From nmav at gnutls.org Wed Oct 1 19:52:42 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Oct 1 19:52:42 2003 Subject: [gnutls-dev] Unaligned access on IA64 In-Reply-To: <20030925030431.GD27605@cse.unsw.EDU.AU> References: <20030925030431.GD27605@cse.unsw.EDU.AU> Message-ID: <20031001151750.GA1686@gnutls.org> On Thu, Sep 25, 2003 at 01:04:31PM +1000, Ian Wienand wrote: > Hi, > GNUTLS is causing some unaligned access warnings on IA64. See > http://www.gelato.unsw.edu.au/linux-ia64/0309/6847.html for a small > discussion about my findings. > Anyway, suggested patch attached. Applied in the cvs. Thank you. -- Nikos Mavroyanopoulos From nmav at gnutls.org Wed Oct 1 19:54:05 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Oct 1 19:54:05 2003 Subject: [gnutls-dev] Small bug in SRP In-Reply-To: <20030921181504.GA12823@metastatic.org> References: <20030921181504.GA12823@metastatic.org> Message-ID: <20031001141853.GB1780@gnutls.org> On Sun, Sep 21, 2003 at 11:15:04AM -0700, Casey Marshall wrote: > Hi. > I think, from what I know of SRP, that the function _gnutls_calc_srp_u > should return an MPI of the hash result, which is in the variable `hd', > not `holder'. Patch is: [...] > With this patch my own in-progress Java implementation of TLS can > negotiate an SRP secret properly with a GnuTLS client. So maybe, > perhaps, possibly, this is the right way to do it (the Internet Draft > being light on details). > (Incidentally, the example SRP parameter files do not seem to contain a > prime modulus, which the implementation of SRP I am using rejects.) You're correct. I've just updated the cvs with your fix. The cvs version is already updated with the latest srp draft. I'll have a prerelease (0.9.8) in a few days. > Cheers, > - -- > Casey Marshall || rsdio at metastatic.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) -- Nikos Mavroyanopoulos From nmav at gnutls.org Wed Oct 1 19:54:06 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Oct 1 19:54:06 2003 Subject: [gnutls-dev] gnutls-cli -s triggered by SIGALRM too? In-Reply-To: References: Message-ID: <20031001140950.GA1780@gnutls.org> On Sun, Sep 21, 2003 at 03:08:58AM +0200, Simon Josefsson wrote: > Hello, I'm working on a STARTTLS interface for Emacs using GNUTLS, > since the current Emacs solution uses a non-standard command line > application based on OpenSSL, so moving to gnutls-cli seems better. > > However, triggering the STARTTLS negotiation by EOF seem slightly > problematic to do in a portable way from Emacs. The old starttls > application triggered the STARTTLS negotiation by SIGALRM. Would it > be possible to support this as well, in gnutls-cli? Suggested patch > attached. I've just applied it in the cvs version. Thanks. -- Nikos Mavroyanopoulos From jshirley at mail.kindercare.com Thu Oct 2 11:58:01 2003 From: jshirley at mail.kindercare.com (Jason Shirley) Date: Thu Oct 2 11:58:01 2003 Subject: [gnutls-dev] OpenCDK/GnuTLS Problems Message-ID: <3F7B118F.9050706@mail.kindercare.com> I'm trying to implement a GnuTLS SSL server, after OpenSSLs lack of thread safety proved it to be a poor library to use. I can't get OpenCDK to build, and I'm not sure if it's related to OpenCDK gaining independance from libgcrypt. I think it is, but I just want to be clear that is the issue. I have libgrcrypt-1.1.43, opencdk-0.5.1, libtasn-0.2.6, libgpg-error-0.4, and gnutls-0.8.10 Everything except opencdk and gnutls are building properly, but gnutls is what I need so right now I'm stuck. Thanks, -J. Shirley From nmav at gnutls.org Thu Oct 2 12:39:01 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu Oct 2 12:39:01 2003 Subject: [gnutls-dev] OpenCDK/GnuTLS Problems In-Reply-To: <3F7B118F.9050706@mail.kindercare.com> References: <3F7B118F.9050706@mail.kindercare.com> Message-ID: <20031002104138.GA5473@gnutls.org> On Wed, Oct 01, 2003 at 10:40:31AM -0700, Jason Shirley wrote: > I'm trying to implement a GnuTLS SSL server, after OpenSSLs lack of > thread safety proved it to be a poor library to use. I can't get > OpenCDK to build, and I'm not sure if it's related to OpenCDK gaining > independance from libgcrypt. I think it is, but I just want to be clear > that is the issue. > I have libgrcrypt-1.1.43, opencdk-0.5.1, libtasn-0.2.6, > libgpg-error-0.4, and gnutls-0.8.10 If you want to use gnutls-0.8.10 you should use the old libgcrypt 1.1.12 with opencdk-0.4.x and libtasn 0.1.2. The new development releases (0.9.x) use the latest libraries except for opencdk which has still problems with libgcrypt 1.1.43, so it is recommended to use --disable-openpgp-authentication. > Thanks, > -J. Shirley -- Nikos Mavroyanopoulos From nmav at gnutls.org Thu Oct 2 13:15:01 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu Oct 2 13:15:01 2003 Subject: [gnutls-dev] gnutls 0.9.8 Message-ID: <20031002111712.GA1700@gnutls.org> gnutls 0.9.8 is out. The changes since the last release are: - Updated the SRP implementation to follow the latest draft (draft-ietf-tls-srp-05). - Improved the gnutls-cli behaviour in error handling, and added a check for the peer's hostname. - Use versioned symbols in the library (where available). - RIJNDAEL ciphersuites were renamed to AES. -- Nikos Mavroyanopoulos From simon+gnutls-dev at josefsson.org Thu Oct 2 15:56:01 2003 From: simon+gnutls-dev at josefsson.org (Simon Josefsson) Date: Thu Oct 2 15:56:01 2003 Subject: [gnutls-dev] Re: gnutls 0.9.8 In-Reply-To: <20031002111712.GA1700@gnutls.org> (Nikos Mavroyanopoulos's message of "Thu, 2 Oct 2003 14:17:12 +0300") References: <20031002111712.GA1700@gnutls.org> Message-ID: Nikos Mavroyanopoulos writes: > gnutls 0.9.8 is out. The changes since the last release > are: The CVS server has been down for a while: jas at latte:~/src/gnutls$ cvs upd cvs [update aborted]: connect to cvs.gnupg.org(217.69.76.44):2401 failed: Connection refused jas at latte:~/src/gnutls$ Has it moved? www.gnutls.org still point at cvs.gnupg.org though. Thanks. From wk at gnupg.org Thu Oct 2 17:48:01 2003 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 2 17:48:01 2003 Subject: [gnutls-dev] Re: gnutls 0.9.8 In-Reply-To: (Simon Josefsson's message of "Thu, 02 Oct 2003 15:58:12 +0200") References: <20031002111712.GA1700@gnutls.org> Message-ID: <87ekxv63ti.fsf@alberti.g10code.de> On Thu, 02 Oct 2003 15:58:12 +0200, Simon Josefsson said: > The CVS server has been down for a while: > jas at latte:~/src/gnutls$ cvs upd > cvs [update aborted]: connect to cvs.gnupg.org(217.69.76.44):2401 failed: Connection refused There is some problem with the inetd. It obviously crashed yesterday. Shoudl work now. Sorry. that I didn't realized it early; I never use the pserver. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From simon+gnutls-dev at josefsson.org Thu Oct 2 21:39:01 2003 From: simon+gnutls-dev at josefsson.org (Simon Josefsson) Date: Thu Oct 2 21:39:01 2003 Subject: [gnutls-dev] Re: gnutls 0.9.8 In-Reply-To: <87ekxv63ti.fsf@alberti.g10code.de> (Werner Koch's message of "Thu, 02 Oct 2003 17:45:45 +0200") References: <20031002111712.GA1700@gnutls.org> <87ekxv63ti.fsf@alberti.g10code.de> Message-ID: Werner Koch writes: > On Thu, 02 Oct 2003 15:58:12 +0200, Simon Josefsson said: > >> The CVS server has been down for a while: > >> jas at latte:~/src/gnutls$ cvs upd >> cvs [update aborted]: connect to cvs.gnupg.org(217.69.76.44):2401 failed: Connection refused > > There is some problem with the inetd. It obviously crashed > yesterday. Shoudl work now. Sorry. that I didn't realized it early; > I never use the pserver. It works now, thanks. From simon+gnutls-dev at josefsson.org Fri Oct 3 00:49:01 2003 From: simon+gnutls-dev at josefsson.org (Simon Josefsson) Date: Fri Oct 3 00:49:01 2003 Subject: [gnutls-dev] Re: gnutls-cli -s triggered by SIGALRM too? In-Reply-To: <20031001140950.GA1780@gnutls.org> (Nikos Mavroyanopoulos's message of "Wed, 1 Oct 2003 17:09:50 +0300") References: <20031001140950.GA1780@gnutls.org> Message-ID: Nikos Mavroyanopoulos writes: > On Sun, Sep 21, 2003 at 03:08:58AM +0200, Simon Josefsson wrote: > >> Hello, I'm working on a STARTTLS interface for Emacs using GNUTLS, >> since the current Emacs solution uses a non-standard command line >> application based on OpenSSL, so moving to gnutls-cli seems better. >> >> However, triggering the STARTTLS negotiation by EOF seem slightly >> problematic to do in a portable way from Emacs. The old starttls >> application triggered the STARTTLS negotiation by SIGALRM. Would it >> be possible to support this as well, in gnutls-cli? Suggested patch >> attached. > I've just applied it in the cvs version. Thanks. Thanks. I've started to use it and I discovered two more problems: * The FD_ZERO is not called after select() has called. * Buffered IO (i.e., fgets()) doesn't work well with select(). The problem is that fgets() may fill the IO buffer with data to read, but only return one line (the remaining lines in the buffer will be returned by later calls to f* functions). One solution is to rewrite the code to use read() instead of fgets(), but this would complicate the 'crlf' handling harder. The following just disable the buffering instead. 2003-10-03 Simon Josefsson * src/cli.c (main): Disable buffering. Clear FD set. Index: cli.c =================================================================== RCS file: /cvs/gnutls/gnutls/src/cli.c,v retrieving revision 2.214 diff -u -p -u -w -r2.214 cli.c --- cli.c 2 Oct 2003 15:02:31 -0000 2.214 +++ cli.c 2 Oct 2003 22:43:26 -0000 @@ -378,8 +378,13 @@ int main(int argc, char **argv) signal (SIGALRM, &starttls_alarm); - FD_ZERO(&rset); + /* do not buffer */ + setbuf(stdin, NULL); + setbuf(stdout, NULL); + setbuf(stderr, NULL); + for (;;) { + FD_ZERO(&rset); FD_SET(fileno(stdin), &rset); FD_SET(sd, &rset); From nmav at gnutls.org Sat Oct 4 09:09:01 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat Oct 4 09:09:01 2003 Subject: [gnutls-dev] gnutls 0.8.11 Message-ID: <20031004071113.GA15938@gnutls.org> gnutls 0.8.11 is out. This will likely be the last release of the 0.8.x branch, since the 1.0.x branch is almost finished and a prerelease will be available soon. gnutls 0.8.11 still depends on the old libtasn 0.1.2 and libgcrypt 1.1.12. The changes since 0.8.10 are: - Updated to use opencdk 0.5.1 (patch by Mikhail Teterin ) - Corrected some alignment problems in IA64 (patch by Ian Wienand ) - Corrected bug in SRP. Patch by Casey Marshall -- Nikos Mavroyanopoulos From proclus at gnu-darwin.org Sun Oct 5 10:13:02 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sun Oct 5 10:13:02 2003 Subject: [gnutls-dev] Darwin GNUTLS Message-ID: <20031005012230.8ADC412C760@gnu-darwin.org> Thanks for all great work on the admirable GNUTLS project! I've been working on the port for the GNU-Darwin project. Here's a link. http://sourceforge.net/mailarchive/message.php?msg_id=6193418 The build is SRP disabled, due to the following inscrutable error. cc -dynamiclib -flat_namespace -undefined suppress -o .libs/libgnutls-extra.8.0.8.dylib .libs/ext_srp.o .libs/gnutls_srp.o .libs/auth_srp.o .libs/auth_srp_passwd.o .libs/auth_srp_sb64.o .libs/gnutls_openpgp.o .libs/gnutls_extra.o .libs/gnutls_openssl.o .libs/auth_srp_rsa.o -L../lib/.libs -lgnutls -L/usr/local/lib -lz -lc -install_name /usr/local/lib/libgnutls-extra.8.dylib -compatibility_version 9 -current_version 9.8 ld: .libs/auth_srp_sb64.o literal C string section (__TEXT,__cstring) does not end with a '\0' /usr/bin/libtool: internal link edit command failed In the 0.8.6 build, RSA or protocol negotiation is broken for the Darwin version of the server, but the client works great. Although I have not been able to address any of the above problems very well, I tried 0.9.8, I was happy to see that the required ifdefs for SRP disabled have been added in src, so that it builds automatically with SRP disabled. Now, I get the following from the server. Error in handshake Error: No temporary DH parameters were found. Anyway, if one of your developers would like access to our Darwin-x86 shell server to have a look at it, just email me your desired user name. Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From proclus at gnu-darwin.org Sun Oct 5 10:13:03 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sun Oct 5 10:13:03 2003 Subject: [gnutls-dev] Re: Darwin GNUTLS Message-ID: <20031005012418.E5CE012C765@gnu-darwin.org> Ahh, one more thing. I didn't subscribe, so email me back directly. Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From nmav at gnutls.org Sun Oct 5 10:19:01 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Oct 5 10:19:01 2003 Subject: [gnutls-dev] Darwin GNUTLS In-Reply-To: <20031005012230.8ADC412C760@gnu-darwin.org> References: <20031005012230.8ADC412C760@gnu-darwin.org> Message-ID: <20031005082135.GA1694@gnutls.org> On Sat, Oct 04, 2003 at 09:22:01PM -0400, proclus at gnu-darwin.org wrote: > Thanks for all great work on the admirable GNUTLS project! I've been working on the port for the GNU-Darwin project. Here's a link. > http://sourceforge.net/mailarchive/message.php?msg_id=6193418 > The build is SRP disabled, due to the following inscrutable error. > cc -dynamiclib -flat_namespace -undefined suppress -o .libs/libgnutls-extra.8.0.8.dylib .libs/ext_srp.o .libs/gnutls_srp.o .libs/auth_srp.o .libs/auth_srp_passwd.o .libs/auth_srp_sb64.o .libs/gnutls_openpgp.o .libs/gnutls_extra.o .libs/gnutls_openssl.o .libs/auth_srp_rsa.o -L../lib/.libs -lgnutls -L/usr/local/lib -lz -lc -install_name /usr/local/lib/libgnutls-extra.8.dylib -compatibility_version 9 -current_version 9.8 > ld: .libs/auth_srp_sb64.o literal C string section (__TEXT,__cstring) does not end with a '\0' > /usr/bin/libtool: internal link edit command failed > In the 0.8.6 build, RSA or protocol negotiation is broken for the Darwin version of the server, but the client works great. > Although I have not been able to address any of the above problems very well, I tried 0.9.8, I was happy to see that the required ifdefs for SRP disabled have been added in src, so that it builds automatically with SRP disabled. Now, I get the following from the server. > Error in handshake > Error: No temporary DH parameters were found. This is because the temporary diffie Hellman parameters have to be generated by the server. This is done using the '-g' option in the gnutls-serv. > Regards, > proclus > http://www.gnu-darwin.org/ -- Nikos Mavroyanopoulos From proclus at gnu-darwin.org Mon Oct 6 13:36:02 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Mon Oct 6 13:36:02 2003 Subject: [gnutls-dev] Darwin GNUTLS In-Reply-To: <20031005082135.GA1694@gnutls.org> Message-ID: <20031005222708.C20F712FEB3@gnu-darwin.org> On 5 Oct, Nikos Mavroyanopoulos wrote: > This is because the temporary diffie Hellman parameters have to > be generated by the server. This is done using the '-g' option > in the gnutls-serv. Ahh, -g fixed the problem so that gnutls-cli can connect and communicate. gnutls-cli-debug and openssl clients give the following error. Error in handshake Error: Could not negotiate a supported cipher suite. In the 0.9.8 gnutls-cli gives the following when connecting to openssl servers, but 0.8.6 works ok. *** Fatal error: ASN1 parser: Generic parsing error. *** Handshake has failed GNUTLS ERROR: ASN1 parser: Generic parsing error. > Is the 0.9.8 version working well on Darwin? I mean is the RSA > negotiation working in server side? What kind of system is Darwin? This appears to be a handshaking error, but gnutls-cli gives the handshaking error when connecting to a "--kx RSA" server, even though Anon-DH appears to work fine with the -g server. Darwin is a BSD system, and the GNU-Darwin-x86 version is the newest free OS. You are welcome to use our shell server to experiment with the GNUTLS build on Darwin. Just send me your desired user name. Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From nmav at gnutls.org Fri Oct 10 16:42:45 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri, 10 Oct 2003 17:42:45 +0300 Subject: [gnutls-dev] gnutls 0.9.90 Message-ID: <20031010144244.GA1216@gnutls.org> I've just released gnutls 0.9.90. This is a prerelease of the stable 1.0.0. Currently it depends on an unreleased version of opencdk, so the openpgp features will not be available (although they are documented). Old programs that used the 0.8.x API should compile out of the box, although the certificate parsing API has been heavily improved, and the old functions are only available under an emulation layer. It is highly recommended to move to the new API. Please test it and report any bugs! -- Nikos Mavroyanopoulos From papadopo at shfj.cea.fr Mon Oct 13 10:04:15 2003 From: papadopo at shfj.cea.fr (Dimitri Papadopoulos-Orfanos) Date: Mon, 13 Oct 2003 10:04:15 +0200 Subject: [gnutls-dev] gnutls-0.9.90: build bug Message-ID: <3F8A5C7F.2080106@shfj.cea.fr> Hi, I'm trying to build gnutls-0.9.90 on Solaris 8 using Sun ONE Studio 7 compilers. configure fails because it looks for libgcrypt-1.1.43: *** *** Checking for external libraries... checking for libgcrypt-config... /usr/local/libgcrypt/bin/libgcrypt-config checking for libgcrypt - version >= 1.1.43... no However no such library has been released yet. The latest libgcrypt is 1.1.42. It would be a bad idea to relase a 1.0 version based on unreleased libraries such as libgcrypt or libgpg-error. -- Dimitri From nmav at gnutls.org Tue Oct 14 10:27:26 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Tue, 14 Oct 2003 11:27:26 +0300 Subject: [gnutls-dev] gnutls-0.9.90: build bug In-Reply-To: <3F8A5C7F.2080106@shfj.cea.fr> References: <3F8A5C7F.2080106@shfj.cea.fr> Message-ID: <20031014082726.GA1473@gnutls.org> On Mon, Oct 13, 2003 at 10:04:15AM +0200, Dimitri Papadopoulos-Orfanos wrote: > Hi, > I'm trying to build gnutls-0.9.90 on Solaris 8 using Sun ONE Studio 7 > compilers. configure fails because it looks for libgcrypt-1.1.43: > *** > *** Checking for external libraries... > checking for libgcrypt-config... /usr/local/libgcrypt/bin/libgcrypt-config > checking for libgcrypt - version >= 1.1.43... no > However no such library has been released yet. The latest libgcrypt is > 1.1.42. It would be a bad idea to relase a 1.0 version based on > unreleased libraries such as libgcrypt or libgpg-error. Libgcrypt 1.1.43 has already been released, some time ago. Check ftp://ftp.gnutls.org/pub/crypto/gnupg/alpha/libgcrypt/libgcrypt-1.1.43.tar.gz > -- > Dimitri -- Nikos Mavroyanopoulos From papadopo at shfj.cea.fr Tue Oct 14 10:54:29 2003 From: papadopo at shfj.cea.fr (Dimitri Papadopoulos-Orfanos) Date: Tue, 14 Oct 2003 10:54:29 +0200 Subject: [gnutls-dev] gnutls-0.9.90: build bug In-Reply-To: <20031014082726.GA1473@gnutls.org> References: <3F8A5C7F.2080106@shfj.cea.fr> <20031014082726.GA1473@gnutls.org> Message-ID: <3F8BB9C5.4040504@shfj.cea.fr> Hi, Yes, I've eventually noticed it. However it's not really released, as it currently lives under an "alpha" directory. The real problem seems to be that this "home page" lacks links that indicate where to download it from: http://www.g10code.de/p-libgcrypt.html It was a bit difficult to find the library starting from this page. I know this page is the property of g10 Code and not of gnutls.org, so you probably can't do anything about that. But anyway, it's misleading. -- Dimitris From h.janzing at myrealbox.com Thu Oct 16 15:14:37 2003 From: h.janzing at myrealbox.com (Heinrich Janzing) Date: Thu, 16 Oct 2003 15:14:37 +0200 Subject: [gnutls-dev] Compilation error: opencdk Message-ID: <1066310077.10206.11.camel@antarctica.mtvinson> Hi, I'm trying to compile gnutls 0.9.90 on a Slackware 9.1 system. I read about the problem with the opencdk library, so I used "./configure --disable-openpgp-authentication" as recommended. But I still get an error: gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../ -I../../includes/ -I../../lib -O2 -finline-functions -pipe -MT verify.lo -MD -MP -MF .deps/verify.Tpo -c verify.c -fPIC -DPIC -o .libs/verify.o In file included from verify.c:28: gnutls_openpgp.h:6:21: opencdk.h: No such file or directory In file included from verify.c:28: gnutls_openpgp.h:80: parse error before "kbx_to_keydb" gnutls_openpgp.h:80: warning: data definition has no type or storage class In file included from verify.c:29: openpgp.h:4:21: opencdk.h: No such file or directory In file included from verify.c:29: openpgp.h:7: parse error before "cdk_kbnode_t" openpgp.h:7: warning: no semicolon at end of struct or union openpgp.h:8: warning: data definition has no type or storage class openpgp.h:11: parse error before "cdk_keydb_hd_t" openpgp.h:11: warning: no semicolon at end of struct or union openpgp.h:12: warning: data definition has no type or storage class openpgp.h:15: parse error before "cdk_stream_t" openpgp.h:15: warning: no semicolon at end of struct or union openpgp.h:16: warning: data definition has no type or storage class make[3]: *** [verify.lo] Error 1 make[3]: Leaving directory `/usr/src/packages/gnutls-0.9.90/libextra/openpgp' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/packages/gnutls-0.9.90/libextra' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/packages/gnutls-0.9.90' make: *** [all] Error 2 Seems it's still trying to use opencdk... libgpg-error is 0.5 libtasn1 is 0.2.6 opencdk is 0.5.1 but wouldn't compile Thanks, Heinrich Janzing From mark at skynet.ie Thu Oct 16 20:23:38 2003 From: mark at skynet.ie (Mark McLoughlin) Date: Thu, 16 Oct 2003 19:23:38 +0100 Subject: [gnutls-dev] minor bug in debugging output Message-ID: <1066328618.3742.100.camel@dhcp-edub03-238-202.ireland.sun.com> Hi, Here's a trivial fix for a bug with the debugging output in gnutls_handshake.c. Thanks, Mark. Index: gnutls_handshake.c =================================================================== RCS file: /cvs/gnutls/gnutls/lib/gnutls_handshake.c,v retrieving revision 2.201 diff -u -p -r2.201 gnutls_handshake.c --- gnutls_handshake.c 1 Oct 2003 15:11:26 -0000 2.201 +++ gnutls_handshake.c 16 Oct 2003 18:11:53 -0000 @@ -551,12 +552,12 @@ int _gnutls_server_select_suite(gnutls_s } #ifdef HANDSHAKE_DEBUG - memcpy( &cs.CipherSuite, &data[j], 2); - _gnutls_handshake_log("HSK[%x]: Requested cipher suites: \n", session); - for (j = 0; j < datalen; j += 2) + for (j = 0; j < datalen; j += 2) { + memcpy( &cs.CipherSuite, &data[j], 2); _gnutls_handshake_log("\t%s\n", _gnutls_cipher_suite_get_name(cs)); + } _gnutls_handshake_log("HSK[%x]: Supported cipher suites: \n", session); for (j = 0; j < x; j++) _gnutls_handshake_log("\t%s\n", From nmav at gnutls.org Fri Oct 17 09:02:34 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri, 17 Oct 2003 10:02:34 +0300 Subject: [gnutls-dev] Compilation error: opencdk In-Reply-To: <1066310077.10206.11.camel@antarctica.mtvinson> References: <1066310077.10206.11.camel@antarctica.mtvinson> Message-ID: <20031017070234.GA1662@gnutls.org> On Thu, Oct 16, 2003 at 03:14:37PM +0200, Heinrich Janzing wrote: > Hi, > I'm trying to compile gnutls 0.9.90 on a Slackware 9.1 system. > I read about the problem with the opencdk library, so I used > "./configure --disable-openpgp-authentication" as recommended. But I > still get an error: This is a bug. Thank you. I attach a quick fix. (should be applied in the libextra directory of gnutls) > Thanks, > Heinrich Janzing -- Nikos Mavroyanopoulos -------------- next part -------------- Index: openpgp/gnutls_openpgp.h =================================================================== RCS file: /cvs/gnutls/gnutls/libextra/openpgp/gnutls_openpgp.h,v retrieving revision 1.2 diff -u -u -r1.2 gnutls_openpgp.h --- openpgp/gnutls_openpgp.h 3 Oct 2003 12:16:40 -0000 1.2 +++ openpgp/gnutls_openpgp.h 17 Oct 2003 06:56:15 -0000 @@ -1,3 +1,7 @@ +#include + +#ifdef HAVE_LIBOPENCDK + #ifndef GNUTLS_OPENPGP_H #define GNUTLS_OPENPGP_H @@ -91,3 +95,5 @@ #endif /*GNUTLS_OPENPGP_H*/ + +#endif /*HAVE_LIBOPENCDK*/ Index: openpgp/openpgp.h =================================================================== RCS file: /cvs/gnutls/gnutls/libextra/openpgp/openpgp.h,v retrieving revision 1.4 diff -u -u -r1.4 openpgp.h --- openpgp/openpgp.h 3 Oct 2003 12:16:40 -0000 1.4 +++ openpgp/openpgp.h 17 Oct 2003 06:56:15 -0000 @@ -1,3 +1,7 @@ +#include + +#ifdef HAVE_LIBOPENCDK + #ifndef OPENPGP_H # define OPENPGP_H @@ -63,3 +67,5 @@ unsigned int flags, unsigned int *verify); #endif + +#endif /* HAVE_LIBOPENCDK */ From nmav at gnutls.org Fri Oct 17 09:26:19 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri, 17 Oct 2003 10:26:19 +0300 Subject: [gnutls-dev] gnutls 0.9.91 Message-ID: <20031017072619.GA29825@gnutls.org> I've just released gnutls 0.9.91 which fixes the compilation problem with opencdk. -- Nikos Mavroyanopoulos From ivo at o2w.nl Fri Oct 17 13:32:08 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Fri, 17 Oct 2003 13:32:08 +0200 Subject: [gnutls-dev] Weak ciphers? Message-ID: <20031017113208.GA25210@juarez> Hi, One of the users of the Debian GNU TLS package wants to use openldap (the Debian package now uses GNU TLS to setup SSL connections) to connect to a Netscape LDAP server, which only uses: nsssl2ciphers: +rc2export,+rc4export nsssl3ciphers: -rsa_null_md5,+rsa_rc2_40_md5,+rsa_rc4_40_md5 Is there a way to make GNU TLS set up a connection to this server? Ivo -- the internet is so big, and full of nothing i want From nmav at gnutls.org Fri Oct 17 16:16:14 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri, 17 Oct 2003 17:16:14 +0300 Subject: [gnutls-dev] Weak ciphers? In-Reply-To: <20031017113208.GA25210@juarez> References: <20031017113208.GA25210@juarez> Message-ID: <20031017141614.GA1538@gnutls.org> On Fri, Oct 17, 2003 at 01:32:08PM +0200, Ivo Timmermans wrote: > Hi, > One of the users of the Debian GNU TLS package wants to use openldap > (the Debian package now uses GNU TLS to setup SSL connections) to > connect to a Netscape LDAP server, which only uses: > nsssl2ciphers: +rc2export,+rc4export > nsssl3ciphers: -rsa_null_md5,+rsa_rc2_40_md5,+rsa_rc4_40_md5 > Is there a way to make GNU TLS set up a connection to this server? The ciphersuite TLS_RSA_EXPORT_ARCFOUR_40_MD5 is supported, so rsa_rc4_40_md5 seems to be common (RC2 is not supported in gnutls for TLS connections). > Ivo > -- > the internet is so big, and full of nothing i want -- Nikos Mavroyanopoulos From nmav at gnutls.org Fri Oct 17 16:39:03 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri, 17 Oct 2003 17:39:03 +0300 Subject: [gnutls-dev] Weak ciphers? In-Reply-To: <20031017141614.GA1538@gnutls.org> References: <20031017113208.GA25210@juarez> <20031017141614.GA1538@gnutls.org> Message-ID: <20031017143903.GA2016@gnutls.org> On Fri, Oct 17, 2003 at 05:16:14PM +0300, Nikos Mavroyanopoulos wrote: > > Hi, > > One of the users of the Debian GNU TLS package wants to use openldap > > (the Debian package now uses GNU TLS to setup SSL connections) to > > connect to a Netscape LDAP server, which only uses: > > nsssl2ciphers: +rc2export,+rc4export > > nsssl3ciphers: -rsa_null_md5,+rsa_rc2_40_md5,+rsa_rc4_40_md5 > > Is there a way to make GNU TLS set up a connection to this server? > The ciphersuite TLS_RSA_EXPORT_ARCFOUR_40_MD5 is supported, so rsa_rc4_40_md5 > seems to be common (RC2 is not supported in gnutls for TLS connections). I forgot to say that in order to enable this ciphersuite, gnutls_set_default_export_priority() has to be called, or the ciphers GNUTLS_CIPHER_ARCFOUR_40 and GNUTLS_KX_RSA_EXPORT, have to be enabled. -- Nikos Mavroyanopoulos From phil at bolthole.com Thu Oct 23 01:52:24 2003 From: phil at bolthole.com (Philip Brown) Date: Wed, 22 Oct 2003 16:52:24 -0700 Subject: [gnutls-dev] patch for gnutls and alloca use Message-ID: <20031022165224.A31079@bolthole.com> attached is a small patch for lib/gnutls_mem.h and lib/minitasn1/mem.h, to respect if HAVE_ALLOCA_H is set by autoconf, and include alloca.h This is *REQUIRED* for compiliation on some platforms. -------------- next part -------------- --- lib/gnutls_mem.h.orig 2003-10-22 17:39:09.956458000 -0400 +++ lib/gnutls_mem.h 2003-10-22 17:40:44.043533000 -0400 @@ -12,6 +12,9 @@ * support alloca. */ #ifdef HAVE_ALLOCA +# ifdef HAVE_ALLOCA_H +# include +# endif # define gnutls_alloca alloca # define gnutls_afree(x) #else --- lib/minitasn1/mem.h.orig 2003-10-22 18:10:38.529196000 -0400 +++ lib/minitasn1/mem.h 2003-10-22 18:11:51.959797000 -0400 @@ -5,7 +5,11 @@ * memory leaks may occur in systems which do not * support alloca. */ +#include "../config.h" #ifdef HAVE_ALLOCA +# ifdef HAVE_ALLOCA_H +# include +# endif # define _asn1_alloca alloca # define _asn1_afree(x) #else From ivo at o2w.nl Fri Oct 24 18:45:06 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Fri, 24 Oct 2003 18:45:06 +0200 Subject: [gnutls-dev] Compilation fix for gnutls 0.8.11 and opencdk 0.5.1 Message-ID: <20031024164506.GA27990@juarez> See attached patch. Ivo -- If the designers of X-Windows built cars, there would be no fewer than five steering wheels hidden about the cockpit, none of which followed the same principles -- but you'd be able to shift gears with your car stereo. Useful feature, that. - Marus J. Ranum, DEC -------------- next part -------------- --- gnutls-0.8.11/libextra/gnutls_openpgp.c.orig 2003-10-04 08:39:41.000000000 +0200 +++ gnutls-0.8.11/libextra/gnutls_openpgp.c 2003-10-24 17:29:27.000000000 +0200 @@ -510,7 +510,7 @@ key_attr_t by, opaque *pattern ) { keybox_blob *blob = NULL; - CDK_KEYDB_HD hd = NULL; + cdk_keydb_hd_t hd = NULL; cdk_kbnode_t knode = NULL; unsigned long keyid[2]; unsigned char *buf; @@ -1185,7 +1185,7 @@ int cert_list_length ) { cdk_kbnode_t knode = NULL; - CDK_KEYDB_HD hd = NULL; + cdk_keydb_hd_t hd = NULL; keybox_blob *blob = NULL; int rc = 0; int status = 0; From nmav at gnutls.org Sat Oct 25 23:20:46 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun, 26 Oct 2003 00:20:46 +0300 Subject: [gnutls-dev] gnutls 0.9.92 Message-ID: <20031025212046.GA16935@gnutls.org> I've just released gnutls 0.9.92. Unfortunately this release adds new features of little or no testing. I'd appreciate any help and bugs reports on the new features. The changes since the last release are: - The RFC2818 hostname verification is now case insensitive. - Added support for generating X.509 certificates. - Added the certtool, a tool for generating X.509 certificates -- Nikos Mavroyanopoulos From ivo at o2w.nl Sun Oct 26 21:23:34 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Sun, 26 Oct 2003 21:23:34 +0100 Subject: [gnutls-dev] Manpages Message-ID: <20031026202334.GA4192@juarez> Hi, I created four simple manpages for the command line utilities that are distributed alongside gnutls: gnutls-cli, gnutls-cli-debug, gnutls-serv and gnutls-srpcrypt. It would be nice if they were distributed together with these utilities. Ivo -- Deja moo: the feeling you've heard this bullshit before. -------------- next part -------------- .TH gnutls\-cli 1 "October 26th 2003" .SH NAME gnutls\-cli \- GNU TLS test client .SH SYNOPSIS gnutls\-cli [\fIoptions\fR] \fIhostname\fI .SH DESCRIPTION Simple client program to set up a TLS connection to some other computer. .SH OPTIONS .IP "\-r, \-\-resume" Connect, establish a session. Connect again and resume this session. .IP "\-s, \-\-starttls" Connect, establish a plain session and start TLS when EOF is sent from the keyboard. .IP "\-\-crlf" Send CR LF instead of LF. .IP "\-\-x509fmtder" Use DER format for certificates .IP "\-f, \-\-fingerprint" Send the openpgp fingerprint, instead of the key. .IP "\-\-xml" Print the certificate information in XML format. .IP "\-p, \-\-port \fIinteger\fR" The port to connect to. .IP "\-\-recordsize \fIinteger\fR" The maximum record size to advertize. .IP "\-\-ciphers \fIcipher1 cipher2...\fR" Ciphers to enable. .IP "\-\-protocols \fIprotocol1 protocol2...\fR" Protocols to enable. .IP "\-\-comp \fIcomp1 comp2...\fR" Compression methods to enable. .IP "\-\-macs \fImac1 mac2...\fR" MACs to enable. .IP "\-\-kx \fIkx1 kx2...\fR" Key exchange methods to enable. .IP "\-\-ctypes \fIcertType1 certType2...\fR" Certificate types to enable. .IP "\-\-x509cafile \fIFILE\fR" Certificate file to use. .IP "\-\-pgpkeyfile \fIFILE\fR" PGP Key file to use. .IP "\-\-pgpkeyring \fIFILE\fR" PGP Key ring file to use. .IP "\-\-pgptrustdb \fIFILE\fR" PGP trustdb file to use. .IP "\-\-pgpcertfile \fIFILE\fR" PGP Public Key (certificate) file to use. .IP "\-\-x509keyfile \fIFILE\fR" X.509 key file to use. .IP "\-\-x509certfile \fIFILE\fR" X.509 Certificate file to use. .IP "\-\-srpusername \fINAME\fR" SRP username to use. .IP "\-\-srppasswd \fIPASSWD\fR" SRP password to use. .IP "\-l, \-\-list" Print a list of the supported algorithms and modes. .IP "\-h, \-\-help" Prints a short reminder of the command line options. .IP "\-v, \-\-version" Prints the program's version number. .IP "\-\-copyright" Prints the program's license. .SH "SEE ALSO" .BR gnutls\-cli\-debug (1), .BR gnutls\-serv (1) .SH AUTHOR .PP Nikos Mavroyanopoulos and others; see /usr/share/doc/gnutls\-bin/AUTHORS for a complete list. .PP This manual page was written by Ivo Timmermans , for the Debian GNU/Linux system (but may be used by others). -------------- next part -------------- .TH gnutls\-cli\-debug 1 "October 26th 2003" .SH NAME gnutls\-cli\-debug \- GNU TLS test client, with verbose output .SH SYNOPSIS gnutls\-cli\-debug [\fIoptions\fR] \fIhostname\fI .SH DESCRIPTION Simple client program to set up a TLS connection to some other computer. Like .BR gnutls\-cli (1), it sets up a TLS connection and forwards data from the standard input to the socket. Any information about the TLS control connection is printed to standard error. .SH OPTIONS .IP "\-p, \-\-port \fIinteger\fR" The port to connect to. .IP "\-v, \-\-verbose" Even more verbose output. .IP "\-h, \-\-help" Prints a short reminder of the command line options. .SH "SEE ALSO" .BR gnutls\-cli (1), .BR gnutls\-serv (1) .SH AUTHOR .PP Nikos Mavroyanopoulos and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list. .PP This manual page was written by Ivo Timmermans , for the Debian GNU/Linux system (but may be used by others). -------------- next part -------------- .TH gnutls\-serv 1 "October 26th 2003" .SH NAME gnutls\-serv \- GNU TLS test server .SH SYNOPSIS gnutls\-serv [\fIoptions\fR] .SH DESCRIPTION Simple server program that listens to incoming TLS connections. .SH OPTIONS .IP "\-g, \-\-generate" Generate Diffie Hellman Parameters. .IP "\-p, \-\-port \fIinteger\fR" The port to connect to. .IP "\-q, \-\-quiet" Suppress some messages. .IP "\-\-nodb" Does not use the resume database. .IP "\-\-http" Act as an HTTP Server. .IP "\-\-echo" Act as an Echo Server. .IP "\-\-x509fmtder" Use DER format for certificates .IP "\-\-x509cafile \fIFILE\fR" Certificate file to use. .IP "\-\-pgpkeyring \fIFILE\fR" PGP Key ring file to use. .IP "\-\-pgptrustdb \fIFILE\fR" PGP trustdb file to use. .IP "\-\-pgpkeyfile \fIFILE\fR" PGP Key file to use. .IP "\-\-pgpcertfile \fIFILE\fR" PGP Public Key (certificate) file to use. .IP "\-\-x509keyfile \fIFILE\fR" X.509 key file to use. .IP "\-\-x509certfile \fIFILE\fR" X.509 Certificate file to use. .IP "\-\-srppasswd \fIFILE\fR" SRP password file to use. .IP "\-\-srppasswdconf \fIFILE\fR" SRP password configuration file to use. .IP "\-\-ciphers \fIcipher1 cipher2...