From gnutls-devel at lists.gnutls.org Sat Dec 1 06:02:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 05:02:17 +0000 Subject: [gnutls-devel] GnuTLS | CVE-2018-16868 (!832) In-Reply-To: References: Message-ID: Merge Request !832 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/832 Branches: tmp-fix-CVE-2018-16868 to master Author: Simo Sorce Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 1 06:20:38 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 05:20:38 +0000 Subject: [gnutls-devel] GnuTLS | CVE-2018-16868 (!832) In-Reply-To: References: Message-ID: Merge Request !832 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/832 Branches: tmp-fix-CVE-2018-16868 to master Author: Simo Sorce Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 1 06:20:38 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 05:20:38 +0000 Subject: [gnutls-devel] GnuTLS | RSA pkcs1 decryption and signing is not constant memory access (#630) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #630: https://gitlab.com/gnutls/gnutls/issues/630 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/630 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 1 06:39:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 06:39:22 +0100 Subject: [gnutls-devel] gnutls 3.6.5 Message-ID: Hello, I've just released gnutls 3.6.5. This is a bug fix release on the 3.6.x branch. It fixes several issues related to TLS1.3 support, and addresses a moderate-severity issue related to RSA-encryption ciphersuites. The issue affects usage of gnutls mainly in "cloud" environments which we believe are an essential use case for crypto libs today (see nettle's announcement for more information on the issue [0]). Due to that fix the minimum required version of nettle is 3.4.1. That release marks the 3.6.x as our stable branch, and replaces the 3.5.x branch. The detailed list of changes follows. I'd like to thank everyone who was involved in the release Ander Juaristi, Daiki Ueno, Dmitry Eremin-Solenikov, Simo Sorce, Stefan Berger, Stephan Mueller, Tim R?hsen, Tom Vrancken as well as Niels Mueller for his work on the nettle library which made this release possible. [0]. https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html Changes ======= * Version 3.6.5 (released 2018-12-01) ** libgnutls: Provide the option of transparent re-handshake/reauthentication when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) ** libgnutls: The priority functions will ignore and not enable TLS1.3 if requested with legacy TLS versions enabled but not TLS1.2. That is because if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). ** libgnutls: Change RSA decryption to use a new side-channel silent function. This addresses a security issue where memory access patterns as well as timing on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher attacks. Side-channel resistant code is slower due to the need to mask access and timings. When used in TLS the new functions cause RSA based handshakes to be between 13% and 28% slower on average (Numbers are indicative, the tests where performed on a relatively modern Intel CPU, results vary depending on the CPU and architecture used). This change makes nettle 3.4.1 the minimum requirement of gnutls (#630). [CVSS: medium] ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword in the priority string. It is only accepted as legacy option and is ignored. ** libgnutls: Added support for EdDSA under PKCS#11 (#417) ** libgnutls: Added support for AES-CFB8 cipher (#357) ** libgnutls: Added support for AES-CMAC MAC (#351) ** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D S-BOXes). They are fixed now. ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private keys parsing, as specified in R 50.1.112-2016. ** gnutls-serv: It applies the default settings when no --priority option is given, using gnutls_set_default_priority(). ** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin option (#561) ** certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. ** API and ABI modifications: GNUTLS_AUTO_REAUTH: Added GNUTLS_CIPHER_AES_128_CFB8: Added GNUTLS_CIPHER_AES_192_CFB8: Added GNUTLS_CIPHER_AES_256_CFB8: Added GNUTLS_MAC_AES_CMAC_128: Added GNUTLS_MAC_AES_CMAC_256: Added gnutls_record_get_max_early_data_size: Added gnutls_record_send_early_data: Added gnutls_record_recv_early_data: Added gnutls_db_check_entry_expire_time: Added gnutls_anti_replay_set_add_function: Added gnutls_anti_replay_init: Added gnutls_anti_replay_deinit: Added gnutls_anti_replay_set_window: Added gnutls_anti_replay_enable: Added gnutls_privkey_decrypt_data2: Added Getting the Software ==================== GnuTLS may be downloaded directly from ;. A list of GnuTLS mirrors can be found at ;. Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From gnutls-devel at lists.gnutls.org Sat Dec 1 13:58:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 12:58:21 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) References: Message-ID: New Merge Request !833 https://gitlab.com/gnutls/gnutls/merge_requests/833 Project:Branches: ametzler/gnutls:tmp-ametzler-nettle-not-found-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: gnutls 3.6.5 errs out with "Libnettle **3.4** was not found." when 3.4.**1** was not found. Use a variable to keep status message in sync with check. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 1 15:49:45 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 14:49:45 +0000 Subject: [gnutls-devel] GnuTLS | released 3.4.1 (4353ea02) In-Reply-To: References: Message-ID: You meant "release 3.6.5" right :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/4353ea025ae032887f3e8cf5aadace25662c6b35#note_121550080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 1 21:01:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 20:01:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: I see the automated build of CI images break because latest master of nettle is *not* 3.4.1 or newer. That needs some administrative work to get it fixed everywhere - or fix it a single time for upstream and everything starts working again. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833#note_121567752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 1 23:05:19 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 01 Dec 2018 22:05:19 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: @rockdaboot there are no commits in this MR. Did you push your changes? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833#note_121577103 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 07:24:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 06:24:03 +0000 Subject: [gnutls-devel] GnuTLS | manpage generation: cleanup (!829) In-Reply-To: References: Message-ID: The question is whether we want to do anything for the 3.5.x branch at this point. It is no longer the stable branch, and I do not think we should end-up with multiple supported releases as we'll spend quite a lot on backporting. 3.3.x is supposed to expire in march 2019, so we could assign another lts release, that being 3.6.x, but let's move that in #588. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/829#note_121617239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 07:32:48 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 06:32:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov @lumag commented 8 hours ago > @ametzler there are no commits in this MR. Did you push your changes? You are right - PEBKAC. Thanks for the heads-up. Fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833#note_121617420 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 07:45:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 06:45:22 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Maybe a proposal along with out current process but more precise: 1. Only one LTS release ongoing supported for 3 years. 2. The definition of LTS is that releases will be made during that time on a bi-monthly basis (could be skipped if no changes), 3. Features can enter that release according to the rules in `Introducing new features / modifying behavior` from !816. 4. Security fixes could enter that release if above the severity level high. Currently the only ongoing LTS release is 3.3.x and is expected (according to the milestone info for 3.3.x), to end in march 2019. (3) is so that we don't need to branch master from the LTS unless really necessary. (4) is so that we can untie our hands on very complex fixes which are of moderate/medium or low levels. What do you think? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_121617715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:21:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:21:23 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3: consider the session DB use (#447) In-Reply-To: References: Message-ID: A new DB is being used for zero-rtt. As of now, unless we have some specific requests / use cases it doesn't make sense to consider it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/447#note_121620807 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:21:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:21:23 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3: consider the session DB use (#447) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #447: https://gitlab.com/gnutls/gnutls/issues/447 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/447 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:22:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:22:42 +0000 Subject: [gnutls-devel] GnuTLS | Allow non null terminated usernames for psk (#586) In-Reply-To: References: Message-ID: @juaristi is that something you'd like to check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/586#note_121620879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:27:37 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:27:37 +0000 Subject: [gnutls-devel] GnuTLS | Allow non null terminated usernames for psk (#586) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:27:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:27:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli-debug should test whether RSA key exchange is enabled (#449) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/449 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:10 +0000 Subject: [gnutls-devel] GnuTLS | handle OID 1.3.6.1.4.1.11129.2.4.2 (x.509 extension for certificate transparency SCTs) (#232) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:11 +0000 Subject: [gnutls-devel] GnuTLS | optional: draft-ietf-tls-tls13-23: add support for signature_algorithms_cert extension (#399) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/399 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:12 +0000 Subject: [gnutls-devel] GnuTLS | tls1.3: return early on handshake when no cert is provided by client (#457) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:10 +0000 Subject: [gnutls-devel] GnuTLS | optional: support RSA-PSS with SHA3 (#275) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/275 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:12 +0000 Subject: [gnutls-devel] GnuTLS | change or make configurable to number of tickets to send by default (#596) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:09 +0000 Subject: [gnutls-devel] GnuTLS | optional: provide support for x448 (#86) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/86 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:11 +0000 Subject: [gnutls-devel] GnuTLS | add support for Ed25519 (eddsa) over PKCS#11 (#417) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/417 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:09 +0000 Subject: [gnutls-devel] GnuTLS | optional: Add support for ed448 (#128) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/128 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:09 +0000 Subject: [gnutls-devel] GnuTLS | optional: Support for deterministic ECDSA (#94) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/94 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:11 +0000 Subject: [gnutls-devel] GnuTLS | session tickets: simplify _gnutls_en/decrypt_session_ticket for TLS1.3 (#446) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/446 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:10 +0000 Subject: [gnutls-devel] GnuTLS | add API to get access to early exporter (#329) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/329 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:12 +0000 Subject: [gnutls-devel] GnuTLS | testsuite: eliminate warnings (#462) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/462 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:10 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3 PSK: support PSK with SHA384 (#386) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/386 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:10 +0000 Subject: [gnutls-devel] GnuTLS | optional: consider: client API to save and re-use state per server (#222) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/222 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:12 +0000 Subject: [gnutls-devel] GnuTLS | tls1.3: provide an iovec API for AEAD ciphers (#458) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:30:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:30:21 +0000 Subject: [gnutls-devel] GnuTLS | consider supporting an AEAD mode which does not require unique nonce (#356) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/356 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:29:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:29:11 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3: consider the session DB use (#447) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/447 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:30:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:30:20 +0000 Subject: [gnutls-devel] GnuTLS | allow applications to specify non-crypto use of a cipher algorithm (#353) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:30:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:30:20 +0000 Subject: [gnutls-devel] GnuTLS | add a callback to retrieve missing chain certificates (#202) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/202 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:30:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:30:20 +0000 Subject: [gnutls-devel] GnuTLS | allow applications to specify non-crypto use of a hash algorithm (#352) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:30:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:30:21 +0000 Subject: [gnutls-devel] GnuTLS | add support for AES-CMAC (#351) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:30:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:30:21 +0000 Subject: [gnutls-devel] GnuTLS | add support for AES-CFB8 (#357) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:40:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:40:01 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:40:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:40:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: Reassigned Merge Request 833 https://gitlab.com/gnutls/gnutls/merge_requests/833 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:40:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:40:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: Merge Request !833 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/833 Project:Branches: ametzler/gnutls:tmp-ametzler-nettle-not-found-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:40:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:40:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: Merge Request !833 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/833 Project:Branches: ametzler/gnutls:tmp-ametzler-nettle-not-found-error to gnutls/gnutls:master Author: Andreas Metzler Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:40:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:40:46 +0000 Subject: [gnutls-devel] GnuTLS | Fix error message on too old nettle (!833) In-Reply-To: References: Message-ID: LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/833#note_121621595 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:44:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:44:46 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3 PSK: support PSK with SHA384 (#386) In-Reply-To: References: Message-ID: @juaristi what do you think about this? There was some ietf drive towards a solution, but not sure how is it going. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/386#note_121621775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:47:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:47:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/pkcs11.c: > len = p11_kit_space_strlen(str, str_max); > > if (len + 1 > *output_size) { > - *output_size = len + 1; The rule in such functions is to return `full_size+1` when returning the short memory buffer error, and the `full_size` when returning the actual data. Is that missing from the function you mention? Is there something we should improve in the documentation? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_121621969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:50:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:50:00 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PKCS11_TOKEN_MODNAME is unavailable when a provider is manually loaded (#633) In-Reply-To: References: Message-ID: I like the alternative because it is simpler. Neverthless let's fix any bugs that these functions may have. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/633#note_121622073 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 09:50:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 08:50:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 10:14:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 09:14:50 +0000 Subject: [gnutls-devel] GnuTLS | introduce a gitlab policy to automatically close bugs open for too long without resolution/action (#635) References: Message-ID: New Issue was created. Issue 635: https://gitlab.com/gnutls/gnutls/issues/635 Author: Nikos Mavrogiannopoulos Assignee: There are several old bugs which will never be addressed in practice and they only take space in the issue tracker. We should introduce a process to automatically close bugs without any activity for a year or so. See: https://gitlab.com/gitlab-org/gitlab-triage -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 12:07:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 11:07:43 +0000 Subject: [gnutls-devel] GnuTLS | introduce a gitlab policy to automatically close bugs open for too long without resolution/action (#635) In-Reply-To: References: Message-ID: Wishlist items may get very old (years) which doesn't mean they should be wiped automatically if they are still valid. E.g. I use issue trackers to keep track of "ideas" that could be realized in the far future. There are some of those 5+ years old but still valid... So such an automatism should ignore issues with certain labels. Or the long time issues should be kept somewhere else, e.g. in a wiki page. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/635#note_121632370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 12:21:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 11:21:53 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add CI tarball build (!809) In-Reply-To: References: Message-ID: Extracted some commit into !819. Will rebase this after !819 became merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/809#note_121644814 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 14:22:47 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 13:22:47 +0000 Subject: [gnutls-devel] GnuTLS | Reduce runtime for timeout tests (#636) References: Message-ID: New Issue was created. Issue 636: https://gitlab.com/gnutls/gnutls/issues/636 Author: Tim R?hsen Assignee: Wondering why some tests take a very long time while CPU is idle, I looked into `tests/handshake-timeout.c`. This tests takes 45s, but I expected it to run 30s. The timeout in the client code and the sleep in the server code seem to add up - is this expected behavior ? But anyways, why using 20s timeout in the client code and 30s sleep in the server code at all ? Having 2s and 3s should be fine as well (=stable even on slow machines), reducing execution time from 45s to 5s. I assume this is similar in other slow running timeout tests. I guess we can reduce the time for executing the test harness by 6-8 minutes on a single core CI runner, just by tuning these timeout values. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 14:29:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 13:29:42 +0000 Subject: [gnutls-devel] GnuTLS | manpage generation: cleanup (!829) In-Reply-To: References: Message-ID: Well, 3.5 is the current version in Debian unstable. I'd assume that we'd like to have another release to get latest CVE fix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/829#note_121652654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 14:32:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 13:32:04 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Speaking about Debian, even unstable has 3.5. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_121652788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 14:40:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 13:40:46 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: *Dmitry Eremin-Solenikov @lumag* > Speaking about Debian, even unstable has 3.5. FWIW I intend to switch unstable to 3.6 soonish, now that it has been declared the new stable release branch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_121653267 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 16:30:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 15:30:34 +0000 Subject: [gnutls-devel] GnuTLS | Reduce runtime for timeout tests (#636) In-Reply-To: References: Message-ID: The ci systems are unreliable in terms of execution time and that's why I think we have these values. However we now have virtue-time.h which simulates the time and avoids waits. Maybe we should switch it to it as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/636#note_121660839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 17:57:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 16:57:09 +0000 Subject: [gnutls-devel] GnuTLS | Reduce runtime for timeout tests (#636) In-Reply-To: References: Message-ID: I didn't see `virt-time.h` before. Looks like a good thing ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/636#note_121666639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 18:34:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 17:34:05 +0000 Subject: [gnutls-devel] GnuTLS | Reduce runtime for timeout tests (#636) In-Reply-To: References: Message-ID: But now sure how to apply this to gnutls_handshake() on client and server at the same time (handshake-timeout.c). The test keeps failing then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/636#note_121669274 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 2 19:02:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 02 Dec 2018 18:02:56 +0000 Subject: [gnutls-devel] GnuTLS | Reduce runtime for timeout tests (#636) In-Reply-To: References: Message-ID: Not using virt-time.h, just using a custom pull_timeout function (replaces select()). WDYT ? ``` diff --git a/tests/handshake-timeout.c b/tests/handshake-timeout.c index 52c21f69b4..5e8afe3564 100644 --- a/tests/handshake-timeout.c +++ b/tests/handshake-timeout.c @@ -61,6 +61,14 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } +static int pull_timeout_func(gnutls_transport_ptr_t fd, unsigned int ms) +{ + (void)fd; + (void)ms; + + return 0; +} + static void client(int fd, int wait) { int ret; @@ -90,6 +98,9 @@ static void client(int fd, int wait) gnutls_transport_set_int(session, fd); + if (wait) + gnutls_transport_set_pull_timeout_function(session, pull_timeout_func); + /* Perform the TLS handshake */ do { @@ -151,7 +162,7 @@ static void server(int fd, int wait) gnutls_transport_set_int(session, fd); if (wait) { - sec_sleep(25); + sleep(1); } else { do { ret = gnutls_handshake(session); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/636#note_121671514 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 3 09:25:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Dec 2018 08:25:57 +0000 Subject: [gnutls-devel] GnuTLS | introduce a gitlab policy to automatically close bugs open for too long without resolution/action (#635) In-Reply-To: References: Message-ID: I think my experience using the past trackers, and the old `TODO` file, as well as other teams, showed that wishlist items that do not get addressed in a year or two will never be (of course there are exceptions). Furthermore, the maintenance of such lists that span so many years is a bureaucracy by itself, and I doubt that this list of year-long requests will ever be traversed to decide new features (seeing how other projects with many bugs handle it, saying that's a certainty is more accurate). We can increase the time to two years if you think so, but eventually we would need to be able to keep the issue tracker on a sustainable size to be able to work with it, and I think that closing inactive for 1-2 years bugs helps towards that goal. The reporter or anyone of the involved persons can of course re-open them if they think the issue is important, but something that was important 2-3 years ago, doesn't necessarily mean it is today as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/635#note_121758773 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 3 09:27:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Dec 2018 08:27:17 +0000 Subject: [gnutls-devel] GnuTLS | released 3.4.1 (4353ea02) In-Reply-To: References: Message-ID: Hmm, indeed too many numbers around :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/4353ea025ae032887f3e8cf5aadace25662c6b35#note_121761678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 3 20:44:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 03 Dec 2018 19:44:14 +0000 Subject: [gnutls-devel] GnuTLS | Listening DTLS server responds with HELLO_VERIFY_REQUEST to most messages (#632) In-Reply-To: References: Message-ID: Hi. Attached is an example where the gnutls server is run, some junk message is sent to it and the server response if printed out. Unfortunately, despite my best attempts, I was not able to compile using the src/udp-serv.h headers and src/udp-serv.c which provides the `udp_server` method, method also used by gnutls-serv. Hence, I added a flag which switches between code for launching server via `udp_server` and via the `system` library function. The fix is rather simple, in [udp_server](https://gitlab.com/gnutls/gnutls/blob/master/src/udp-serv.c#L94), upon receiving a first message, check that the message is actually a CLIENT_HELLO before sending a HELLO_VERIFY_REQUEST. What I see as a problem architecturally is that the first step of DTLS lies outside of the handshake and has to be handled by applications that make use of gnutls libraries. It would be nice if there was a DTLS-specific library method which performed DTLS handshakes completely, including this first step. [hello-verify-test.c](/uploads/96b21f35a018933eb42e0946061750ff/hello-verify-test.c) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/632#note_121960413 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 08:00:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 07:00:21 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.5 requires Nettle 3.4.1, but the latter is not released. (#637) References: Message-ID: New Issue was created. Issue 637: https://gitlab.com/gnutls/gnutls/issues/637 Author: Dilyan Palauzov Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 15:59:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 14:59:12 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.5 requires Nettle 3.4.1, but the latter is not released. (#637) In-Reply-To: References: Message-ID: There is 3.4.1rc1: https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/637#note_122195681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 16:09:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 15:09:33 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) References: Message-ID: New Issue was created. Issue 638: https://gitlab.com/gnutls/gnutls/issues/638 Author: Nikos Mavrogiannopoulos Assignee: Currently we use mingw for generating the windows DLLs and testing operation in windows. Consider moving to a more native method for building windows binaries (e.g., appveyor). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 16:20:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 15:20:29 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Reassigned Merge Request 819 https://gitlab.com/gnutls/gnutls/merge_requests/819 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 16:20:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 15:20:32 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 16:21:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 15:21:22 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then That's tricky here. If we do that and `--ask-pass' consistently fails due to a regression the test will still succeed on all systems. What about adding a configure option to disable such tests? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_122202651 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 16:22:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 15:22:18 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/cert-tests/pkcs12-utf8: > -#!/usr/bin/env bash > +#!/bin/sh > Can you do your change in a temp branch in origin so that freebsd is tested as well? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_122203012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 16:28:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 15:28:18 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Other than the comments it looks good to me. In fact some of the tests are simplified. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_122205025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 17:17:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 16:17:04 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) References: Message-ID: New Merge Request !834 https://gitlab.com/gnutls/gnutls/merge_requests/834 Branches: tmp-fix-timeout to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Values < 1000 (1s) failed to work before. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 17:54:37 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 16:54:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) References: Message-ID: New Merge Request !835 https://gitlab.com/gnutls/gnutls/merge_requests/835 Project:Branches: chouquette/gnutls:winstore_patches to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: This set aims at improving building for Windows Store/UWP. It's not enough to completely build, but it solves a few issues already. This is a subset of VideoLAN's patchset, modified to have a better chance of being upstreamed. * Patch 1 is fairly straight forward * Patch 2: I'm not entirely sure where to put the helpers (for now they are only used in a single location -ie. patch 3- and could be static inline, but that doesn't feel like the correct way) * Patch 3: This is a bit ugly, and I wonder if it wouldn't be better to have a complet reimplementation of the function, or if some gnutls_opendir (& co) wrappers wouldn't be more suitable * Patch 4: Not sure there's a better way, some forbidden functions are used and I'm not sure they can be reimplemented another way, I'll let you judge. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 18:28:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 17:28:15 +0000 Subject: [gnutls-devel] GnuTLS | TLS1.3 PSK: support PSK with SHA384 (#386) In-Reply-To: References: Message-ID: @nmav let me have a closer look on Thursday or Friday, and I'll tell you. Same goes for #586 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/386#note_122238914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 19:26:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 18:26:46 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Could the documentation also be clarified on the meaning of the version number? doc/cha-library.texi says: > GnuTLS uses a development cycle where even minor version numbers > indicate a stable release and a odd minor version number indicate a > development release. For example, GnuTLS 1.6.3 denote a stable > release since 6 is even, and GnuTLS 1.7.11 denote a development > release since 7 is odd. but for some reason 3.5 has been declared the "stable branch" before (I don't know the history). And now 3.6.0-3.6.4 was "stable-next" while 3.6.5 has become "stable". I am not sure what this means :/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_122250610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 20:14:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 19:14:29 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.5 requires Nettle 3.4.1, but the latter is not released. (#637) In-Reply-To: References: Message-ID: 3.4.1rc1 is before 3.4.1. In any case it is not possible to build stable GnuTLS 3.6 unless unstable Nettle is used, which is strange dependency. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/637#note_122258567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 20:46:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 19:46:20 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.5 requires Nettle 3.4.1, but the latter is not released. (#637) In-Reply-To: References: Message-ID: 3.4.1rc1 identifies as 3.4.1, so it's possible. You have to either install nettle locally and/or set some ./configure variables correctly (see `./configure --help). I did the former and nettle installed into `/usr/local/lib64`. I then had to add use `PKG_CONFIG_PATH=/usr/local/lib64 ./configure`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/637#note_122264197 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 4 23:15:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 04 Dec 2018 22:15:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_bye(): what security issues implications does using GNUTLS_SHUT_RDWR vs GNUTLS_SHUT_WR have? (#639) References: Message-ID: New Issue was created. Issue 639: https://gitlab.com/gnutls/gnutls/issues/639 Author: HPNoha Assignee: I apologize this is a question more than an actual issue We're having an issue where we see a 30 seconds timeout when we call gnutls_bye() with GNUTLS_SHUT_RDWR and it seems one of the servers we communicate with does not respond with the same message. We're considering using GNUTLS_SHUT_WR but would like to understand the implications of that on other servers which correctly reply with the same message (and hence don't time out) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 01:29:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 00:29:43 +0000 Subject: [gnutls-devel] GnuTLS | introduce a gitlab policy to automatically close bugs open for too long without resolution/action (#635) In-Reply-To: References: Message-ID: I'd also advice against this. We might want to tag all bugs with corresponding release series and close them as serie goes out of support, but I wouldn't suggest to close bugs automatically. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/635#note_122305400 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 06:06:59 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 05:06:59 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.5 requires Nettle 3.4.1, but the latter is not released. (#637) In-Reply-To: References: Message-ID: nettle 3.4.1 is now released. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/637#note_122337192 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 07:35:19 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 06:35:19 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.5 requires Nettle 3.4.1, but the latter is not released. (#637) In-Reply-To: References: Message-ID: Issue was closed by Dilyan Palauzov Issue #637: https://gitlab.com/gnutls/gnutls/issues/637 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/637 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 10:50:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 09:50:32 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: Is the plan to use Cygwin with MSVC? Or are you okay with a new build system like CMake (or Meson)? CMake can natively generate MSVC project files and integrate with msbuild, etc. Not sure about Meson. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_122422301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 11:10:38 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 10:10:38 +0000 Subject: [gnutls-devel] GnuTLS | RFC8463 and signing hashes with ED25519 (#613) In-Reply-To: References: Message-ID: Issue was closed by Dilyan Palauzov Issue #613: https://gitlab.com/gnutls/gnutls/issues/613 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 11:10:38 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 10:10:38 +0000 Subject: [gnutls-devel] GnuTLS | RFC8463 and signing hashes with ED25519 (#613) In-Reply-To: References: Message-ID: According to https://www.ietf.org/mail-archive/web/dcrup/current/msg00985.html RFC8463 and the ED25519 algorithm used in it, can be implemented with the interface offered by GnuTLS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/613#note_122428692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 11:54:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 10:54:08 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: Hmm, I do not think we have ruled it out, though I'm not sure if that's possible with our `./bootstrap` code. Would you like to pitch in at #320 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_122456113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 11:59:35 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 10:59:35 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) what's the reason of these functions, and what's the difference with `_gnutls_utf8_to_ucs2` et al? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122457704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 12:00:59 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 11:00:59 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/x509/verify-high2.c: > unsigned int tl_flags, unsigned int tl_vflags, Is that a change so the code compiles or do you use `gnutls_x509_trust_list_add_trust_dir`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122458045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 12:02:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 11:02:13 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/system/keys-win.c: > -*/ > int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) > { > +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) could you provide more info on the commit message on why is that done? Is it because the windows store doesn't have a key store? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122458400 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 12:03:41 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 11:03:41 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Please increase you CI running time to 2hours. In your fork go to Settings -> CI/CD so that the CI runs complete. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122458761 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 12:57:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 11:57:16 +0000 Subject: [gnutls-devel] GnuTLS | consider using an alternative build system (#320) In-Reply-To: References: Message-ID: autotools is strong with cross-compilation in a *nix environment and has an interface that users are familiar with, but other than that I dislike autotools: - Its configure step is slow. A cache might help a bit with incremental runs, but that does not help with new builds. - It requires autoreconf to be run before anything useful can be done. The dist tarball basically includes a binary blob (nobody is going to read the configure and Makefile.in files). - It pollutes the source tree with Makefile.in and other autogenerated files. I am not aware of any solution for this problem. I've limited experience with Meson (mostly as user), but with have more experience with CMake (I ported over autotools -> CMake for some projects and also work on Wireshark which supports Linux, macOS and Windows through CMake). Some projects spent the majority in autoreconf + configure, more than the actual compilation O_O. CMake: - Incremental builds are fast due to a cache (CMakeCache.txt). This file also remembers previous configuration options. - No need for autoreconf, you can run the "configure" equivalent straight away. - Support for out-of-source tree build without polluting the source tree. - The configuration language is different, but should be more readable than shell code for some equivalent functionality. - Support for native build systems like MSVC (would help with CI on Windows, #638). - Supports generating a "compilation database" with `cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=1`, useful for tools like `clang-check` or editor integration which can use the exact same compile options. - PkgConfig is ubiquitous on Linux for locating packages, but not so much on Windows. CMake supports PkgConfig, but to locate dependencies you would use a "Find" module that locates the library file, header paths and version. This works for all platforms. - I've never tried cross-compiling, but you'd typically use a "toolchain file" and set some other variables (like the root of the target). Note that I have not built GnuTLS from git yet. I aborted it after it tried to spend a lot of time retrieving submodules (like openssl). The bootstrap process seems quite complex, couldn't it be simplified? In general this is how autotools and CMake projects could run: autoreconf -vifs && mkdir build && cd build && CFLAGS="-g" ../configure --disable-doc && make -j$(nproc) && DESTDIR=$PWD/tmp make install mkdir build && cd build && cmake -GNinja -DCMAKE_BUIlD_TYPE=Debug -DENABLE_DOC=OFF .. && ninja && DESTDIR=$PWD/tmp ninja install With meson I believe it will be something like: # set CC to avoid using ccache if installed. Meson does too much magic. CC=gcc meson setup build && cd build && meson configure -Dbuildtype=debug -Denable_doc=false && ninja && DESTDIR=$PWD/tmp ninja install Conversion of GnuTLS build system to either might be quite an undertaking since it has quite some custom logic (configure.ac and .mk files). When converting, typically both systems remain next to each other. Eventually one or more older build systems gets dropped when the CMake system is mature enough. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/320#note_122487335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 14:17:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 13:17:24 +0000 Subject: [gnutls-devel] GnuTLS | record: make CCS handling stricter in TLS 1.3 (!817) In-Reply-To: References: Message-ID: The test script is tracked at: https://github.com/tomato42/tlsfuzzer/pull/466 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/817#note_122516729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 14:18:45 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 13:18:45 +0000 Subject: [gnutls-devel] GnuTLS | consider using an alternative build system (#320) In-Reply-To: References: Message-ID: Autotools may have an interface many are familiar with, but for new developers who are not familiar with it, the learning curve is steep. The GNU build system is terribly difficult to understand and use compared to the likes of CMake. In my (mostly negative) experience autotools often means figuring out the exact combination and order of running `autoconf`, `automake`, `aclocal`, `autoheader`, `autoscan`, `autoreconf` and `configure` with the correct command line options for each (after which things still fail to build properly :crying\_cat\_face:). This is in stark contrast with a single invocation of `cmake`, which is like running `configure`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/320#note_122517078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 14:33:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 13:33:33 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBwdWJs?= =?utf-8?q?ic_keys_and_calculating_bits_=28=23640=29?= References: Message-ID: New Issue was created. Issue 640: https://gitlab.com/gnutls/gnutls/issues/640 Author: Dilyan Palauzov Assignee: Why do gnutls_pubkey_import_x509(key, ?), gnutls_pubkey_import_x509_crq(key, ?), gnutls_pubkey_import_privkey(key, ?), gnutls_pubkey_import(key, ?), gnutls_pubkey_import_rsa_raw(key, ?), gnutls_pubkey_import_dsa_raw(key,?) something with &key->bits, but gnutls_pubkey_import_ecc_x962(key,?), gnutls_import_ecc_raw(key, ?) leave key->bits zero? In particular, after gnutls_pubkey_import_ecc_raw(x, GNUTLS_ECC_CURVE_ED25519, &key, NULL); gnutls_pubkey_verify_data2(x, GNUTLS_SIGN_EDDSA_ED25519, 0, &m, &n); gnutls_pubkey_get_pk_algorithm(x, &b); I expect that b is set, as it is set when I use other key types. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 14:47:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 13:47:42 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) References: Message-ID: New Merge Request !836 https://gitlab.com/gnutls/gnutls/merge_requests/836 Branches: tmp-submodules to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Although we have few submodules they are not all required for building and testing. This patch modified bootstrap.conf not to update all of them, but only the necessary for building and testing. Relates #292 ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 14:52:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 13:52:05 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Autogen prerequisite (!645) In-Reply-To: References: Message-ID: Merge Request !645 was closed by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/645 Project:Branches: rockdaboot/gnutls:autogen-prerequisite to gnutls/gnutls:master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 14:52:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 13:52:05 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Autogen prerequisite (!645) In-Reply-To: References: Message-ID: Closing this as it was superseded by !808 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/645#note_122533177 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 15:39:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 14:39:01 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: Merge Request !836 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/836 Branches: tmp-submodules to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 15:42:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 14:42:17 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: LGTM. To speed up CI we could also clone the submodule repos to the CI images and later `cp -a` them to the right place. A subsequent `git submodule init ...` (in `./bootstrap`) should checkout or update them to the right commit. That means no or small downloads via git. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836#note_122548402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:21:28 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:21:28 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBw?= =?utf-8?q?ublic_keys_and_calculating_bits_=28=23640=29?= In-Reply-To: References: Message-ID: If that happens I guess that's not intentional. Would you like to send an MR with a reproducer (e.g., on `key-import-export.c`) and a fix? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640#note_122560493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:24:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:24:50 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_bye(): what security issues implications does using GNUTLS_SHUT_RDWR vs GNUTLS_SHUT_WR have? (#639) In-Reply-To: References: Message-ID: The reason of sending the TLS close alert (bye RDWR), is to be able to detect that no-one in the middle terminated the TCP stream unexpectedly. If you want to terminate the session and you are not interested in receiving further data then using WR is just fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/639#note_122561405 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:31:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:31:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls installs empty man page (#377) In-Reply-To: References: Message-ID: I believe that this is addressed in 3.6.5. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/377#note_122563471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:31:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:31:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls installs empty man page (#377) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #377: https://gitlab.com/gnutls/gnutls/issues/377 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:35:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:35:10 +0000 Subject: [gnutls-devel] GnuTLS | Webpage should use HSTS (#325) In-Reply-To: References: Message-ID: Issue was moved to another project. New issue location: https://gitlab.com/gnutls/web-pages/issues/2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:38:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:38:13 +0000 Subject: [gnutls-devel] web-pages | Webpage should use HSTS (#2) References: Message-ID: New Issue was created. Issue 2: https://gitlab.com/gnutls/web-pages/issues/2 Author: Hanno B?ck Assignee: Given the push for HTTPS everywhere I think a project developing a TLS library should follow. Right now www.gnutls.org does not redirect HTTP requests to HTTPS and there's no HSTS header sent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/issues/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:40:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:40:15 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_CPUID_OVERRIDE does not have any impact on performance (#566) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #566: https://gitlab.com/gnutls/gnutls/issues/566 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:41:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:41:39 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_CPUID_OVERRIDE does not have any impact on performance (#566) In-Reply-To: References: Message-ID: Issue was reopened by Nikos Mavrogiannopoulos Issue 566: https://gitlab.com/gnutls/gnutls/issues/566 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:44:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:44:44 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_CPUID_OVERRIDE does not have any impact on performance (#566) In-Reply-To: References: Message-ID: The only benchmark that makes sense with these parameters is `--benchmark-tls-ciphers` and you have provided only a run which is unclear whether is run with AESNI or not. Please provide the output of the following commands. It can be that your processor doesn't support any acceleration. That's fine. ``` $ cat /proc/cpuinfo $ GNUTLS_CPUID_OVERRIDE=1 gnutls-cli --benchmark-tls-ciphers $ GNUTLS_DEBUG_LEVEL=3 gnutls-cli --benchmark-tls-ciphers ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/566#note_122567457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:45:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:45:53 +0000 Subject: [gnutls-devel] GnuTLS | 3.6.2 build failed? (#439) In-Reply-To: References: Message-ID: This is already addressed in master branch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/439#note_122567825 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:45:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:45:53 +0000 Subject: [gnutls-devel] GnuTLS | 3.6.2 build failed? (#439) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #439: https://gitlab.com/gnutls/gnutls/issues/439 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:46:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:46:44 +0000 Subject: [gnutls-devel] GnuTLS | certtool: it is not possible to specify serial/crl numbers greater than 2**63-2 (#435) In-Reply-To: References: Message-ID: My understanding is that this issue was addressed by !639. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/435#note_122568090 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:46:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:46:42 +0000 Subject: [gnutls-devel] GnuTLS | certtool: it is not possible to specify serial/crl numbers greater than 2**63-2 (#435) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #435: https://gitlab.com/gnutls/gnutls/issues/435 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/435 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:48:47 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:48:47 +0000 Subject: [gnutls-devel] GnuTLS | Internal Errors (#442) In-Reply-To: References: Message-ID: The last issue mentioned should be addressed already in 3.6.x releases. We furthermore test more with tlsfuzzer which has identified more issues like that. I'm closing this but if there are other related issues feel free to open a new bug, and/or provide an MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/442#note_122568747 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:48:49 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:48:49 +0000 Subject: [gnutls-devel] GnuTLS | Internal Errors (#442) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #442: https://gitlab.com/gnutls/gnutls/issues/442 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:50:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:50:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_bye(): what security issues implications does using GNUTLS_SHUT_RDWR vs GNUTLS_SHUT_WR have? (#639) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #639: https://gitlab.com/gnutls/gnutls/issues/639 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 16:50:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 15:50:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_bye(): what security issues implications does using GNUTLS_SHUT_RDWR vs GNUTLS_SHUT_WR have? (#639) In-Reply-To: References: Message-ID: Closing this as the help-gnutls mailing list is more suitable for this kind of requests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/639#note_122569281 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 17:15:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 16:15:20 +0000 Subject: [gnutls-devel] GnuTLS | consider using an alternative build system (#320) In-Reply-To: References: Message-ID: Sounds like you tried some commands first without reading any docs before :-) The only thing that I dislike with autotools is it's slowness. Though with automated caching (see CONFIG_SITE), `./configure` doesn't take more than a few seconds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/320#note_122577448 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 17:37:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 16:37:13 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: For some reason bootstrap needs to have gnulib installed by git. Our local copy does not seem to satify it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836#note_122583286 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 19:58:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 18:58:03 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: I recently made a test with copying (cp -a) gnulib into the gnutls project dir and bootstrap worked fine. How to reproduce the issue exactly ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836#note_122612722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 20:42:54 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 19:42:54 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBw?= =?utf-8?q?ublic_keys_and_calculating_bits_=28=23640=29?= In-Reply-To: References: Message-ID: I am not going to provide a fix, since I neither understand cryptography and bits very well, nor the internals of GnuTLS. A reproducer: ```diff diff --git a/tests/pubkey-import-export.c b/tests/pubkey-import-export.c --- a/tests/pubkey-import-export.c +++ b/tests/pubkey-import-export.c @@ -285,6 +285,10 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + gnutls_pubkey_get_pk_algorithm(key, &ret); + if (ret == 0) + fail("error: key size is zero\n"); + ret = gnutls_pubkey_verify_params(key); if (ret != 0) fail("error: %s\n", gnutls_strerror(ret)); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640#note_122621556 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 21:38:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 20:38:20 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: The Dockerfiles for the CI images need a full git clone. Some/most have --depth=2, which is not sufficient. Just remove the --depth option. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836#note_122630323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 21:44:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 20:44:12 +0000 Subject: [gnutls-devel] build-images | Make full git clone of gnulib (!13) References: Message-ID: New Merge Request !13 https://gitlab.com/gnutls/build-images/merge_requests/13 Branches: tmp-deep-gnulib to master Author: Tim R?hsen Assignee: Fixes the gnulib issue mentioned in https://gitlab.com/gnutls/gnutls/merge_requests/836 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 22:07:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 21:07:58 +0000 Subject: [gnutls-devel] build-images | Make full git clone of gnulib (!13) In-Reply-To: References: Message-ID: Merge Request !13 was merged Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/13 Branches: tmp-deep-gnulib to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 5 23:40:07 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 05 Dec 2018 22:40:07 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: Merge Request !836 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/836 Branches: tmp-submodules to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 08:36:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 07:36:58 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap: only update the required submodules for building (!836) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/836#note_122729346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 08:52:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 07:52:43 +0000 Subject: [gnutls-devel] GnuTLS | consider using an alternative build system (#320) In-Reply-To: References: Message-ID: I have no love for autotools, and I am not excited about their design or restrictions (i.e., very hard to build on windows natively, m4 macros or a clutter of auto-generated files), so I wouldn't be negative to having a more modern option which is cleaner and moving to something more modern (and cleaner) to autotools which still allows us to run on target platforms (windows/linux/macosx/freebsd). I do not know how easy would a move like that be (e.g., a move to cmake), due to our dependency in gnulib. The following discussion seems quite pessimistic: https://cmake.org/pipermail/cmake/2018-January/066878.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/320#note_122735701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 09:53:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 08:53:01 +0000 Subject: [gnutls-devel] GnuTLS | consider using an alternative build system (#320) In-Reply-To: References: Message-ID: After so many years and so many different build tools I always come back to autotools+gnulib. It's so highly tuneable and makes your software so portable. The cost is it's configuration slowness and you it's hard for beginners. It normally is easily debugable, since it breaks down to a simple (but large) shell script (./configure). The GnuTLS devs have a pretty good knowledge of autotools+gnulib, AFAICS. People who just want to build+use GnuTLS should *always* build from the tarball. Doing so does *not* require autotools at all. The ./configure step just needs a POSIX compatible shell. But anyways, I appreciate it to have a parallel build system like CMake or Meson. Which could help building on Mobile OSes (and/or Windows ?). I see at least two requirements here, a) a second build system *must not* interfere with the current one, and b) someone has to maintain it (regular work until the end of the GnuTLS days). I assume a) is not that hard. But what about b) ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/320#note_122756767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 09:59:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 08:59:03 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: I'd say Cygwin is too good as a Linux wrapper. Testing directly on Windows with (latest) MSVC would be more of a challenge. Since GnuTLS is C99 and MSVC still has issues with that, the clang compiler could be good choice as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_122759291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 10:11:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 09:11:31 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBw?= =?utf-8?q?ublic_keys_and_calculating_bits_=28=23640=29?= In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 10:17:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 09:17:04 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: @nmav This is blocker resp. it stalls my other MRs. Are there concerns about it ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834#note_122764152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 14:37:49 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 13:37:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: @rockdaboot LGTM. Would you like to add a testcase? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834#note_122867119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 15:03:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 14:03:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: I would like to amend handshake-timeout.c in a succeeding MR, so that it check for timout >=1s and <1s. Of course I can add it directly into this MR. WDYT which is better ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834#note_122874649 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 15:14:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 14:14:55 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) That's an overlook on my end. I searched for usage of `MultiByteToWideChar` or `WideCharToMultiByte` but didn't account for iconv. I'll gladly use the existing functions, but I'm not sure how to account for builds without _UNICODE defined though, or is this not supported by GnuTLS? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122880069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 15:28:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 14:28:56 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/x509/verify-high2.c: > unsigned int tl_flags, unsigned int tl_vflags, Not directly from VLC, I suppose the bottom of the question is "is this tested" and to be fair the answer is "I don't know" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122889072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 15:38:35 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 14:38:35 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system/keys-win.c: > -*/ > int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) > { > +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) Windows store drastically limits the available functions. In this case, at least CryptSetProvParam and the NCrypt* functions can't be used -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_122892879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 6 15:54:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 06 Dec 2018 14:54:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: @lumag Added tests to handshake-timeout.c. Also the tests finish immediately after timeout occurs, reducing the total duration from 45s to 1.2s. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834#note_122899716 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 01:19:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 00:19:23 +0000 Subject: [gnutls-devel] web-pages | Webpage should use HSTS (#2) In-Reply-To: References: Message-ID: @dd9jn can you take a look at this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/issues/2#note_123006294 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 07:04:48 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 06:04:48 +0000 Subject: [gnutls-devel] GnuTLS | Libnettle 3.4 not found (#641) References: Message-ID: New Issue was created. Issue 641: https://gitlab.com/gnutls/gnutls/issues/641 Author: Jared White Assignee: Hi there, I'm trying to compile GnuTLS 3.6.5 and I have Nettle on my machine under a non-standard location (i.e., not /usr). I noted some historical mailing list references to converting this search process to pkg-config and I wondered what options I have for specifying a custom search path? Thanks in advance, -Jared -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:12:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:12:29 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: Merge Request !834 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/834 Branches: tmp-fix-timeout to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:12:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:12:44 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: Merge Request !834 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/834 Branches: tmp-fix-timeout to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:14:19 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:14:19 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_handshake_set_timeout() for values < 1000 (!834) In-Reply-To: References: Message-ID: Thanks @lumag ! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/834#note_123196659 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:31:28 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:31:28 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Can someone in short explain/list the incompatibilities of 3.6.5 to 3.5.x ? There's new stuff, but the API is backwards compatible, isn't it !? And if it is, why does Debian stick with 3.5.x ? If we can find out the reason, we might help the package maintainer... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123200704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:36:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:36:30 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: @nmav is the ABI compatibility published anywhere? It seems that [ABI tracker](https://www.gnutls.org/abi-tracker/timeline/gnutls/ ) haven't been updating for quite a long time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123201944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:40:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:40:00 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Just realized that @ametzler is the Debian package maintainer :wink: and that libgnutls 3.6.5-1 is in experimental. But are the reasons that it doesn't go into unstable ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123202758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 12:43:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 11:43:58 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Ah, I found [https://abi-laboratory.pro/index.php?view=timeline&l=gnutls](this one). It looks like 3.6.3 has dropped one C++ symbol. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123203623 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 13:03:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 12:03:20 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: It also affects C: ``` session::set_transport_vec_push_function ( long(*vec_push_func)(void*, giovec_t const*, int) ) ? session::set_transport_vec_push_function ( long(*vec_push_func)(void*, struct iovec const*, int) ) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123214382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 15:00:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 14:00:11 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Not, it's a C++ library. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123257487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 15:09:19 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 14:09:19 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Sorry, I thought the above C++ stuff is just a representation of the C gnutls_transport_set_vec_push_function() and it's second argument (gnutls_vec_push_func). In gnutls.h, the typedef for gnutls_vec_push_func() still uses `const giovec_t * iov`, so all seems fine regarding C. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123259938 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 15:13:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 14:13:52 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: The other one is quite interesting, though it only applies when the application is built with 3.5 and the library is exchanged to 3.6: ``` enum gnutls_protocol_t 1 1 Value of member GNUTLS_TLS_VERSION_MAX has been changed from 4 to 5. Applications may execute a wrong branch of code in the library and therefore change the behavior. ``` But then, why should a application use GNUTLS_TLS_VERSION_MAX explicitly ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123261095 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 15:17:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 14:17:43 +0000 Subject: [gnutls-devel] GnuTLS | Libnettle 3.4 not found (#641) In-Reply-To: References: Message-ID: Please, use `PKG_CONFIG_PATH=/path/to/nettle/lib/pkgconfig` variable: ``` ./configure .... PKG_CONFIG_PATH=/home/nettle/lib/pkgconfig` ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/641#note_123262197 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 15:54:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 14:54:21 +0000 Subject: [gnutls-devel] GnuTLS | Allow non null terminated usernames for psk (#586) In-Reply-To: References: Message-ID: There's no MR here right? @nmav I'm assigning this one to me. If no patch follows in two weeks or so, please ping me ;) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/586#note_123272898 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 15:54:25 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 14:54:25 +0000 Subject: [gnutls-devel] GnuTLS | Allow non null terminated usernames for psk (#586) In-Reply-To: References: Message-ID: Reassigned Issue 586 https://gitlab.com/gnutls/gnutls/issues/586 Assignee changed to Ander Juaristi -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 16:02:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 15:02:14 +0000 Subject: [gnutls-devel] GnuTLS | Libnettle 3.4 not found (#641) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #641: https://gitlab.com/gnutls/gnutls/issues/641 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 17:47:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 16:47:50 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) References: Message-ID: New Issue was created. Issue 644: https://gitlab.com/gnutls/gnutls/issues/644 Author: Florian Pritz Assignee: I've filed a report against msmtp, but msmtp devs think it's an issue with gnutls. Do you guys have an idea what's wrong here? Below is a copy of the inital bug I filed with msmtp. In case you want to look at the original, it's here: https://gitlab.marlam.de/marlam/msmtp/issues/21 ----- When trying to send mails to a postfix server with TLS 1.3 support the TLS connection dies after sending the second EHLO. The only error I see in the msmtp --debug output is this: ``` msmtp: cannot read from TLS connection: the operation timed out ``` I see the problem on my Arch Linux client with msmtp 1.8.0-2 and gnutls 3.6.5-1. With gnutls 3.5.19-2 I do not see the issue. Sadly we don't have any versions in-between to test with. The server is also Arch Linux with postfix 3.3.1-4 and openssl 1.1.1-1. Using `gnutls-cli --starttls 587 $server` works just fine and I see the reply to the second EHLO, which is missing in the `msmtp --debug` output. If you want to test it yourself, feel free to connect to `mail.server-speed.net` on port 587 with arbitrary credentials. It appears that the issue happens well before the login. The output I get with `GNUTLS_DEBUG_LEVEL=6 msmtp --debug` is rather long and I don't want to leak any private information. If you cannot reproduce the issue, please tell me what else you want to know. Here's the part at the end: ``` TLS certificate information: Owner: Common Name: mail.server-speed.net Issuer: Common Name: Let's Encrypt Authority X3 Organization: Let's Encrypt Country: US Validity: Activation time: Sat 27 Oct 2018 12:25:08 AM CEST Expiration time: Thu 24 Jan 2019 11:25:08 PM CET Fingerprints: SHA256: 7B:76:B8:0A:FA:E4:AE:00:B6:8F:24:0E:59:3E:11:BB:67:8F:AC:89:F2:65:0E:4B:BB:4D:12:E4:CB:DD:64:FE SHA1 (deprecated): BA:83:63:D4:47:65:88:62:1D:5A:5E:73:87:C0:E6:5C:D3:31:AC:D0 gnutls[5]: REC[0x5604f0be1070]: Preparing Packet Application Data(23) with length: 16 and min pad: 0 gnutls[5]: REC[0x5604f0be1070]: Sent Packet[1] Application Data(23) in epoch 2 and length: 38 --> EHLO localhost gnutls[5]: REC[0x5604f0be1070]: SSL 3.3 Application Data packet received. Epoch 2, length: 250 gnutls[5]: REC[0x5604f0be1070]: Expected Packet Application Data(23) gnutls[5]: REC[0x5604f0be1070]: Received Packet Application Data(23) with length: 250 gnutls[5]: REC[0x5604f0be1070]: Decrypted Packet[0] Handshake(22) with length: 233 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171 gnutls[4]: HSK[0x5604f0be1070]: NEW SESSION TICKET (4) was received. Length 229[229], frag offset 0, frag length: 229, sequence: 0 gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431 gnutls[4]: HSK[0x5604f0be1070]: parsing session ticket message gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1560 gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1759 gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696 gnutls[5]: REC: Sending Alert[1|0] - Close notify gnutls[5]: REC[0x5604f0be1070]: Preparing Packet Alert(21) with length: 2 and min pad: 0 gnutls[5]: REC[0x5604f0be1070]: Sent Packet[2] Alert(21) in epoch 2 and length: 24 gnutls[5]: REC[0x5604f0be1070]: Start of epoch cleanup gnutls[5]: REC[0x5604f0be1070]: End of epoch cleanup gnutls[5]: REC[0x5604f0be1070]: Epoch #2 freed msmtp: cannot read from TLS connection: the operation timed out ``` Also here's my msmtp config: ``` defaults auth plain tls on tls_starttls on tls_certcheck on tls_trust_file /etc/ssl/certs/ca-certificates.crt account flo host mail.server-speed.net port 587 from bluewind at xinu.at user mail-flo passwordeval getpw-single msmtp3 account default : flo ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 18:00:07 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 17:00:07 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: Merge Request !816 was approved by Ander Juaristi Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/816 Branches: tmp-comment-style to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 19:35:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 18:35:12 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) In-Reply-To: References: Message-ID: The log you sent is uncomplete but shows that msmtp is sending a close request, while the TLS 1.3 handshake is ongoing. There were few applications which make assumptions on how the TLS handshake finishes or works. These broke with TLS 1.3. I will not debug msmtp but if that's the case it may be better to disable TLS1.3 in its configuration. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644#note_123326293 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 20:15:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 19:15:17 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) In-Reply-To: References: Message-ID: Thanks. I've investigated some more and it looks like msmtp calls gnutls_record_recv() and with 3.6.5 (probably earlier 3.6 versions too) this returns -28 which afaict is GNUTLS_E_AGAIN and this leads to an error in the msmtp code. From the gnutls_record_recv() docs it looks like this is incorrectly handled in msmtp so I'll close this issue here for now and talk to msmtp devs again. Thanks for the quick reply! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644#note_123332285 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 20:15:19 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 19:15:19 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) In-Reply-To: References: Message-ID: Issue was closed by Florian Pritz Issue #644: https://gitlab.com/gnutls/gnutls/issues/644 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 20:18:49 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 19:18:49 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: There are no abi breakage in the gnutls lib. Every commit is checked to be backwards compatible with the previous release. The c++ lib issue reported seem to be a naming issue which is detecte as breakage by abi checker. I do not know enough c++ symbol mangling to verify but our abi is the c libraries. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123332834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 7 20:23:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 19:23:32 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: The MAX macros are used internally for enumerating these enumerations. An app that uses it will indeed see the compiled version only. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_123333410 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 8 00:18:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 07 Dec 2018 23:18:04 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) In-Reply-To: References: Message-ID: I just had to rewrite my own code for this reason. With TLS 1.3, gnutls will return GNUTLS_E_AGAIN even if the underlying transport socket is a blocking socket. I'm pretty sure that previously GNUTLS_E_AGAIN was getting returned only with non-blocking sockets as the underlying transport, when reading or writing to the socket came back with EAGAIN. GNUTLS_E_AGAIN was, basically, a passthrough for EAGAIN on the underlying socket. All existing code that uses blocking sockets most likely handles any -1 return from gnutls_record_send(), gnutls_record_recv(), and gnutls_handshake() as a fatal transport error. It doesn't know about special meaning of GNUTLS_E_AGAIN, because it was only seen, up until now, with non-blocking sockets. Existing code that uses non-blocking sockets is unlikely to be affected, as it already understands GNUTLS_E_AGAIN. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644#note_123363338 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 8 10:39:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Dec 2018 09:39:23 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) In-Reply-To: References: Message-ID: @sam.varshavchik In the GNU Wget project, we use blocking sockets and check for GNUTLS_E_AGAIN since 7.5 years. See commit 96c3ec36c: ``` 96c3ec36c (Ray Satiro 2011-04-07 12:25:39 +0200 359) while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); ``` There is no further description to explain why. But there must have been an issue around that time. Prior, the check was just `ret == GNUTLS_E_INTERRUPTED`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644#note_123401927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 8 10:42:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Dec 2018 09:42:06 +0000 Subject: [gnutls-devel] GnuTLS | msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue? (#644) In-Reply-To: References: Message-ID: Oh sorry, just saw the socket is set to non-blocking during the handshake. So please ignore the above comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/644#note_123402073 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 8 13:54:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Dec 2018 12:54:05 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) gnutls uses libunistring (either bundled or the system one) for such conversions. I guess the `_UNICODE` is some windows define, but it is not depended on by gnutls. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123413629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 8 13:58:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Dec 2018 12:58:55 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/x509/verify-high2.c: > unsigned int tl_flags, unsigned int tl_vflags, There is `x509cert-tl.c` which seems to test this function, however even if that runs and is tested, we would need to simplify this function before merging. Seeing it, it may even be simpler to separate the code paths completely as the two paths share few lines only. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123413869 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 8 14:01:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 08 Dec 2018 13:01:16 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/system/keys-win.c: > -*/ > int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) > { > +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) > + return GNUTLS_E_UNIMPLEMENTED_FEATURE; maybe: `gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123414016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 10 15:55:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Dec 2018 14:55:13 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) _UNICODE is the define that switches between `FuncA` and `FuncW` variants, so basically if it's not defined anything that's not plain ascii would fail. When building for winstore, _UNICODE is required as the `FuncA` variants are forbidden/unavailable. I'm fine assuming that _UNICODE is defined and always use ucs8/utf16 on windows (and possibly error out if _UNICODE isn't defined) if that works for you -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123734617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 10 15:56:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Dec 2018 14:56:05 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/x509/verify-high2.c: > unsigned int tl_flags, unsigned int tl_vflags, Agreed, I'll split the function in 2 implementations then -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123734871 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 10 15:58:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Dec 2018 14:58:32 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system/keys-win.c: > -*/ > int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) > { > +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) > + return GNUTLS_E_UNIMPLEMENTED_FEATURE; Ok, I'll update the patch -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123735702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 10 16:58:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Dec 2018 15:58:17 +0000 Subject: [gnutls-devel] GnuTLS | record: make CCS handling stricter in TLS 1.3 (!817) In-Reply-To: References: Message-ID: Waived the failing tests because of #645. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/817#note_123753999 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 10 18:15:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 10 Dec 2018 17:15:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) Well it turns out if _UNICODE isn't defined there's no need to use the _TDIR & co variants, so the existing code can be used on `!defined(_WIN32) || !defined(_UNICODE)` That being said, it means the _UNICODE variant isn't tested with the current CI configuration -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_123780138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 07:01:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 06:01:08 +0000 Subject: [gnutls-devel] GnuTLS | record: make CCS handling stricter in TLS 1.3 (!817) In-Reply-To: References: Message-ID: Merge Request !817 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/817 Branches: tmp-ccs-tls13 to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 07:01:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 06:01:34 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect alert description in Alert Message (#618) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #618: https://gitlab.com/gnutls/gnutls/issues/618 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 07:01:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 06:01:34 +0000 Subject: [gnutls-devel] GnuTLS | record: make CCS handling stricter in TLS 1.3 (!817) In-Reply-To: References: Message-ID: Merge Request !817 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/817 Branches: tmp-ccs-tls13 to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 07:02:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 06:02:00 +0000 Subject: [gnutls-devel] GnuTLS | record: make CCS handling stricter in TLS 1.3 (!817) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/817#note_123936510 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 07:02:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 06:02:01 +0000 Subject: [gnutls-devel] GnuTLS | record: make CCS handling stricter in TLS 1.3 (!817) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 09:38:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 08:38:10 +0000 Subject: [gnutls-devel] GnuTLS | username normalization is not provided by the library (#648) References: Message-ID: New Issue was created. Issue 648: https://gitlab.com/gnutls/gnutls/issues/648 Author: Nikos Mavrogiannopoulos Assignee: For several functions which need a password from the user we provide a UTF-8 password normalization helper function (`gnutls_utf8_password_normalize`). However when a username is provided by the user/application we expect the normalization to happen in the application but we provide no helper. This affects the functions: * `gnutls_psk_set_client_credentials_function` * `gnutls_psk_set_client_credentials` * `gnutls_srp_set_client_credentials` * `gnutls_srp_set_client_credentials_function` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/648 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 20:14:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 19:14:18 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/system/keys-win.c: > -*/ > int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) > { > +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) Ok, let's provide that info in the commit message for future reference. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124167005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 20:18:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 19:18:50 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) Should we? My experience with windows is quite limited. We currently only test windows using mingw, but we should try to move to something more native (discussed in #638) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124167754 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 11 20:25:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 11 Dec 2018 19:25:58 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: What should be our target is to have native building for each platform, i.e., with the native compiler so that it can be consumed by applications in that platform. cygwin is very far from that goal because it brings a very big run-time and very few native windows applications would even consider using it (if any). The mingw builds which we currently have are pretty ok and their output (dlls) can be consumed by native windows applications. What's the problem with this approach though is that we compile and test on Linux/wine, and that doesn't give a good assurance that the output DLLs would work as expected in a native windows system. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_124169349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:40:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:40:44 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Hi, @lumag are you ok after the last changes? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_124268170 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:41:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:41:55 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: I'm closing this as it is unclear what/where and why -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_124268487 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:41:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:41:56 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #647: https://gitlab.com/gnutls/gnutls/issues/647 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:43:51 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:43:51 +0000 Subject: [gnutls-devel] GnuTLS | Getting error "Please insert token 'TEE_TOKEN' in slot and press enter" on searching private objects. (#583) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #583: https://gitlab.com/gnutls/gnutls/issues/583 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:43:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:43:50 +0000 Subject: [gnutls-devel] GnuTLS | Getting error "Please insert token 'TEE_TOKEN' in slot and press enter" on searching private objects. (#583) In-Reply-To: References: Message-ID: Closing as this report is unclear. Please re-open and provide more information if you think that's incorrect. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/583#note_124268967 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:44:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:44:10 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PCERT_NO_CERT is unused (#624) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:51:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:51:01 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PCERT_NO_CERT: marked as unused/ignored (!837) References: Message-ID: New Merge Request !837 https://gitlab.com/gnutls/gnutls/merge_requests/837 Branches: tmp-fix-GNUTLS_PCERT_NO_CERT to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This flag was already unused since gnutls 3.3.x. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/837 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 09:59:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 08:59:57 +0000 Subject: [gnutls-devel] libtasn1 | git repo has broken tags (#3) In-Reply-To: References: Message-ID: Hmm, indeed, the way I solved similar issues in gnutls was by fixing these issues manually and rewriting the repo. If you have some script that automates that I could do that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/3#note_124273916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:01:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:01:55 +0000 Subject: [gnutls-devel] libtasn1 | git repo has broken tags (#3) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #3: https://gitlab.com/gnutls/libtasn1/issues/3 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:01:54 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:01:54 +0000 Subject: [gnutls-devel] libtasn1 | git repo has broken tags (#3) In-Reply-To: References: Message-ID: Actually there was already a script in the linked discussion. Used it and pushed the output. Should be fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/3#note_124274546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:01:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:01:56 +0000 Subject: [gnutls-devel] libtasn1 | git repo has broken tags (#3) In-Reply-To: References: Message-ID: Reassigned Issue 3 https://gitlab.com/gnutls/libtasn1/issues/3 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/3 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:17:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:17:13 +0000 Subject: [gnutls-devel] libtasn1 | .gitlab-ci.yml: added manual build (!6) References: Message-ID: New Merge Request !6 https://gitlab.com/gnutls/libtasn1/merge_requests/6 Branches: tmp-manual to master Author: Nikos Mavrogiannopoulos Assignee: This automatically creates an online version of the manual. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:21:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:21:08 +0000 Subject: [gnutls-devel] libtasn1 | auto-generate manual (#2) In-Reply-To: References: Message-ID: Reassigned Issue 2 https://gitlab.com/gnutls/libtasn1/issues/2 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:24:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:24:58 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PCERT_NO_CERT: marked as unused/ignored (!837) In-Reply-To: References: Message-ID: Merge Request !837 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/837 Branches: tmp-fix-GNUTLS_PCERT_NO_CERT to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/837 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:26:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:26:00 +0000 Subject: [gnutls-devel] libtasn1 | auto-generate manual (#2) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #2: https://gitlab.com/gnutls/libtasn1/issues/2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:26:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:26:00 +0000 Subject: [gnutls-devel] libtasn1 | auto-generate manual (#2) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #2: https://gitlab.com/gnutls/libtasn1/issues/2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/2 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 10:26:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 09:26:00 +0000 Subject: [gnutls-devel] libtasn1 | .gitlab-ci.yml: added manual build (!6) In-Reply-To: References: Message-ID: Merge Request !6 was merged Merge Request url: https://gitlab.com/gnutls/libtasn1/merge_requests/6 Branches: tmp-manual to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 11:23:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 10:23:44 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PCERT_NO_CERT: marked as unused/ignored (!837) In-Reply-To: References: Message-ID: Merge Request !837 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/837 Branches: tmp-fix-GNUTLS_PCERT_NO_CERT to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/837 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 11:51:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 10:51:03 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Merge Request !808 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/808 Branches: tmp-autogen-bak-update to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 11:52:07 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 10:52:07 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Yes, it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_124306354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 11:52:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 10:52:34 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: @dueno there are merge conflicts. Could you please rebase this MR? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_124306541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 12:59:40 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 11:59:40 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PCERT_NO_CERT is unused (#624) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #624: https://gitlab.com/gnutls/gnutls/issues/624 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/624 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 12:59:45 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 11:59:45 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PCERT_NO_CERT is unused (#624) In-Reply-To: References: Message-ID: Closed by https://gitlab.com/gnutls/gnutls/merge_requests/837 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/624#note_124326180 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 13:00:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 12:00:43 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PKCS11_TOKEN_MODNAME is unavailable when a provider is manually loaded (#633) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 13:00:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 12:00:44 +0000 Subject: [gnutls-devel] GnuTLS | Listening DTLS server responds with HELLO_VERIFY_REQUEST to most messages (#632) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/632 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 18:11:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 17:11:21 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) I think it would be a good idea. IMO you should enable it by default (ie. simply add -D_UNICODE=1 to your CFLAGS). Windows relies on that macro to switch between multiple functions & types, so as far as the build system goes, that's the only change. That being said, it will most likely break a lot of things. It might be quite a bit of work to change that. For VLC we do enforce unicode when building for windows store (there is no choice), and it worked to a certain extent (we are having some issues with the recent versions and it's hard to debug since our builds don't have PDBs yet) Regarding the switch to native builds, all I can say is that VideoLAN only does cross compilation and it has worked fine for quite some time, and building on Windows using things such as msys2 is slow as hell, on top of being quite painful from time to time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124461093 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 18:12:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 17:12:21 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on lib/system/keys-win.c: > -*/ > int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) > { > +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) The commit message was updated -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124461302 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 18:22:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 17:22:13 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: @lumag, rebased now. Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_124463958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 12 23:53:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 12 Dec 2018 22:53:29 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Merge Request !808 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/808 Branches: tmp-autogen-bak-update to master Author: Daiki Ueno Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 09:39:48 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 08:39:48 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#if _WIN32 > +#include > +TCHAR *str_to_wide(const char *utf8) ok, thanks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124613675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 09:40:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 08:40:03 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: All discussions on Merge Request !835 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/835 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 09:41:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 08:41:39 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Winstore patches (!835) In-Reply-To: References: Message-ID: It looks good to me. Please remove the WIP when ready for merge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124614078 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 09:43:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 08:43:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: How are we going to proceed with it? Would you like to restrict the MR to the memleak only to continue? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124614523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 11:04:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 10:04:18 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Oops, actually it seems on your build machine TCHAR isn't available, but _TCHAR is. I'll fix the patch, and try to provide another PR to enable unicode while at it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124638845 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 12:21:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 11:21:33 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) References: Message-ID: New Merge Request !838 https://gitlab.com/gnutls/gnutls/merge_requests/838 Project:Branches: chouquette/gnutls:unicode_support to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: This MR adds a --enable-unicode flag to configure.ac, in order to define _UNICODE. It also adds a CI configuration to build & run the tests with it. I'm not sure if you'd prefer to tweak an existing configuration instead of adding a new one ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 12:24:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 11:24:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: I overlooked ucs2/utf16 compatibility, so as it turns out, there is a need for an utf8 -> utf16 conversion helper, which is added to the patchset. I'd be in favor of merging this MR after !838 gets in (if it does, obviously :) ), so that the changes are actually tested by the CI -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_124667795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:16:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:16:14 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: We have two targets (MinGW32.DLLs, MinGW64.DLLs) that produce DLLs for download. What should we do with them in regards to unicode flag? Should we build them with that flag or not? Maybe the question is would in your opinion a typical application in windows using these DLLs be built with the unicode flag? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124682671 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:17:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:17:08 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on configure.ac: > > AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") > > +AC_ARG_ENABLE(unicode, AS_HELP_STRING([--enable-unicode], let's name it enable-windows-unicode for clarity. We support "unicode" in other platforms. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124682860 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:18:36 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:18:36 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on .gitlab-ci.yml: > - build/tests/*/*.log > retry: 1 > > +MinGW32-Unicode: You are using the 32-bit variant of windows here. Would the 64-bit be more relevant for new apps? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124683232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:18:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:18:42 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Reassigned Merge Request 838 https://gitlab.com/gnutls/gnutls/merge_requests/838 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:35:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:35:34 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on .gitlab-ci.yml: > - build/tests/*/*.log > retry: 1 > > +MinGW32-Unicode: I modified a single configuration to avoid a too intrusive change, but I'll gladly add the flag to all config or add a win64 config :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124688163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:43:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:43:06 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on configure.ac: > > AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") > > +AC_ARG_ENABLE(unicode, AS_HELP_STRING([--enable-unicode], IMO, unicode support should be mandatory, but changing that is not something I feel comfortable doing to be honest. As far as I can see, `load_dir_certs` was the only place using ANSI functions variant unconditionally, so in theory it shouldn't impact much to switch -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124690275 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:59:02 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:59:02 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: All discussions on Merge Request !827 were resolved by Peter Wu https://gitlab.com/gnutls/gnutls/merge_requests/827 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 13:59:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 12:59:03 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Peter Wu commented on a discussion on lib/pkcs11.c: > len = p11_kit_space_strlen(str, str_max); > > if (len + 1 > *output_size) { > - *output_size = len + 1; I see, I've reverted this change and clarified the documentation in the new patch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124695169 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 14:03:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 13:03:20 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: I've updated the documentation. Testing for TOKEN_MODNAME is not possible at the moment for reasons outlined in https://gitlab.com/gnutls/gnutls/issues/633#note_121461229 (manually added modules always have a NULL value). I think this MR is ready now, tests could be added while working on #633. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124696384 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 14:15:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 13:15:12 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_PKCS11_TOKEN_MODNAME is unavailable when a provider is manually loaded (#633) In-Reply-To: References: Message-ID: Update: while playing with this, it does not seem to be possible to use `p11_kit_module_get_name` for manually loaded modules, it simply returns NULL: ``` Breakpoint 1, 0x00007ffff7bceb70 in p11_kit_config_option () from /usr/lib/libp11-kit.so.0 (gdb) bt #0 0x00007ffff7bceb70 in p11_kit_config_option () from /usr/lib/libp11-kit.so.0 #1 0x00007ffff7e617cb in ?? () from /usr/lib/libgnutls.so.30 #2 0x00007ffff7e679b3 in ?? () from /usr/lib/libgnutls.so.30 #3 0x00007ffff7e68324 in gnutls_pkcs11_token_get_info () from /usr/lib/libgnutls.so.30 #4 0x0000555555684f07 in print_info (url="pkcs11:model=SoftHSM%20v2;...", label="Mod", type=GNUTLS_PKCS11_TOKEN_MODNAME) at main.c:119 ... (gdb) p (char*)p11_kit_module_get_name($rdi) $9 = 0x0 (gdb) p (char*)p11_kit_module_get_filename($rdi) $10 = 0x606000001d00 "/tmp/softhsm/prefix/lib64/softhsm/libsofthsm2.so" ``` Reproduced with: - Distribution: Arch Linux - p11-kit 0.23.14-1 - gnutls 3.6.5-1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/633#note_124700682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 14:43:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 13:43:56 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/pkcs11.c: > goto cleanup; > } > > - snprintf(output, *output_size, "%s", tn.modname); > - *output_size = strlen(output); > - ret = 0; > - goto cleanup; > + modname = tn.modname; > + if (modname == NULL) { > + gnutls_assert(); I'm afraid of this because it is an ABI change and may break applications printing info using this API. What about returning an empty string instead? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124709444 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 15:01:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 14:01:23 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Peter Wu commented on a discussion on lib/pkcs11.c: > goto cleanup; > } > > - snprintf(output, *output_size, "%s", tn.modname); > - *output_size = strlen(output); > - ret = 0; > - goto cleanup; > + modname = tn.modname; > + if (modname == NULL) { > + gnutls_assert(); Are you concerned about applications passing an uninitialized buffer and then trying to read uninitialized memory or the fact that the return value changed? Previously `(null)` would be printed (or the application crashes depending on the C library), so I would argue that returning an error is also an appropriate action. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124714976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 15:14:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 14:14:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on lib/pkcs11.c: > goto cleanup; > } > > - snprintf(output, *output_size, "%s", tn.modname); > - *output_size = strlen(output); > - ret = 0; > - goto cleanup; > + modname = tn.modname; > + if (modname == NULL) { > + gnutls_assert(); Yes, with glibc applications printed `(null)` but did not get an error. What I worry with the error code is that if the application would now receive an error it may exercise a code path that leads to a fatal error for the user. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124719704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 15:17:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 14:17:31 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on configure.ac: > > AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") > > +AC_ARG_ENABLE(unicode, AS_HELP_STRING([--enable-unicode], My comment was on the name of the help string, but if you think that unicode makes sense to be mandatory for windows, let's not make it optional. Is there a reason an application will not want to have unicode defined? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124720601 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 15:25:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 14:25:43 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Hugo Beauz?e-Luyssen commented on a discussion on configure.ac: > > AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") > > +AC_ARG_ENABLE(unicode, AS_HELP_STRING([--enable-unicode], None that I can think of -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124722985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 15:33:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 14:33:29 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: All discussions on Merge Request !827 were resolved by Peter Wu https://gitlab.com/gnutls/gnutls/merge_requests/827 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 15:33:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 14:33:30 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Peter Wu commented on a discussion on lib/pkcs11.c: > goto cleanup; > } > > - snprintf(output, *output_size, "%s", tn.modname); > - *output_size = strlen(output); > - ret = 0; > - goto cleanup; > + modname = tn.modname; > + if (modname == NULL) { > + gnutls_assert(); Code search through Github for `GNUTLS_PKCS11_TOKEN_MODNAME` or https://codesearch.debian.net/search?q=GNUTLS_PKCS11_TOKEN_MODNAME did not show users other than GnuTLS src/pkcs11.c An empty value is a reasonable value though, so I'll change it anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_124725325 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 17:19:07 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 16:19:07 +0000 Subject: [gnutls-devel] GnuTLS | native windows builds (#638) In-Reply-To: References: Message-ID: > Since GnuTLS is C99 and MSVC still has issues with that, the clang compiler could be good choice as well. Newer versions of MSVC are apparently getting usable, lots of useful C99 features are available: https://gitlab.com/wireshark/wireshark/blob/v2.9.1rc0/doc/README.developer#L68 Installing VS2015 has also become easier compared to older versions, you can install the standalone compiler and tools without installing the full Visual Studio IDE. Applications built against VS2015 can also be mixed with VS2017 as they have a compatible runtime library. (This was not the case for older versions, e.g. you had to recompile when moving from msvc2013 -> 2015. Definitely not for C++, not sure about C.). For the tools vs IDE info, see also https://blogs.msdn.microsoft.com/vcblog/2015/11/02/announcing-visual-c-build-tools-2015-standalone-c-tools-for-build-environments/ Using Clang instead of MSVC might be an option if MSVC (unexpectedly?) fails to build. The main pain will probably be in the shellscript-based test framework though. In case it helps, we rewrote our shell-based test suite to Python (unittest/pytest) which finally allowed us to ditch Cygwin. (Python, git, Strawberry Perl, CMake are natively available on Windows.) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/638#note_124757081 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 17:46:02 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 16:46:02 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) References: Message-ID: New Merge Request !839 https://gitlab.com/gnutls/gnutls/merge_requests/839 Project:Branches: chouquette/gnutls:use_CertOpenStore to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 17:46:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 16:46:39 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Updated the patch to unconditionally enable unicode, so the CI patch was removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_124764094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 13 19:13:41 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 13 Dec 2018 18:13:41 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Andreas Metzler started a new discussion: Daiki Ueno @dueno commented 2 weeks ago > I guess such situation could be effectively avoided if: > > we check the installed libopts version and > fallback to use the bundled libopts if the system libopts is older > > Still, the user might want to link against the (older) system libopts. In that case, however, I think he wouldn't mind removing .stamp manually. Sorry for following up late. Did you check whether this test (system libopts >= tarball libopts) is sufficient? Or is it documented that files autogened by autogen X can safely be used with libopts X, X+1, etc? I am not completely sure but I think only these two scenarios are safe: a) use prebuilt autogened files to link statically against tarball included libopts tearoff b) Use locally installed autogen to regenerate everything and link against locally installed libopts -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_124782407 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 14 16:01:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Dec 2018 15:01:20 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Reduce capi usage (!840) References: Message-ID: New Merge Request !840 https://gitlab.com/gnutls/gnutls/merge_requests/840 Project:Branches: chouquette/gnutls:reduce_capi_usage to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: This MR aims at reducing the use of deprecated crypto APIs, which are forbidden when building for Windows Store. A few notes: * This currently can't be built on the CI docker images (it misses some patches on bcrypt.h and I just sent another patch upstream that hasn't be merged, to allow ncrypt.h to be used) * Not using dynamic loading for NCrypt APIs means that -lncrypt needs to be added to the libraries, which isn't done yet. I'm not sure what the best way is, so far my best idea is to have a `--enable-winstore` flag and provide the extra libraries to lib/Makefile.am & gnutls.pc ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 14 16:02:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Dec 2018 15:02:44 +0000 Subject: [gnutls-devel] GnuTLS | Tests with RSA-PSS private_key and rsae/rsa-pss signature schemes. (#646) In-Reply-To: References: Message-ID: Test-cases: ``` 'check CertificateRequest sigalgs' 'RSA-PSS only' 'sanity' ``` are working for GnuTLS, these tests failed due to a bug in tlsfuzzer https://github.com/tomato42/tlsfuzzer/issues/483 . (But please retest it after fixing tlsfuzzer) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/646#note_125077573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 14 18:10:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 14 Dec 2018 17:10:22 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Removed the `#ifdef _UNICODE` since !838 enables unicode unconditionally -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125110545 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 13:39:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 12:39:39 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then Sorry, what exactly is tricky ? This change just replaces bash's `<<<` with the POSIX `< From gnutls-devel at lists.gnutls.org Sat Dec 15 13:40:19 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 12:40:19 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/cert-tests/pkcs12-utf8: > -#!/usr/bin/env bash > +#!/bin/sh > Sorry, oversaw this comment... now pushed to origin. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125227287 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:16:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:16:24 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then It does more than that. It retries without `--ask-pass` if it fails. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125261819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:17:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:17:34 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: All discussions on Merge Request !838 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/838 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:18:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:18:04 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Merge Request !838 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/838 Project:Branches: chouquette/gnutls:unicode_support to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:18:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:18:23 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Merge Request !838 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/838 Project:Branches: chouquette/gnutls:unicode_support to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:18:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:18:39 +0000 Subject: [gnutls-devel] GnuTLS | Unicode support (!838) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/838#note_125262244 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:21:26 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:21:26 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on lib/system.c: > gnutls_gettime = _gnutls_gettime; > } > > +#ifdef _WIN32 > +int _gnutls_utf8_to_utf16(const char* utf8, gnutls_datum_t * output) > +{ > + int len = MultiByteToWideChar (CP_UTF8, 0, utf8, -1, NULL, 0); > + if (len == 0) > + return GNUTLS_E_MEMORY_ERROR; Isn't this identical to `_gnutls_utf8_to_ucs2`? We can rename it to `_gnutls_utf8_to_utf16` for clarity if that's the case. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125262796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:36:25 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:36:25 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: [MSDN recommends the use of `CertOpenSystemStore`](https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-certopenstore), but if the latter is not available we should change to the most portable version. Can you verify that the output of both calls loads the same number of certificates? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_125264355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 21:50:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 20:50:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Looking it through it seems there is another memleak for the same reason in `gnutls_pkcs11_token_get_ptr()`. It is run in the testsuite but wasn't caught for the same reason you mentioned (NULL in modname for explicit providers). Would you like to fix it in this patch set? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_125266018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 22:04:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 21:04:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Done, there do not seem to be other users of the p11_kit function nor this module callback. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_125267477 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 22:06:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 21:06:04 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then Sorry, just looked at the code snippet shown here. You are right. See my comments there... what do you suggest ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125267528 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 22:10:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 21:10:30 +0000 Subject: [gnutls-devel] GnuTLS | Add support for TLS handshake with raw public keys (#26) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #26: https://gitlab.com/gnutls/gnutls/issues/26 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/26 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 22:10:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 21:10:30 +0000 Subject: [gnutls-devel] GnuTLS | optional: add support for raw public keys under TLS1.3 (#280) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #280: https://gitlab.com/gnutls/gnutls/issues/280 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/280 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 23:08:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 22:08:01 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: AFAIU, ucs2 is a fixed length coding, while utf16 is a variable length one, so for a specific subset it might work, but in general, it won't. But in any case, theory aside, the tests were failing with the ucs2 variant, and passing with the utf16 one -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125271673 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 15 23:10:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 15 Dec 2018 22:10:46 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: I'll try to craft a unit test that compares the results for both calls early next week -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_125271979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 06:34:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 05:34:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Merge Request !827 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/827 Project:Branches: Lekensteyn/gnutls:fix-token-info-modname to gnutls/gnutls:master Author: Peter Wu Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 06:35:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 05:35:10 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827#note_125295150 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 06:33:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 05:33:52 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: > AFAIU, ucs2 is a fixed length coding, while utf16 is a variable length one, so for a specific subset it might work, but in general, it won't. I understand that, but if you see the function I referenced, it does utf8->utf16 conversion. The UCS2 is only on its name. Maybe we should rename it as part of this changeset to avoid future confusion. > But in any case, theory aside, the tests were failing with the ucs2 variant, and passing with the utf16 one What does it fail? There could be a bug here. Does windows require some specific canonical form? In the past we were using the windows conversion functions as you introduced them here, however we removed them because they had no reference to what standard they were using, my assumption was UCS2 because they didn't easily support variable length encoding, and thus the current name of the function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125295115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 06:34:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 05:34:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix gnutls_pkcs11_token_get_info for short output buffers and fix a memleak (!827) In-Reply-To: References: Message-ID: Merge Request !827 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/827 Project:Branches: Lekensteyn/gnutls:fix-token-info-modname to gnutls/gnutls:master Author: Peter Wu Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 08:57:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 07:57:14 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from rmbeer2@gmail.com): Fail Handsake (#649) In-Reply-To: References: Message-ID: Unfortunately that is insufficient information for a bug report. Given that this is a SIGPIPE, most likely it is best to report it to the application using gnutls. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/649#note_125303064 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 08:58:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 07:58:29 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then What about disabling this test only on this platform (e.g., with a configure option). That way we can be sure it is tested everywhere else. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125303111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 14:21:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 13:21:55 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Andreas Metzler @ametzler commented 1 week ago [Debian] > FWIW I intend to switch unstable to 3.6 soonish, now that it has been declared the new stable release branch. I have just pushed the upload, now that the glibc transition i completed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_125320149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 17:52:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 16:52:50 +0000 Subject: [gnutls-devel] build-images | use the system's nettle in debian/fedora (!14) References: Message-ID: New Merge Request !14 https://gitlab.com/gnutls/build-images/merge_requests/14 Branches: tmp-use-system-nettle to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 16 21:44:38 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 16 Dec 2018 20:44:38 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then Another solution would be to check for the current shell in runtime. If the script is not run by bash or dash, we return 77 (SKIP). Maybe we can even check if `< From gnutls-devel at lists.gnutls.org Mon Dec 17 07:32:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 06:32:43 +0000 Subject: [gnutls-devel] build-images | use the system's nettle in debian/fedora (!14) In-Reply-To: References: Message-ID: Merge Request !14 was merged Merge Request url: https://gitlab.com/gnutls/build-images/merge_requests/14 Branches: tmp-use-system-nettle to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/build-images/merge_requests/14 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 09:04:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 08:04:42 +0000 Subject: [gnutls-devel] GnuTLS | Restore usage of mod_auth_st in TLS 1.3 code (#650) References: Message-ID: New Issue was created. Issue 650: https://gitlab.com/gnutls/gnutls/issues/650 Author: Tom Assignee: Under TLS <1.3 we use the `mod_auth_st` to define authentication mechanisms and have a nice abstraction mechanism to delegate authentication handling routines to different functions. In TLS 1.3 code this mechanism has been removed. I think this is a regression in code versatility. Since we are adding new authentication mechanisms (Raw public-keys recently and Kerberos in the near future) we are going to need this `mod_auth_st` again. The RawPK code happened to work under the new system but this is actually a coincidence and the current code path for TLS 1.3 is a bit less efficient than the path for TLS <1.3. I'm curious why `mod_auth_st` is not used in TLS 1.3 code? If there are no objections I would like to reintroduce it in order to be able to implement TLS-KDH and optimize Raw public-key code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/650 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 09:08:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 08:08:29 +0000 Subject: [gnutls-devel] GnuTLS | Restore usage of mod_auth_st in TLS 1.3 code (#650) In-Reply-To: References: Message-ID: `mod_auth_st` was an abstraction that made sense for TLS1.2 mechanisms. It didn't for TLS1.3 (there are no multiple key exchange methods here, just one) and thus it was not used. It is best to adapt new code to the new layout. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/650#note_125419751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 09:09:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 08:09:23 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from rmbeer2@gmail.com): Fail Handsake (#649) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #649: https://gitlab.com/gnutls/gnutls/issues/649 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/649 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 13:32:51 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 12:32:51 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: I have to apologize, I screwed up something during my tests. It works fine with the _ucs2 variant! Patchset updated accordingly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125496088 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 14:39:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 13:39:52 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then That could work too. I wouldn't overcomplicate things by testing for standard features. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125515675 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 14:46:02 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 13:46:02 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: The failure seems unrelated to this patch set and is most likely a gnulib issue. @rockdaboot is there a way to hardcode a version of gnulib which is known to be working in our bootstrap.conf? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125517633 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 15:13:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 14:13:57 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then I couldn't find a simple test, especially not one that works for arbitrary shells. So, back at using a configure option which sets a variable which is then tested within the script. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125528466 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 17 15:45:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 17 Dec 2018 14:45:05 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: @nmav `./bootstrap` checks out that version of gnulib that has been last committed into the gnutls repo. So if our 'master' passes CI, a rebase of this MR branch should also pass. I suggest to add build/gl/tests/*.log to the cross CI template, then rebase this MR and we'll have more info about what is going on. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125541135 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 03:38:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 02:38:09 +0000 Subject: [gnutls-devel] libtasn1 | Gcc 8 flags buffer violation while parsing tokens. Adding "-" seems to break the parser doing snprintf. (#6) References: Message-ID: New Issue was created. Issue 6: https://gitlab.com/gnutls/libtasn1/issues/6 Author: Terry Jones Assignee: ## Description of problem: Found a bug in the parser for Gnu libtasn1-4.9, they in the case of making the tokens and by that adding a "-" to the string go over the length of their buffer. So the problem is using a sizeof on the buffer size and making the buffer too short. Looks like two problems, this way the problem creeps as you grow the buffer to add room for the "-": ## Version of libtasn1 used: Gnu 1-4.9 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) Gnu source tarball. ## How reproducible: Compile using Gcc 8 using -Werror=format-truncation Steps to Reproduce: * one Unpack tarball and run configure, please see attached config.status. * two Make using those flags. * three See Gcc flag the error as follows: ## Actual results: GNU C17 (GCC) version 8.2.0 (x86_64-pc-linux-gnu) compiled by GNU C version 8.2.0, GMP version 6.1.2, MPFR version 4.0.1, MPC version 1.1.0, isl version none GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072 Compiler executable checksum: 81f798d4ff0871f00b0a4f3f1296b20a ASN1.c: In function '_asn1_yyparse': ASN1.y:164:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=] | '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^~~~~ ASN1.y:164:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65 | '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASN1.y:152:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=] neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^~~~~ ASN1.y:152:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65 neg_num : '-' NUM {snprintf($$,sizeof($$),"-%s",$2);} ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Makefile:1112: recipe for target 'ASN1.lo' failed Please see: [config.status](/uploads/7cc9158451b4dbe2846fb9ebb6416fe7/config.status) [gcc_v.txt](/uploads/5999709704b2c0635b697fd893c77e0e/gcc_v.txt) ## Expected results: No warning or errors. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/6 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:15:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:15:22 +0000 Subject: [gnutls-devel] libtasn1 | Gcc 8 warns on buffer truncation (#6) In-Reply-To: References: Message-ID: Thank you for reporting this. I've renamed it for clarity. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/6#note_125727456 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:33:45 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:33:45 +0000 Subject: [gnutls-devel] GnuTLS | WIP: CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: If @rockdaboot and @lumag that's ok with you too I'll merge it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816#note_125731419 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:46:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:46:39 +0000 Subject: [gnutls-devel] libtasn1 | Gcc 8 warns on buffer truncation (#6) In-Reply-To: References: Message-ID: You are welcome, and thanks for your efforts here. That is a better title I'd guess. The problem looks to be important as the code section is likely passing a longer string to snprintf than it indicates with the character count. Adding the additional "-" guarantees that you will be one longer than expected from what I can see. I'd think that you'd need to track current new token chars on top of current past line length chars as well as total buffer length. This approach looks to not check return from snprintf, not ideal, and just "Adding" the "-" says using sizeof the current token, which gets bumped by one, and the length means Gcc is right to complain. >From what I can see. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/6#note_125734459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:47:47 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:47:47 +0000 Subject: [gnutls-devel] GnuTLS | Restore usage of mod_auth_st in TLS 1.3 code (#650) In-Reply-To: References: Message-ID: Issue was closed by Tom Issue #650: https://gitlab.com/gnutls/gnutls/issues/650 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/650 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:53:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:53:12 +0000 Subject: [gnutls-devel] GnuTLS | Clarify semantics for our supported releases (#651) References: Message-ID: New Issue was created. Issue 651: https://gitlab.com/gnutls/gnutls/issues/651 Author: Nikos Mavrogiannopoulos Assignee: Given that our defacto LTS release (3.3.x) is expiring in march 2019, I'd like to make a proposal for further clarifying our current release message: 1. We will have a release branch supported for 2 years, tagged as *LTS* (long-term-support); there can be only one such branch 2. We may have a release branch continuously updated which is tagged as *next*. When the support time for current *LTS* release expires, either it is extended for another two years or the *next* branch becomes *LTS*. Properties of the *LTS* release branch: - Periodic releases will be made during that time on a bi-monthly basis (could be skipped if no significant changes are accumulated), - Features can enter that release according to the rules in `Introducing new features / modifying behavior` from !816. - Security fixes will enter that release if above the severity level high according to CVSS; may enter on moderate or lower. - No incompatible ABI or API changes - New features added when deemed important but do not modify the default behavior (more details will be in CONTRIBUTIONS.md) Properties of the *next* release branch: - No incompatible ABI or API changes (see CONTRIBUTIONS.md) for details; unless there is a wide agreement/consensus for ABI breakage - When the ABI breaks the current LTS release expiration is renewed to maximum, to allow time to distributions to migrate - The default behavior of the library can be change, as long as the changes are included in the documentation (section upgrade of manual) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/651 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:54:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:54:09 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #588: https://gitlab.com/gnutls/gnutls/issues/588 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 09:54:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 08:54:09 +0000 Subject: [gnutls-devel] GnuTLS | Clarify or improve our supported releases meaning (#588) In-Reply-To: References: Message-ID: I've replaced this issue with a concrete proposal at #651. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/588#note_125736378 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 10:08:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 09:08:20 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: I recently had a discussion in the libpsl project that made me investigate and check the C99 spec (and additional clarifications). A leading underscore is reserved except for function local scope (e.g. variable names within a function may have a leading underscore). Personally, I use leading _ for (static) file local identifiers (functions and variables) in almost all my code. There never was a 'conflict' or something... but who knows for the future. Even static analyzers as lgtm.com don't complain about such identifiers. So I mention it here just for completeness. Else, LGTM. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816#note_125740409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 10:08:25 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 09:08:25 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: Merge Request !816 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/816 Branches: tmp-comment-style to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 11:00:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 10:00:14 +0000 Subject: [gnutls-devel] GnuTLS | introduce a gitlab policy to automatically close bugs open for too long without resolution/action (#635) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #635: https://gitlab.com/gnutls/gnutls/issues/635 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 11:00:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 10:00:14 +0000 Subject: [gnutls-devel] GnuTLS | introduce a gitlab policy to automatically close bugs open for too long without resolution/action (#635) In-Reply-To: References: Message-ID: Ok, let's close it then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/635#note_125762060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 13:18:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 12:18:16 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: The issue seems to be an unexpected errno value set by strerror(-3). The gnulib test expects errno to be either 0 or EINVAL after the call to strerror(). But in fact errno is 12 (ENOMEM). It seems more of a libc6 2.28 issue, though we see it only on the cross builds / emulation. We can do two things about it: - removing/changing line 72 in gl/tests/test-errno.c to accept errno 12, e.g. with a sed call in .gitlab-ci.yml after `./bootstrap` - ask on the gnulib ML. There are also glibc maintainers to have an eye on this. I'll ask there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125812408 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 16:16:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 15:16:24 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Meanwhile it looks like a bug in the Debian cross-compiled glibc 2.28. I filed a bug at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_125876291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 19:20:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 18:20:23 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: @nmav I added a commit to work-around that strerror() bug. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125954217 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 19:22:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 18:22:58 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: All discussions on Merge Request !819 were resolved by Tim R?hsen https://gitlab.com/gnutls/gnutls/merge_requests/819 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 18 19:22:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 18 Dec 2018 18:22:58 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on tests/cert-tests/certtool: > exit 1 > fi > > - #check whether ask-pass is being honoured > - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} > - if test $? != 0;then > - cat ${TMPFILE2} > - echo "cert generation failed" > - exit 1 > + #check whether password is being honoured > + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 < +$PASS > +EOF > + if test $? != 0; then Added configure option `--disable-bash-tests` and amended the certtool test to just SKIP if that option is given. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819#note_125954732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 07:02:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 06:02:22 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Merge Request !819 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/819 Project:Branches: rockdaboot/gnutls:tmp-portable-tests to gnutls/gnutls:master Author: Tim R?hsen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 07:35:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 06:35:53 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 08:52:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 07:52:13 +0000 Subject: [gnutls-devel] GnuTLS | Make some tests more portable (!819) In-Reply-To: References: Message-ID: Merge Request !819 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/819 Project:Branches: rockdaboot/gnutls:tmp-portable-tests to gnutls/gnutls:master Author: Tim R?hsen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/819 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 09:33:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 08:33:33 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: @chouquette Please rebase onto latest upstream master and force-push. The latest commit works-around the issue described above. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_126067004 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 09:37:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 08:37:14 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Merge Request !835 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/835 Project:Branches: chouquette/gnutls:winstore_patches to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 09:43:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 08:43:34 +0000 Subject: [gnutls-devel] GnuTLS | vasprintf: use from gnulib; don't bundle twice (!841) References: Message-ID: New Merge Request !841 https://gitlab.com/gnutls/gnutls/merge_requests/841 Branches: tmp-vasprintf to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Do not bundle a second vasprintf implementation; it is already in gnulib. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 09:49:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 08:49:39 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: Hi, I am not sure what is the request. gnutls has indeed a `vasprintf()` implementation bundled if the OS doesn't support it, however that remains bundled in gnutls. Or is the issue is that gnutls or vlc uses Android's vasprintf with '%n'? I do not see '%n' used anywhere in gnutls, so a better stacktrace would help. CC: @chouquette @rockdaboot -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_126073475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 09:54:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 08:54:50 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: Oh, well I was about to test a gnulib patch for this: [0001-vasnprintf-Don-t-use-n-on-android.patch](/uploads/239ad998a2291d1497f63b7d89e6cca2/0001-vasnprintf-Don-t-use-n-on-android.patch) I haven't had a chance to try and reproduce the issue yet, but I should be able to do that today -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_126074844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 09:58:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 08:58:33 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: It seems that gnulib's implementation was added recently (probably with the ./bootstrap addition). Previously we used a bundled version which was much simpler. I've opened !841 quickly after the report, but seeing gnulib's implementation of `vasnprintf()` which is 5k lines of code, I'm not sure whether we should rely on it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_126076188 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:22:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:22:05 +0000 Subject: [gnutls-devel] GnuTLS | Configure option --with-nettle-mini does not work as expected (#654) References: Message-ID: New Issue was created. Issue 654: https://gitlab.com/gnutls/gnutls/issues/654 Author: Tom Assignee: When running configure with option `--with-nettle-mini` the script still checks for a native Nettle installation on the host system and fails if it is not there (or if the version doesn't match the required minimum). I guess this is not the intended behaviour and the system should proceed with the included Nettle? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:22:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:22:31 +0000 Subject: [gnutls-devel] GnuTLS | WIP: vasprintf: use from gnulib; don't bundle twice (!841) In-Reply-To: References: Message-ID: Merge Request !841 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/841 Branches: tmp-vasprintf to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:23:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:23:30 +0000 Subject: [gnutls-devel] GnuTLS | Configure option --with-nettle-mini does not work as expected (#654) In-Reply-To: References: Message-ID: Hi, The nettle-mini is a version of nettle compiled without gmp. Thus nettle is still be expected to be there though gmp can be missing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/654#note_126086081 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:24:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:24:11 +0000 Subject: [gnutls-devel] GnuTLS | Configure option --with-nettle-mini does not work as expected (#654) In-Reply-To: References: Message-ID: Alright. Thanks for clearing that up. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/654#note_126086297 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:25:25 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:25:25 +0000 Subject: [gnutls-devel] GnuTLS | Configure option --with-nettle-mini does not work as expected (#654) In-Reply-To: References: Message-ID: Issue was closed by Tom Issue #654: https://gitlab.com/gnutls/gnutls/issues/654 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:26:37 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:26:37 +0000 Subject: [gnutls-devel] GnuTLS | Restore usage of mod_auth_st in TLS 1.3 code (#650) In-Reply-To: References: Message-ID: Let that not that dissuade you add a new abstraction if you seem something fit for the tls1.3 methods. It is just that there wasn't much to be abstracted the way things are organized. As we are adding more and more features we may (or not) need to have a new abstraction. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/650#note_126086936 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:29:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:29:08 +0000 Subject: [gnutls-devel] GnuTLS | Restore usage of mod_auth_st in TLS 1.3 code (#650) In-Reply-To: References: Message-ID: Alright. I'll take a look while implementing tls-kdh for tls 1.3 and see how I can (or can't fit) it into the current structure. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/650#note_126087751 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:30:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:30:04 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: @chouquette Would like to see your patch in gnulib :-) Can we run a docker android image ? Or an emulator via docker ? And how feasible is that ? I have no idea, this is new territory for me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_126088014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 10:35:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 09:35:16 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: I'll send the patch to gnulib then! Building for android is fairly easy, the NDK comes with a toolchain to cross compile to all supported architectures. Running... no idea. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_126089566 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 11:56:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 10:56:12 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: LGTM also -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816#note_126118150 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 11:56:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 10:56:15 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: Merge Request !816 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/816 Branches: tmp-comment-style to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:37:49 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:37:49 +0000 Subject: [gnutls-devel] GnuTLS | vasprintf: use from gnulib; don't bundle twice (!841) In-Reply-To: References: Message-ID: The gnulib variant is quite more complex, but I guess we want to offload the maintenance of `vasprintf()` anyway. So let's bring that in. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/841#note_126131328 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:37:51 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:37:51 +0000 Subject: [gnutls-devel] GnuTLS | vasprintf: use from gnulib; don't bundle twice (!841) In-Reply-To: References: Message-ID: Reassigned Merge Request 841 https://gitlab.com/gnutls/gnutls/merge_requests/841 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:37:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:37:57 +0000 Subject: [gnutls-devel] GnuTLS | vasprintf: use from gnulib; don't bundle twice (!841) In-Reply-To: References: Message-ID: Merge Request !841 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/841 Branches: tmp-vasprintf to master Author: Nikos Mavrogiannopoulos Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/841 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:42:40 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:42:40 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: add an android build (#655) References: Message-ID: New Issue was created. Issue 655: https://gitlab.com/gnutls/gnutls/issues/655 Author: Nikos Mavrogiannopoulos Assignee: We currently are known to compile and run in android but we have no CI for it (either build-only or full testsuite run). We should provide a CI to avoid regressions on that platform. * https://bits.debian.org/2017/03/build-android-apps-with-debian.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:43:05 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:43:05 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: I've created a separate ticket on having an android CI: https://gitlab.com/gnutls/gnutls/issues/655 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_126132559 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:43:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:43:53 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: All discussions on Merge Request !835 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/835 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:43:59 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:43:59 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Merge Request !835 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/835 Project:Branches: chouquette/gnutls:winstore_patches to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 12:44:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 11:44:11 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_126132824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 13:26:07 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 12:26:07 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testrandom.sh occasionally never returns (#656) References: Message-ID: New Issue was created. Issue 656: https://gitlab.com/gnutls/gnutls/issues/656 Author: Tim R?hsen Assignee: This is maybe due to the `continue` in the first loop, which doesn't increment `counter`. So if certtool fails, the loop is endless. Removing the error redirection from the certtool invocation shows output like ``` import error: Error in the certificate. import error: Error in the time fields of certificate. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 13:30:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 12:30:00 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testrandom.sh occasionally never returns (#656) In-Reply-To: References: Message-ID: Maybe the test should be moved into the fuzzing section. It's not a unit test. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/656#note_126144881 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 14:04:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 13:04:21 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: The reasoning is based on the following assumptions: - autogen and libopts share the same version number - libopts API is upper compatible I couldn't find explicit mention of these in the documentation, but given that the m4 macro `AG_PATH_AUTOOPTS` takes `MIN-VERSION`, the latter should be true. Let me confirm with the autogen upstream. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_126154183 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 14:58:00 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 13:58:00 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: There was a previous discussion about libopts; unfortunately it is not a normal shared library. It can break ABI but still keep the same soname. https://gitlab.com/gnutls/gnutls/merge_requests/645#note_82051279 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_126172335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 14:58:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 13:58:11 +0000 Subject: [gnutls-devel] GnuTLS | build: remove src/*.bak from distribution (!808) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: There was a previous discussion about libopts; unfortunately it is not a normal shared library. It can break ABI but still keep the same soname. https://gitlab.com/gnutls/gnutls/merge_requests/645#note_82051279 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/808#note_126172383 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:02:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:02:43 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: Merge Request !816 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/816 Branches: tmp-comment-style to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:02:49 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:02:49 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: Reassigned Merge Request 816 https://gitlab.com/gnutls/gnutls/merge_requests/816 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:02:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:02:56 +0000 Subject: [gnutls-devel] GnuTLS | CONTRIBUTING.md: added proposal on commenting style and new features (!816) In-Reply-To: References: Message-ID: Thank you, merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/816#note_126173767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:44:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:44:42 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on tests/win-certopenstore.c: > +/* > + * Copyright (C) 2018 Nikos Mavrogiannopoulos Certainly not my copyright :) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_126186352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:46:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:46:09 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Other than the copyright comment it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_126186758 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:46:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:46:13 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:46:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:46:10 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Reassigned Merge Request 839 https://gitlab.com/gnutls/gnutls/merge_requests/839 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 15:53:59 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 14:53:59 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect handling of session resumption with changed ClientHello (#657) References: Message-ID: New Issue was created. Issue 657: https://gitlab.com/gnutls/gnutls/issues/657 Author: Hubert Kario Assignee: ## Description of problem: When a client tries to resume a TLS 1.2 session (using session ID) without advertising cipher used in previous session, gnutls continues resumption while picking cipher from the resumed session. This is RFC 5246 violation. ## Version of gnutls used: 435437ad94723612deb1e238379d457b2456d83f ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) manual compile on Fedora ## How reproducible: always Steps to Reproduce: * run tlsfuzzer `test-resumption-with-wrong-ciphers.py` from https://github.com/tomato42/tlsfuzzer/pull/487 ## Actual results: ``` sanity ... OK sanity - session ID resume ... OK resumption of safe session with NULL cipher ... Error encountered while processing node (child: ) with last message being: Error while processing Traceback (most recent call last): File "scripts/test-resumption-with-wrong-ciphers.py", line 276, in main runner.run() File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run RecordHeader2))) AssertionError: Unexpected message from peer: Handshake(server_hello) sanity - aes-256 cipher ... OK resumption with cipher from old CH but not selected by server ... Error encountered while processing node (child: ) with last message being: Error while processing Traceback (most recent call last): File "scripts/test-resumption-with-wrong-ciphers.py", line 276, in main runner.run() File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run RecordHeader2))) AssertionError: Unexpected message from peer: Handshake(server_hello) sanity ... OK Misbehaving client session resumption script Check if server detects a misbehaving client in session resumption Reproducer for CVE-2010-4180 version: 1 Test end successful: 4 failed: 2 'resumption of safe session with NULL cipher' 'resumption with cipher from old CH but not selected by server' ``` ## Expected results: all pass If the server recognised the session, it needs to verify that the new Client Hello can be used to resume old session and abort with `illegal_parameter` if it isn't. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 19 16:34:36 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 19 Dec 2018 15:34:36 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect handling of session resumption with changed ClientHello (#657) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 13:39:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 12:39:14 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Hi, this was me. I would like to add and try to figure out what is needed to resolve. This is one of two issues w/ tests that I haven't figured out *right* solution to. I would consider low priority as I am guessing my system is not typical. But it's high to me. CentOS 7.6 Since report, I have updated p11-kit to 0.23.14 (rebuild of current Fedora src.rpm) - that resolved the build problem when compiled with p11-kit support but this issue still exists. I tried an update to libtasn1 on test system just in case the test failure was related but it wasn't, so I am using CentOS 7.6 version to build against again (shared library versioned) since it is not the issue. nettle 3.4.1 installed with /opt/gnutls prefix I can get the certs test suite to pass with the following disabled, but the purpose of tests is to find what is broken. I build via RPM in mock so if there is suspicion of an older CentOS 7 library being related I usually can try and find out. If there is anything I can do to find what the issue is I really want to find it. Thank you for your time. [gnutls-3.6.5-disabled-cert-tests.patch](/uploads/5922af7dbaf7c4cb7601dcc01b568629/gnutls-3.6.5-disabled-cert-tests.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126444571 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 14:59:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 13:59:04 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Could it be that the particular test should not be run with --disable-sha1-support It looks like the grep is searching for a sha1 hash -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126468713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 15:09:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 14:09:58 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Okay building w/o the patch and without that configure switch, it looks like that test passes, but it then gets stuck at PASS: gnutls-cli-invalid-crl.sh PASS: dtls-rehandshake-cert-2 PASS: gnutls-cli-debug.sh PASS: testpkcs11.sh PASS: ocsp-tests/ocsp-must-staple-connection PASS: dtls/dtls Seems whatever test comes after that never finishes if I do not `--disable-sha1-support` but I'll give it another ten minutes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126471613 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 15:31:47 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 14:31:47 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Maybe https://gitlab.com/gnutls/gnutls/issues/656 !? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126479461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 16:09:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 15:09:55 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Quite possibly. It didn't hang a second time. And this test (for this issue) I suspect comes after whatever the hung test was, the failure is unrelated to having sha1 enabled or not. Worth a shot. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126490692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 16:24:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 15:24:57 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Also, `--disable-sha1-support` is default. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126495571 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 16:38:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 15:38:06 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) References: Message-ID: New Merge Request !842 https://gitlab.com/gnutls/gnutls/merge_requests/842 Branches: tmp-testrandom.sh to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list I recently had to kill testrandom.sh after 10-20 minutes. The loop counter wasn't incremented in case certtool failed (which it normally does in this test). #647 might also be a related false positive because of this. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:05:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:05:23 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) In-Reply-To: References: Message-ID: Shouldn't it close #656 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842#note_126507587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:07:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:07:57 +0000 Subject: [gnutls-devel] GnuTLS | Tests with RSA-PSS private_key and rsae/rsa-pss signature schemes. (#646) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/646 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:17:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:17:46 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) In-Reply-To: References: Message-ID: That one definetely, now added to the MR description. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842#note_126510731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:23:03 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:23:03 +0000 Subject: [gnutls-devel] GnuTLS | Unencrypted Finished msg is rejected with incorrect Alert (#643) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:23:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:23:29 +0000 Subject: [gnutls-devel] GnuTLS | CertificateVerify msg with rsae private_key and rsa-pss signature scheme. (#645) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:25:14 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:25:14 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Okay this is the grep line in the test that fails: sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 013c1972a0[0-9a-f]\{30\}$" >/dev/null 2>&1 This is from `${INFOFILE}` Extensions: Authority Key Identifier (not critical): 5d40adf0ce9440958b7e99941d925422ca72365f CRL Number (not critical): 3c1972a015fd74ad2e6e54fd1537d90df75668 It looks like the generation of the CRL is close to matching the grep, just missing the leading 01 Interesting it is 38 characters long, two shy of the 40 the grep also expects. The CRL is generated just above it but uses some other files. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126513076 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:27:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:27:42 +0000 Subject: [gnutls-devel] GnuTLS | do not tolerate DER encoded certificates with invalid time format (#207) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/207 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:27:48 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:27:48 +0000 Subject: [gnutls-devel] GnuTLS | do not tolerate DER encoded certificates with invalid time format (#207) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/207 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:31:45 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:31:45 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) In-Reply-To: References: Message-ID: LGTM; I do not see the relation with #647; could you clarify -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842#note_126519810 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:32:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:32:15 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Merge Request !839 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/839 Project:Branches: chouquette/gnutls:use_CertOpenStore to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:52:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:52:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_import_ecc_raw: set the public key bits (!843) References: Message-ID: New Merge Request !843 https://gitlab.com/gnutls/gnutls/merge_requests/843 Branches: tmp-test-ecc to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This sets the number of key bits once an ECC key is imported. Resolves #640 ## Checklist * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:52:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:52:52 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) In-Reply-To: References: Message-ID: Merge Request !842 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/842 Branches: tmp-testrandom.sh to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 17:58:35 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 16:58:35 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBw?= =?utf-8?q?ublic_keys_and_calculating_bits_=28=23640=29?= In-Reply-To: References: Message-ID: Reassigned Issue 640 https://gitlab.com/gnutls/gnutls/issues/640 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 18:14:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 17:14:30 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) In-Reply-To: References: Message-ID: It's not related to #647 - I'm in the process of trying to find exactly where what goes wrong goes wrong but it isn't this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842#note_126531693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 18:18:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 17:18:04 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testrandom.sh occasionally never returns (#656) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 18:18:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 17:18:08 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testrandom.sh occasionally never returns (#656) In-Reply-To: References: Message-ID: Reassigned Issue 656 https://gitlab.com/gnutls/gnutls/issues/656 Assignee changed to Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 19:05:36 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 18:05:36 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Okay both with and without the datefudge - `CRL Number (not critical):` is 19 bytes. It is obviously generated from the date. I am guessing it is suppose to be 20 bytes but the first byte is being omitted, as it matches what is expected with the datefudge in the test script. I tested with certtool I built and the same input files used in the test, same result, 19 bytes (38 hex) Am I right that it should be 20? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126543174 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 19:35:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 18:35:09 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Updated the copyright, I'm not sure if this should be licensed to the FSF instead, if you'd prefer the copyright to change to something more specific please let me know! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_126548681 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 19:52:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 18:52:20 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: The copyright is fine, thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_126552149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 19:52:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 18:52:32 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: All discussions on Merge Request !839 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/merge_requests/839 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 20:15:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 19:15:12 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect alert for malformed Client Hello (#659) References: Message-ID: New Issue was created. Issue 659: https://gitlab.com/gnutls/gnutls/issues/659 Author: Hubert Kario Assignee: ## Description of problem: When ClientHello compression methods does not include CompressionMethod.null, GnuTLS aborts the connection with handshake_failure alert instead of illegal_parameter ## Version of gnutls used: 435437ad94723612deb1e238379d457b2456d83f ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) local compile on Fedora 28 ## How reproducible: tlsfuzzer `test-invalid-compression-methods.py` from https://github.com/tomato42/tlsfuzzer/pull/489 ## Actual results: handshake_failure alert ## Expected results: illegal_parameter alert for ClientHello messages that do not include null compression -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/659 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 20:40:50 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 19:40:50 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Merge Request !839 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/839 Project:Branches: chouquette/gnutls:use_CertOpenStore to gnutls/gnutls:master Author: Hugo Beauz?e-Luyssen Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 20:44:11 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 19:44:11 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: I know what is happening, why this test is failing. You are using four bytes to encode seconds from epoch for the serial number, the not sure what the bytes after are for. After 32 bit time runs out, it needs a 01 on 64-bit systems, but for whatever reason that isn't happening on my 64-bit system. It's a Y2038 bug on my system. Is it an external library that you get it from has the bug? As is probably obvious, I'm not a C programmer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126563792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 21:14:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 20:14:55 +0000 Subject: [gnutls-devel] GnuTLS | win32: Use CertOpenStore instead of CertOpenSystemStore (!839) In-Reply-To: References: Message-ID: Thanks for merging this! (And the others :) ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/839#note_126569440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 20 22:31:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 20 Dec 2018 21:31:06 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) References: Message-ID: New Issue was created. Issue 660: https://gitlab.com/gnutls/gnutls/issues/660 Author: Ray Donnelly Assignee: macOS's libcrypto does not contain the define `EVP_CTRL_GCM_SET_TAG` (I looked in every SDK from 10.9 to 10.13) yet we see https://gitlab.com/search?utf8=%E2%9C%93&search=EVP_CTRL_GCM_SET_TAG&group_id=&project_id=179611&search_code=true&repository_ref=master#L142 Leading to: ``` cipher-openssl-compat.c:142:29: error: use of undeclared identifier 'EVP_CTRL_GCM_SET_TAG' EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_size, ^ ``` I am working around it by forcing it to detect this fact via the following patch: ``` --- work/configure.ac.orig 2018-12-20 15:18:12.000000000 -0600 +++ work/configure.ac 2018-11-30 23:21:11.000000000 -0600 @@ -344,7 +344,7 @@ # check for libcrypto - used in test programs AC_LIB_HAVE_LINKFLAGS(crypto,, [#include -], [EVP_CIPHER_CTX_ctrl(NULL, EVP_CTRL_GCM_SET_TAG, 0, NULL);]) +], [EVP_CIPHER_CTX_init(NULL);]) AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes") --- work/configure.orig 2018-12-20 15:19:38.000000000 -0600 +++ work/configure 2018-12-20 15:20:33.000000000 -0600 @@ -15730,7 +15730,7 @@ int main () { -EVP_CIPHER_CTX_init(NULL); +EVP_CIPHER_CTX_ctrl(NULL, EVP_CTRL_GCM_SET_TAG, 0, NULL); ; return 0; } ``` .. but this means that we do not test this compatibility feature on macOS, which is unfortunate. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 02:19:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 01:19:58 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: Hi, I believe the patch in #658 will fix this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_126615134 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 05:50:12 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 04:50:12 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Found the problem I believe - the bug is in RHEL/CentOS 7 `datefudge` package. Well, that's okay, read more C today then I've read in eons and learned a lot. [alice at localhost tmp]$ cat runtest.sh #!/bin/bash date +%s datefudge "2100-01-01 10:00:00" date +%s [alice at localhost tmp]$ sh runtest.sh 1545367653 -192457696 [alice at localhost tmp]$ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126631009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 07:36:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 06:36:39 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testrandom.sh occasionally never returns (#656) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #656: https://gitlab.com/gnutls/gnutls/issues/656 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/656 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 07:36:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 06:36:39 +0000 Subject: [gnutls-devel] GnuTLS | testrandom.sh: Fix endless loop (!842) In-Reply-To: References: Message-ID: Merge Request !842 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/842 Branches: tmp-testrandom.sh to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/842 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 08:03:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 07:03:10 +0000 Subject: [gnutls-devel] GnuTLS | Issue with GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION (#609) In-Reply-To: References: Message-ID: Reassigned Issue 609 https://gitlab.com/gnutls/gnutls/issues/609 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/609 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 08:04:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 07:04:06 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated (!844) References: Message-ID: New Merge Request !844 https://gitlab.com/gnutls/gnutls/merge_requests/844 Branches: tmp-no-well-defined to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This removes the documented use of this macro. It was non-functional. Given the nature of the definition of the non-well defined date for certificates, it may be wise not to use a special macro at all. The reason is that the no-well defined date is a real date (~year 9999), and any approximation with seconds will be unstable due to irregular leap seconds. ## Checklist * [x] Code modified for feature * [x] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 08:10:33 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 07:10:33 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated (!844) In-Reply-To: References: Message-ID: Didn't find a way to issue a warning when this definition is used. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/844#note_126646346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 09:56:01 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 08:56:01 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: That looks like you are on a 32bit system and/or `date` uses a 32 bit signed time_t type. Here on a 64 bit system (being off from yours by 9 hours) ``` $ datefudge "2100-01-01 10:00:00" date +%s 4102477200 ``` `printf("%u\n",-192457696);` gives `4102509600` and ``` $ echo '(4102477200 - 4102509600) / 3600'|bc -l -9.00000000000000000000 ``` @nmav We already had that discussion, but I don't remember the details... we could skip that test if `SIZEOF_TIME_T` is 4 and `TIME_T_IS_SIGNED` is 1. @Pipfrosch Please gives us the output of `grep TIME_T config.h`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126665236 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 10:09:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 09:09:57 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: The problem was datefudge in EPEL 7 - which is at version 1.21. I built datefudge 1.22 and it now works as expected and the GnuTLS test does not fail. I filed a bug report w/ EPEL. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126668813 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 10:41:36 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 09:41:36 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Great that you took the time to test it ! @nmav should we require datefudge >= 1.22 in bootstrap.conf ? Alternatively we can check it's version and skip the failed test if < 1.22. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126676554 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 11:14:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 10:14:43 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: The test is triggered by `if test "${ac_cv_sizeof_time_t}" = 8;then` Maybe it could be triggered by `datefudge -s "2138-01-20 10:00:00" date +%s` giving an expected result? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126685173 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 11:27:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 10:27:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_import_ecc_raw: set the public key bits (ac89db92) In-Reply-To: References: Message-ID: Tim R?hsen started a new discussion on tests/pubkey-import-export.c: > if (ret < 0) > fail("error\n"); > > + bits = 0; > + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); > + if (ret == 0 || bits == 0) The docs for gnutls_pubkey_get_pk_algorithm say ``` * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative error code on error. ``` So either the docs are wrong or the test `ret == 0` is wrong. The function returns `key->params.algo` which can have GNUTLS_PK_UNKNOWN (0) *or* -1 (e.g. assigned in privkey.c, L531). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ac89db92a47c570340102ac89aebaaba3f35b96d#note_126688461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 11:31:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 10:31:17 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated (!844) In-Reply-To: References: Message-ID: Merge Request !844 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/844 Branches: tmp-no-well-defined to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 11:31:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 10:31:23 +0000 Subject: [gnutls-devel] GnuTLS | GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated (!844) In-Reply-To: References: Message-ID: Merge Request !844 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/844 Branches: tmp-no-well-defined to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 11:48:07 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 10:48:07 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: We skip datefudge tests under certain conditions (e.g. see tests/scripts/common.sh, check_for_datefudge()). Maybe you can amend the failing test to check whether the result of your command above is negative and return 77 (SKIP) if so !? And test that with datefudge 1.21 and 1.22 ? If it works, either make up an MR or (if you don't know how) paste the diff here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126694814 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 16:29:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 15:29:04 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Issue was reopened by Nikos Mavrogiannopoulos Issue 647: https://gitlab.com/gnutls/gnutls/issues/647 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 16:32:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 15:32:31 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Thank you for debugging this. I have pushed an update to datefudge for epel. I think once that gets in the repo we should close this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126773015 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 18:20:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 17:20:30 +0000 Subject: [gnutls-devel] GnuTLS | softhsm version check (#661) References: Message-ID: New Issue was created. Issue 661: https://gitlab.com/gnutls/gnutls/issues/661 Author: Michael A. Peters Assignee: I have two pkcs#11 tests that fail unless I disable them. I *suspect* the issue is version of softhsm. I am at 2.1.0 (CentOS 7) but it looks like current is 2.5.0 I've attached the patches for the specific tests that have to be disabled, assuming the issue is softhsm version, is it possible to conditionally disable these tests based on version number? disabled from `tls-neg-pkcs11-key.c`[gnutls-3.6.5-disabletests-tls-neg-pkcs11-key.c.patch](/uploads/81cbc985593d897b6e9d7a9eed5d0c0f/gnutls-3.6.5-disabletests-tls-neg-pkcs11-key.c.patch) disabled from `testpkcs11.sh.patch`[gnutls-3.6.5-disabletests-testpkcs11.sh.patch](/uploads/829bb5060e5a830ccdcc0b3f713b4d43/gnutls-3.6.5-disabletests-testpkcs11.sh.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/661 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 19:52:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 18:52:53 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_import_ecc_raw: set the public key bits (ac89db92) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion on tests/pubkey-import-export.c: > if (ret < 0) > fail("error\n"); > > + bits = 0; > + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); > + if (ret == 0 || bits == 0) Thank you. The `-1` is a temporal value used to signal a reload. However you raise a nice point. These functions have a multiple error state. It can be that their return value is negative, or their return value is zero. I'd have liked to simplify that to a single error value, but that could break apps which don't check for all possible values. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/commit/ac89db92a47c570340102ac89aebaaba3f35b96d#note_126843928 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 19:57:34 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 18:57:34 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 19:59:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 18:59:31 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:00:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:00:24 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Moved to: https://bugzilla.redhat.com/show_bug.cgi?id=1661390 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647#note_126845097 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:00:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:00:24 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #647: https://gitlab.com/gnutls/gnutls/issues/647 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:01:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:01:43 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@domblogger.net): failed CRL test w/ gnutls 3.6.5 (#647) In-Reply-To: References: Message-ID: Reassigned Issue 647 https://gitlab.com/gnutls/gnutls/issues/647 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:04:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:04:53 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@librelamp.com): Patch for tests/slow/cipher-openssl-compat.c w/ LibreSSL (#658) In-Reply-To: References: Message-ID: Would you like to send a merge request with this patch? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/658#note_126846043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:08:38 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:08:38 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: We have a CI in travis for macosx which seems to pass: https://travis-ci.org/gnutls/gnutls/builds The specific test you mention seems not to run there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_126846828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:32:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:32:56 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@librelamp.com): Patch for tests/slow/cipher-openssl-compat.c w/ LibreSSL (#658) In-Reply-To: References: Message-ID: Sure, new to gitlab but I assume it is similar process to github? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/658#note_126851887 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 20:38:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 19:38:22 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: If the CI in travis installs actual openssl that may be why it passes, I'm fairly certain OS X switched to libressl for their bundled openssl API - and that's what the build failure looks like. LibreSSL uses a very large OPENSSL_VERSION_NUMBER which unfortunately causes problems for newer OpenSSL API stuff they do not implement. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_126852985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 21:25:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 20:25:04 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) References: Message-ID: New Merge Request !845 https://gitlab.com/gnutls/gnutls/merge_requests/845 Project:Branches: Pipfrosch/gnutls:master to gnutls/gnutls:master Author: Michael A. Peters Assignee: Patch from #658 - may fix #660 but I do not have access to MacOS ## Checklist * [ ] Code modified for feature * [ X ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 21:32:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 20:32:52 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: The close and mentions are reversed. I think closes #660 but I can't test. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845#note_126861617 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 21:43:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 20:43:22 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: As I say, this define has never existed in any MacOS ask from 10.9 onwards. If the builds on Travis install openssl then configure will find those headers but link to the system libcrypto.dylib which is definitely not what you want in any situation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_126863341 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 21 21:53:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 21 Dec 2018 20:53:53 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: You can clarify if it is actually LibreSSL: [alice at localhost ~]$ openssl version LibreSSL 2.8.3 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_126864381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 23 01:51:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Dec 2018 00:51:17 +0000 Subject: [gnutls-devel] GnuTLS | Changes needed to compile Guile bindings against Guile 2.2.2 (#199) In-Reply-To: References: Message-ID:      I had to file [Homebrew PR #35365](https://github.com/Homebrew/homebrew-core/pull/35365) downstream to work around the lack of progress on this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/199#note_126964161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 23 12:02:47 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Dec 2018 11:02:47 +0000 Subject: [gnutls-devel] GnuTLS | Windows & Windows Store store patches (!835) In-Reply-To: References: Message-ID: > Meanwhile it looks like a bug in the Debian cross-compiled glibc 2.28. I filed a bug at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779. FYI, this is now a gcc bug [1]. So gnulib won't change anything because their test code is correct. We have to check from time to time and once a fix is in Debian, d4029938088c7a1f92ed9b6c5f90c09bc8a920c3 can be reverted. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88576 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/835#note_126982260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 23 12:28:43 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Dec 2018 11:28:43 +0000 Subject: [gnutls-devel] GnuTLS | Changes needed to compile Guile bindings against Guile 2.2.2 (#199) In-Reply-To: References: Message-ID: Is this still an issue ? I see no issues with guile 2.2.4 here. That's what ./configure says: ``` *** *** Detecting GNU Guile... checking for guile-snarf... (cached) /usr/bin/guile-snarf checking for guild... (cached) /usr/bin/guild checking for guile-2.2... (cached) /usr/bin/guile-2.2 checking for Guile version >= 2.2... 2.2.4 checking for guild-2.2... (cached) /usr/bin/guild checking for guile-config-2.2... no checking for pkg-config... (cached) /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes configure: checking for guile 2.2 configure: found guile 2.2 checking for GUILE... yes checking whether GNU Guile is recent enough... checking the Guile effective version... 2.2 yes checking whether gcc supports -fgnu89-inline... yes checking for scm_gc_malloc_pointerless... (cached) yes ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/199#note_126983441 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 23 20:51:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 23 Dec 2018 19:51:31 +0000 Subject: [gnutls-devel] GnuTLS | Changes needed to compile Guile bindings against Guile 2.2.2 (#199) In-Reply-To: References: Message-ID: @rockdaboot:      I didn't think it was an issue any longer, either, but maybe it's a regression in Homebrew's build sandbox. Regardless, you can ignore [my previous comment](https://gitlab.com/gnutls/gnutls/issues/199#note_126964161) now, as downstream [has been absolutely ruthless in removing build formula options that trigger package configuration options lately](https://github.com/Homebrew/homebrew-core/issues/31510) and [doesn't want to support building GNU TLS against GUILE any more](https://github.com/Homebrew/homebrew-core/pull/35365#issuecomment-449633965). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/199#note_127013752 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 24 23:20:47 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Dec 2018 22:20:47 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_import_ecc_raw: set the public key bits (!843) In-Reply-To: References: Message-ID: Merge Request !843 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/843 Branches: tmp-test-ecc to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 24 23:20:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Dec 2018 22:20:56 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBw?= =?utf-8?q?ublic_keys_and_calculating_bits_=28=23640=29?= In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #640: https://gitlab.com/gnutls/gnutls/issues/640 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 24 23:20:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Dec 2018 22:20:56 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_pubkey_import_ecc_raw: set the public key bits (!843) In-Reply-To: References: Message-ID: Merge Request !843 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/843 Branches: tmp-test-ecc to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/843 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 24 23:20:56 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 24 Dec 2018 22:20:56 +0000 Subject: [gnutls-devel] =?utf-8?b?R251VExTIHwgSW1wb3J0aW5nINC10YHRgSBw?= =?utf-8?q?ublic_keys_and_calculating_bits_=28=23640=29?= In-Reply-To: References: Message-ID: Issue was closed by Dmitry Eremin-Solenikov Issue #640: https://gitlab.com/gnutls/gnutls/issues/640 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 11:29:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 10:29:52 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: Hmm. Can we find Mac OS X bundled headers somewhere? I have checked LibreSSL and it has `EVP_CTRL_GCM_SET_TAG`/`EVP_CTRL_CCM_SET_TAG` since first version. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845#note_127185091 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 11:51:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 10:51:32 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: @mingwandroid Hmm. Can we find Mac OS X bundled headers somewhere? I have checked LibreSSL and it has `EVP_CTRL_GCM_SET_TAG`/`EVP_CTRL_CCM_SET_TAG` since first version. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_127187096 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 11:54:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 10:54:44 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: @Pipfrosch @nmav I believe the proper fix is to just remove `EVP_CIPHER_CTX_init()` call, which should not be necessary after `EVP_CIPHER_CTX_new()`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845#note_127187382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 12:03:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 11:03:30 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: I don't know about OS X but this is what happens w/ LibreSSL 2.8.3 as the SSL API installed on CentOS 7 (w/ vendor openssl headers NOT installed) First error building test program: make[3]: Nothing to be done for `test-ciphers-openssl.sh'. CC cipher-openssl-compat.o CCLD gendh CCLD crypto CCLD cipher-test CCLD cipher-api-test CCLD hash-large CCLD mac-override CCLD cipher-override cipher-openssl-compat.c: In function 'cipher_test': cipher-openssl-compat.c:101:4: error: void value not ignored as it ought to be assert(EVP_CIPHER_CTX_init(ctx)==1); ^ make[3]: *** [cipher-openssl-compat.o] Error 1 Second error running test if first is patched for: FAIL: test-ciphers-openssl.sh ============================= cipher: aes-128-gcm cipher: aes-256-gcm cipher: chacha20-poly1305 cipher_test:94: EVP_get_cipherbyname failed for chacha20-poly1305 default cipher tests failed FAIL test-ciphers-openssl.sh (exit status: 1) It may be different than OS X issue, I just the OS X issue was related to `EVP_CIPHER_CTX_init()` which is the case with LibreSSL. I *think* OS X (er MacOS or whatever) is using LibreSSL 2.7.x -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845#note_127188107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 12:46:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 11:46:32 +0000 Subject: [gnutls-devel] GnuTLS | Fix libressl (!846) References: Message-ID: New Merge Request !846 https://gitlab.com/gnutls/gnutls/merge_requests/846 Project:Branches: GostCrypt/gnutls:fix-libressl to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Code modified for feature * [x] Test suite updated with functionality tests ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 12:50:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 11:50:32 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: Could you please check that !846 fixes the issue for you. I think that it might be a cleaner approach (and it also doesn't disable CCM tests). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845#note_127191670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 13:21:32 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 12:21:32 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) References: Message-ID: New Issue was created. Issue 662: https://gitlab.com/gnutls/gnutls/issues/662 Author: Taner Sener Assignee: I can not build v3.6.5 on macOS with nettle v3.4.1. Compilation fails with `configure: error: Nettle lacks the required rsa_sec_decrypt function`. config.log has the following lines for that section. Full log is can be found in [config.log.gz](/uploads/380a945fa34813fde3b49b29d97f5d33/config.log.gz). ``` configure:61617: checking for rsa_sec_decrypt configure:61617: gcc -o conftest -g -O2 -I/usr/local/include -Wl,-no_weak_imports conftest.c -lidn2 -L/usr/local/lib -lhogweed >&5 Undefined symbols for architecture x86_64: "_rsa_sec_decrypt", referenced from: _main in conftest-97e833.o ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) ``` nettle v3.4.1 is installed with `./configure; make; make install` command under /usr/local. When I checked the `rsa_sec_decrypt` function, I saw that it was defined inside libhogweed library with the `nettle` prefix. ``` nm -a rsa-sec-decrypt.o 0000000000000000 T _nettle_rsa_sec_decrypt ``` It seems like there is a mismatch in function names. Do you have a fix for that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 14:28:40 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 13:28:40 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) In-Reply-To: References: Message-ID: Here on Debian it is ``` $ nm -a rsa-sec-decrypt.o|grep rsa_sec_decrypt 0000000000000000 T nettle_rsa_sec_decrypt ``` In my config.log Is see ``` configure:61582: checking for nettle_rsa_sec_decrypt configure:61582: result: yes ``` The define for rsa_sec_decrypt() is in nettle/rsa.h. Maybe a wrong version of that file gets included ? Did you see any related warnings when compiling gnutls ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662#note_127198772 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 15:40:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 14:40:53 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) In-Reply-To: References: Message-ID: I didn't notice anything suspicious. Full configure output in attached in [configure.output.txt.gz](/uploads/f9361dd54e8f70c9bd3fbfff0ba7abf1/configure.output.txt.gz). I don't set any environment variables before configure. So nettle include and libraries and detected via pkg-config. According to pkg-config, nettle includes are loaded from /usr/local/include/nettle path, I have rsa.h there which includes the following define. `#define rsa_sec_decrypt nettle_rsa_sec_decrypt` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662#note_127204410 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 16:48:40 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 15:48:40 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Hi, with LibreSSL 2.8.3 this fixes the test program build issue (first place where my patch excludes for LibreSSL) but the second issue (running test) issue still remains: [alice at localhost SPECS]$ cat ../BUILD/gnutls-3.6.5/tests/slow/test-suite.log ============================================= GnuTLS 3.6.5: tests/slow/test-suite.log ============================================= # TOTAL: 7 # PASS: 6 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: test-ciphers-openssl.sh ============================= cipher: aes-128-gcm cipher: aes-256-gcm cipher: chacha20-poly1305 cipher_test:94: EVP_get_cipherbyname failed for chacha20-poly1305 default cipher tests failed FAIL test-ciphers-openssl.sh (exit status: 1) Anything I can do to help pin point what the precise failure is? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127209221 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 18:55:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 17:55:09 +0000 Subject: [gnutls-devel] GnuTLS | ex-client-x509 3.6.5 cannot connect to gnutls-serv (#663) References: Message-ID: New Issue was created. Issue 663: https://gitlab.com/gnutls/gnutls/issues/663 Author: Andreas Metzler Assignee: Hello, I just thought to take a look at the included examples, wondering whether they are ready for TLS 1.3 (I do not think so, there is no loop re-sending the same data when gnutls_record_send gets GNUTLS_E_AGAIN). I tried connecting to ... ``` gnutls-serv --x509keyfile=/tmp/key.pem --x509certfile=/tmp/cert.pem ``` and received > *** Handshake failed: A TLS fatal alert has been received. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 19:51:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 18:51:09 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) In-Reply-To: References: Message-ID: Are you sure you have checked out nettle at 4fc52f4de99b2d471ead06e4a5086b9b15b6dee3 (tag: nettle_3.4.1_release_20181204) and rebuilt everything from scratch (and installed) ? I am not sure why your `nm` shows `_nettle_rsa_sec_decrypt` instead of `nettle_rsa_sec_decrypt`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662#note_127217247 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 20:03:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 19:03:57 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: Someone called phracker on GitHub has archives available to download. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_127217844 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 20:08:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 19:08:39 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) In-Reply-To: References: Message-ID: But then, from your first post ``` Undefined symbols for architecture x86_64: "_rsa_sec_decrypt", referenced from: _main in conftest-97e833.o ``` It looks like an old version of rsa.h is included when you build gnutls. The leading underscore seems to be for every symbol. If the #define is missing, exactly this error message would appear. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662#note_127218000 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 22:52:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 21:52:55 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: Couldn't find LibreSSL headers there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_127223350 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Dec 25 23:31:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 25 Dec 2018 22:31:55 +0000 Subject: [gnutls-devel] GnuTLS | Not possible to build tests on macOS. (#660) In-Reply-To: References: Message-ID: GnuTLS does not use LibreSSL on macOS, it uses libcrypto which is a fork of an old openssl. I'm not sure if they've switched to being based on some other implementation but I don't know if it's relevant to this issue either way! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/660#note_127224417 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 02:10:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 01:10:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: @Pipfrosch This is really strange. Are you sure that you are running this MR? Because here is what I see after modifying code to request non-present cipher (`chacha20-poly1305-dummy`): ``` $ ./cipher-openssl-compat cipher: aes-128-gcm cipher: aes-256-gcm cipher: chacha20-poly1305-dummy EVP_get_cipherbyname failed for chacha20-poly1305-dummy cipher: aes-128-ccm cipher: aes-256-ccm ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127228891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 03:50:54 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 02:50:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: This is the output I am getting: [alice at localhost slow]$ ./cipher-openssl-compat cipher: aes-128-gcm cipher: aes-256-gcm cipher: chacha20-poly1305 cipher_test:94: EVP_get_cipherbyname failed for chacha20-poly1305 [alice at localhost slow]$ I will double check the PR is applied. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127237208 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 03:56:35 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 02:56:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: It is applied, it just removes the one line, correct? #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (gcipher == GNUTLS_CIPHER_AES_128_CCM || gcipher == GNUTLS_CIPHER_AES_256_CCM) { assert(EVP_CipherInit_ex(ctx, evp_cipher, 0, 0, 0, 0) > 0); -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127237468 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 04:44:39 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 03:44:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Okay according to https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations LibreSSL does not support AES-CCM so there probably does need to be a `!defined (LIBRESSL_VERSION_NUMBER)` around the `aes-128-ccm` and `aes-256-ccm` tests, but the `chacha20-poly1305` should pass. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127240025 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 06:51:37 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 05:51:37 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: It's possible I found the problem. In current `crypto/evp/c_allc.c` there is the following: #ifndef OPENSSL_NO_CHACHA EVP_add_cipher(EVP_chacha20()); # ifndef OPENSSL_NO_POLY1305 EVP_add_cipher(EVP_chacha20_poly1305()); # endif #endif LibreSSL does not have that file but it does have `crypto/evp/c_all.c` and it only has the following: #ifndef OPENSSL_NO_CHACHA EVP_add_cipher(EVP_chacha20()); #endif A grep in the directory shown no `EVP_add_cipher(EVP_chacha20_poly1305())` If that is needed before `evp_cipher = EVP_get_cipherbyname(ocipher);` can work than that test won't work with LibreSSL. I don't know. Tempting to try patching LibreSSL to add that and see what happens but I could be barking up wrong tree. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127251363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 07:14:53 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 06:14:53 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: I asked on LibreSSL portable github, they may shed some light on what is happening. https://github.com/libressl-portable/portable/issues/483 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127253836 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 10:47:23 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 09:47:23 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) In-Reply-To: References: Message-ID: > Are you sure you have checked out nettle at 4fc52f4de99b2d471ead06e4a5086b9b15b6dee3 (tag: nettle_3.4.1_release_20181204) and rebuilt everything from scratch (and installed) ? When I first created this issue I was using nettle-3.4.1.tar.gz downloaded from [nettle home page](http://www.lysator.liu.se/~nisse/nettle/). After your advice I used tag nettle_3.4.1_release_20181204 from [gnutls nettle](https://gitlab.com/gnutls/nettle). Unfortunately result didn't change for me. > It looks like an old version of rsa.h is included when you build gnutls. The leading underscore seems to be for every symbol. If the #define is missing, exactly this error message would appear. I don't do anything to include leading underscore (_) in function names. It might be a macOS/Darwin thing. What can I do to prove rsa.h used is valid? I can post rsa.h here or I can provide access to my host if you are interested. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662#note_127281534 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 13:36:02 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 12:36:02 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Okay based on their answer, `EVP_get_cipherbyname(ocipher)` will fail for aes-{128,192,256}-ccm because the NID is not registered in `crypto/evp/c_all.c` because of an oversight that will be fixed shortly and will fail for `chacha20-poly1305` because they do not yet have an EVP implementation for it, only an EVP_AEAD implementation. So the @@ -189,7 +189,7 @@ /* ciphers */ cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16); cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER) if (!gnutls_fips140_mode_enabled()) { cipher_test("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305, 16); } from the patch I made in !845 is still needed, but the first part of the patch I made is fixed by this PR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127306480 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 14:49:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 13:49:58 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Update - LibreSSL portable dev already sent patch to OpenBSD list that fixes the AES CCM tests. The ChaCha20-poly1305 will take more work on their part. So with the patch their dev sent to their mailing list applied, the following modification (the second part of patch) to the PR works: diff -ur gnutls-3.6.5.orig/tests/slow/cipher-openssl-compat.c gnutls-3.6.5/tests/slow/cipher-openssl-compat.c --- gnutls-3.6.5.orig/tests/slow/cipher-openssl-compat.c 2018-03-22 00:56:48.000000000 -0700 +++ gnutls-3.6.5/tests/slow/cipher-openssl-compat.c 2018-12-26 05:26:10.916608565 -0800 @@ -98,7 +98,6 @@ #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (gcipher == GNUTLS_CIPHER_AES_128_CCM || gcipher == GNUTLS_CIPHER_AES_256_CCM) { - assert(EVP_CIPHER_CTX_init(ctx)==1); assert(EVP_CipherInit_ex(ctx, evp_cipher, 0, 0, 0, 0) > 0); @@ -190,9 +189,11 @@ cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16); cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16); #if OPENSSL_VERSION_NUMBER >= 0x10100000L +# if !defined (LIBRESSL_VERSION_NUMBER) if (!gnutls_fips140_mode_enabled()) { cipher_test("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305, 16); } +# endif cipher_test("aes-128-ccm", GNUTLS_CIPHER_AES_128_CCM, 16); cipher_test("aes-256-ccm", GNUTLS_CIPHER_AES_256_CCM, 16); #endif My guess is the fix for AES CCM will be in next LibreSSL but I don't know when it will be released. I'm going to retract !845 because this PR fixes the fixable issue the right way. Whether you want to add LibreSSL specific fix to second issue or just wait for the chacha20-poly1305 to be added to their EVP (it sounds like it will) and deal w/ occasional people reporting test failures with LibreSSL I don't have an opinion on what is best, either is fine by me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127317115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 14:50:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 13:50:31 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: Merge Request !845 was closed by Michael A. Peters Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/845 Project:Branches: Pipfrosch/gnutls:master to gnutls/gnutls:master Author: Michael A. Peters Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 14:51:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 13:51:16 +0000 Subject: [gnutls-devel] GnuTLS | Update cipher-openssl-compat.c for LibreSSL abuse of OPENSSL_VERSION_NUMBER (!845) In-Reply-To: References: Message-ID: retracting request, see !846 comments for why. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/845#note_127317302 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 22:51:48 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 21:51:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: @Pipfrosch no, it does more than removing one line. It also switches `EVP_get_cipherbyname()` failure to be a non-fatal one. Thus I'm puzzled, because even if `EVP_get_cipherbyname("chacha20-poly1305")` fails in LibreSSL, with this MR applied test should pass. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127392606 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 23:37:22 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 22:37:22 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Okay this is what I saw as the PR - https://gitlab.com/GostCrypt/gnutls/commit/8360d8b1d655cda03d5fd8beae61dcfe812c49ba I'm a bit confused, where is the other change referenced? I'm new to gitlab. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127395573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 23:38:48 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 22:38:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: THis is the other change: https://gitlab.com/GostCrypt/gnutls/commit/0b1b0663cf2c8a69e1d6eee26412c8f371e18af4 You can view all the changes by clicking on the "Changes" label on top of "add comment" form. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127395640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 23:39:46 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 22:39:46 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Okay I found this one as a "parent" to that one. I did NOT apply this change. Does gitlab have a way to view a PR as a unified diff? https://gitlab.com/GostCrypt/gnutls/commit/0b1b0663cf2c8a69e1d6eee26412c8f371e18af4 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127395712 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 23:44:02 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 22:44:02 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Got it. I'll try that and I suspect it solves everything. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127395907 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Dec 26 23:55:25 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 22:55:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Confirm that it works 100% as expected and resolves test issue, I apologize for the confusion in applying it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127396639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 00:01:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 26 Dec 2018 23:01:44 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: No problem. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127396941 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 15:43:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 14:43:24 +0000 Subject: [gnutls-devel] GnuTLS | ECDSA signature verification fail with GnuTLS 3.6.5 (#664) References: Message-ID: New Issue was created. Issue 664: https://gitlab.com/gnutls/gnutls/issues/664 Author: Nicolas Mora Assignee: When using GnuTLS 3.6.5, I can't use ECDSA signature or verification, the function `gnutls_pubkey_verify_data2` always returns -419 error code. I have a code snippet to show how I use it: https://gitlab.com/snippets/1793236 Is there something wrong with my code? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 16:09:26 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 15:09:26 +0000 Subject: [gnutls-devel] GnuTLS | ECDSA signature verification fail with GnuTLS 3.6.5 (#664) In-Reply-To: References: Message-ID: There is a confusion between sign algorithm and hash algorithm. On [line 109](https://gitlab.com/snippets/1793236#L109) you call `gnutls_pubkey_verify_data2` with the hash algorithm `GNUTLS_DIG_SHA256`, while the function expects a sign algorithm such as `GNUTLS_SIGN_ECDSA_SHA256`. I would suggest to use enum types instead of int to avoid such confusion. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/664#note_127530201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 16:27:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 15:27:18 +0000 Subject: [gnutls-devel] GnuTLS | ECDSA signature verification fail with GnuTLS 3.6.5 (#664) In-Reply-To: References: Message-ID: Seems to be the solution, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/664#note_127535218 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 16:27:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 15:27:18 +0000 Subject: [gnutls-devel] GnuTLS | ECDSA signature verification fail with GnuTLS 3.6.5 (#664) In-Reply-To: References: Message-ID: Issue was closed by Nicolas Mora Issue #664: https://gitlab.com/gnutls/gnutls/issues/664 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 21:14:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 20:14:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Wouldn't the second patch add a risk of skipping tests if openssl fails for some reason? (Eg our use of the api is deprecated in the future). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127574188 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 21:22:25 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 20:22:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Maybe we can allow skipping on libressl only though in that case we would compile but it would be unclear what is tested unless the log is manually reaf -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127574929 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 21:23:16 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 20:23:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Would it work to do something like compile the program with a flag (e.g. `-DPERMISSIVE=TRUE`) when the softfail is wanted? LibreSSL devs have already approved the patch that fixes the AES-CCM failures and have stated they plan to add the NID needed for chacha20-poly1305 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127575072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 21:32:51 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 20:32:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: That would potentially allow autoconf system to only add the flag if LibreSSL version is detected and potentially detected as lower than whatever version the chacha20 fix comes in, so no LibreSSL version information is needed in the test program c file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127576019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Dec 27 22:56:35 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 27 Dec 2018 21:56:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: What about the following pseudo-code: ```c evp_cipher = EVP_get_cipherbyname(ocipher); if (!evp_cipher) { /* XXX: fix version check later when LibreSSL fixes support for aes-ccm and chacha20-poly1305 */ #ifdef LIBRESSL_VERSION_NUMBER fprintf("Failure!"\n"); return -1; #else /* OpenSSL should work */ fail("Failure here!\n"); return -1; #endif } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127583107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 02:17:08 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 01:17:08 +0000 Subject: [gnutls-devel] GnuTLS | cipher-test-api fails 3des-cbc test when nettle is built in release mode (#665) References: Message-ID: New Issue was created. Issue 665: https://gitlab.com/gnutls/gnutls/issues/665 Author: Ray Donnelly Assignee: Hi GnuTLS devs, When `NDEBUG` is passed as a compile flag to nettle, the asserts are all elided meaning that `SIGABRT` does not happen (instead segfaults happen) and `custom_abrt` is not called in `tests/slow/cipher-api-test.c`. This means that we must build nettle without this flag making it slower than it would otherwise be. Are there other reasons to build nettle with asserts enabled though? Thanks in advance for your advice. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 06:20:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 05:20:30 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Seems good to me. Note that you don't need return after fail() -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127616522 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 09:32:55 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 08:32:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127637628 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 11:49:57 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 10:49:57 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: @nmav I'm a bit stuck here. PKI.js generates [pkijs_pkcs12__2_.p12](/uploads/d0eb67a90d5f237de606b50aea32b66d/pkijs_pkcs12__2_.p12) with double OCTET STRING encapsulation. What would be the best way to handle them? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127662544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 11:53:31 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 10:53:31 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Reduce capi usage (!840) In-Reply-To: References: Message-ID: Dmitry Eremin-Solenikov started a new discussion on lib/system/keys-win.c: > goto cleanup; > } > } else { > +#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP) A typical suggestion would be to move such large code block to a separate function and to put it under ifdef/else condition. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/840#note_127663161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 11:54:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 10:54:30 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Reduce capi usage (!840) In-Reply-To: References: Message-ID: Do you have any short reference/story about CryptoAPI/BCrypt/NCrypt usage/differencies/etc (not the API description, but rather higher level use case overview). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/840#note_127663310 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 11:56:29 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 10:56:29 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Reduce capi usage (!840) In-Reply-To: References: Message-ID: Basically: - which Win versions provide those API? - is cryptoapi going to be removed soon? - why is Microsoft introducing new API? etc. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/840#note_127663648 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 12:33:06 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 11:33:06 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: For the reference: https://github.com/PeculiarVentures/PKI.js/issues/217 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127669880 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 14:44:42 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 13:44:42 +0000 Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514) In-Reply-To: References: Message-ID: I think the problem is still here. I am currently trying to bump gnutls (3.6.2->3.6.5), and it's currently failing due to `gtk-doc` with: ``` autoreconf: running: automake --add-missing --copy --force-missing configure.ac:39: installing 'build-aux/compile' configure.ac:29: installing 'build-aux/missing' doc/Makefile.am: installing 'build-aux/depcomp' gtk-doc.make:78: error: GTK_DOC_BUILD_HTML does not appear in AM_CONDITIONAL doc/reference/Makefile.am:80: 'gtk-doc.make' included from here gtk-doc.make:83: error: GTK_DOC_BUILD_PDF does not appear in AM_CONDITIONAL doc/reference/Makefile.am:80: 'gtk-doc.make' included from here gtk-doc.make:302: error: HAVE_GTK_DOC does not appear in AM_CONDITIONAL doc/reference/Makefile.am:80: 'gtk-doc.make' included from here guile/Makefile.am:69: warning: AM_V_GUILEC_$(V: non-POSIX recursive variable expansion guile/Makefile.am:70: warning: AM_V_GUILEC_$(AM_DEFAULT_VERBOSITY: non-POSIX recursive variable expansion guile/Makefile.am:78: warning: '%'-style pattern rules are a GNU make extension guile/src/Makefile.am:117: warning: '%'-style pattern rules are a GNU make extension autoreconf: automake failed with exit status: 1 ``` The thing is, I don't want `gtk-doc`. In the past I used `--disable-gtk-doc` (still here), but it's the step after the reconf (with `./configure --disable-gtk-doc --disable-doc`). Re-downgrading to a previous version works. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_127693255 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 16:43:41 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 15:43:41 +0000 Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514) In-Reply-To: References: Message-ID: S?bastien Blin @AmarOk1412 commented 1 hour ago > I think the problem is still here. > > I am currently trying to bump gnutls (3.6.2->3.6.5), and it's currently failing due to gtk-doc with: > > autoreconf: running: automake --add-missing --copy --force-missing > configure.ac:39: installing 'build-aux/compile' > configure.ac:29: installing 'build-aux/missing' > doc/Makefile.am: installing 'build-aux/depcomp' > gtk-doc.make:78: error: GTK_DOC_BUILD_HTML does not appear in AM_CONDITIONAL [...] > autoreconf: automake failed with exit status: 1 > > The thing is, I don't want gtk-doc. In the past I used --disable-gtk-doc (still here), but it's the step after the reconf (with ./configure --disable-gtk-doc --disable-doc). > > Re-downgrading to a previous version works. That is a completely different issue than the issue-report you are posting in. issue 514 is along the lines of "I installed everything listed for a developer build in README.md and still could not build." You, otoh want to make a "semi-developer build", run autoreconf but without full development toolkit. Afaict this probably broke with 535ba543e78338192ce40b501e1283130550a704 which switched from AC_CONFIG_MACRO_DIR to AC_CONFIG_MACRO_DIR*S*. And gtkdocize has this comment: ``` # If the AC_CONFIG_MACRO_DIR() macro is used, copy gtk-doc.m4 from our # prefix to that directory. This makes sure that the M4 macro used # matches the the automake fragment. # If AC_CONFIG_MACRO_DIR is not used, the macro won't be copied, and # the correct flags must be passed to aclocal for it to find the macro. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_127729573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 17:02:58 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 16:02:58 +0000 Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514) In-Reply-To: References: Message-ID: Yup you're right. I think "AC_CONFIG_MACRO_DIR_S_" To fix my problem I add m4/gtk-doc.m4 from gnutls 3.6.2 in the m4 directory and that's all :) In fact, gtk-doc.m4 is also ignored since 3f1dc3fe54b32b56471a3e964b840b9b46ae7e09, so when we regenerate aclocal.m4, the function is not present anymore in "aclocal.m4" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_127740382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 17:43:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 16:43:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Merge Request !846 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/846 Project:Branches: GostCrypt/gnutls:fix-libressl to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 17:53:54 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 16:53:54 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: If they use indefinite encoding should be decodable as Ber. Do they use indefinite or do they only encapsulaye? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127747258 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Dec 28 19:32:28 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 28 Dec 2018 18:32:28 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from android-developer-preview@google.com): [8-5416000025036] GnuTLS open source library causes apps to crash (#653) In-Reply-To: References: Message-ID: It seems that the the gnulib guys have further questions on android platform: http://lists.gnu.org/archive/html/bug-gnulib/2018-12/msg00126.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/653#note_127758393 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 14:15:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 13:15:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846) In-Reply-To: References: Message-ID: Merge Request !846 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/846 Project:Branches: GostCrypt/gnutls:fix-libressl to gnutls/gnutls:master Author: Dmitry Eremin-Solenikov Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 14:15:13 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 13:15:13 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from alice@librelamp.com): Patch for tests/slow/cipher-openssl-compat.c w/ LibreSSL (#658) In-Reply-To: References: Message-ID: Issue was closed by Dmitry Eremin-Solenikov Issue #658: https://gitlab.com/gnutls/gnutls/issues/658 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/658 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 14:20:17 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 13:20:17 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: Just encapsulation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127836501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 19:18:41 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 18:18:41 +0000 Subject: [gnutls-devel] GnuTLS | Fix OSS-Fuzz build (!847) References: Message-ID: New Merge Request !847 https://gitlab.com/gnutls/gnutls/merge_requests/847 Branches: tmp-fix-ossfuzz to master Author: Tim R?hsen Assignee: Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list Tested locally. Same fix as for wget and wget2. ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 23:53:52 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 22:53:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix OSS-Fuzz build (!847) In-Reply-To: References: Message-ID: Merge Request !847 was approved by Dmitry Eremin-Solenikov Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/847 Branches: tmp-fix-ossfuzz to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 23:54:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 22:54:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix OSS-Fuzz build (!847) In-Reply-To: References: Message-ID: Merge Request !847 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/847 Branches: tmp-fix-ossfuzz to master Author: Tim R?hsen Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/847 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Dec 29 23:55:41 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 29 Dec 2018 22:55:41 +0000 Subject: [gnutls-devel] GnuTLS | macOS compilation fails (#662) In-Reply-To: References: Message-ID: Hmm, I think I've got a similar issue. The new flag "no_weak_imports" seems to break the build I don't have the error with Nettle, but with gnutls directly: ``` 12:07:48 ld: weak import of symbol '_connectx' not supported because of option: -no_weak_imports for architecture x86_64 12:07:48 clang: error: linker command failed with exit code 1 (use -v to see invocation) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/662#note_127872225 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 02:58:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 01:58:18 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: I wonder how does this works for them. Do you have the output of openssl asn1parse handy? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127883219 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 09:56:40 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 08:56:40 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: Raw data is attached to MR (see the link two messages above). Here comes asn1parse -i: ``` 0:d=0 hl=4 l=3541 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :03 7:d=1 hl=4 l=3534 cons: SEQUENCE 11:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 22:d=2 hl=4 l=3519 cons: cont [ 0 ] 26:d=3 hl=4 l=3515 cons: SEQUENCE 30:d=4 hl=2 l= 1 prim: INTEGER :01 33:d=4 hl=2 l= 15 cons: SET 35:d=5 hl=2 l= 13 cons: SEQUENCE 37:d=6 hl=2 l= 9 prim: OBJECT :sha256 48:d=6 hl=2 l= 0 prim: NULL 50:d=4 hl=4 l=2178 cons: SEQUENCE 54:d=5 hl=2 l= 9 prim: OBJECT :pkcs7-data 65:d=5 hl=4 l=2163 cons: cont [ 0 ] 69:d=6 hl=4 l=2159 cons: OCTET STRING 73:d=7 hl=4 l=2155 prim: OCTET STRING [HEX DUMP]:308208673082086306092A864886F70D010701A0820854048208503082084C308204D3060B2A864886F70D010C0A0101A08204C2308204BE020100300D06092A864886F70D0101010500048204A8308204A40201000282010100E2A1270AE17166A4C433FF1C61C698C5EC53EBE7C01DA9F9FDE18214E7B56318B406346E0E8A1604F5FBD7E86658AFCC2AB2A9593A40DD90DE5AB411D9621C69FFF2A5DE830041165B39508016291148FFA3B73290DC08BD945E53D25709B66ED0499E657CC19B5988716611764D7B51D9DE211524537EFDC1525C2972A5819B31F37F7950D78E324D751B941A1F301A7D0D658C4281FF1DB10E0C05C4D68AA5222ADCB405AB43F1A18B7F3C124331F5128964F970587515D2884D7433C6722D8459FE3552A270058145A499091431712857E8A1E94352E6934FFB42809C0CE0265527D401A065DB0F1B6299E86C5492B726344491C1A8DB674D5DC9A271801F02030100010282010100D30ED5F7722154405A613A52CA5453EEEFBAF056323AEE13DD76E8D8633A3001CF967FB9875CDE48DC75208C54D47F541AE7AC83669706416672FE8428F910113FC650E73B053F987C789219D7898389825A8BC051DC395FA50F7BECC6164B8A43FC6BC1844022576D947E4400F303C824A89412C673E42E9A9E032AAE94A86F890DA5AB66717825C8FA266F51140F4D29BCEBEB330A5C20CEBDAE5BA35294D28A79E2C73082DE7789ABC1B3CE77286EB67AAF57BF465181F7C987736C46DBC3918E6ADEFBFB13CBB77DDC7CB08BEE98399460EB284A26BBA5757792A604E86FD0AF2018F29FC4FAE97941B99F5AB9F24FF6A2E0A2C8068A5A95683969A76F3102818100FD4CC0199D8DF1813E902F39365D304287FE5959BE4540ECBFA0B72F6BCF521B771B09DBC524CC978F8D8B16C2586E3AB9D561B0CDB1ED9CD8635781ECBB670678EF5D94D8538C2A66D191FFE5F6470E68BBEA169B5EBF3A0704B858CFDB3A50B6BF6BFDBA4A872055F887529E09CBCB4D11B9E28650BEA7BED79C464944850D02818100E50B9E93E735DAA32DAE6839CE71CF402EEEBA279947350BF634E542DB993399B807701F07F37FD2A2104B4E8F1D2D628DE1D0F52C44986EF6C1E6A65180B448F8BC1B1262A05CDA2440D58ADD116B7F207F409742F7184F45C3D42C18FE6FA30D70D62F92F508222BEB40333633375847C63B854768DB28BD52E7D45BF2E6DB02818100E19384504B9BA943AC6FC35E7427B15ECEB598E4EF29C5941164133F4C07A9DB83CAB490DF94D20EF76CDA3D3E7E7A4C1A4B0960E70E59C9A07B77E6E0E853EBD3AF77EBA26B651C2DCCDCF4C3DAFB94BD78FC137DF276E23A75DDA65A15A66D53124E1DFBD57B5934B6CBECAB8995D04BA649A08E7542152943E28C459B9BD10281806915AFA7C4089D4B08866023456849E1F4A66A9A0864F71D89D432EB3DBD48435A7F6F1D8D94562CD9560876FE8A306C6B1413BEA894C02B08E3656321399F7D6B41425A690D920C335DDB9B5E59C3AC0BC8D6658FBFB653887A9439B72DE52235E4732058983B27126758892670D10F9BBE83485EBEE8EE040EA97670C93CC90281805E6BA23FA5F7495FC089ABE95D4D268DC9E550A2F704D3E71F5E9CF63D59171F4B2463A94EC95B2EA1D02F89ABE018031AE44158D0BAFD403A13BC52173A6A6339140FA07E0E4728A3E7C2E39EEEBEC1E3C2C517C7918D846D1E6AD052B158D231FA3BEB75D9D11023EEEA13E49F7D449CB195824445FB41810AFEDBB39EFFD430820371060B2A864886F70D010C0A0103A08203603082035C060A2A864886F70D01091601A082034C04820348308203443082022EA003020102020101300B06092A864886F70D01010B303831363009060355040613025553302906035504031E220050006500630075006C006900610072002000560065006E00740075007200650073301E170D3133303133313231303030305A170D3136303133313231303030305A303831363009060355040613025553302906035504031E220050006500630075006C006900610072002000560065006E0074007500720065007330820122300D06092A864886F70D01010105000382010F003082010A0282010100E2A1270AE17166A4C433FF1C61C698C5EC53EBE7C01DA9F9FDE18214E7B56318B406346E0E8A1604F5FBD7E86658AFCC2AB2A9593A40DD90DE5AB411D9621C69FFF2A5DE830041165B39508016291148FFA3B73290DC08BD945E53D25709B66ED0499E657CC19B5988716611764D7B51D9DE211524537EFDC1525C2972A5819B31F37F7950D78E324D751B941A1F301A7D0D658C4281FF1DB10E0C05C4D68AA5222ADCB405AB43F1A18B7F3C124331F5128964F970587515D2884D7433C6722D8459FE3552A270058145A499091431712857E8A1E94352E6934FFB42809C0CE0265527D401A065DB0F1B6299E86C5492B726344491C1A8DB674D5DC9A271801F0203010001A35D305B300C0603551D13040530030101FF300B0603551D0F0404030200FF301D0603551D0E04160414E50980E94F7AD172F84882364848427318A3D096301F0603551D23041830168014E50980E94F7AD172F84882364848427318A3D096300B06092A864886F70D01010B03820101002291096CDCB858F2B610099FBC8D7ADD6914D8DCBE49DD2DB1CE80287E412740DCCD30295A5AB65B63F290FA01B6E4C205C0F396667FEE614281DA3D321D344C3C4029FEFE706B04AA3360647679063F8AF912DC7DA5EDE6A20DB135406A49EA2934DB68ED0815D28D72607B6E30A421340CDC141D421B3DB9FA55EFF15BAE5353E860DAD38E2A6B9232C380FBAB357523521F40665D3AF826A4A1EEF92C492E6992AE05020C34B24570CD9948AFD0000688D04D43A2F72C09CB56F31FFA424E5F63036ED2370876783D7732985F2B73579DFE386C5D2B99A5772041932BD3ADB3BC6D6C184F773EC1E07586E369827A511C928CCF9C558F46DB7671E2AFAB9C 2232:d=4 hl=4 l= 840 cons: cont [ 0 ] 2236:d=5 hl=4 l= 836 cons: SEQUENCE 2240:d=6 hl=4 l= 558 cons: SEQUENCE 2244:d=7 hl=2 l= 3 cons: cont [ 0 ] 2246:d=8 hl=2 l= 1 prim: INTEGER :02 2249:d=7 hl=2 l= 1 prim: INTEGER :01 2252:d=7 hl=2 l= 11 cons: SEQUENCE 2254:d=8 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 2265:d=7 hl=2 l= 56 cons: SEQUENCE 2267:d=8 hl=2 l= 54 cons: SET 2269:d=9 hl=2 l= 9 cons: SEQUENCE 2271:d=10 hl=2 l= 3 prim: OBJECT :countryName 2276:d=10 hl=2 l= 2 prim: PRINTABLESTRING :US 2280:d=9 hl=2 l= 41 cons: SEQUENCE 2282:d=10 hl=2 l= 3 prim: OBJECT :commonName 2287:d=10 hl=2 l= 34 prim: BMPSTRING 2323:d=7 hl=2 l= 30 cons: SEQUENCE 2325:d=8 hl=2 l= 13 prim: UTCTIME :130131210000Z 2340:d=8 hl=2 l= 13 prim: UTCTIME :160131210000Z 2355:d=7 hl=2 l= 56 cons: SEQUENCE 2357:d=8 hl=2 l= 54 cons: SET 2359:d=9 hl=2 l= 9 cons: SEQUENCE 2361:d=10 hl=2 l= 3 prim: OBJECT :countryName 2366:d=10 hl=2 l= 2 prim: PRINTABLESTRING :US 2370:d=9 hl=2 l= 41 cons: SEQUENCE 2372:d=10 hl=2 l= 3 prim: OBJECT :commonName 2377:d=10 hl=2 l= 34 prim: BMPSTRING 2413:d=7 hl=4 l= 290 cons: SEQUENCE 2417:d=8 hl=2 l= 13 cons: SEQUENCE 2419:d=9 hl=2 l= 9 prim: OBJECT :rsaEncryption 2430:d=9 hl=2 l= 0 prim: NULL 2432:d=8 hl=4 l= 271 prim: BIT STRING 2707:d=7 hl=2 l= 93 cons: cont [ 3 ] 2709:d=8 hl=2 l= 91 cons: SEQUENCE 2711:d=9 hl=2 l= 12 cons: SEQUENCE 2713:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 2718:d=10 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF 2725:d=9 hl=2 l= 11 cons: SEQUENCE 2727:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 2732:d=10 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030200FF 2738:d=9 hl=2 l= 29 cons: SEQUENCE 2740:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 2745:d=10 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414E50980E94F7AD172F84882364848427318A3D096 2769:d=9 hl=2 l= 31 cons: SEQUENCE 2771:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 2776:d=10 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014E50980E94F7AD172F84882364848427318A3D096 2802:d=6 hl=2 l= 11 cons: SEQUENCE 2804:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 2815:d=6 hl=4 l= 257 prim: BIT STRING 3076:d=4 hl=4 l= 465 cons: SET 3080:d=5 hl=4 l= 461 cons: SEQUENCE 3084:d=6 hl=2 l= 1 prim: INTEGER :01 3087:d=6 hl=2 l= 61 cons: SEQUENCE 3089:d=7 hl=2 l= 56 cons: SEQUENCE 3091:d=8 hl=2 l= 54 cons: SET 3093:d=9 hl=2 l= 9 cons: SEQUENCE 3095:d=10 hl=2 l= 3 prim: OBJECT :countryName 3100:d=10 hl=2 l= 2 prim: PRINTABLESTRING :US 3104:d=9 hl=2 l= 41 cons: SEQUENCE 3106:d=10 hl=2 l= 3 prim: OBJECT :commonName 3111:d=10 hl=2 l= 34 prim: BMPSTRING 3147:d=7 hl=2 l= 1 prim: INTEGER :01 3150:d=6 hl=2 l= 13 cons: SEQUENCE 3152:d=7 hl=2 l= 9 prim: OBJECT :sha256 3163:d=7 hl=2 l= 0 prim: NULL 3165:d=6 hl=2 l= 105 cons: cont [ 0 ] 3167:d=7 hl=2 l= 24 cons: SEQUENCE 3169:d=8 hl=2 l= 9 prim: OBJECT :contentType 3180:d=8 hl=2 l= 11 cons: SET 3182:d=9 hl=2 l= 9 prim: OBJECT :pkcs7-data 3193:d=7 hl=2 l= 28 cons: SEQUENCE 3195:d=8 hl=2 l= 9 prim: OBJECT :signingTime 3206:d=8 hl=2 l= 15 cons: SET 3208:d=9 hl=2 l= 13 prim: UTCTIME :181226222633Z 3223:d=7 hl=2 l= 47 cons: SEQUENCE 3225:d=8 hl=2 l= 9 prim: OBJECT :messageDigest 3236:d=8 hl=2 l= 34 cons: SET 3238:d=9 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:DB083C86F67DC67F4A44F74D74A7414E11CE38C8F9F7FB8DDA1AF0EF9052A16B 3272:d=6 hl=2 l= 11 cons: SEQUENCE 3274:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 3285:d=6 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:6966C7940F2D209F2B7CEF63538DB78A5814038EC973F4A5901AAF8FC4495E3D622B3078EC6B5A93500A7B0B694DB8AC8003FF2CC9792E5E86C3D1CB9D20698F3D7E5FD0579FEB43862D55683A8B17679D6EBE5FE0607B0A08517B28B05044A62EC219CC044947CD5FFBAD72BD1A39D29041EA74C88FCDAB4E6FA63EF00A8B1C48D04CCC2F4D4E570F809F35F93F373080FBBC64CAA0D860FB920D600537304677C4445113C334C02099CA157B513F4E0266B06D93F7F1F078950037693EB2024D1317BCE2E273B26BF1BA1EEF6D2DF7053836285034CE3555F8CF9BB99DEF9E2CEF6DB33CFCCAE8E1161CA1EC43A7835F109A01A03951A664F10E29CAD4B387 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127892224 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 15:39:51 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 14:39:51 +0000 Subject: [gnutls-devel] GnuTLS | ex-client-x509 3.6.5 cannot connect to gnutls-serv (#663) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 15:40:10 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 14:40:10 +0000 Subject: [gnutls-devel] GnuTLS | ex-client-x509 3.6.5 cannot connect to gnutls-serv (#663) In-Reply-To: References: Message-ID: Reassigned Issue 663 https://gitlab.com/gnutls/gnutls/issues/663 Assignee changed to Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/663 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 15:47:24 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 14:47:24 +0000 Subject: [gnutls-devel] GnuTLS | ex-client-x509 3.6.5 cannot connect to gnutls-serv (#663) In-Reply-To: References: Message-ID: That's interesting. It seems that the 'my_host_name' string used as an example string is rejected by the server as invalid. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/663#note_127914312 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 16:06:37 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 15:06:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: examples: use a valid DNS name (!848) References: Message-ID: New Merge Request !848 https://gitlab.com/gnutls/gnutls/merge_requests/848 Branches: tmp-fix-examples to master Author: Nikos Mavrogiannopoulos Assignee: Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list This prevents a gnutls server from sending an unexpected message alert due to invalid DNS name encoding, if the example is not modified. ## Checklist * [x] Code modified for feature ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 16:43:37 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 15:43:37 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: Hmm indeed in X.690/BER there is the possibility to have a constructed type which "wraps" another set. No idea why one would use it (I can understand the indefinite form). Nevertheless, libtasn1 is very limited on its BER decoding and most likely libtasn1 doesn't support this BER form. If `asn1_decode_simple_ber()` cannot decode that form, we may have to extend libtasn1 for it if we care decoding that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127917407 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 17:23:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 16:23:09 +0000 Subject: [gnutls-devel] GnuTLS | examples: use a valid DNS name (!848) In-Reply-To: References: Message-ID: Merge Request !848 was approved by Tim R?hsen Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/848 Branches: tmp-fix-examples to master Author: Nikos Mavrogiannopoulos Assignee: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 17:25:21 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 16:25:21 +0000 Subject: [gnutls-devel] GnuTLS | examples: use a valid DNS name (!848) In-Reply-To: References: Message-ID: LGTM. Though the logic around gnutls_handshake() is not as complete as before, I assume that GNUTLS_E_WARNING_ALERT_RECEIVED or GNUTLS_E_GOT_APPLICATION_DATA are not expected to be seen in the tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/848#note_127920161 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 18:48:15 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 17:48:15 +0000 Subject: [gnutls-devel] GnuTLS | examples: use a valid DNS name (!848) In-Reply-To: References: Message-ID: Right the server apps shouldn't receive these errors, and the client applications remained as is ignoring all the non-fatal set (in tls1.2 connections some servers send a warning alert). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/848#note_127924271 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 18:48:18 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 17:48:18 +0000 Subject: [gnutls-devel] GnuTLS | examples: use a valid DNS name (!848) In-Reply-To: References: Message-ID: @ametzler does this cover all the issues you mentioned in #663? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/848#note_127924273 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 19:21:02 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 18:21:02 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Signed PKCS#12 support (!830) In-Reply-To: References: Message-ID: A very dirty patch on libtasn1 to add this support is attached [patch.txt](/uploads/65f52268459c7a8638bf48d7bb558451/patch.txt). This is totally untested with no unit or other tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/830#note_127925645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 19:44:30 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 18:44:30 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from maxhrt33@aim.com): Trust list bug? (#666) In-Reply-To: References: Message-ID: Did you compile vlc with gnutls by yourself? @chouquette applies several patches over gnutls to run on windows (which were recently merged on master). If you compile by yourself I'd suggest to try using the master branch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/666#note_127926605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 19:44:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 18:44:44 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from maxhrt33@aim.com): Trust list bug? (#666) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.6 ( https://gitlab.com/gnutls/gnutls/milestones/18 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/666 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 19:47:45 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 18:47:45 +0000 Subject: [gnutls-devel] GnuTLS | cipher-test-api fails 3des-cbc test when nettle is built in release mode (#665) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #665: https://gitlab.com/gnutls/gnutls/issues/665 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 19:47:44 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 18:47:44 +0000 Subject: [gnutls-devel] GnuTLS | cipher-test-api fails 3des-cbc test when nettle is built in release mode (#665) In-Reply-To: References: Message-ID: nettle is not supposed to be compiled with NDEBUG. The library is designed to have certain `asserts()` and this is what the gnutls tests, test. These do not affect the performance significantly to bother. You may want to consult with the nettle maintainer, but I do not think we can help here from the gnutls side. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/665#note_127926727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 19:48:20 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 18:48:20 +0000 Subject: [gnutls-devel] GnuTLS | cipher-test-api fails 3des-cbc test when nettle is built in release mode (#665) In-Reply-To: References: Message-ID: You may want to verify any performance benefits with the nettle's benchmark tool if the above do not convince you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/665#note_127926759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 20:18:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 19:18:04 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from maxhrt33@aim.com): Trust list bug? (#666) In-Reply-To: References: Message-ID: Thank you for reply. I'm little concerned about?GitLab Support Bot creating tickets with visible email address.It seems that issue is present in any version even in new nightly build. If only I could somehow replicate this issue with gnutls-cli-debug which also?relies on?system certificate stores. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/666#note_127928008 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Dec 30 20:56:04 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 30 Dec 2018 19:56:04 +0000 Subject: [gnutls-devel] GnuTLS | cipher-test-api fails 3des-cbc test when nettle is built in release mode (#665) In-Reply-To: References: Message-ID: I agree that the asserts are unlikely too performance degrading and an happy to elide NDEBUG from our flags here instead. A minor point though, to me these tests feel like they belong in nettle with a configure time error message informing the developer/packager that this flag should never be set. Maybe I should make a PR against nettle and submit it? Many thanks for your helpful advice. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/665#note_127929475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Dec 31 11:38:09 2018 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 31 Dec 2018 10:38:09 +0000 Subject: [gnutls-devel] GnuTLS | examples: use a valid DNS name (!848) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos @nmav cwrote: > @ametzler does this cover all the issues you mentioned in #663? Yes, can connect to gnutls-serv, openssl s_server and gmail, the only majort public TLS 1.3 https server I know. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/848#note_128142502 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: