From nmav at gnutls.org Sat Jan 3 16:50:25 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat, 3 Jan 2004 17:50:25 +0200 Subject: [gnutls-dev] gnutls 1.1.4 Message-ID: <20040103155025.GA22768@gnutls.org> Hello and Happy new year, I've just released gnutls 1.1.4 of the development branch. All the changes since the last announced development release (1.1.0) are: - Improved gnutls-cli's SRP behaviour in SRP ciphersuites. If they are of highest priority then the abreviated handshake is used. - Removed all references of missing files. - Changed handshake behaviour to send the lowest TLS version when an unsupported version was advertized. The current behaviour is to send the maximum version we support. - Corrected problem printing the DC attributes in a DN. Version 1.1.3 - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack). Version 1.1.2 - Added CRL verification functionality to certtool. - Corrected the CRL distribution point extension handling. Version 1.1.1 - Added PKCS #7 support to certtool utility. - Added support for reading and generating CRL distribution points extensions in certificates. - Added support for generating CRLs in the library and the certtool utility. - Added support for the Subject Key ID PKIX extension. -- Nikos Mavroyanopoulos From nmav at gnutls.org Sun Jan 4 12:50:28 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun, 4 Jan 2004 13:50:28 +0200 Subject: [gnutls-dev] gnutls 1.0.4 Message-ID: <20040104115028.GA8957@gnutls.org> I've just released gnutls 1.0.4. The changes since the last release are: - Changed handshake behaviour to send the lowest TLS version when an unsupported version was advertized. The current behaviour is to send the maximum version we support. - certtool no longer asks the password in unencrypted private keys. - The source is now compiled to use the reentrant libc functions. -- Nikos Mavroyanopoulos From papadopo at shfj.cea.fr Mon Jan 5 10:53:15 2004 From: papadopo at shfj.cea.fr (Dimitri Papadopoulos-Orfanos) Date: Mon, 05 Jan 2004 10:53:15 +0100 Subject: [gnutls-dev] building GnuTLS 1.0.4 on Solaris Message-ID: <3FF9340B.7080108@shfj.cea.fr> Hi, GnuTLS doesn't build out of the box using my configuration because the Makefile lacks the inclusion path for OpenCDK: cc -DHAVE_CONFIG_H -I. -I. -I.. -I../lib -I../libtasn1/lib -I../includes -O -D_REENTRANT -I/usr/local/libgcrypt-1.1.91/include -I/usr/local/libgpg-error-0.6/include -c `test -f 'serv.c' || echo './'`serv.c "serv.c", line 41: cannot find include file: "serv.c", line 211: warning: assignment type mismatch: pointer to unsigned char "=" pointer to char "serv.c", line 344: warning: argument #3 is incompatible with prototype: prototype: pointer to unsigned int : "../includes/gnutls/gnutls.h", line 289 argument : pointer to int "serv.c", line 954: warning: statement not reached "serv.c", line 1155: undefined symbol: cdk_kbnode_t "serv.c", line 1155: syntax error before or at: knode "serv.c", line 1170: warning: implicit function declaration: cdk_keyserver_recv_key "serv.c", line 1171: undefined symbol: CDK_DBSEARCH_FPR "serv.c", line 1171: undefined symbol: knode "serv.c", line 1176: warning: implicit function declaration: cdk_kbnode_write_to_mem "serv.c", line 1195: warning: implicit function declaration: cdk_kbnode_release cc: acomp failed for serv.c gmake[3]: *** [serv.o] Error 2 gmake[3]: Leaving directory `/tmp/gnutls-1.0.4/src' I'm not sure how to fix that properly. Happy new year, -- Dimitri From papadopo at shfj.cea.fr Mon Jan 5 11:06:14 2004 From: papadopo at shfj.cea.fr (Dimitri Papadopoulos-Orfanos) Date: Mon, 05 Jan 2004 11:06:14 +0100 Subject: [gnutls-dev] Re: building GnuTLS 1.0.4 on Solaris In-Reply-To: <3FF9340B.7080108@shfj.cea.fr> References: <3FF9340B.7080108@shfj.cea.fr> Message-ID: <3FF93716.60305@shfj.cea.fr> Hi, > GnuTLS doesn't build out of the box using my configuration because the > Makefile lacks the inclusion path for OpenCDK: I've worked around that in a quick'n'dirty way, and gnutils-1.0.4 builds just fine otherwise. There are of course the usual signed/unsigned warnings plus a few warnings you may want to fix. See attached log. -- Dimitri -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutls-1.0.4.log.gz Type: application/x-gzip Size: 14612 bytes Desc: not available URL: From nmav at gnutls.org Mon Jan 5 12:13:29 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon, 5 Jan 2004 13:13:29 +0200 Subject: [gnutls-dev] building GnuTLS 1.0.4 on Solaris In-Reply-To: <3FF9340B.7080108@shfj.cea.fr> References: <3FF9340B.7080108@shfj.cea.fr> Message-ID: <20040105111329.GA6541@gnutls.org> On Mon, Jan 05, 2004 at 10:53:15AM +0100, Dimitri Papadopoulos-Orfanos wrote: > Hi, > GnuTLS doesn't build out of the box using my configuration because the > Makefile lacks the inclusion path for OpenCDK: Thank you. I've commited a fix. > Happy new year, > -- > Dimitri -- Nikos Mavroyanopoulos From john at neggie.net Sat Jan 31 17:00:18 2004 From: john at neggie.net (john at neggie.net) Date: Sat, 31 Jan 2004 11:00:18 -0500 Subject: [gnutls-dev] OpenPGP security for web servers, again Message-ID: I've always been frustrated with the lack of PGP support for HTTP. Why, when the people I need to grant access to my web site all have PGP keys, do I have to deal with weak authentication schemes, forcing users to remember new passwords, and the poorly-designed X.509 system? I was surprised to find out that in 1995 the NCSA HTTP server and browser already had PGP support [1]. It was removed due to now-defunct export laws of the U.S. When will such functionality ever be returned to the most popular free HTTP server and browser? It seems that with opencdk and the unique OpenPGP support in gnutls being under the GPL, we'll never see this support put into Apache. Does the new Apache license change the situation? Regards, -John Belmonte [1] http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html