From matvejchikov at gmail.com Wed Mar 4 01:35:16 2015 From: matvejchikov at gmail.com (Matvejchikov Ilya) Date: Wed, 4 Mar 2015 04:35:16 +0400 Subject: [gnutls-devel] [PATCH] asn1random.pl: generate simple tags only Message-ID: Please, review the patch -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-asn1random.pl-generate-simple-tags-only.patch Type: text/x-patch Size: 1165 bytes Desc: not available URL: From nmav at gnutls.org Wed Mar 4 08:51:36 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 4 Mar 2015 08:51:36 +0100 Subject: [gnutls-devel] [PATCH] asn1random.pl: generate simple tags only In-Reply-To: References: Message-ID: On Wed, Mar 4, 2015 at 1:35 AM, Matvejchikov Ilya wrote: > Please, review the patch Thanks Ilya. It looks reasonable, but could you elaborate why this is needed? Wouldn't it make sense to have these tags as well? From n.mavrogiannopoulos at gmail.com Wed Mar 4 09:23:47 2015 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Wed, 4 Mar 2015 09:23:47 +0100 Subject: [gnutls-devel] moving to gitlab Message-ID: It seems that gitorious is bought by gitlab, and is closing down soon. For that I've started migrating the project to: https://gitlab.com/gnutls/gnutls That's an actual improvement as I was unhappy with the features in gitorious. Moreover, we can now integrate the issue tracker to that interface, and possibly the web site as well. If you're pulling from git please update your config to point to: git at gitlab.com:gnutls/gnutls.git or https://gitlab.com/gnutls/gnutls.git regards, Nikos From matvejchikov at gmail.com Wed Mar 4 09:24:34 2015 From: matvejchikov at gmail.com (Matvejchikov Ilya) Date: Wed, 4 Mar 2015 12:24:34 +0400 Subject: [gnutls-devel] [PATCH] asn1random.pl: generate simple tags only In-Reply-To: References: Message-ID: 2015-03-04 10:51 GMT+03:00 Nikos Mavrogiannopoulos : > On Wed, Mar 4, 2015 at 1:35 AM, Matvejchikov Ilya > wrote: >> Please, review the patch > > Thanks Ilya. It looks reasonable, but could you elaborate why this is > needed? Wouldn't it make sense to have these tags as well? This patch fixes the problem. But it would be nice to have theese tags correctly encoded too. Do you know who is the maintainer of asn1random.pl / x509random.pl scripts? From nmav at gnutls.org Wed Mar 4 09:33:39 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 4 Mar 2015 09:33:39 +0100 Subject: [gnutls-devel] [PATCH] asn1random.pl: generate simple tags only In-Reply-To: References: Message-ID: On Wed, Mar 4, 2015 at 9:24 AM, Matvejchikov Ilya wrote: > 2015-03-04 10:51 GMT+03:00 Nikos Mavrogiannopoulos : >> On Wed, Mar 4, 2015 at 1:35 AM, Matvejchikov Ilya >> wrote: >>> Please, review the patch >> Thanks Ilya. It looks reasonable, but could you elaborate why this is >> needed? Wouldn't it make sense to have these tags as well? > This patch fixes the problem. But it would be nice to have theese tags > correctly encoded too. I think the idea of these scripts is to test incorrectly encoded tags as well, so if you strive to correctly encode them, you may defeat its purpose. It would make sense however, to have them generate reasonable structures that don't get rejected immediately. However, I'm not sure I understood which problem you notice there, and what you're try to solve. > Do you know who is the maintainer of asn1random.pl / x509random.pl scripts? They were originally written to test an ASN.1 parser in the Linux kernel. Not sure if there are still used for that. You may contact the author if you like. regards, Nikos From matvejchikov at gmail.com Wed Mar 4 09:44:34 2015 From: matvejchikov at gmail.com (Matvejchikov Ilya) Date: Wed, 4 Mar 2015 12:44:34 +0400 Subject: [gnutls-devel] [PATCH] asn1random.pl: generate simple tags only In-Reply-To: References:

Message-ID: 2015-03-04 11:33 GMT+03:00 Nikos Mavrogiannopoulos : > On Wed, Mar 4, 2015 at 9:24 AM, Matvejchikov Ilya > wrote: >> 2015-03-04 10:51 GMT+03:00 Nikos Mavrogiannopoulos : >>> On Wed, Mar 4, 2015 at 1:35 AM, Matvejchikov Ilya >>> wrote: >>>> Please, review the patch >>> Thanks Ilya. It looks reasonable, but could you elaborate why this is >>> needed? Wouldn't it make sense to have these tags as well? >> This patch fixes the problem. But it would be nice to have theese tags >> correctly encoded too. > > I think the idea of these scripts is to test incorrectly encoded tags > as well, so if you strive to correctly encode them, you may defeat its > purpose. It would make sense however, to have them generate reasonable > structures that don't get rejected immediately. However, I'm not sure > I understood which problem you notice there, and what you're try to > solve. > Not sure as x509random.pl has the explicit option that allows to inject encoding errors. But asn1random.pl doesn't. So, in my opinion asn1random.pl intended to generate valid ASN/DER blobs with correct structure. But tags >= 31 encoded incorrectly (according to X.690-0207 -- 8.1.2.4) and parsers (dumpasn1, openssl/asn1parse) fails with theese samples. >> Do you know who is the maintainer of asn1random.pl / x509random.pl scripts? > > They were originally written to test an ASN.1 parser in the Linux > kernel. Not sure if there are still used for that. You may contact the > author if you like. > Added in the CC. > regards, > Nikos From nmav at gnutls.org Wed Mar 4 10:51:07 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 4 Mar 2015 10:51:07 +0100 Subject: [gnutls-devel] [PATCH] asn1random.pl: generate simple tags only In-Reply-To: References:

Message-ID: On Wed, Mar 4, 2015 at 9:44 AM, Matvejchikov Ilya wrote: >> I think the idea of these scripts is to test incorrectly encoded tags >> as well, so if you strive to correctly encode them, you may defeat its >> purpose. It would make sense however, to have them generate reasonable >> structures that don't get rejected immediately. However, I'm not sure >> I understood which problem you notice there, and what you're try to >> solve. > Not sure as x509random.pl has the explicit option that allows to > inject encoding errors. But asn1random.pl doesn't. So, in my opinion > asn1random.pl intended to generate valid ASN/DER blobs with correct > structure. But tags >= 31 encoded incorrectly (according to X.690-0207 > -- 8.1.2.4) and parsers (dumpasn1, openssl/asn1parse) fails with > theese samples. Patch applied. regards, Nikos From ludo at gnu.org Wed Mar 4 17:35:23 2015 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Wed, 04 Mar 2015 17:35:23 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: (Nikos Mavrogiannopoulos's message of "Wed, 4 Mar 2015 09:23:47 +0100") References: Message-ID: <87egp4g1pw.fsf@gnu.org> How does that affect user accounts and permissions? Thanks, Ludo?. From nmav at gnutls.org Wed Mar 4 17:56:03 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 04 Mar 2015 17:56:03 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <87egp4g1pw.fsf@gnu.org> References: <87egp4g1pw.fsf@gnu.org> Message-ID: <1425488163.8913.3.camel@gnutls.org> On Wed, 2015-03-04 at 17:35 +0100, Ludovic Court?s wrote: > How does that affect user accounts and permissions? These were not migrated. Send me your username in gitlab and I'll add you. regards, Nikos From ludo at gnu.org Wed Mar 4 21:33:22 2015 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Wed, 04 Mar 2015 21:33:22 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <1425488163.8913.3.camel@gnutls.org> (Nikos Mavrogiannopoulos's message of "Wed, 04 Mar 2015 17:56:03 +0100") References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> Message-ID: <87sidkec4t.fsf@gnu.org> Nikos Mavrogiannopoulos skribis: > On Wed, 2015-03-04 at 17:35 +0100, Ludovic Court?s wrote: >> How does that affect user accounts and permissions? > > These were not migrated. Send me your username in gitlab and I'll add > you. There?s another issue I just learned: gitlab.com runs ?GitLab Enterprise Edition,? which is non-free. Have you considered other options? Jason Self lists a few: . Thanks, Ludo?. From nmav at gnutls.org Wed Mar 4 23:23:49 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 04 Mar 2015 23:23:49 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <87sidkec4t.fsf@gnu.org> References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> Message-ID: <1425507829.13686.22.camel@gnutls.org> On Wed, 2015-03-04 at 21:33 +0100, Ludovic Court?s wrote: > Nikos Mavrogiannopoulos skribis: > > > On Wed, 2015-03-04 at 17:35 +0100, Ludovic Court?s wrote: > >> How does that affect user accounts and permissions? > > > > These were not migrated. Send me your username in gitlab and I'll add > > you. > There?s another issue I just learned: gitlab.com runs ?GitLab Enterprise > Edition,? which is non-free. > Have you considered other options? Jason Self lists a few: > . I understand the concerns but I don't agree with disqualifying a service if it runs non-free software. I don't believe that a free service on the Internet must adhere to my rules for the software it runs. I'd like if there is a free software version of the service software, but even then it would be only theoretical as I have no resources to deploy it. Nevertheless, if issue that you are trying to bring up is lock-in, given that the main software we rely on is git and not the fancy web interfaces, we can easily switch to another provider on the spot, as we do now with gitorious. regards, Nikos From ludo at gnu.org Thu Mar 5 09:06:12 2015 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Thu, 05 Mar 2015 09:06:12 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <1425507829.13686.22.camel@gnutls.org> (Nikos Mavrogiannopoulos's message of "Wed, 04 Mar 2015 23:23:49 +0100") References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> Message-ID: <87zj7rzx57.fsf@gnu.org> Nikos Mavrogiannopoulos skribis: > On Wed, 2015-03-04 at 21:33 +0100, Ludovic Court?s wrote: >> Nikos Mavrogiannopoulos skribis: >> >> > On Wed, 2015-03-04 at 17:35 +0100, Ludovic Court?s wrote: >> >> How does that affect user accounts and permissions? >> > >> > These were not migrated. Send me your username in gitlab and I'll add >> > you. >> There?s another issue I just learned: gitlab.com runs ?GitLab Enterprise >> Edition,? which is non-free. >> Have you considered other options? Jason Self lists a few: >> . > > I understand the concerns but I don't agree with disqualifying a service > if it runs non-free software. I don't believe that a free service on the > Internet must adhere to my rules for the software it runs. I'd like if > there is a free software version of the service software, but even then > it would be only theoretical as I have no resources to deploy it. You are right that it?s a service, so the concerns are different. Yet, I personally don?t want to endorse a service that runs non-free software when there free software alternatives (and good ones, even.) I don?t know yet what I will migrate to, but not to gitlab.com. > Nevertheless, if issue that you are trying to bring up is lock-in, > given that the main software we rely on is git and not the fancy web > interfaces, we can easily switch to another provider on the spot, as we > do now with gitorious. Exactly. In that sense, moving back to Savannah would seem OK: it doesn?t have the ?fancy web interfaces,? but it has the things GnuTLS cares about. WDYT? Thanks, Ludo?. From nmav at gnutls.org Thu Mar 5 11:24:59 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 5 Mar 2015 11:24:59 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <87zj7rzx57.fsf@gnu.org> References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> <87zj7rzx57.fsf@gnu.org> Message-ID: On Thu, Mar 5, 2015 at 9:06 AM, Ludovic Court?s wrote: >> Nevertheless, if issue that you are trying to bring up is lock-in, >> given that the main software we rely on is git and not the fancy web >> interfaces, we can easily switch to another provider on the spot, as we >> do now with gitorious. > Exactly. In that sense, moving back to Savannah would seem OK: it > doesn't have the "fancy web interfaces," but it has the things GnuTLS > cares about. WDYT? Savannah is not an option. As long as Stallman claims that he owns gnutls and I should fork it, I'm not moving the project to GNU-controlled servers. regards, Nikos From ludo at gnu.org Thu Mar 5 17:49:31 2015 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Thu, 05 Mar 2015 17:49:31 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: (Nikos Mavrogiannopoulos's message of "Thu, 5 Mar 2015 11:24:59 +0100") References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> <87zj7rzx57.fsf@gnu.org> Message-ID: <877fuvv17o.fsf@gnu.org> Nikos Mavrogiannopoulos skribis: > On Thu, Mar 5, 2015 at 9:06 AM, Ludovic Court?s wrote: >>> Nevertheless, if issue that you are trying to bring up is lock-in, >>> given that the main software we rely on is git and not the fancy web >>> interfaces, we can easily switch to another provider on the spot, as we >>> do now with gitorious. >> Exactly. In that sense, moving back to Savannah would seem OK: it >> doesn't have the "fancy web interfaces," but it has the things GnuTLS >> cares about. WDYT? > > Savannah is not an option. As long as Stallman claims that he owns > gnutls and I should fork it, I'm not moving the project to > GNU-controlled servers. GNU, the FSF, and Stallman are three different entities. Savannah is host to many non-GNU software projects. The FSF (not GNU; GNU is not a registered non-profit or anything) provides servers and sysadmin time to Savannah as a public service. Neither the FSF nor the GNU project has a say on what these projects do; the only requirement is that they be free software projects. It would be sad to end up promoting a proprietary tool because of a misunderstanding. Anyway, your call. Ludo?. From nmav at gnutls.org Thu Mar 5 18:32:58 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 05 Mar 2015 18:32:58 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <877fuvv17o.fsf@gnu.org> References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> <87zj7rzx57.fsf@gnu.org> <877fuvv17o.fsf@gnu.org> Message-ID: <1425576778.1964.4.camel@gnutls.org> On Thu, 2015-03-05 at 17:49 +0100, Ludovic Court?s wrote: > Nikos Mavrogiannopoulos skribis: > > > On Thu, Mar 5, 2015 at 9:06 AM, Ludovic Court?s wrote: > >>> Nevertheless, if issue that you are trying to bring up is lock-in, > >>> given that the main software we rely on is git and not the fancy web > >>> interfaces, we can easily switch to another provider on the spot, as we > >>> do now with gitorious. > >> Exactly. In that sense, moving back to Savannah would seem OK: it > >> doesn't have the "fancy web interfaces," but it has the things GnuTLS > >> cares about. WDYT? > > > > Savannah is not an option. As long as Stallman claims that he owns > > gnutls and I should fork it, I'm not moving the project to > > GNU-controlled servers. > > GNU, the FSF, and Stallman are three different entities. That's hardly my experience, but I don't want to get into that discussion. > It would be sad to end up promoting a proprietary tool because of a > misunderstanding. I'm not promoting any proprietary tool. I am using a service which may use proprietary tools. I do the same with lulu.com, the switches and routers in the network that connect www.gnutls.org to the outside world and so on. regards, Nikos From ludo at gnu.org Thu Mar 5 22:35:26 2015 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Thu, 05 Mar 2015 22:35:26 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <1425576778.1964.4.camel@gnutls.org> (Nikos Mavrogiannopoulos's message of "Thu, 05 Mar 2015 18:32:58 +0100") References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> <87zj7rzx57.fsf@gnu.org> <877fuvv17o.fsf@gnu.org> <1425576778.1964.4.camel@gnutls.org> Message-ID: <87egp3f7q9.fsf@gnu.org> Nikos Mavrogiannopoulos skribis: > On Thu, 2015-03-05 at 17:49 +0100, Ludovic Court?s wrote: >> Nikos Mavrogiannopoulos skribis: >> >> > On Thu, Mar 5, 2015 at 9:06 AM, Ludovic Court?s wrote: >> >>> Nevertheless, if issue that you are trying to bring up is lock-in, >> >>> given that the main software we rely on is git and not the fancy web >> >>> interfaces, we can easily switch to another provider on the spot, as we >> >>> do now with gitorious. >> >> Exactly. In that sense, moving back to Savannah would seem OK: it >> >> doesn't have the "fancy web interfaces," but it has the things GnuTLS >> >> cares about. WDYT? >> > >> > Savannah is not an option. As long as Stallman claims that he owns >> > gnutls and I should fork it, I'm not moving the project to >> > GNU-controlled servers. >> >> GNU, the FSF, and Stallman are three different entities. > > That's hardly my experience, but I don't want to get into that > discussion. Fine, I just wanted to clear up the misunderstanding or FUD. >> It would be sad to end up promoting a proprietary tool because of a >> misunderstanding. > > I'm not promoting any proprietary tool. I think you are, by making a deliberate choice of ignoring possibilities that rely only on free software. Besides, I?m disappointed there was no discussion before the decision was made (as was already the case when GnuTLS moved to Gitorious.) Ludo?. From n.mavrogiannopoulos at gmail.com Fri Mar 6 11:29:24 2015 From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos) Date: Fri, 6 Mar 2015 11:29:24 +0100 Subject: [gnutls-devel] GnuTLS + FREAK Message-ID: There was a new attack against few SSL/TLS implementations called FREAK [0]. This attack relies on being able to modify the client's state machine and switch it from RSA to RSA-EXPORT. Such an attack is not possible in the way the GnuTLS' state machine operates, and moreover modern versions of GnuTLS don't support RSA-EXPORT. Support for EXPORT ciphersuites was removed back in 2013 [1]. So as it is now, this attack doesn't affect GnuTLS clients or servers. regards, Nikos [0]. https://freakattack.com/ [1]. https://gitlab.com/gnutls/gnutls/blob/master/NEWS#L768 From jaak.ristioja at cyber.ee Fri Mar 6 13:00:46 2015 From: jaak.ristioja at cyber.ee (Jaak Ristioja) Date: Fri, 06 Mar 2015 14:00:46 +0200 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <87egp3f7q9.fsf@gnu.org> References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> <87zj7rzx57.fsf@gnu.org> <877fuvv17o.fsf@gnu.org> <1425576778.1964.4.camel@gnutls.org> <87egp3f7q9.fsf@gnu.org> Message-ID: <54F996EE.5040707@cyber.ee> On 05.03.2015 23:35, Ludovic Court?s wrote: >>> It would be sad to end up promoting a proprietary tool because of a >>> misunderstanding. >> >> I'm not promoting any proprietary tool. > > I think you are, by making a deliberate choice of ignoring possibilities > that rely only on free software. What's wrong with promoting a proprietary tool? I mean they ARE contributing code back to the Open Source Community. Red Hat and SUSE also have proprietery versions of operating systems based on Linux. If I use Gentoo with a Linux kernel, am I promoting their proprietary products? I suggest you not to reply to avoid promoting the proprietary Cisco routers between us. :D Best regards, Jaak Ristioja From INVALID.NOREPLY at gnu.org Sat Mar 7 23:45:06 2015 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 07 Mar 2015 22:45:06 +0000 Subject: [gnutls-devel] [sr #108703] Windows build issues In-Reply-To: <20141212-091250.sv707.49118@savannah.gnu.org> References: <20141211-134934.sv97769.3976@savannah.gnu.org> <20141211-191246.sv220.76214@savannah.gnu.org> <20141211-200607.sv707.33956@savannah.gnu.org> <20141211-203547.sv220.9119@savannah.gnu.org> <20141212-091250.sv707.49118@savannah.gnu.org> Message-ID: <20150308-004506.sv707.49057@savannah.gnu.org> Update of sr #108703 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #5: The issue tracker is being moved in gitlab; if the issue is not resolved in the latest gnutls version please open a ticket at: https://gitlab.com/gnutls/gnutls/issues _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Mar 7 23:45:28 2015 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 07 Mar 2015 22:45:28 +0000 Subject: [gnutls-devel] [sr #108563] API functions with output arguments should allow null values In-Reply-To: <20140512-115235.sv707.72229@savannah.gnu.org> References: <20140506-085745.sv94895.41985@savannah.gnu.org> <20140510-114842.sv707.71882@savannah.gnu.org> <20140512-074842.sv94895.15037@savannah.gnu.org> <20140512-080658.sv94895.86408@savannah.gnu.org> <20140512-115235.sv707.72229@savannah.gnu.org> Message-ID: <20150308-004528.sv707.39408@savannah.gnu.org> Update of sr #108563 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #5: The issue tracker is being moved in gitlab; if the issue is not resolved in the latest gnutls version please open a ticket at: https://gitlab.com/gnutls/gnutls/issues _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Mar 7 23:47:16 2015 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 07 Mar 2015 22:47:16 +0000 Subject: [gnutls-devel] [sr #108689] gnutls_x509_crt_check_hostname() and Internationalized Domain Names In-Reply-To: <20141222-221245.sv38407.7025@savannah.gnu.org> References: <20141119-125024.sv38407.9197@savannah.gnu.org> <20141119-161158.sv707.81265@savannah.gnu.org> <20141119-202236.sv38407.51161@savannah.gnu.org> <20141222-221245.sv38407.7025@savannah.gnu.org> Message-ID: <20150308-004716.sv707.522@savannah.gnu.org> Update of sr #108689 (project gnutls): Status: None => Done Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #4: I'm closing the issue because the tracker is being moved. The issue will be resolved in the 3.4.0 release (most probably after nettle 3.1 is released by the end of march). If you think the issue should remain open please open it at: https://gitlab.com/gnutls/gnutls/issues _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Sat Mar 7 23:48:14 2015 From: INVALID.NOREPLY at gnu.org (Nikos Mavrogiannopoulos) Date: Sat, 07 Mar 2015 22:48:14 +0000 Subject: [gnutls-devel] [sr #108665] secp256k1 support wish In-Reply-To: <20141103-193709.sv707.47242@savannah.gnu.org> References: <20141013-075642.sv0.22056@savannah.gnu.org> <20141103-193709.sv707.47242@savannah.gnu.org> Message-ID: <20150308-004814.sv707.30975@savannah.gnu.org> Update of sr #108665 (project gnutls): Open/Closed: Open => Closed _______________________________________________________ Follow-up Comment #2: More information is needed for this bug to remain open. I'm closing it since the issue tracker is being moved in gitlab; but if you want to keep it open please add more information at: https://gitlab.com/gnutls/gnutls/issues _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Sun Mar 8 00:29:31 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 08 Mar 2015 00:29:31 +0100 Subject: [gnutls-devel] moving to gitlab In-Reply-To: <87egp3f7q9.fsf@gnu.org> References: <87egp4g1pw.fsf@gnu.org> <1425488163.8913.3.camel@gnutls.org> <87sidkec4t.fsf@gnu.org> <1425507829.13686.22.camel@gnutls.org> <87zj7rzx57.fsf@gnu.org> <877fuvv17o.fsf@gnu.org> <1425576778.1964.4.camel@gnutls.org> <87egp3f7q9.fsf@gnu.org> Message-ID: <1425770971.24822.21.camel@gnutls.org> On Thu, 2015-03-05 at 22:35 +0100, Ludovic Court?s wrote: > > I'm not promoting any proprietary tool. > I think you are, by making a deliberate choice of ignoring possibilities > that rely only on free software. It's correct that I am deliberately ignoring some possibilities, but these are the possibilities which require more work from me, for no visible to me gain. We use free software to make free software, but I don't agree with the position that every service we use should be required to be fully based on free software. > Besides, I?m disappointed there was no discussion before the decision > was made (as was already the case when GnuTLS moved to Gitorious.) The move to gitorious was a forced move since Stallman threatened that gnu will continue develop gnutls. So I moved my fork out of savannah. However, it's true that since Simon left there is very little discussion about management issues. This is my mistake, and I'm open to suggestions. But please don't give up on gnutls. If you don't want to use their web interface to submit fixes, I think the simplest is to obtain an account so that you'll only need to use git. Otherwise posting them on the mailing list is just fine. regards, Nikos From alon.barlev at gmail.com Mon Mar 9 22:23:26 2015 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Mon, 9 Mar 2015 23:23:26 +0200 Subject: [gnutls-devel] [PATCH] build: tests: fix Test_choice_ocsp on separate builddir Message-ID: <1425936206-10773-1-git-send-email-alon.barlev@gmail.com> Signed-off-by: Alon Bar-Lev --- tests/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Makefile.am b/tests/Makefile.am index 4b326f0..a00ebc7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -54,6 +54,8 @@ TESTS_ENVIRONMENT = \ ASN1INDEF2=$(srcdir)/TestIndef2.p12 \ ASN1INDEF3=$(srcdir)/TestIndef3.der \ ASN1ENCODING=$(srcdir)/Test_encoding.asn \ + ASN1CHOICE_OCSP=$(srcdir)/pkix.asn \ + ASN1CHOICE_OCSP_DATA=$(srcdir)/ocsp.der \ THREADSAFETY_FILES=`find $(top_srcdir)/lib -name \*.c` \ EXEEXT=$(EXEEXT) \ $(VALGRIND) -- 2.0.5 From nmav at gnutls.org Sun Mar 15 09:14:26 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 15 Mar 2015 09:14:26 +0100 Subject: [gnutls-devel] [gnutls-help] GnuTLS and Nettle In-Reply-To: <5504EC4F.6070707@snowmoose.com> References: <54E4DA6C.50701@snowmoose.com> <1424296017.3853.3.camel@gnutls.org> <5504EC4F.6070707@snowmoose.com> Message-ID: <1426407266.1594.0.camel@gnutls.org> On Sat, 2015-03-14 at 19:19 -0700, Alan Perry wrote: > Are there any updates on this? Not trying to rush you guys; just trying > to make plans. The rough plan is listed on the wiki pages: https://gitlab.com/gnutls/gnutls/wikis/Plan3_4 From David.M.Marx at Oracle.Com Thu Mar 19 07:21:56 2015 From: David.M.Marx at Oracle.Com (David Marx) Date: Wed, 18 Mar 2015 23:21:56 -0700 Subject: [gnutls-devel] minimal compile of gnutls has undefined symbols Message-ID: <550A6B04.70507@Oracle.Com> I am trying to compile up a minimal static gnutls library to use with a basic TLS client, such as section 6.1.1 Simple client example with X.509 certificate support of The GnuTLS Manual for version 3.3, gnutls.pdf. I am disabling everything I can find to disable. When I do, there are functions that are undefined, I believe some or all of these functions are being called from inside the gnutls library, but are ifdefed out. set -ex cd gnutls-3.3.13 ./configure \ --prefix=/usr --mandir=/usr/share/man --bindir=/usr/bin/amd64 \ --libdir=/usr/lib/amd64 --sbindir=/usr/sbin/amd64 \ --disable-dtls-srtp-support --disable-alpn-support \ --disable-rsa-export --disable-heartbeat-support \ --disable-srp-authentication --disable-psk-authentication \ --disable-anon-authentication --disable-dhe --disable-ecdhe \ --disable-openpgp-authentication --disable-ocsp \ --disable-session-tickets --disable-openssl-compatibility \ --disable-non-suiteb-curves --disable-crywrap --disable-libdane \ --without-p11-kit --without-tpm --without-zlib --disable-shared \ --enable-static --libexecdir=/usr/lib/amd64 --sysconfdir=/etc/gnu \ --infodir=/usr/share/info \ PKG_CONFIG_PATH=/net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/lib/amd64/pkgconfig \ NETTLE_CFLAGS="-I /usr/include/gmp -I \ /net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/include" \ NETTLE_LIBS=/net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/lib/amd64/libnettle.a \ HOGWEED_LIBS=/net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/lib/amd64/libhogweed.a gmake $* I see the following undefines. Undefined in file _gnutls_free_dh_info libgnutls.a(gnutls_auth.o) gnutls_anon_allocate_client_credentials ../../lib/.libs/libgnutlsxx.a(libgnutl gnutls_anon_allocate_server_credentials ../../lib/.libs/libgnutlsxx.a(libgnutl gnutls_anon_free_client_credentials ../../lib/.libs/libgnutlsxx.a(libgnutlsxx_ gnutls_anon_free_server_credentials ../../lib/.libs/libgnutlsxx.a(libgnutlsx gnutls_anon_set_server_dh_params ../../lib/.libs/libgnutlsxx.a(libgnutls gnutls_anon_set_server_params_function libgnutlsxx.a(libgnutlsxx_la-gnutlsxx.o) gnutls_certificate_set_dh_params ex-serv-dtls.o gnutls_dh_get_group common.o gnutls_dh_get_peers_public_bits common.o gnutls_dh_get_prime_bits common.o gnutls_dh_get_pubkey tests.o gnutls_dh_get_secret_bits common.o gnutls_dh_set_prime_bits libgnutlsxx.a(libgnutlsxx_la-gnutlsxx.o) gnutls_psk_allocate_client_credentials ../../lib/.libs/libgnutlsxx.a(libgnutls gnutls_psk_free_client_credentials libgnutlsxx.a(libgnutlsxx_la-gnutlsxx.o) gnutls_psk_free_server_credentials ../../lib/.libs/libgnutlsxx.a(libgnutlsx gnutls_psk_server_get_username ../../lib/.libs/libgnutlsxx.a(libgnutlsxx_ gnutls_psk_set_client_credentials libgnutlsxx.a(libgnutlsxx_la-gnutlsxx.o) gnutls_psk_set_client_credentials_function ../../lib/.libs/libgnutlsxx.a(libg gnutls_psk_set_server_credentials_file ../../lib/.libs/libgnutlsxx.a(libgnutls gnutls_psk_set_server_credentials_function ../../lib/.libs/libgnutlsxx.a(libgn gnutls_psk_set_server_dh_params libgnutlsxx.a(libgnutlsxx_la-gnutlsxx.o) gnutls_psk_set_server_params_function libgnutlsxx.a(libgnutlsxx_la-gnutlsxx.o) Also the --enable-static build doesn't seem to compile, as it doesn't seem to point at static libnettle, libhogweed libraries. Thanks. From nmav at gnutls.org Thu Mar 19 21:31:49 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 19 Mar 2015 21:31:49 +0100 Subject: [gnutls-devel] [gnutls-help] GNU TLS and extensions/supplemental data In-Reply-To: References: <1425924306.2022.20.camel@gnutls.org>

Message-ID: <1426797109.1603.1.camel@gnutls.org> On Thu, 2015-03-19 at 16:56 +0100, Thierry Quemerais wrote: > Hi Nikos, > > Please find attached to this Email a clean patch for adding custom extension and custom supplemental data from public GNUTLS API. > I take care of all your comments in order to give you a patch as you expected it. > > 0001: Fix data type > 255 in supplemental data > 0002 0003: Add a way to set customs extensions from public API > 0004: Add a way to add custom supplemental data from public API. > For each ones, I added a test application mini-extension.c and mini-supplementaldata.c for your unit tests I've modified the patches a bit, to ensure proper deinitialization and harmonize the new types with the existing. It is now applied and will included in 3.4.0. Thank you. From nmav at gnutls.org Sat Mar 21 11:28:17 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 21 Mar 2015 11:28:17 +0100 Subject: [gnutls-devel] minimal compile of gnutls has undefined symbols In-Reply-To: <550A6B04.70507@Oracle.Com> References: <550A6B04.70507@Oracle.Com> Message-ID: <1426933697.1596.3.camel@gnutls.org> On Wed, 2015-03-18 at 23:21 -0700, David Marx wrote: > I am trying to compile up a minimal static gnutls library to use > with a basic TLS client, such as section 6.1.1 Simple client > example with X.509 certificate support of The GnuTLS Manual for > version 3.3, gnutls.pdf. I am disabling everything I can find to > disable. When I do, there are functions that are undefined, I > believe some or all of these functions are being called from > inside the gnutls library, but are ifdefed out. > > set -ex > cd gnutls-3.3.13 > ./configure \ > --prefix=/usr --mandir=/usr/share/man --bindir=/usr/bin/amd64 \ > --libdir=/usr/lib/amd64 --sbindir=/usr/sbin/amd64 \ > --disable-dtls-srtp-support --disable-alpn-support \ > --disable-rsa-export --disable-heartbeat-support \ > --disable-srp-authentication --disable-psk-authentication \ > --disable-anon-authentication --disable-dhe --disable-ecdhe \ > --disable-openpgp-authentication --disable-ocsp \ > --disable-session-tickets --disable-openssl-compatibility \ > --disable-non-suiteb-curves --disable-crywrap --disable-libdane \ > --without-p11-kit --without-tpm --without-zlib --disable-shared \ > --enable-static --libexecdir=/usr/lib/amd64 --sysconfdir=/etc/gnu \ > --infodir=/usr/share/info \ > PKG_CONFIG_PATH=/net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/lib/amd64/pkgconfig > \ > NETTLE_CFLAGS="-I /usr/include/gmp -I \ > /net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/include" > \ > NETTLE_LIBS=/net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/lib/amd64/libnettle.a > \ > HOGWEED_LIBS=/net/scapen-csx12-0/scratch/dmmarx/12a/u/components/nettle/build/prototype/i386/usr/lib/amd64/libhogweed.a > gmake $* > > I see the following undefines. Thanks, I've committed a fix in master and added a task on ci.gitlab.com to allow detecting regressions easier. However when you disable so much stuff the test suite will be unusable and you'll have to add --disable-tests as well. regards, Nikos From nmav at gnutls.org Sat Mar 21 13:05:35 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 21 Mar 2015 13:05:35 +0100 Subject: [gnutls-devel] gitlab ci Message-ID: <1426939535.27614.4.camel@gnutls.org> Hi, I've setup two systems (one via epia/i686 and a x86_64) with gitlab ci [0], and that allowed to quickly catch regressions with the full test suite on these systems. If you have exotic but still relevant hardware you'd like to add to this pool please contact me. It would be nice to have more systems so we can catch most platform-specific issues prior to release. regards, Nikos [0]. https://ci.gitlab.com/projects/684 From berillions at gmail.com Sat Mar 21 15:34:31 2015 From: berillions at gmail.com (LOMBARD Maxime) Date: Sat, 21 Mar 2015 15:34:31 +0100 Subject: [gnutls-devel] Gnutls 3.3.X + Wine = problem Message-ID: Hi guys, I'm French so i will try to explain correctly the problem. Actually, there is a bug (?) in this version of Gnutls which disallow to run correctly a Windows application with Wine. This application is the Ubisoft software called "Uplay". In fact, when you launch Uplay with Wine and try to connect you to the application, Uplay hangs with the login screen. (See the reportbug in Wine bugzilla here : https://bugs.winehq.org/show_bug.cgi?id=38134 ) The only workaround which has been found is to compile Wine (and use it) with the old version of Gnutls (2.12.X). The big problem is that each Linux distribution (Fedora, Debian etc...) have delete this version from their repository to use the new version. It's easy to reproduce the bug : - Install the latest wine version (from Debian Jessie/Sid, Arch or others) - Download and install UPlay ( https://ubistatic3-a.akamaihd.net/orbit/launcher_installer/UplayInstaller.exe ) - Create an Uplay account and try to use it with Wine Thanks, Maxime -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sat Mar 21 16:58:56 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 21 Mar 2015 16:58:56 +0100 Subject: [gnutls-devel] Gnutls 3.3.X + Wine = problem In-Reply-To: References: Message-ID: <1426953536.2529.10.camel@gnutls.org> On Sat, 2015-03-21 at 15:34 +0100, LOMBARD Maxime wrote: > Hi guys, > I'm French so i will try to explain correctly the problem. > Actually, there is a bug (?) in this version of Gnutls which disallow > to run correctly a Windows application with Wine. This application is > the Ubisoft software called "Uplay". > In fact, when you launch Uplay with Wine and try to connect you to the > application, Uplay hangs with the login screen. (See the reportbug in > Wine bugzilla here : https://bugs.winehq.org/show_bug.cgi?id=38134 ) > The only workaround which has been found is to compile Wine (and use > it) with the old version of Gnutls (2.12.X). > It's easy to reproduce the bug : > - Install the latest wine version (from Debian Jessie/Sid, Arch or > others) > - Download and install UPlay > (https://ubistatic3-a.akamaihd.net/orbit/launcher_installer/UplayInstaller.exe) > - Create an Uplay account and try to use it with Wine Hello, I tried to reproduce what you mention I don't see any issue in gnutls negotiating with the server. You can also see that by checking the wireshark log, as well as running wine while GNUTLS_DEBUG_LEVEL is set to something more than 6. It seems like the application (or wine) is in an infinite loop creating a client hello. I'd suggest to try to debug it further with the wine people, and if the issue concludes that gnutls fails to talk to some server then bring that here. As it is now I don't see any such issue and there is very little that can be done by gnutls for the issue you see. You could also try comparing the wireshark logs from the version that works with the other that doesn't and try to spot the differences. regards, Nikos From berillions at gmail.com Sat Mar 21 17:54:24 2015 From: berillions at gmail.com (LOMBARD Maxime) Date: Sat, 21 Mar 2015 17:54:24 +0100 Subject: [gnutls-devel] Gnutls 3.3.X + Wine = problem In-Reply-To: <1426953536.2529.10.camel@gnutls.org> References: <1426953536.2529.10.camel@gnutls.org> Message-ID: Hi Nikos, Thanks for your answer. I will try to compare wireshark between the old and new gnutls. Problem, i never use this app. How i must to use it to have a very good log for you and/or wine people? Thanks, Maxime Le 21 mars 2015 16:59, "Nikos Mavrogiannopoulos" a ?crit : > On Sat, 2015-03-21 at 15:34 +0100, LOMBARD Maxime wrote: > > Hi guys, > > I'm French so i will try to explain correctly the problem. > > Actually, there is a bug (?) in this version of Gnutls which disallow > > to run correctly a Windows application with Wine. This application is > > the Ubisoft software called "Uplay". > > In fact, when you launch Uplay with Wine