\fR" Ciphers to enable. .IP "\-\-protocols \fIprotocol1 protocol2...\fR" Protocols to enable. .IP "\-\-comp \fIcomp1 comp2...\fR" Compression methods to enable. .IP "\-\-macs \fImac1 mac2...\fR" MACs to enable. .IP "\-\-kx \fIkx1 kx2...\fR" Key exchange methods to enable. .IP "\-\-ctypes \fIcertType1 certType2...\fR" Certificate types to enable. .IP "\-l, \-\-list" Print a list of the supported algorithms and modes. .IP "\-h, \-\-help" prints this help .IP "\-v, \-\-version" prints the program's version number .IP "\-\-copyright" prints the program's license .SH "SEE ALSO" .BR gnutls\-cli (1), .BR gnutls\-cli\-debug (1) .SH AUTHOR .PP Nikos Mavroyanopoulos and others; see /usr/share/doc/gnutls\-bin/AUTHORS for a complete list. .PP This manual page was written by Ivo Timmermans , for the Debian GNU/Linux system (but may be used by others). -------------- next part -------------- .TH gnutls\-srpcrypt 1 "October 26th 2003" .SH NAME gnutls\-srpcrypt \- Simple SRP password tool .SH SYNOPSIS gnutls\-srpcrypt [\fIoptions\fR] .SH DESCRIPTION SRP (Secure Remote Password) utility using GNU TLS. .SH OPTIONS .IP "\-u, \-\-username \fIusername\fR" Specify username. .IP "\-p, \-\-passwd \fIFILE\fR" Specify a password file. .IP "\-i, \-\-index \fIINDEX\fR" Specify the index of the parameters in tpasswd.conf to use. .IP "\-s, \-\-salt \fISALT\fR" Specify salt/cost size for crypt algorithm. .IP "\-\-verify" Just verify password. .IP "\-\-passwd\-conf \fIFILE\fR" Specify a password configuration file. .IP "\-\-create\-conf \fIFILE\fR" Generate a tpasswd.conf file. .IP "\-\-bits \fIBITS\fR" specify the number of bits for prime numbers (used only when the \fB\-\-create\-conf\fR option is used). .IP "\-h, \-\-help" Prints a short reminder of the command line options. .SH AUTHOR .PP Nikos Mavroyanopoulos and others; see /usr/share/doc/gnutls\-bin/AUTHORS for a complete list. .PP This manual page was written by Ivo Timmermans , for the Debian GNU/Linux system (but may be used by others). From nmav at gnutls.org Sun Oct 26 22:35:27 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun, 26 Oct 2003 23:35:27 +0200 Subject: [gnutls-dev] new releases Message-ID: <20031026213527.GA23030@gnutls.org> Due to some compilation bugs I've just released gnutls 0.9.93. Gnutls 0.8.12 is also available which corrects the following problems: - Some fixes in the opencdk code. Patch by Ivo Timmermans - CR is now allowed in the base64 decoder. -- Nikos Mavroyanopoulos From nmav at gnutls.org Mon Oct 27 08:43:55 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon, 27 Oct 2003 09:43:55 +0200 Subject: [gnutls-dev] Manpages In-Reply-To: <20031026202334.GA4192@juarez> References: <20031026202334.GA4192@juarez> Message-ID: <20031027074355.GA6433@gnutls.org> On Sun, Oct 26, 2003 at 09:23:34PM +0100, Ivo Timmermans wrote: > Hi, > I created four simple manpages for the command line utilities that are > distributed alongside gnutls: gnutls-cli, gnutls-cli-debug, > gnutls-serv and gnutls-srpcrypt. It would be nice if they were > distributed together with these utilities. Thank you. I've just added them to cvs. > Ivo > -- > Deja moo: the feeling you've heard this bullshit before. -- Nikos Mavroyanopoulos From papadopo at shfj.cea.fr Tue Oct 28 15:53:07 2003 From: papadopo at shfj.cea.fr (Dimitri Papadopoulos-Orfanos) Date: Tue, 28 Oct 2003 15:53:07 +0100 Subject: [gnutls-dev] building gnutls-0.9.93 on Solaris 8 Message-ID: <3F9E82D3.3050600@shfj.cea.fr> Hi, It seems GnuTLS directly depends on libgpg-error. This is not documented anywhere. Also the configure script neither checks for this software package nor provides a --with-libgpg-error-prefix= option flag. For this reason building gnutls-0.9.93 fails on my Solaris box which has libgpg-error installed in /usr/local/libgpg-error-0.5: cc -DHAVE_CONFIG_H -I. -I. -I../.. -I../ -I../minitasn1/ -I../../includes/ -O -I/usr/local/libgcrypt/include -c crl.c -KPIC -DPIC -o .libs/crl.o "/usr/local/libgcrypt/include/gcrypt.h", line 27: cannot find include file: "/usr/local/libgcrypt/include/gcrypt.h", line 90: warning: no explicit type given [...] I've worked around as usual by defining CPPFLAGS=/usr/local/libgpg-error/include LDFLAGS=/usr/local/libgpg-error/lib prior to configuring GnuTLS. Then GnuTLS attempts to do include libtasn although libtasn is not installed anywhere (I think it has been built into libgcrypt): "../../lib/gnutls_mpi.h", line 5: cannot find include file: "../../lib/gnutls_cert.h", line 5: cannot find include file: "../../lib/x509/x509.h", line 8: syntax error before or at: ASN1_TYPE "../../lib/x509/x509.h", line 8: cannot recover from previous errors -- Dimitri From wk at gnupg.org Tue Oct 28 16:17:50 2003 From: wk at gnupg.org (Werner Koch) Date: Tue, 28 Oct 2003 16:17:50 +0100 Subject: [gnutls-dev] building gnutls-0.9.93 on Solaris 8 In-Reply-To: <3F9E82D3.3050600@shfj.cea.fr> (Dimitri Papadopoulos-Orfanos's message of "Tue, 28 Oct 2003 15:53:07 +0100") References: <3F9E82D3.3050600@shfj.cea.fr> Message-ID: <87ad7ls869.fsf@alberti.g10code.de> On Tue, 28 Oct 2003 15:53:07 +0100, Dimitri Papadopoulos-Orfanos said: > It seems GnuTLS directly depends on libgpg-error. This is not Only indirectly. Libgcrypt depends on libgpg-error. We have meanwhile fixed the config script to include also the lib and cflags values from libgpg-error. > Then GnuTLS attempts to do include libtasn although libtasn is not > installed anywhere (I think it has been built into libgcrypt): No, it is not included in libgcrypt. Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From ivo at o2w.nl Tue Oct 28 18:31:22 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Tue, 28 Oct 2003 18:31:22 +0100 Subject: [gnutls-dev] Missing symbol in libgnutls-extra.so Message-ID: <20031028173122.GA12948@juarez> Hi, Since it is not mentioned in libgnutls-extra.vers, OpenSSL_add_all_algorithms() is not exported in libgnutls-extra.so. This matters for gnutls 0.9.9x only; a trivial patch is attached. Ivo -- We don't know how the Internet really works. We know how it should work, but we are constantly surprised. - Bruce Schneier -------------- next part -------------- --- libgnutls-extra.vers.orig 2003-09-12 19:22:41.000000000 +0200 +++ libgnutls-extra.vers 2003-10-28 18:28:51.000000000 +0100 @@ -1,5 +1,5 @@ GNUTLS_1_0 { - global: gnutls*; SSL*; TLS*; X509*; BIO*; ERR*; RAND*; MD5*; RIPEMD160*; + global: gnutls*; OpenSSL*; SSL*; TLS*; X509*; BIO*; ERR*; RAND*; MD5*; RIPEMD160*; local: *; }; From nmav at gnutls.org Thu Oct 30 07:30:04 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu, 30 Oct 2003 08:30:04 +0200 Subject: [gnutls-dev] Missing symbol in libgnutls-extra.so In-Reply-To: <20031028173122.GA12948@juarez> References: <20031028173122.GA12948@juarez> Message-ID: <20031030063004.GB2696@gnutls.org> On Tue, Oct 28, 2003 at 06:31:22PM +0100, Ivo Timmermans wrote: > Hi, > Since it is not mentioned in libgnutls-extra.vers, > OpenSSL_add_all_algorithms() is not exported in libgnutls-extra.so. > This matters for gnutls 0.9.9x only; a trivial patch is attached. Thanks. Just commited. > Ivo > -- > We don't know how the Internet really works. We know how it should > work, but we are constantly surprised. > - Bruce Schneier -- Nikos Mavroyanopoulos From nmav at gnutls.org Thu Oct 30 07:35:15 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu, 30 Oct 2003 08:35:15 +0200 Subject: [gnutls-dev] building gnutls-0.9.93 on Solaris 8 In-Reply-To: <3F9E82D3.3050600@shfj.cea.fr> References: <3F9E82D3.3050600@shfj.cea.fr> Message-ID: <20031030063515.GC2696@gnutls.org> On Tue, Oct 28, 2003 at 03:53:07PM +0100, Dimitri Papadopoulos-Orfanos wrote: > Hi, Hello, > Then GnuTLS attempts to do include libtasn although libtasn is not > installed anywhere (I think it has been built into libgcrypt): > "../../lib/gnutls_mpi.h", line 5: cannot find include file: > "../../lib/gnutls_cert.h", line 5: cannot find include file: > "../../lib/x509/x509.h", line 8: syntax error before or at: ASN1_TYPE > "../../lib/x509/x509.h", line 8: cannot recover from previous errors You can either install libtasn1, or use the included one. The included one is in lib/minitasn1/, and there is the header file. Since most of the sources are compiled using -Iminitasn1/ the compiler should have found this header file. I'd appreciate if you could send me the full compiler input and output of a file compilation. > -- > Dimitri -- Nikos Mavroyanopoulos From nmav at gnutls.org Thu Oct 30 11:13:54 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu, 30 Oct 2003 12:13:54 +0200 Subject: [gnutls-dev] gnutls 0.9.94 Message-ID: <20031030101354.GA5899@gnutls.org> I've just released gnutls 0.9.94. The changes since 0.9.93 are: - Added manpages for the included programs. - Documented and improved the certtool utility. - Added PKCS #12 support to certtool utility. -- Nikos Mavroyanopoulos From papadopo at shfj.cea.fr Thu Oct 30 13:32:31 2003 From: papadopo at shfj.cea.fr (Dimitri Papadopoulos-Orfanos) Date: Thu, 30 Oct 2003 13:32:31 +0100 Subject: [gnutls-dev] building gnutls-0.9.93 on Solaris 8 In-Reply-To: <20031030063515.GC2696@gnutls.org> References: <3F9E82D3.3050600@shfj.cea.fr> <20031030063515.GC2696@gnutls.org> Message-ID: <3FA104DF.3030307@shfj.cea.fr> Hi, > You can either install libtasn1, or use the included one. The included > one is in lib/minitasn1/, and there is the header file. Since most > of the sources are compiled using -Iminitasn1/ the compiler should > have found this header file. > > I'd appreciate if you could send me the full compiler input and > output of a file compilation. I build gnutls-0.9.93 this way: setenv CC cc setenv CFLAGS -O setenv CPPFLAGS -I/usr/local/libgpg-error/include setenv LDFLAGS -L/usr/local/libgpg-error/lib ./configure --prefix=/usr/local/gnutls-0.9.93 \ --with-libgcrypt-prefix=/usr/local/libgcrypt gmake Please find attached the resulting build log. -- Dimitris From nmav at gnutls.org Thu Oct 30 20:56:32 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu, 30 Oct 2003 21:56:32 +0200 Subject: [gnutls-dev] libgcrypt Message-ID: <20031030195632.GA714@gnutls.org> I've just noticed that gnutls 0.9.94 depends on the yet unreleased libgcrypt 1.1.44. You will have to use the cvs version of libgcrypt to built this gnutls release. -- Nikos Mavroyanopoulos From wk at gnupg.org Fri Oct 31 06:40:09 2003 From: wk at gnupg.org (Werner Koch) Date: Fri, 31 Oct 2003 06:40:09 +0100 Subject: [gnutls-dev] libgcrypt In-Reply-To: <20031030195632.GA714@gnutls.org> (Nikos Mavroyanopoulos's message of "Thu, 30 Oct 2003 21:56:32 +0200") References: <20031030195632.GA714@gnutls.org> Message-ID: <874qxqdkxy.fsf@alberti.g10code.de> On Thu, 30 Oct 2003 21:56:32 +0200, Nikos Mavroyanopoulos said: > I've just noticed that gnutls 0.9.94 depends on the yet > unreleased libgcrypt 1.1.44. You will have to use the > cvs version of libgcrypt to built this gnutls release. I have just released 1.1.44, it should show up on ftp.gnupg.org not later than in an hour. ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt-1.1.44.tar.gz (822k) or ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt-1.1.43-1.1.44.diff.gz (57k) There are some last minute cleanups; please report any problems. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From ivo at o2w.nl Fri Oct 31 19:31:26 2003 From: ivo at o2w.nl (Ivo Timmermans) Date: Fri, 31 Oct 2003 19:31:26 +0100 Subject: [gnutls-dev] doc/scripts Message-ID: <20031031183126.GA31460@juarez> Hi, gdoc and sort1.pl are in CVS, and they are used, but not distributed in the tarball. Ivo -- I don't need to test my programs. I have an error-correcting modem.