5.0).
> --
> Andrew McDonald
> E-mail: andrew at mcdonald.org.uk
> http://www.mcdonald.org.uk/andrew/
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org
From nmav at gnutls.org Fri Jun 21 14:59:01 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Fri Jun 21 14:59:01 2002
Subject: [gnutls-dev]xml gurus needed
Message-ID: <20020621125714.GA12236@gnutls.org>
Hello,
We have been working on extending gnutls' capabilities to return
more of X.509 certificate stuff, and OpenPGP key stuff. It seems
that the less bloatware way to do this is to export both of them
in an XML format, and let the application deal with it.
Attached is an example of an X.509 certificate converted to an XML
format (preserving some of the X.509 tags). What do you think of
it? Is it useful to applications with xml capability? Any suggestions
for improvement?
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org
-------------- next part --------------
02
01
1 2 840 113549 1 1 4
0500
2 5 4 6
GR
2 5 4 8
Attiki
2 5 4 7
Athina
2 5 4 10
GNUTLS
2 5 4 11
GNUTLS dev.
2 5 4 3
GNUTLS TEST CA
1 2 840 113549 1 9 1
gnutls-dev at gnupg.org
010707101845Z
020707101845Z
2 5 4 6
GR
2 5 4 8
Attiki
2 5 4 7
Athina
2 5 4 10
GNUTLS
2 5 4 11
GNUTLS dev.
2 5 4 3
localhost
1 2 840 113549 1 9 1
root at localhost
1 2 840 113549 1 1 1
0500
30818902818100D00B49EBB226D951F5CC57072199DDF287683D2DA1A0EFCC96BFF73164777C78C3991E92EDA66584E7B97BAB4BE68D595D225557E01E7E57B5C35C04B491948C5C427AD588D8C6989764996D6D44E17B65CCFC86F3B4842DE559B730C1DE3AEF1CE1A328AFF8A357EBA911E1F7E8FC1598E21E4BF721748C587F50CF46157D950203010001
2 5 29 35
FALSE
30168014EFEE94ABC8CA577F5313DB76DC1A950093BAF3C9
2 5 29 37
FALSE
302B06082B0601050507030106082B06010505070302060A2B0601040182370A030306096086480186F8420401
2 5 29 19
TRUE
3000
1 2 840 113549 1 1 4
0500
B73945273AF2A395EC54BF5DC669D953885A9D811A3B92909D24792D36A44EC27E1C463AF8738BEFD29B311CCE8C6D9661BEC30911DAABB39B8813382B32D2E259581EBCD26C495C083984763966FF35D1DEFE432891E610C85072578DA7423244A8F5997B41A1F44E61F4F22C94375775055A5E72F25D5E4557467A91BD4251
From wk at gnupg.org Fri Jun 21 15:37:01 2002
From: wk at gnupg.org (Werner Koch)
Date: Fri Jun 21 15:37:01 2002
Subject: [gnutls-dev]xml gurus needed
In-Reply-To: <20020621125714.GA12236@gnutls.org> (Nikos Mavroyanopoulos's
message of "Fri, 21 Jun 2002 15:57:14 +0300")
References: <20020621125714.GA12236@gnutls.org>
Message-ID: <87d6ukbvoc.fsf@alberti.gnupg.de>
On Fri, 21 Jun 2002 15:57:14 +0300, Nikos Mavroyanopoulos said:
> Attached is an example of an X.509 certificate converted to an XML
> format (preserving some of the X.509 tags). What do you think of
> it? Is it useful to applications with xml capability? Any suggestions
So you need to include a full XML parser into any application to
manage TLS configuration. XML is a prett loated format and I don't
see what you gain from mapping an (bloated and ugly) ASN.1 format to
XML. The X.509 DER is better defined than any XML rendering can be.
So it depends on what you want todowith the certificate. If it is
just for displaying the information a more straigtforward format woul
be more easier for the calling application. For all other purposes
you better return the DER formatted one which has the advantage that
you can actually *do* something with the certificate.
On another note: GPG_ME_ provides an abstract interface to any public
keys and it might be a neat idea to follow the structure of that API
closely or even employ GPG_SM_ as certificate manager.
Salam-Shalom,
Werner
From nmav at gnutls.org Fri Jun 21 18:12:01 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Fri Jun 21 18:12:01 2002
Subject: [gnutls-dev]xml gurus needed
In-Reply-To: <87d6ukbvoc.fsf@alberti.gnupg.de>
References: <20020621125714.GA12236@gnutls.org> <87d6ukbvoc.fsf@alberti.gnupg.de>
Message-ID: <20020621161029.GA715@gnutls.org>
On Fri, Jun 21, 2002 at 03:36:35PM +0200, Werner Koch wrote:
> > Attached is an example of an X.509 certificate converted to an XML
> > format (preserving some of the X.509 tags). What do you think of
> > it? Is it useful to applications with xml capability? Any suggestions
> So you need to include a full XML parser into any application to
> manage TLS configuration. XML is a prett loated format and I don't
> see what you gain from mapping an (bloated and ugly) ASN.1 format to
> XML. The X.509 DER is better defined than any XML rendering can be.
What do you mean here? The xml output is not for the application to
verify the certificate or so. It is about displaying parts of the
certificate that cannot be extracted with the available functions.
Given that and that more and more applications have XML capability
I think some may be benefited [0].
[0] But I do not hold my breath. I expect such application developers
to comment out.
> So it depends on what you want todowith the certificate. If it is
> just for displaying the information a more straigtforward format woul
> be more easier for the calling application. For all other purposes
Which format is more straightforward? X.509 certificates are very very
complex to be mapped 1-1 in any simple format.
> you better return the DER formatted one which has the advantage that
> you can actually *do* something with the certificate.
The DER format is still supported, what we are talking here is about
a convertion from der to xml.
> On another note: GPG_ME_ provides an abstract interface to any public
> keys and it might be a neat idea to follow the structure of that API
> closely or even employ GPG_SM_ as certificate manager.
I will check it.
> Salam-Shalom,
>
> Werner
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org
From nmav at gnutls.org Mon Jun 24 22:39:02 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Mon Jun 24 22:39:02 2002
Subject: [gnutls-dev]gnutls 0.4.4
Message-ID: <20020624203730.GA25105@gnutls.org>
I've just released gnutls 0.4.4 which corrects a bug in PKCS-1 RSA encryption.
The bug prevented gnutls from encrypting using RSA keys of some specific size,
and resulted in a handshake failure.
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org
From mie at mimos.my Tue Jun 25 11:48:01 2002
From: mie at mimos.my (Khairul Azmi Abu Bakar)
Date: Tue Jun 25 11:48:01 2002
Subject: [gnutls-dev]Compiling error
Message-ID: <20020624164338.Q74366-100000@pine.mimos.my>
Hi,
Now sure if this is the right place to get some help. Tried to compile the
latest gnutls-0.4.3 but end up to get this error messages
I tried to find if KEYDB_HD is defined anywhere by doing grep KEYDB_HD
but could not get any. Thanks in advance.
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -g -O2 -O2 -finline-functions
-fexpensive-optimizations -fomit-frame-pointer -pipe -c gnutls_openpgp.c
-MT gnutls_openpgp.lo -MD -MP -MF .deps/gnutls_openpgp.TPlo -fPIC -DPIC
-o .libs/gnutls_openpgp.lo
gnutls_openpgp.c:122: parse error before `kbx_to_keydb'
gnutls_openpgp.c: In function `kbx_to_keydb':
gnutls_openpgp.c:124: `KEYDB_HD' undeclared (first use in this function)
gnutls_openpgp.c:124: (Each undeclared identifier is reported only once
gnutls_openpgp.c:124: for each function it appears in.)
gnutls_openpgp.c:124: parse error before `khd'
gnutls_openpgp.c:127: warning: return makes integer from pointer without a
cast
gnutls_openpgp.c:129: `khd' undeclared (first use in this function)
gnutls_openpgp.c:131: warning: return makes integer from pointer without a
cast
gnutls_openpgp.c: In function `kbnode_to_datum':
gnutls_openpgp.c:223: `PACKET' undeclared (first use in this function)
gnutls_openpgp.c:223: parse error before `pkt'
gnutls_openpgp.c: At top level:
gnutls_openpgp.c:226: parse error before `if'
gnutls_openpgp.c:230: invalid type argument of `->'
gnutls_openpgp.c:230: parse error before `)'
gnutls_openpgp.c:235: redefinition of `rc'
gnutls_openpgp.c:224: `rc' previously defined here
gnutls_openpgp.c:235: `a' undeclared here (not in a function)
gnutls_openpgp.c:235: `pkt' undeclared here (not in a function)
From nmav at gnutls.org Tue Jun 25 16:43:02 2002
From: nmav at gnutls.org (Nikos Mavroyanopoulos)
Date: Tue Jun 25 16:43:02 2002
Subject: [gnutls-dev]Compiling error
In-Reply-To: <20020624164338.Q74366-100000@pine.mimos.my>
References: <20020624164338.Q74366-100000@pine.mimos.my>
Message-ID: <20020625144055.GB892@gnutls.org>
On Mon, Jun 24, 2002 at 04:48:38PM +0800, Khairul Azmi Abu Bakar wrote:
> Hi,
> Now sure if this is the right place to get some help. Tried to compile the
> latest gnutls-0.4.3 but end up to get this error messages
> I tried to find if KEYDB_HD is defined anywhere by doing grep KEYDB_HD
> but could not get any. Thanks in advance.
Unfortunately gnutls 0.4.x does not work with opencdk 0.2.x.
Use the --disable-openpgp-authentication as a configure parameter,
or get an older opencdk version, or wait for a new gnutls version.
(you've got plenty of options with gnutls :)
--
Nikos Mavroyanopoulos
mailto:nmav at gnutls.org