and try to connect you to the > > application, Uplay hangs with the login screen. (See the reportbug in > > Wine bugzilla here : https://bugs.winehq.org/show_bug.cgi?id=38134 ) > > The only workaround which has been found is to compile Wine (and use > > it) with the old version of Gnutls (2.12.X). > > It's easy to reproduce the bug : > > - Install the latest wine version (from Debian Jessie/Sid, Arch or > > others) > > - Download and install UPlay > > ( > https://ubistatic3-a.akamaihd.net/orbit/launcher_installer/UplayInstaller.exe > ) > > - Create an Uplay account and try to use it with Wine > > Hello, > I tried to reproduce what you mention I don't see any issue in gnutls > negotiating with the server. You can also see that by checking the > wireshark log, as well as running wine while GNUTLS_DEBUG_LEVEL is set > to something more than 6. It seems like the application (or wine) is in > an infinite loop creating a client hello. > I'd suggest to try to debug it further with the wine people, and if the > issue concludes that gnutls fails to talk to some server then bring that > here. As it is now I don't see any such issue and there is very little > that can be done by gnutls for the issue you see. > > You could also try comparing the wireshark logs from the version that > works with the other that doesn't and try to spot the differences. > > regards, > Nikos > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Sat Mar 21 23:06:56 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 21 Mar 2015 23:06:56 +0100 Subject: [gnutls-devel] Gnutls 3.3.X + Wine = problem In-Reply-To: References: <1426953536.2529.10.camel@gnutls.org> Message-ID: <1426975616.18525.1.camel@gnutls.org> On Sat, 2015-03-21 at 17:54 +0100, LOMBARD Maxime wrote: > Hi Nikos, > > Thanks for your answer. > I will try to compare wireshark between the old and new gnutls. > Problem, i never use this app. How i must to use it to have a very > good log for you and/or wine people? You should avoid unrelated transfer during the capture, and restrict the capture to ssl packets. regards, Nikos From nmav at gnutls.org Sat Mar 21 23:33:41 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 21 Mar 2015 23:33:41 +0100 Subject: [gnutls-devel] Gnutls 3.3.X + Wine = problem In-Reply-To: References: <1426953536.2529.10.camel@gnutls.org> Message-ID: <1426977221.18525.7.camel@gnutls.org> On Sat, 2015-03-21 at 17:54 +0100, LOMBARD Maxime wrote: > Hi Nikos, > > Thanks for your answer. > I will try to compare wireshark between the old and new gnutls. > Problem, i never use this app. How i must to use it to have a very > good log for you and/or wine people? I can verify that 2.12.24 works with that server, and the logs from wine are shown below. 3.3.13: http://pastebin.com/i9JfxaK6 2.12.24: http://pastebin.com/j2x9EB94 The difference I see with kompare, is that the second session established follows a different path in 3.3.13 and after SECUR32_makeSecHandle, AcquireCredentialsHandleW is called, while in 2.12.x InitializeSecurityContextW is called. Then 2.12.24 completes the session while 3.3.13 starts a new one. None of the paths called rings a bell but someone of the wine team could have a clue what that difference means. From jklimes at redhat.com Fri Mar 27 21:29:46 2015 From: jklimes at redhat.com (Jirka Klimes) Date: Fri, 27 Mar 2015 21:29:46 +0100 Subject: [gnutls-devel] [PATCH] Few documentation and compiler warning fixes Message-ID: <20150327212946.6fbdc9a6@ppp> Hello, I have found several errors in crypto API function descriptions. And fixed a few unused variable warnings too. Please see and commit the attached patches (based on master). Thanks, Jirka -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutls-fixes.patch Type: text/x-patch Size: 13252 bytes Desc: not available URL: From nmav at gnutls.org Sat Mar 28 12:03:49 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 28 Mar 2015 12:03:49 +0100 Subject: [gnutls-devel] [PATCH] Few documentation and compiler warning fixes In-Reply-To: <20150327212946.6fbdc9a6@ppp> References: <20150327212946.6fbdc9a6@ppp> Message-ID: <1427540629.3523.5.camel@gnutls.org> On Fri, 2015-03-27 at 21:29 +0100, Jirka Klimes wrote: > Hello, > > I have found several errors in crypto API function descriptions. And > fixed a few unused variable warnings too. > Please see and commit the attached patches (based on master). Thank you. Applied. From nmav at gnutls.org Mon Mar 30 07:34:01 2015 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 30 Mar 2015 07:34:01 +0200 Subject: [gnutls-devel] gnutls 3.3.14 Message-ID: <1427693641.9157.1.camel@gnutls.org> Hello, I've just released gnutls 3.3.14. This is a bug-fix release on the current stable branch. * Version 3.3.14 (released 2015-03-30) ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. ** libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. ** libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert ?wi?cki. ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). ** libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. ** libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.14.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.14.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.14.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.14.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos