From nmav at gnutls.org  Sun Jul  1 13:30:57 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 01 Jul 2018 13:30:57 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
Message-ID: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>

Hi,
 Given that most development discussions are going on via gitlab, and
the mailing list is mostly inactive, would it make sense to eliminate
it completely and keep gitlab as the primary devel collaboration
platform?

regards,
Nikos



From ametzler at bebt.de  Sun Jul  1 14:18:21 2018
From: ametzler at bebt.de (Andreas Metzler)
Date: Sun, 1 Jul 2018 14:18:21 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
Message-ID: <20180701121821.GA27729@argenau.bebt.de>

On 2018-07-01 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> Hi,
>  Given that most development discussions are going on via gitlab, and
> the mailing list is mostly inactive, would it make sense to eliminate
> it completely and keep gitlab as the primary devel collaboration
> platform?

Hello,

Please keep the list. 

I actually wish the gitlab discussions were available, archived and
searchable on a mailing list. Is there a way to forward them?

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


From tim.ruehsen at gmx.de  Sun Jul  1 15:17:11 2018
From: tim.ruehsen at gmx.de (=?UTF-8?Q?Tim_R=c3=bchsen?=)
Date: Sun, 1 Jul 2018 15:17:11 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <20180701121821.GA27729@argenau.bebt.de>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
Message-ID: <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>

On 01.07.2018 14:18, Andreas Metzler wrote:
> On 2018-07-01 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>> Hi,
>>  Given that most development discussions are going on via gitlab, and
>> the mailing list is mostly inactive, would it make sense to eliminate
>> it completely and keep gitlab as the primary devel collaboration
>> platform?
> 
> Hello,
> 
> Please keep the list. 
> 
> I actually wish the gitlab discussions were available, archived and
> searchable on a mailing list. Is there a way to forward them?
> 
> cu Andreas

I totally agree with Andreas.

We did something liek this for Wget2...
- create a user wget-gnutls on Gitlab.com with email address
gnutls-devel at lists.gnutls.org
- turn on all notifications
- make the user a project member (reporter)

Regards, Tim

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180701/0a11d16c/attachment-0001.sig>

From nmav at gnutls.org  Mon Jul  2 14:31:06 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 2 Jul 2018 14:31:06 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
 <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
Message-ID: <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>

On Sun, Jul 1, 2018 at 3:37 PM Tim R?hsen <tim.ruehsen at gmx.de> wrote:

>
> > Hello,
> >
> > Please keep the list.
> >
> > I actually wish the gitlab discussions were available, archived and
> > searchable on a mailing list. Is there a way to forward them?
> >
> > cu Andreas
>
> I totally agree with Andreas.
>
> We did something liek this for Wget2...
> - create a user wget-gnutls on Gitlab.com with email address
> gnutls-devel at lists.gnutls.org
> - turn on all notifications
> - make the user a project member (reporter)
>

How did that work for wget2? Is the mailing list still used for discussions
outside gitlab? What I'm afraid of is ending up with a mailing list which
is storage for the gitlab notifications, or even worse (IMHO), disconnected
replies on list for gitlab discussions which are not reflected on gitlab.
That way one would have to follow both.

regards,
Nikos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180702/8e48220d/attachment.html>

From tim.ruehsen at gmx.de  Mon Jul  2 15:59:49 2018
From: tim.ruehsen at gmx.de (=?UTF-8?Q?Tim_R=c3=bchsen?=)
Date: Mon, 2 Jul 2018 15:59:49 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
 <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
 <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>
Message-ID: <92971030-8a13-a4a7-7ab0-e44063df8b28@gmx.de>

On 07/02/2018 02:31 PM, Nikos Mavrogiannopoulos wrote:
> On Sun, Jul 1, 2018 at 3:37 PM Tim R?hsen <tim.ruehsen at gmx.de> wrote:
> 
>>
>>> Hello,
>>>
>>> Please keep the list.
>>>
>>> I actually wish the gitlab discussions were available, archived and
>>> searchable on a mailing list. Is there a way to forward them?
>>>
>>> cu Andreas
>>
>> I totally agree with Andreas.
>>
>> We did something liek this for Wget2...
>> - create a user wget-gnutls on Gitlab.com with email address
>> gnutls-devel at lists.gnutls.org
>> - turn on all notifications
>> - make the user a project member (reporter)
>>
> 
> How did that work for wget2? Is the mailing list still used for discussions
> outside gitlab? What I'm afraid of is ending up with a mailing list which
> is storage for the gitlab notifications, or even worse (IMHO), disconnected
> replies on list for gitlab discussions which are not reflected on gitlab.
> That way one would have to follow both.

We always had bug-wget at gnu.org for everything (user + dev) incl. Wget2
stuff.
So we made up a new ML wget-dev at gnu.org for developers which includes
the Gitlab notifications. And as you expect, some people sending
questions directly into the new ML.

So what i do is just following the new ML. If someone comes with an
issue directly on the ML, I open an issue at Gitlab. If it is just a
question, it will be answered on the ML directly.
That is no extra work so far for me.

Let the user choose how they contact GnuTLS - some people don't want to
make up a Gitlab account or even don't want to get in contact with the
Gitlab web site. And a ML is much better for this than private mails.

Regards, Tim

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180702/e797d754/attachment.sig>

From nmav at gnutls.org  Tue Jul  3 08:23:16 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Tue, 3 Jul 2018 08:23:16 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <92971030-8a13-a4a7-7ab0-e44063df8b28@gmx.de>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
 <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
 <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>
 <92971030-8a13-a4a7-7ab0-e44063df8b28@gmx.de>
Message-ID: <CAJU7zaK9tSCv5Cw1BAT5MSU8BbnZ53R6ynjB7gB542TQu5hGHw@mail.gmail.com>

On Mon, Jul 2, 2018 at 3:59 PM Tim R?hsen <tim.ruehsen at gmx.de> wrote:

> On 07/02/2018 02:31 PM, Nikos Mavrogiannopoulos wrote:
> > On Sun, Jul 1, 2018 at 3:37 PM Tim R?hsen <tim.ruehsen at gmx.de> wrote:
> >
> >>
> >>> Hello,
> >>>
> >>> Please keep the list.
> >>>
> >>> I actually wish the gitlab discussions were available, archived and
> >>> searchable on a mailing list. Is there a way to forward them?
> >>>
> >>> cu Andreas
> >>
> >> I totally agree with Andreas.
> >>
> >> We did something liek this for Wget2...
> >> - create a user wget-gnutls on Gitlab.com with email address
> >> gnutls-devel at lists.gnutls.org
> >> - turn on all notifications
> >> - make the user a project member (reporter)
> >>
> >
> > How did that work for wget2? Is the mailing list still used for
> discussions
> > outside gitlab? What I'm afraid of is ending up with a mailing list which
> > is storage for the gitlab notifications, or even worse (IMHO),
> disconnected
> > replies on list for gitlab discussions which are not reflected on gitlab.
> > That way one would have to follow both.
>
> We always had bug-wget at gnu.org for everything (user + dev) incl. Wget2
> stuff.
> So we made up a new ML wget-dev at gnu.org for developers which includes
> the Gitlab notifications. And as you expect, some people sending
> questions directly into the new ML.
>
> So what i do is just following the new ML. If someone comes with an
> issue directly on the ML, I open an issue at Gitlab. If it is just a
> question, it will be answered on the ML directly.
> That is no extra work so far for me.
>

The workflow for gnutls at this point is:
 1. Issues and patches can be send via the web by registering (or using
other side credentials)
 2. Issues can be opened by sending a mail to bugs at gnutls.org
<bug-gnutls at gnutls.org>
 3. Issues can be brought to gnutls-dev ML
 4. Issues can be brought to help-gnutls ML

What I'd like is to reduce the amount of places where issues can be brought
and discussed to make it easier to keep track of.

Both Andreas and you make the point for gitlab discussions being more
easily available and searchable. Would a read-only gnutls-dev which
receives gitlab traffic, address that?

Are there discussions we may have had in the ML that we cannot have in
gitlab?


>
>
> Let the user choose how they contact GnuTLS - some people don't want to
> make up a Gitlab account or even don't want to get in contact with the
> Gitlab web site. And a ML is much better for this than private mails.
>

I think the option (2) with bugs at gnutls.org should cover that.

regards,
Nikos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180703/5de5dd2a/attachment.html>

From tim.ruehsen at gmx.de  Tue Jul  3 10:42:15 2018
From: tim.ruehsen at gmx.de (=?UTF-8?Q?Tim_R=c3=bchsen?=)
Date: Tue, 3 Jul 2018 10:42:15 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <CAJU7zaK9tSCv5Cw1BAT5MSU8BbnZ53R6ynjB7gB542TQu5hGHw@mail.gmail.com>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
 <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
 <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>
 <92971030-8a13-a4a7-7ab0-e44063df8b28@gmx.de>
 <CAJU7zaK9tSCv5Cw1BAT5MSU8BbnZ53R6ynjB7gB542TQu5hGHw@mail.gmail.com>
Message-ID: <53bd315c-0677-2506-5d1e-5414bd0b072c@gmx.de>

On 07/03/2018 08:23 AM, Nikos Mavrogiannopoulos wrote:
> On Mon, Jul 2, 2018 at 3:59 PM Tim R?hsen <tim.ruehsen at gmx.de> wrote:
> 
>> On 07/02/2018 02:31 PM, Nikos Mavrogiannopoulos wrote:
>>> On Sun, Jul 1, 2018 at 3:37 PM Tim R?hsen <tim.ruehsen at gmx.de> wrote:
>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> Please keep the list.
>>>>>
>>>>> I actually wish the gitlab discussions were available, archived and
>>>>> searchable on a mailing list. Is there a way to forward them?
>>>>>
>>>>> cu Andreas
>>>>
>>>> I totally agree with Andreas.
>>>>
>>>> We did something liek this for Wget2...
>>>> - create a user wget-gnutls on Gitlab.com with email address
>>>> gnutls-devel at lists.gnutls.org
>>>> - turn on all notifications
>>>> - make the user a project member (reporter)
>>>>
>>>
>>> How did that work for wget2? Is the mailing list still used for
>> discussions
>>> outside gitlab? What I'm afraid of is ending up with a mailing list which
>>> is storage for the gitlab notifications, or even worse (IMHO),
>> disconnected
>>> replies on list for gitlab discussions which are not reflected on gitlab.
>>> That way one would have to follow both.
>>
>> We always had bug-wget at gnu.org for everything (user + dev) incl. Wget2
>> stuff.
>> So we made up a new ML wget-dev at gnu.org for developers which includes
>> the Gitlab notifications. And as you expect, some people sending
>> questions directly into the new ML.
>>
>> So what i do is just following the new ML. If someone comes with an
>> issue directly on the ML, I open an issue at Gitlab. If it is just a
>> question, it will be answered on the ML directly.
>> That is no extra work so far for me.
>>
> 
> The workflow for gnutls at this point is:
>  1. Issues and patches can be send via the web by registering (or using
> other side credentials)
>  2. Issues can be opened by sending a mail to bugs at gnutls.org
> <bug-gnutls at gnutls.org>
>  3. Issues can be brought to gnutls-dev ML
>  4. Issues can be brought to help-gnutls ML
> 
> What I'd like is to reduce the amount of places where issues can be brought
> and discussed to make it easier to keep track of.
> 
> Both Andreas and you make the point for gitlab discussions being more
> easily available and searchable. Would a read-only gnutls-dev which
> receives gitlab traffic, address that?

Sounds good to me. Together with (2).

So you are going to make gnutl-dev and help-gnutls read-only ?

> Are there discussions we may have had in the ML that we cannot have in
> gitlab?

Technically not. It's just about people not willing to change to the new
structure... so you might loose some audience.

Regards, Tim

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180703/06911554/attachment-0001.sig>

From ametzler at bebt.de  Tue Jul  3 19:18:30 2018
From: ametzler at bebt.de (Andreas Metzler)
Date: Tue, 3 Jul 2018 19:18:30 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <CAJU7zaK9tSCv5Cw1BAT5MSU8BbnZ53R6ynjB7gB542TQu5hGHw@mail.gmail.com>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
 <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
 <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>
 <92971030-8a13-a4a7-7ab0-e44063df8b28@gmx.de>
 <CAJU7zaK9tSCv5Cw1BAT5MSU8BbnZ53R6ynjB7gB542TQu5hGHw@mail.gmail.com>
Message-ID: <20180703171830.GA1403@argenau.bebt.de>

On 2018-07-03 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
[...]
> The workflow for gnutls at this point is:
>  1. Issues and patches can be send via the web by registering (or using
> other side credentials)
>  2. Issues can be opened by sending a mail to bugs at gnutls.org
> <bug-gnutls at gnutls.org>
>  3. Issues can be brought to gnutls-dev ML
>  4. Issues can be brought to help-gnutls ML

> What I'd like is to reduce the amount of places where issues can be brought
> and discussed to make it easier to keep track of.

> Both Andreas and you make the point for gitlab discussions being more
> easily available and searchable. Would a read-only gnutls-dev which
> receives gitlab traffic, address that?

Hello,

A readonly gnutls-dev would improve things a lot.

> Are there discussions we may have had in the ML that we cannot have in
> gitlab?

Discussions other than patch submissions and bug-reports do not have a
natural place on GL. Also especially for longer discussions the lack of
threading makes the discussion unnecessarily hard to follow compared to
a ML.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


From nmav at gnutls.org  Mon Jul  9 16:27:46 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 9 Jul 2018 16:27:46 +0200
Subject: [gnutls-devel] should we deprecate the development ML?
In-Reply-To: <20180703171830.GA1403@argenau.bebt.de>
References: <7434159b227eeadca098242574f482306459733e.camel@gnutls.org>
 <20180701121821.GA27729@argenau.bebt.de>
 <e3452b7b-cbbb-1aeb-fb0c-ac20d8dbc8d0@gmx.de>
 <CAJU7za+J5o++3Tb8E1x1g-ziYR5vSZXkM6GRwWzGD52HokcJNA@mail.gmail.com>
 <92971030-8a13-a4a7-7ab0-e44063df8b28@gmx.de>
 <CAJU7zaK9tSCv5Cw1BAT5MSU8BbnZ53R6ynjB7gB542TQu5hGHw@mail.gmail.com>
 <20180703171830.GA1403@argenau.bebt.de>
Message-ID: <CAJU7zaJEgHUtvrUbJTmTr8vc6PMth=Qev00iwKN69R_b1EURuA@mail.gmail.com>

On Tue, Jul 3, 2018 at 7:19 PM Andreas Metzler <ametzler at bebt.de> wrote:

> On 2018-07-03 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> [...]
> > The workflow for gnutls at this point is:
> >  1. Issues and patches can be send via the web by registering (or using
> > other side credentials)
> >  2. Issues can be opened by sending a mail to bugs at gnutls.org
> > <bug-gnutls at gnutls.org>
> >  3. Issues can be brought to gnutls-dev ML
> >  4. Issues can be brought to help-gnutls ML
>
> > What I'd like is to reduce the amount of places where issues can be
> brought
> > and discussed to make it easier to keep track of.
>
> > Both Andreas and you make the point for gitlab discussions being more
> > easily available and searchable. Would a read-only gnutls-dev which
> > receives gitlab traffic, address that?
>
> Hello,
>
> A readonly gnutls-dev would improve things a lot.
>

Ok, I'll try to make this transition this month.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180709/262223ab/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 15 19:44:59 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 15 Jul 2018 17:44:59 +0000
Subject: [gnutls-devel] GnuTLS | WIP: RFC: priorities: cipher priorities
 were made consistent with the 3.6.x branch (!704)
References: <reply-a1da0c4d868539cd78dc07a49c122ea7@gitlab.com>
Message-ID: <merge_request_14027794@gitlab.com>

New Merge Request !704

https://gitlab.com/gnutls/gnutls/merge_requests/704

Branches: tmp-equalize-priorities to gnutls_3_5_x
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z and Anderson Sasaki


priorities: cipher priorities were made consistent with the 3.6.x branch
    
Current settings in NORMAL priorities which were affected:
 * Enabled ciphers:
  - AES-GCM
  - CHACHA20-POLY1305
  - AES-CCM
  - AES-CBC
    
Removed:
  * Ciphersuites utilizing CAMELLIA were removed.
    
## Checklist
 * [x] Code modified for feature

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/704
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180715/1bd45e33/attachment.html>

From n.mavrogiannopoulos at gmail.com  Sun Jul 15 19:57:15 2018
From: n.mavrogiannopoulos at gmail.com (Nikos Mavrogiannopoulos)
Date: Sun, 15 Jul 2018 19:57:15 +0200
Subject: [gnutls-devel] The development list is now read-only
Message-ID: <CAJU7zaJh9veD9_H_AopB+0cxFkLQSAzbM_3=p-A7uhWOreboRQ@mail.gmail.com>

Hi,
 As most of the work-flow for gnutls has switched to gitlab.com/gnutls
there is little purpose in keeping a separate forum for development
discussions. As such this mailing list is now read-only and will
receive the traffic from gitlab.com gnutls project as well as release
announcements. We encourage you to follow the project on
https://gitlab.com/gnutls/gnutls .

If you wish to continue using a mailing list for questions or other
discussions please use the help-gnutls mailing list at:
https://lists.gnutls.org/mailman/listinfo/gnutls-help

regards,
Nikos


From nmav at gnutls.org  Mon Jul 16 08:47:06 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 08:47:06 +0200
Subject: [gnutls-devel] gnutls 3.3.30
Message-ID: <641c9ddc8f5de4adf32ba181b241e7eaab44e27e.camel@gnutls.org>

Hello, 
 I've just released gnutls 3.3.30. This is a bug-fix release on
the previous stable branch.

* Version 3.3.30 (released 2018-07-16)

** libgnutls: Corrected infinite loop when an incorrect PIN was provided
   via pin-value or pin-source.

** gnutls-cli: backported the --sni-hostname option. This allows
   overriding the hostname advertised to the peer.

** Improved counter-measures for TLS CBC record padding. Kenny Paterson,
   Eyal Ronen and Adi Shamir reported that the existing countermeasures
   had certain issues and were insufficient when the attacker has
   additional access to the CPU cache and performs a chosen-plaintext
   attack. This affected the legacy CBC ciphersuites. [CVSS: medium]

** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from
   the default priority strings. They are not necessary for
   compatibility or other purpose and provide no advantage over their
   SHA1 counter-parts, as they all depend on the legacy TLS CBC block
   mode.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.30.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.30.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Mon Jul 16 08:48:19 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 08:48:19 +0200
Subject: [gnutls-devel] gnutls 3.5.19
Message-ID: <6168af54f22c58c45949fcac043d98b679fdc8cc.camel@gnutls.org>

Hello, 
 I've just released gnutls 3.5.19. This is a bug fix release on the
current stable branch.

* Version 3.5.19 (released 2018-07-16)

** libgnutls: Backported PKCS#11 module improvements in initialization
   from master branch.

** libgnutls: Corrected infinite loop when an incorrect PIN was provided
   via pin-value or pin-source.

** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
   and Adi Shamir reported that the existing counter-measures had certain issues and
   were insufficient when the attacker has additional access to the CPU cache and 
   performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]

** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
   priority strings. They are not necessary for compatibility or other purpose and
   provide no advantage over their SHA1 counter-parts, as they all depend on the legacy
   TLS CBC block mode.

** API and ABI modifications:
No changes since last version.



Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.19.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.19.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Mon Jul 16 08:51:21 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 08:51:21 +0200
Subject: [gnutls-devel] gnutls 3.6.3
Message-ID: <e70bd77cfa757344104f7b828bd3e6754b3efb23.camel@gnutls.org>

Hello, 
 I've just released gnutls 3.6.3. This is the first release which adds
full support of TLS1.3 (draft28), and several other features on the
3.6.x branch. 

* Version 3.6.3 (released 2018-07-16)

** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version
   negotiation, post handshake authentication, length hiding, multiple OCSP support,
   consistent ciphersuite support across protocols, hello retry requests, ability
   to adjust key shares via gnutls_init() flags, certificate authorities extension,
   and key usage limits. TLS1.3 draft-28 support can be enabled by default if
   the option --enable-tls13-support is given to configure script.

** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or
   earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings
   TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority
   strings, then TLS 1.3 negotiation will be disabled if the session is associated
   only with an anonymous credentials structure.

** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836.
   This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12,
   and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA
   256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357),
   and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836).

** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers
   as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
   priority strings, as they are undefined under TLS1.3 and they provide not advantage
   over other options in earlier protocols.

** The SSL 3.0 protocol is disabled on compile-time by default. It can be re-enabled
   by specifying --enable-ssl3-support on configure script.

** libgnutls: Introduced function to switch the current FIPS140-2 operational
   mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2
   operations.

** libgnutls: Introduced low-level function to assist applications attempting client
   hello extension parsing, prior to GnuTLS' parsing of the message.

** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no
   modifications to the certificate. That prevents DER re-encoding issues with incorrectly
   encoded certificates, or other DER incompatibilities to affect a TLS session.
   Relates with #403

** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups
   which are preferred by the server. That unfortunately has complicated semantics
   as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering,
   which could make group order unpredictable if TLS1.3 is negotiated.

** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
   and Adi Shamir reported that the existing counter-measures had certain issues and
   were insufficient when the attacker has additional access to the CPU cache and 
   performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]

** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation
   of legacy CBC ciphersuites unless encrypt-then-mac is negotiated.

** libgnutls: gnutls_privkey_import_ext4() was enhanced with the
   GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag.

** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2,
   gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default
   unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
   change for these functions which make them err towards safety.

** libgnutls: improved aarch64 cpu features detection by using getauxval().

** certtool: It is now possible to specify certificate and serial CRL numbers greater
   than 2**63-2 as a hex-encoded string both when prompted and in a template file.
   Default certificate serial numbers are now fully random. Default CRL
   numbers include more random bits and are larger than in previous GnuTLS versions.
   Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually
   if you intend to later downgrade to previous versions as it was not possible
   to specify large CRL numbers in previous versions of certtool.

** API and ABI modifications:
gnutls_fips140_set_mode: Added
gnutls_session_key_update: Added
gnutls_ext_get_current_msg: Added
gnutls_reauth: Added
gnutls_ocsp_status_request_get2: Added
gnutls_ocsp_resp_import2: Added
gnutls_ocsp_resp_export2: Added
gnutls_ocsp_resp_list_import2: Added
gnutls_certificate_set_retrieve_function3: Added
gnutls_certificate_set_ocsp_status_request_file2: Added
gnutls_certificate_set_ocsp_status_request_mem: Added
gnutls_certificate_get_ocsp_expiration: Added
gnutls_record_send2: Added
gnutls_ext_raw_parse: Added
gnutls_x509_crt_list_import_url: Added
gnutls_pcert_list_import_x509_file: Added
gnutls_pkcs11_token_get_ptr: Added
gnutls_pkcs11_obj_get_ptr: Added
gnutls_session_ticket_send: Added
gnutls_aead_cipher_encryptv: Added
gnutls_gost_paramset_get_name: Added
gnutls_gost_paramset_get_oid: Added
gnutls_oid_to_gost_paramset: Added
gnutls_decode_gost_rs_value: Added
gnutls_encode_gost_rs_value: Added
gnutls_pubkey_export_gost_raw2: Added
gnutls_pubkey_import_gost_raw: Added
gnutls_x509_crt_get_pk_gost_raw: Added
gnutls_privkey_export_gost_raw2: Added
gnutls_privkey_import_gost_raw: Added
gnutls_x509_privkey_export_gost_raw: Added
gnutls_x509_privkey_import_gost_raw: Added
gnutls_set_default_priority_append: Added
gnutls_priority_init2: Added
GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS: Added
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE: Added


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.3.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.3.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From gitlab at mg.gitlab.com  Mon Jul 16 11:25:05 2018
From: gitlab at mg.gitlab.com (Daniel Salzman)
Date: Mon, 16 Jul 2018 09:25:05 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
References: <reply-9e994d7dc8a0e5c973e5924a9d3a7a6d@gitlab.com>
Message-ID: <issue_12769675@gitlab.com>

New Issue was created.

Issue 516: https://gitlab.com/gnutls/gnutls/issues/516
Author:    Daniel Salzman
Assignee:  

## Description of problem:
Failed to export key if the algorithm is ECDSAP384SHA384.

## Version of gnutls used:
GnuTLS 3.6.2

Previous versions (3.5.18) are not affected.

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora

## How reproducible:
Will be provided if necessary.

## Actual results:
```
==25535==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc8d3bfff8 (pc 0x000000447164 bp 0x7ffc8d3c08c0 sp 0x7ffc8d3c0000 T0)
    #0 0x447163 in printf_common(void*, char const*, __va_list_tag*) (/usr/local/sbin/keymgr+0x447163)
    #1 0x448c55 in vsnprintf (/usr/local/sbin/keymgr+0x448c55)
    #2 0x448ff9 in __interceptor___snprintf_chk (/usr/local/sbin/keymgr+0x448ff9)
    #3 0x7f39179f37d9 in asn1_create_element (/lib64/libtasn1.so.6+0xc7d9)
    #4 0x7f3919b7bde8 in encode_to_private_key_info /usr/src/debug/gnutls-3.6.2-3.fc28.x86_64/lib/x509/privkey_pkcs8.c:162:7
    #5 0x7f3919b7cf49 in gnutls_x509_privkey_export2_pkcs8 /usr/src/debug/gnutls-3.6.2-3.fc28.x86_64/lib/x509/privkey_pkcs8.c:630:8
    #6 0x7f3919b7c1a6 in _encode_privkey /usr/src/debug/gnutls-3.6.2-3.fc28.x86_64/lib/x509/privkey_pkcs8.c:85:7
    #7 0x7f3919b7c1a6 in encode_to_private_key_info /usr/src/debug/gnutls-3.6.2-3.fc28.x86_64/lib/x509/privkey_pkcs8.c:205:11
    #8 0x7f3919b7cf49 in gnutls_x509_privkey_export2_pkcs8 /usr/src/debug/gnutls-3.6.2-3.fc28.x86_64/lib/x509/privkey_pkcs8.c:630:8
...
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/cd44ef28/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 16 11:59:02 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 09:59:02 +0000
Subject: [gnutls-devel] GnuTLS | when a custom priority is used the output
 of the new priority functions on error is unreliable (#517)
References: <reply-b0f9a6454b23d7ad54d4b1bda03f23ae@gitlab.com>
Message-ID: <issue_12770366@gitlab.com>

New Issue was created.

Issue 517: https://gitlab.com/gnutls/gnutls/issues/517
Author:    Nikos Mavrogiannopoulos
Assignee:  

When gnutls is compiled with `--with-system-priority-file=file` and `--with-default-priority-string=SOMETHING` the tests `priority-init2.c` and `set-default-prio.c` fail with output `error expected error on different position`.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/517
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/842e6c93/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 16 13:16:48 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 11:16:48 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-c79c170db805a20b2f1cd53844046b69@gitlab.com>
Message-ID: <note_88193253@gitlab.com>

Could you provide a reproducer either in code or in the form of a certtool command?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516#note_88193253
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/9f708c02/attachment-0001.html>

From gitlab at mg.gitlab.com  Mon Jul 16 14:13:12 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 12:13:12 +0000
Subject: [gnutls-devel] GnuTLS | Fixed error detection in priority strings
 when they are overriden (!705)
References: <reply-e9a503fd64ca1c562184b233f4895dcf@gitlab.com>
Message-ID: <merge_request_14083352@gitlab.com>

New Merge Request !705

https://gitlab.com/gnutls/gnutls/merge_requests/705

Branches: tmp-fix-prio-init2 to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z and Anderson Sasaki


This addresses the issue of test suite failure when --with-system-priority-file and --with-default-priority-string are provided (e.g, in Fedora). It also enhances the test suite with these options being active.

## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/705
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/a14400a2/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 16 15:09:32 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 16 Jul 2018 13:09:32 +0000
Subject: [gnutls-devel] GnuTLS | when a custom priority is used the
 output of the new priority functions on error is unreliable (#517)
In-Reply-To: <issue_12770366@gitlab.com>
References: <issue_12770366@gitlab.com>
 <reply-9d6497d8be57edc853760e9740358d2e@gitlab.com>
Message-ID: <bce9a387e77d12e5f28cf47d64208bf8@gitlab.com>

Reassigned Issue 517

https://gitlab.com/gnutls/gnutls/issues/517

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/517
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/1501373a/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 16 15:39:38 2018
From: gitlab at mg.gitlab.com (Daniel Salzman)
Date: Mon, 16 Jul 2018 13:39:38 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-11edb4e0d9d5e4acf508ef4b6a751684@gitlab.com>
Message-ID: <note_88235177@gitlab.com>

```
	gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_SECP256R1;

	uint8_t x_data[] = {
		0xdd, 0x3b, 0xe9, 0x90, 0x9e, 0xb8, 0x2b, 0x36, 0x49, 0xa0, 0x0c, 0xc0, 0x30, 0x46, 0x97, 0x13,
		0xdc, 0x77, 0x7b, 0xd5, 0xdf, 0xe2, 0x6b, 0x3d, 0xbd, 0xc5, 0x37, 0x23, 0xde, 0x12, 0xac, 0x97
	};
	gnutls_datum_t x = { .size = sizeof(x_data), .data = x_data };

	uint8_t y_data[] = {
		0x54, 0xa2, 0x67, 0xe9, 0x59, 0xd0, 0xec, 0xa2, 0xcc, 0x34, 0x1b, 0xe6, 0x6b, 0x14, 0x6a, 0xdf,
		0xc3, 0xb4, 0x6c, 0x73, 0x0a, 0x1c, 0x1c, 0x5f, 0xde, 0x48, 0x6c, 0x47, 0x5e, 0x84, 0xf1, 0x75
	};
	gnutls_datum_t y = { .size = sizeof(y_data), .data = y_data };

	uint8_t priv_key[] = {
		0x28, 0xbd, 0xc1, 0xed, 0xed, 0xcd, 0x23, 0xdb, 0x6b, 0x69, 0x34, 0x94, 0xcb, 0xd9, 0xc6, 0xb5,
		0xb7, 0x9d, 0xb5, 0x37, 0x3b, 0xe2, 0x04, 0xea, 0x0a, 0x05, 0xfd, 0xd0, 0x8c, 0x20, 0xd8, 0x9c };
	gnutls_datum_t k = { .size = sizeof(priv_key), .data = priv_key };

	gnutls_x509_privkey_t key = NULL;
	int result = gnutls_x509_privkey_init(&key);
	assert(result == GNUTLS_E_SUCCESS);

	result = gnutls_x509_privkey_import_ecc_raw(key, curve, &x, &y, &k);
	assert(result == GNUTLS_E_SUCCESS);

	gnutls_x509_privkey_fix(key);
	assert(result == GNUTLS_E_SUCCESS);

	gnutls_x509_crt_fmt_t format = GNUTLS_X509_FMT_PEM;
	char *password = NULL;
	int flags = GNUTLS_PKCS_PLAIN;

	uint8_t out_data[4096];
	size_t out_size = 4096;
	result = gnutls_x509_privkey_export_pkcs8(key, format, password, flags,
						out_data, &out_size);
	assert(result == GNUTLS_E_SUCCESS);

	gnutls_x509_privkey_deinit(key);
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516#note_88235177
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/14d2b542/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 16 15:43:20 2018
From: gitlab at mg.gitlab.com (Daniel Salzman)
Date: Mon, 16 Jul 2018 13:43:20 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-7850f31d654ee72bd52f4794f39eddfa@gitlab.com>
Message-ID: <note_88236430@gitlab.com>

```
Public Key Info:
	Public Key Algorithm: EC/ECDSA
	Key Security Level: High (256 bits)

curve:	SECP256R1
private key:
	28:bd:c1:ed:ed:cd:23:db:6b:69:34:94:cb:d9:c6:b5
	b7:9d:b5:37:3b:e2:04:ea:0a:05:fd:d0:8c:20:d8:9c
	

x:
	00:dd:3b:e9:90:9e:b8:2b:36:49:a0:0c:c0:30:46:97
	13:dc:77:7b:d5:df:e2:6b:3d:bd:c5:37:23:de:12:ac
	97:

y:
	54:a2:67:e9:59:d0:ec:a2:cc:34:1b:e6:6b:14:6a:df
	c3:b4:6c:73:0a:1c:1c:5f:de:48:6c:47:5e:84:f1:75
	


Public Key PIN:
	pin-sha256:SHUgpq0/2vb4eOOxEEnNh/pvJDSS2DzByDU0T6pqqBE=
Public Key ID:
	sha256:487520a6ad3fdaf6f878e3b11049cd87fa6f243492d83cc1c835344faa6aa811
	sha1:69c18fe800d73da3973defa14daa7379821cb8a7

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICi9we3tzSPba2k0lMvZxrW3nbU3O+IE6goF/dCMINicoAoGCCqGSM49
AwEHoUQDQgAE3TvpkJ64KzZJoAzAMEaXE9x3e9Xf4ms9vcU3I94SrJdUomfpWdDs
osw0G+ZrFGrfw7RscwocHF/eSGxHXoTxdQ==
-----END EC PRIVATE KEY-----
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516#note_88236430
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/11869ddc/attachment-0001.html>

From gitlab at mg.gitlab.com  Mon Jul 16 15:52:52 2018
From: gitlab at mg.gitlab.com (Ander Juaristi)
Date: Mon, 16 Jul 2018 13:52:52 +0000
Subject: [gnutls-devel] GnuTLS | Session ticket key rotation with TOTP
 (!695)
In-Reply-To: <note_85729621@gitlab.com>
References: <merge_request_13613953@gitlab.com> <note_85729621@gitlab.com>
 <reply-51be675f3f2eea275f99369f85aaa187@gitlab.com>
Message-ID: <note_88239904@gitlab.com>

Ander Juaristi commented on a discussion on lib/stek.c:

> +	};
> +
> +	if (unlikely(session == NULL || ticket_data == NULL || ticket_data->data == NULL))
> +		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
> +
> +	if (ticket_data->size < TICKET_KEY_NAME_SIZE)
> +		return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
> +
> +	if ((retval = rotate(session)) < 0)
> +		return gnutls_assert_val(retval);
> +
> +	/*
> +	 * Is current key valid?
> +	 * We compare the first 16 bytes --> The key_name field.
> +	 */
> +	if (memcmp(ticket_data->data,

@nmav you are right. I had some code that did this initially, but then thought that would never happen and thrown that code away!

But you are right. This can happen and we need to check for it. What the previous code did was (in `_gnutls_get_session_ticket_decryption_key`):

 1. Check current key. If it matches, use it to decrypt the ticket.
 2. If it doesn't match, compute the previous key. This is easy - you only need the T parameter, so you just do `--t` and re-compute TOTP with that value.
 3. Check the previous key. If it matches, use it to decrypt the ticket.
 4. Else throw the ticket away.

I will re-implement this algorithm and push again.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/695#note_88239904
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/904f09aa/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 16 18:10:21 2018
From: gitlab at mg.gitlab.com (Daiki Ueno)
Date: Mon, 16 Jul 2018 16:10:21 +0000
Subject: [gnutls-devel] GnuTLS | WIP: TLS 1.3: ignore "early_data" extension
 (!706)
References: <reply-716c5d87a8f9ba8210d1786438408aae@gitlab.com>
Message-ID: <merge_request_14094230@gitlab.com>

New Merge Request !706

https://gitlab.com/gnutls/gnutls/merge_requests/706

Branches: tmp-skip-zero-rtt to master
Author:    Daiki Ueno
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Tim R?hsen, Andreas Metzler, Tom, Ander Juaristi, Tom?? Mr?z and Anderson Sasaki


This fixes #512. Since 0-RTT is not implemented yet, this patch let the server fallback to 1-RTT if it received the "early_data" extension. The semantics follows the first option suggested in [4.2.10](https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#rfc.section.4.2.10), which ignores decryption failure up to `max_early_data_size`.

The test case is currently missing, but it should be covered by tlsfuzzer once the branch is merged.

## Checklist
 * [x] Code modified for feature
 * [x] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/acd07f38/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 17 04:41:43 2018
From: gitlab at mg.gitlab.com (g10guang)
Date: Tue, 17 Jul 2018 02:41:43 +0000
Subject: [gnutls-devel] GnuTLS | Does it support multithread for https?
 (#519)
References: <reply-c74ff75c9135b99f01429dc8830059b9@gitlab.com>
Message-ID: <issue_12791182@gitlab.com>

New Issue was created.

Issue 519: https://gitlab.com/gnutls/gnutls/issues/519
Author:    g10guang
Assignee:  

## Description of the feature:

Our team uses libcurl to do a http request. And now we are going to support https. 
But we find out openssl is not thread-saft.?

We are looking for a ssl library which is supported by curl and is thread-safe.

[ssl lib which support by libcurl](https://curl.haxx.se/docs/ssl-compared.html)

If you know about some libs which satisfy our requirements, please inform us. 

Thank you.?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/519
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/c72803d1/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 08:10:20 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 06:10:20 +0000
Subject: [gnutls-devel] GnuTLS | Does it support multithread for https?
 (#519)
In-Reply-To: <issue_12791182@gitlab.com>
References: <issue_12791182@gitlab.com>
 <reply-b5c9a429ca228c5becdd36c641c351d9@gitlab.com>
Message-ID: <note_88385365@gitlab.com>

Yes it is.
https://gnutls.org/manual/html_node/Thread-safety.html

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/519#note_88385365
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/8d9d38b4/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 08:10:20 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 06:10:20 +0000
Subject: [gnutls-devel] GnuTLS | Does it support multithread for https?
 (#519)
In-Reply-To: <issue_12791182@gitlab.com>
References: <issue_12791182@gitlab.com>
 <reply-b63841818a2b304212dd4f5d41a6241c@gitlab.com>
Message-ID: <f9071dd4846926b79d4db003baee07e2@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #519: https://gitlab.com/gnutls/gnutls/issues/519

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/519
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/6e154704/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 09:02:54 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 07:02:54 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-7b922e2da9604b2dd592a53a8c7f46a1@gitlab.com>
Message-ID: <b4dc6ed7ed4283a29c1a36628a0cd07f@gitlab.com>

Reassigned Issue 516

https://gitlab.com/gnutls/gnutls/issues/516

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/f9fbe26d/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 09:03:10 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 07:03:10 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-cee44e2afdbcc3fccf6251f21f2fc967@gitlab.com>
Message-ID: <note_88393193@gitlab.com>

Thanks, that looks like a regression from 3.5.x. I'll investigate.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516#note_88393193
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/8a72a656/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 12:02:10 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 10:02:10 +0000
Subject: [gnutls-devel] GnuTLS | WIP: tests: introduced tests for PKCS#8 key
 exporting (!707)
References: <reply-9bc29464ef277aa6f3c0d1dcd594c784@gitlab.com>
Message-ID: <merge_request_14118513@gitlab.com>

New Merge Request !707

https://gitlab.com/gnutls/gnutls/merge_requests/707

Branches: tmp-fix-pkcs8-export to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z and Anderson Sasaki


## Checklist
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/707
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/37a8d1d7/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 17 13:32:34 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 11:32:34 +0000
Subject: [gnutls-devel] GnuTLS | add bogo shim for TLS interop tests
 (#482)
In-Reply-To: <issue_12122387@gitlab.com>
References: <issue_12122387@gitlab.com>
 <reply-718a4e9ea00be0e22bb2cbfb6f960711@gitlab.com>
Message-ID: <687e1d41ed9ede13b1a022c6b33a332e@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #482: https://gitlab.com/gnutls/gnutls/issues/482

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/482
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/aed2ddb8/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 13:32:34 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 17 Jul 2018 11:32:34 +0000
Subject: [gnutls-devel] GnuTLS | add bogo shim for TLS interop tests
 (#482)
In-Reply-To: <issue_12122387@gitlab.com>
References: <issue_12122387@gitlab.com>
 <reply-694bab3faf2b801100df14e763d80caa@gitlab.com>
Message-ID: <note_88464315@gitlab.com>

As per yesterday's discussion closing in favor of focusing to a better tlsfuzzer integration.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/482#note_88464315
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/f0733a18/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 13:54:37 2018
From: gitlab at mg.gitlab.com (GitLab)
Date: Tue, 17 Jul 2018 11:54:37 +0000
Subject: [gnutls-devel] Access to the gnutls group was granted
Message-ID: <5b4dd8fd59eec_12fe83fcbf49ed1f8226435@sidekiq-asap-04.mail>

You have been granted Guest access to the gnutls group.

https://gitlab.com/groups/gnutls

-- 

You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/a10c9bd4/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 17 19:28:51 2018
From: gitlab at mg.gitlab.com (Mark Ignacio)
Date: Tue, 17 Jul 2018 17:28:51 +0000
Subject: [gnutls-devel] GnuTLS | p11tool crashes when trying to display very
 long CKA_IDs (#520)
References: <reply-b694854cbdf504a3fbcc46d903d8131e@gitlab.com>
Message-ID: <issue_12812171@gitlab.com>

New Issue was created.

Issue 520: https://gitlab.com/gnutls/gnutls/issues/520
Author:    Mark Ignacio
Assignee:  

## Description of problem:

p11tool is able to display the PKCS#11 URI for an object with a CKA_ID longer than 42 bytes, but crashes when displaying the colon-delimited version.

As far as I know, the PKCS#11 spec puts no limit on the size of a CKA_ID.

## Version of gnutls used:

3.6.2-3.fc28

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Fedora 28

## How reproducible:

Steps to Reproduce:

 * Using some other tool, create an object with an pretty long CKA_ID. I triggered this with a 68 byte ID.
 * Invoke `p11tool --list-all` on the token.

## Actual results:

```
$ p11tool --list-all 'pkcs11:model=SLB9670'Object 0:
	URL: pkcs11:model=SLB9670;manufacturer=IFX;serial=;token=TPM2.0;id=%30%30%30%62%30%37%62%63%34%37%66%33%37%33%63%35%36%37%64%38%32%31%61%61%30%63%61%34%63%38%36%36%37%65%66%62%66%39%36%62%32%62%64%34%32%37%34%61%36%39%36%30%30%66%33%65%65%39%37%35%37%32%38%38%31%31%30%34;type=public
	Type: Public key
	Label: 
Error in pkcs11_list:333: The given memory buffer is too short to hold parameters.
```

## Expected results:

Manually truncating the CKA_ID to 42 bytes with my PKCS#11 library, I can get it to print the ID out.

```
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/520
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180717/a630e927/attachment.html>

From gitlab at mg.gitlab.com  Wed Jul 18 12:19:04 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?QmrDtnJuIEphY2tl?=)
Date: Wed, 18 Jul 2018 10:19:04 +0000
Subject: [gnutls-devel] GnuTLS | trailing dot needs to be stripped for
 certificate matching (#521)
References: <reply-206ddab96389ad6b3004550003c4c84d@gitlab.com>
Message-ID: <issue_12828102@gitlab.com>

New Issue was created.

Issue 521: https://gitlab.com/gnutls/gnutls/issues/521
Author:    Bj?rn Jacke
Assignee:  

A perfectly correct DNS FQDN ends with a dot but this will break certificate name matching with of gnutls-clu because names in certs omit the trainling for for FQDNs:

# gnutls-cli --starttls-proto=smtp alt1.aspmx.l.google.com.:25
...
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

while the same withalt1.aspmx.l.google.com:25 works. gnutls-cli shoult strip the dot for the name matching.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/521
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180718/cca860c8/attachment.html>

From gitlab at mg.gitlab.com  Wed Jul 18 16:16:39 2018
From: gitlab at mg.gitlab.com (Daiki Ueno)
Date: Wed, 18 Jul 2018 14:16:39 +0000
Subject: [gnutls-devel] GnuTLS | Fix interleaved handshake handling in TLS
 1.3 (!708)
References: <reply-b1eaf250d57699810d307818edd1bf65@gitlab.com>
Message-ID: <merge_request_14182403@gitlab.com>

New Merge Request !708

https://gitlab.com/gnutls/gnutls/merge_requests/708

Branches: tmp-handshake-interleave to master
Author:    Daiki Ueno
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Tim R?hsen, Andreas Metzler, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


Previously, we disabled some tests from `tlsfuzzer/scripts/test-tls13-zero-length-data.py`, which utilizes unusual splitting of a handshake message (the first 2 bytes and the remaining).  This series makes GnuTLS handle it correctly and enables those tests.

There are three places needed to be fixed:
- `_gnutls_parse_record_buffered_msgs()`: take into account of very short fragmentation (< 4 bytes)
- `check_recv_type()`: fail early in `recv_headers()`, if there is a partial handshake message in the buffer
- the length check in `parse_handshake_header()`: take into account of zero-length fragment

## Checklist
 * [x] Test suite updated with functionality tests

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/708
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180718/dfe5c5b2/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 01:49:00 2018
From: gitlab at mg.gitlab.com (Les Aker)
Date: Wed, 18 Jul 2018 23:49:00 +0000
Subject: [gnutls-devel] GnuTLS | Missing 3.5.19 tag (#522)
References: <reply-9f63895f22ff38a6f197d9be96c02508@gitlab.com>
Message-ID: <issue_12843105@gitlab.com>

New Issue was created.

Issue 522: https://gitlab.com/gnutls/gnutls/issues/522
Author:    Les Aker
Assignee:  

Howdy!

It looks like the 3.5.19 tag hasn't made it to this repo yet?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/522
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180718/3f62eef2/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 07:38:49 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 05:38:49 +0000
Subject: [gnutls-devel] GnuTLS | Missing 3.5.19 tag (#522)
In-Reply-To: <issue_12843105@gitlab.com>
References: <issue_12843105@gitlab.com>
 <reply-6b85477516789b7b7f36dfa56465597d@gitlab.com>
Message-ID: <dce74c6fccefaac1dca02250e39bf796@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #522: https://gitlab.com/gnutls/gnutls/issues/522

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/522
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/143c754a/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 07:38:48 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 05:38:48 +0000
Subject: [gnutls-devel] GnuTLS | Missing 3.5.19 tag (#522)
In-Reply-To: <issue_12843105@gitlab.com>
References: <issue_12843105@gitlab.com>
 <reply-733706d5757f780c61a53e07ae2f40ae@gitlab.com>
Message-ID: <note_88943434@gitlab.com>

Thanks, you're right. pushed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/522#note_88943434
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/37a2482b/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:15:31 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:15:31 +0000
Subject: [gnutls-devel] GnuTLS | when a custom priority is used the
 output of the new priority functions on error is unreliable (#517)
In-Reply-To: <issue_12770366@gitlab.com>
References: <issue_12770366@gitlab.com>
 <reply-82683a751481e08d63bb29e6ec0408f3@gitlab.com>
Message-ID: <293f1632264cb73002c0ae2d2f868eea@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #517: https://gitlab.com/gnutls/gnutls/issues/517

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/517
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/f9f7b96b/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:15:31 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:15:31 +0000
Subject: [gnutls-devel] GnuTLS | when a custom priority is used the
 output of the new priority functions on error is unreliable (#517)
In-Reply-To: <issue_12770366@gitlab.com>
References: <issue_12770366@gitlab.com>
 <reply-0225d707a2c1fb497f6cc040caccb71b@gitlab.com>
Message-ID: <d497758d884f2ae234a90b59a2a254fd@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #517: https://gitlab.com/gnutls/gnutls/issues/517

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/517
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/4cb101e7/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:15:33 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:15:33 +0000
Subject: [gnutls-devel] GnuTLS | Fixed error detection in priority
 strings when they are overriden (!705)
In-Reply-To: <merge_request_14083352@gitlab.com>
References: <merge_request_14083352@gitlab.com>
 <reply-9a954f77a118bdc1482af70cd35a957a@gitlab.com>
Message-ID: <6797fd8b6895711d85621ef6f5c53220@gitlab.com>

Merge Request !705 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/705
Branches: tmp-fix-prio-init2 to master
Author: Nikos Mavrogiannopoulos
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/705
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/4124d40c/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:16:52 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:16:52 +0000
Subject: [gnutls-devel] GnuTLS | Fixed error detection in priority
 strings when they are overriden (!705)
In-Reply-To: <merge_request_14083352@gitlab.com>
References: <merge_request_14083352@gitlab.com>
 <reply-3a3ca4f24aa9bcd26946f05d87cfaab8@gitlab.com>
Message-ID: <ae567abcd612930112848d2a68b87683@gitlab.com>

Reassigned Merge Request 705

https://gitlab.com/gnutls/gnutls/merge_requests/705

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/705
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/b1700a0b/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:25:17 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:25:17 +0000
Subject: [gnutls-devel] GnuTLS | p11tool crashes when trying to display
 very long CKA_IDs (#520)
In-Reply-To: <issue_12812171@gitlab.com>
References: <issue_12812171@gitlab.com>
 <reply-8799f45a64d8a6bef14b99a3a2b4c2e9@gitlab.com>
Message-ID: <7160bdb6969edae9a08e1289e452f1d5@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #520: https://gitlab.com/gnutls/gnutls/issues/520

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/520
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/c451ba97/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:25:20 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:25:20 +0000
Subject: [gnutls-devel] GnuTLS | p11tool crashes when trying to display
 very long CKA_IDs (#520)
In-Reply-To: <issue_12812171@gitlab.com>
References: <issue_12812171@gitlab.com>
 <reply-4cb1cc0f3e7ee95ed749b2311bc6d56e@gitlab.com>
Message-ID: <74f8c06e4f8b41a743345a4fabfe9a8c@gitlab.com>

Reassigned Issue 520

https://gitlab.com/gnutls/gnutls/issues/520

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/520
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/ea26c81e/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:27:22 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:27:22 +0000
Subject: [gnutls-devel] GnuTLS | p11tool crashes when trying to display
 very long CKA_IDs (#520)
In-Reply-To: <issue_12812171@gitlab.com>
References: <issue_12812171@gitlab.com>
 <reply-36f2ae5de262296e2237045d8ab10ab1@gitlab.com>
Message-ID: <note_88991845@gitlab.com>

Thank you for reporting that. While the standard doesn't set a maximum value, I do not think that p11tool ought to print any unreasonably long value. Said that it shouldn't fail printing the rest info if one ID is too long. I've applied a patch as a quick fix.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/520#note_88991845
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/0b6dfeaf/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:28:54 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:28:54 +0000
Subject: [gnutls-devel] GnuTLS | trailing dot needs to be stripped for
 certificate matching (#521)
In-Reply-To: <issue_12828102@gitlab.com>
References: <issue_12828102@gitlab.com>
 <reply-c4f9160502e02808a08a6278f7b1c042@gitlab.com>
Message-ID: <note_88992370@gitlab.com>

Thanks that looks reasonable to address. Adding it in the list of issues to be addressed in 3.6.x series.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/521#note_88992370
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/712102a9/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 11:53:46 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 09:53:46 +0000
Subject: [gnutls-devel] GnuTLS | WIP: Fix interleaved handshake handling
 in TLS 1.3 (!708)
In-Reply-To: <merge_request_14182403@gitlab.com>
References: <merge_request_14182403@gitlab.com>
 <reply-7d5e65576d1864911699fe468642984b@gitlab.com>
Message-ID: <note_88997898@gitlab.com>

#272 seems related to this.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/708#note_88997898
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/2cbc069f/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 12:13:11 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 10:13:11 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
References: <reply-5caa312bb1039cd376106e9a469f0216@gitlab.com>
Message-ID: <issue_12853490@gitlab.com>

New Issue was created.

Issue 523: https://gitlab.com/gnutls/gnutls/issues/523
Author:    Tim R?hsen
Assignee:  

In Line 489+ there is
```
while ((psk_index = _gnutls13_psk_ext_parser_next_psk(&psk_parser, &psk)) >= 0) {
...
```

It is possible that the loop terminates without some variables being set (`resuming` and `prf`). Within the loop not all possible conditions are covered.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/268861f5/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 12:52:42 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 10:52:42 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
References: <reply-2ac73893111882b658629cc24b0769aa@gitlab.com>
Message-ID: <merge_request_14221892@gitlab.com>

New Merge Request !709

https://gitlab.com/gnutls/gnutls/merge_requests/709

Branches: tmp-fix-521 to master
Author:    Tim R?hsen
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


Fixes #532

## Checklist
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/28400b4c/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 12:53:31 2018
From: gitlab at mg.gitlab.com (Daiki Ueno)
Date: Thu, 19 Jul 2018 10:53:31 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
In-Reply-To: <issue_12853490@gitlab.com>
References: <issue_12853490@gitlab.com>
 <reply-fa4ba8545fce772f99338675c4a2e350@gitlab.com>
Message-ID: <note_89016126@gitlab.com>

I suspect it's a false-positive.  There is a check on `psk_index < 0` after the loop, and when exiting from the loop with a non-negative `psk_index`, `resuming` and `prf` are always set, due to the `break` statements.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523#note_89016126
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/268d361c/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 12:55:31 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 10:55:31 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-61f482a2e3388298c9b7d72e8d69d0c3@gitlab.com>
Message-ID: <note_89016567@gitlab.com>

Thanks it looks good to me. Should we add a test in `sni-hostname.sh` to make sure that this is handled an is not re-introduced in the future?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89016567
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/b50dfeff/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 12:59:53 2018
From: gitlab at mg.gitlab.com (Hubert Kario)
Date: Thu, 19 Jul 2018 10:59:53 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
In-Reply-To: <issue_12853490@gitlab.com>
References: <issue_12853490@gitlab.com>
 <reply-d37f4218513cd0d5512422c03235e9b6@gitlab.com>
Message-ID: <note_89017479@gitlab.com>

possible reproducer tlsfuzzer `test-tls13-session-resumption.py` introduced in [tlsfuzzer#427](https://github.com/tomato42/tlsfuzzer/pull/427)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523#note_89017479
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/b12daa5c/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 13:24:24 2018
From: gitlab at mg.gitlab.com (Daiki Ueno)
Date: Thu, 19 Jul 2018 11:24:24 +0000
Subject: [gnutls-devel] GnuTLS | WIP: Fix interleaved handshake handling
 in TLS 1.3 (!708)
In-Reply-To: <merge_request_14182403@gitlab.com>
References: <merge_request_14182403@gitlab.com>
 <reply-5d42d14b4b9f678c2d543db5c097a05d@gitlab.com>
Message-ID: <note_89069883@gitlab.com>

I realized that empty records and interleaves need to be checked _after_ decrypting the records under TLS 1.3; 8abadcb6 and 74f2671c should address that.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/708#note_89069883
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/1615a65a/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 13:28:43 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Thu, 19 Jul 2018 11:28:43 +0000
Subject: [gnutls-devel] GnuTLS | certtool: use gnutls_gost_paramset_get_name
 (!710)
References: <reply-d900266d5949978f87a1959d75b135c4@gitlab.com>
Message-ID: <merge_request_14225899@gitlab.com>

New Merge Request !710

https://gitlab.com/gnutls/gnutls/merge_requests/710

Project:Branches: GostCrypt/gnutls:certtool-gost-paramset to gnutls/gnutls:master
Author:    Dmitry Eremin-Solenikov
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


Add a description of the new feature/bug fix. Reference any relevant bugs.

## Checklist
 * [x] Code modified for feature

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/710
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/58adeaf8/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 13:39:15 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 11:39:15 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-72d11b0b5a77069b0dbd579d2ed66d85@gitlab.com>
Message-ID: <note_89073644@gitlab.com>

Hi a fix can be seen in !517. A work-around is to use `gnutls_privkey_t` structure to import the ECC key, or to use `gnutls_x509_privkey_cpy` on the imported key.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516#note_89073644
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/13618d6f/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 13:43:13 2018
From: gitlab at mg.gitlab.com (Daniel Salzman)
Date: Thu, 19 Jul 2018 11:43:13 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-0a7cb00fc27db93f65d13eb369c60452@gitlab.com>
Message-ID: <note_89074611@gitlab.com>

Thanks!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516#note_89074611
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/f21e8be3/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 14:10:08 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 12:10:08 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-f426548c5974472ab07a60f7170b7f34@gitlab.com>
Message-ID: <note_89080717@gitlab.com>

Nikos Mavrogiannopoulos started a new discussion on src/socket.c:

>  	if (inet_pton(AF_INET6, hostname, buf) == 1)
>  		return;
>  
> -	*p = 0;
> +	if (p > hostname && p[-1] == '.')
> +		p[-1] = 0; // remove trailing dot on FQDN
> +	else
> +		*p = 0;

On a second look that does handle only some cases. If the "hostname:service" form is used the final '.' is removed. Otherwise if only hostname+'.' is provided my understanding is that it will not be detected.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89080717
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/50133957/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 14:17:20 2018
From: gitlab at mg.gitlab.com (Daiki Ueno)
Date: Thu, 19 Jul 2018 12:17:20 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
In-Reply-To: <issue_12853490@gitlab.com>
References: <issue_12853490@gitlab.com>
 <reply-7aa4611904da90258caec070ce458e95@gitlab.com>
Message-ID: <note_89082531@gitlab.com>

@tomato42 I would say it's unrelated; it's failing in checking ticket lifetime.

Currently, tlsfuzzer calculates the ticket age as the seconds from the Unix epoch.  This is not correct, you need to use the difference from the time when NST is received.  So:

```
ticket_time = int(nst.time + nst.ticket_age_add) % 2**32
```
should be:
```
ticket_time = int((time.time() - nst.time) * 1000 + nst.ticket_age_add) % 2**32
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523#note_89082531
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/da070c6f/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 15:19:19 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 13:19:19 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
In-Reply-To: <issue_12853490@gitlab.com>
References: <issue_12853490@gitlab.com>
 <reply-01136abbacc9579d843af5f243cc9683@gitlab.com>
Message-ID: <note_89100222@gitlab.com>

> I suspect it's a false-positive. There is a check on psk_index < 0 after the loop, and when exiting from the loop with a non-negative psk_index, resuming and prf are always set, due to the break statements.

Thanks, you are right, sorry for the hassle. Looks like a gcc issue (gcc 7 + 8 are affected). clang-7 is silent about it.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523#note_89100222
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/e5ca7491/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 15:19:19 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 13:19:19 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
In-Reply-To: <issue_12853490@gitlab.com>
References: <issue_12853490@gitlab.com>
 <reply-509174eef87bf2e7ef70840281e5c235@gitlab.com>
Message-ID: <c54f7f4c0a4762c7ecd26ab0df8ce294@gitlab.com>

Issue was closed by Tim R?hsen
Issue #523: https://gitlab.com/gnutls/gnutls/issues/523

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/b01adab4/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 15:28:44 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 13:28:44 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <note_89102607@gitlab.com>
References: <merge_request_14221892@gitlab.com> <note_89080717@gitlab.com>
 <note_89102607@gitlab.com>
 <reply-91c48249b6912de3a6802d699e8c8109@gitlab.com>
Message-ID: <note_89102709@gitlab.com>

Tim R?hsen commented on a discussion on src/socket.c:

>  	if (inet_pton(AF_INET6, hostname, buf) == 1)
>  		return;
>  
> -	*p = 0;
> +	if (p > hostname && p[-1] == '.')
> +		p[-1] = 0; // remove trailing dot on FQDN
> +	else
> +		*p = 0;

Corrected now.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89102709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/05691a69/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 15:41:38 2018
From: gitlab at mg.gitlab.com (Hubert Kario)
Date: Thu, 19 Jul 2018 13:41:38 +0000
Subject: [gnutls-devel] GnuTLS | Missing/wrong checks in
 lib/ext/pre_shared_key.c (server_recv_params) (#523)
In-Reply-To: <issue_12853490@gitlab.com>
References: <issue_12853490@gitlab.com>
 <reply-b61f6cf71b4e8c5ab4f18bb99bba51cd@gitlab.com>
Message-ID: <note_89105741@gitlab.com>

@dueno ah, thanks, yes, it's not correct; fixed it in the newest version of PR

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/523#note_89105741
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/a78178f9/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 15:52:20 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 13:52:20 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: return early on handshake when
 no cert is provided by client (#457)
In-Reply-To: <issue_10942063@gitlab.com>
References: <issue_10942063@gitlab.com>
 <reply-8346be57f4f1313fc1d1e3c98a4c65b1@gitlab.com>
Message-ID: <55bc169b4ebea3f7e77a1f313b4d9e45@gitlab.com>

Reassigned Issue 457

https://gitlab.com/gnutls/gnutls/issues/457

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/457
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/c821f865/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 15:53:17 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Thu, 19 Jul 2018 13:53:17 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS does not transition to
 application data keys after sending server Finished message (#481)
In-Reply-To: <issue_12120060@gitlab.com>
References: <issue_12120060@gitlab.com>
 <reply-a3010d26d1de21da3f8903a502e1a701@gitlab.com>
Message-ID: <129b53433b5bc4ec0ba755395ae12500@gitlab.com>

Reassigned Issue 481

https://gitlab.com/gnutls/gnutls/issues/481

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/481
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/64876170/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 19:21:42 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 17:21:42 +0000
Subject: [gnutls-devel] GnuTLS | certtool: use
 gnutls_gost_paramset_get_name (!710)
In-Reply-To: <merge_request_14225899@gitlab.com>
References: <merge_request_14225899@gitlab.com>
 <reply-4465a3f4867c775e61c9c8697312415e@gitlab.com>
Message-ID: <7e484fa2b1a3af1e7d4f645f5a41cc38@gitlab.com>

Merge Request !710 was approved by Tim R?hsen
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/710
Project:Branches: GostCrypt/gnutls:certtool-gost-paramset to gnutls/gnutls:master
Author: Dmitry Eremin-Solenikov
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/710
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/bcedd679/attachment-0001.html>

From gitlab at mg.gitlab.com  Thu Jul 19 19:23:28 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 17:23:28 +0000
Subject: [gnutls-devel] GnuTLS | certtool: use
 gnutls_gost_paramset_get_name (!710)
In-Reply-To: <merge_request_14225899@gitlab.com>
References: <merge_request_14225899@gitlab.com>
 <reply-b0ebb7a51a61de11e1423444b7d30ad5@gitlab.com>
Message-ID: <note_89153375@gitlab.com>

LGTM. Please restart the failed jobs.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/710#note_89153375
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/ec4773f5/attachment.html>

From gitlab at mg.gitlab.com  Thu Jul 19 22:35:23 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Thu, 19 Jul 2018 20:35:23 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-a17de5ceaba2a9db4b872f0e805b03a4@gitlab.com>
Message-ID: <note_89179784@gitlab.com>

> Should we add a test in sni-hostname.sh ...

Just did that locally... looks like neither the hostname of --sni-hostname nor of --verify-hostname is normalized yet. I'll take a look tomorrow.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89179784
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180719/5d6cd2c9/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 08:26:02 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 06:26:02 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-8d0e37998315ce2c59ac26f589bbddc0@gitlab.com>
Message-ID: <note_89232456@gitlab.com>

Maybe it would be simpler to move it to lower-level, i.e., to the hostname verification function such as `gnutls_x509_crt_check_hostname2`, however it depends on what [rfc6125](https://tools.ietf.org/html/rfc6125) says about this case.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89232456
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/7164f493/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 12:39:48 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 10:39:48 +0000
Subject: [gnutls-devel] GnuTLS | replace the max record size extension (#524)
References: <reply-a353ff1e4a81976ec64d42ce35e28b87@gitlab.com>
Message-ID: <issue_12881878@gitlab.com>

New Issue was created.

Issue 524: https://gitlab.com/gnutls/gnutls/issues/524
Author:    Nikos Mavrogiannopoulos
Assignee:  

The latest TLS protocol extension for maximum record size is:
https://tools.ietf.org/html/draft-ietf-tls-record-limit-03

We should replace the obsolete max record size with this version.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/524
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/bae5a17f/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 12:42:19 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Fri, 20 Jul 2018 10:42:19 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-0d4d97ff156b25204f1c8292821efb5b@gitlab.com>
Message-ID: <note_89289232@gitlab.com>

rfc6125 doesn't answer this question. The trailing dot is only relevant when extending a name into a FQDN.   If we compare domains, we assume they are absolute, even when they don't have a trailing dot. (Is this a wrong assumption !?). So we have to ignore the trailing dot when comparing two (fully qualified = absolute) domains. The RFC calls it comparing label-by-label (case insensitive), which is IMO effectively the same.

If we assume that trailing dots are not allowed / not used in certificates nor in the TLS protocol, the best would be to to strip it from user input in the CLI tools and change nothing else.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89289232
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/eac21b9d/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 14:48:47 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 12:48:47 +0000
Subject: [gnutls-devel] GnuTLS | WIP: tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
References: <reply-835924c16b703c7ad30d69caf9c6e604@gitlab.com>
Message-ID: <merge_request_14259256@gitlab.com>

New Merge Request !711

https://gitlab.com/gnutls/gnutls/merge_requests/711

Branches: tmp-handshake-return-early to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


This modifies TLS 1.3 handshake on server side to return early when possible.

## Checklist
 * [x] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/a67363d7/attachment-0001.html>

From gitlab at mg.gitlab.com  Fri Jul 20 14:57:34 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 12:57:34 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-2fa1366ffba6440c29b9c7c3a6202561@gitlab.com>
Message-ID: <note_89316527@gitlab.com>

ok, makes sense

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89316527
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/fd25bad6/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 16:21:29 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Fri, 20 Jul 2018 14:21:29 +0000
Subject: [gnutls-devel] GnuTLS | certtool: use
 gnutls_gost_paramset_get_name (!710)
In-Reply-To: <merge_request_14225899@gitlab.com>
References: <merge_request_14225899@gitlab.com>
 <reply-dc8edf655856a2172be2695746f4a2d3@gitlab.com>
Message-ID: <note_89335886@gitlab.com>

@rockdaboot done

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/710#note_89335886
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/a3ba75f8/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 16:34:59 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 14:34:59 +0000
Subject: [gnutls-devel] GnuTLS | certtool: use
 gnutls_gost_paramset_get_name (!710)
In-Reply-To: <merge_request_14225899@gitlab.com>
References: <merge_request_14225899@gitlab.com>
 <reply-81eb81bf41758a693d5c6da8106ca37c@gitlab.com>
Message-ID: <ff58a2b9ce103f52a95a92e766eaa131@gitlab.com>

Merge Request !710 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/710
Project:Branches: GostCrypt/gnutls:certtool-gost-paramset to gnutls/gnutls:master
Author: Dmitry Eremin-Solenikov
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/710
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/04bed750/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 16:38:33 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 14:38:33 +0000
Subject: [gnutls-devel] GnuTLS | Addressed issue with ECDSA key export
 under PKCS#8 (!707)
In-Reply-To: <merge_request_14118513@gitlab.com>
References: <merge_request_14118513@gitlab.com>
 <reply-3412539555bf864e1d53503ed800359e@gitlab.com>
Message-ID: <0137f2ccaa516feb2fb3986f6fb0940f@gitlab.com>

Reassigned Merge Request 707

https://gitlab.com/gnutls/gnutls/merge_requests/707

Assignee changed  to Hubert Kario

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/707
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/dd512286/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 16:49:12 2018
From: gitlab at mg.gitlab.com (Hubert Kario)
Date: Fri, 20 Jul 2018 14:49:12 +0000
Subject: [gnutls-devel] GnuTLS | Addressed issue with ECDSA key export
 under PKCS#8 (!707)
In-Reply-To: <merge_request_14118513@gitlab.com>
References: <merge_request_14118513@gitlab.com>
 <reply-ebc775802bba585542b5d726862ad943@gitlab.com>
Message-ID: <895e67b502db58f93a7f73ec9e80418e@gitlab.com>

Merge Request !707 was approved by Hubert Kario
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/707
Branches: tmp-fix-pkcs8-export to master
Author: Nikos Mavrogiannopoulos
Assignee: Hubert Kario

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/707
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/e36743de/attachment-0001.html>

From gitlab at mg.gitlab.com  Fri Jul 20 17:05:48 2018
From: gitlab at mg.gitlab.com (Anderson Sasaki)
Date: Fri, 20 Jul 2018 15:05:48 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
References: <reply-20da2865052b99d333ab03a1af984684@gitlab.com>
Message-ID: <merge_request_14263326@gitlab.com>

New Merge Request !712

https://gitlab.com/gnutls/gnutls/merge_requests/712

Project:Branches: ansasaki/gnutls:test_pkcs11 to gnutls/gnutls:gnutls_3_3_x
Author:    Anderson Sasaki
Assignee:  


This backports testpkcs11.sh from master branch. Some tests were disabled due to the use of features not supported in 3.3.x versions. Namely the missing features are:

- ECC key generation without login
- "--load-pubkey" option
- "--test-sign" option
- Certificates do not inherit its ID from the private key

Previously, certificates were being marked as private objects (CKA_PRIVATE), depending on the PKCS#11 module default. This behaviour was changed to follow the master branch; now p11tool explicitly sets the GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE flag when creating a private key object and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE when creating a certificate or public key object.

## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [x] Test suite updated with negative tests
 * [ ] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/b722d43c/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 17:10:23 2018
From: gitlab at mg.gitlab.com (Anderson Sasaki)
Date: Fri, 20 Jul 2018 15:10:23 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-serv: support resumption with large
 keys (!713)
References: <reply-c712aaf76a47db4dbdcb7cf0dfc2aebe@gitlab.com>
Message-ID: <merge_request_14263439@gitlab.com>

New Merge Request !713

https://gitlab.com/gnutls/gnutls/merge_requests/713

Project:Branches: ansasaki/gnutls:resump_large_key to gnutls/gnutls:gnutls_3_3_x
Author:    Anderson Sasaki
Assignee:  


Increase buffer from 1024 bytes to 16KB to support resumption using large keys.

## Checklist
 * [x] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/713
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/73560d2d/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 21:25:44 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 19:25:44 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-serv: support resumption with
 large keys (!713)
In-Reply-To: <merge_request_14263439@gitlab.com>
References: <merge_request_14263439@gitlab.com>
 <reply-982f1a3af611c30f1f57e46d23fb24a3@gitlab.com>
Message-ID: <3f8d5c010c975993f53e09ba71a35a4d@gitlab.com>

Merge Request !713 was approved by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/713
Project:Branches: ansasaki/gnutls:resump_large_key to gnutls/gnutls:gnutls_3_3_x
Author: Anderson Sasaki
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/713
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/45e35f82/attachment-0001.html>

From gitlab at mg.gitlab.com  Fri Jul 20 21:33:55 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 19:33:55 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
In-Reply-To: <merge_request_14263326@gitlab.com>
References: <merge_request_14263326@gitlab.com>
 <reply-935312d747b1347a57c108ffbaa26c83@gitlab.com>
Message-ID: <7701a66ab6778bbbbe3424d94b639760@gitlab.com>

Merge Request !712 was approved by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/712
Project:Branches: ansasaki/gnutls:test_pkcs11 to gnutls/gnutls:gnutls_3_3_x
Author: Anderson Sasaki
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/5bd13acf/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 21:34:41 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 19:34:41 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
In-Reply-To: <merge_request_14263326@gitlab.com>
References: <merge_request_14263326@gitlab.com>
 <reply-e7413b17e9179ee26c0f46f0ff58270c@gitlab.com>
Message-ID: <note_89393084@gitlab.com>

Approved, though this needs to be rebased to the latest 3_3_x to be merged.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712#note_89393084
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/4d7a90e7/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 22:12:42 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 20:12:42 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-3b0a07ed16ac9bae425434a92af81bbb@gitlab.com>
Message-ID: <473aab248067a6a5133a60cd1e979912@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #516: https://gitlab.com/gnutls/gnutls/issues/516

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/54edfff6/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 22:12:42 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 20:12:42 +0000
Subject: [gnutls-devel] GnuTLS | Segfault in
 gnutls_x509_privkey_export2_pkcs8 if ECDSAP384SHA384 (#516)
In-Reply-To: <issue_12769675@gitlab.com>
References: <issue_12769675@gitlab.com>
 <reply-97d655bfcebcb5d790cf8db9600c2a56@gitlab.com>
Message-ID: <c49cd3ca81137d53ee54f2b03a6d342a@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #516: https://gitlab.com/gnutls/gnutls/issues/516

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/516
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/354fefc9/attachment-0001.html>

From gitlab at mg.gitlab.com  Fri Jul 20 22:12:43 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 20:12:43 +0000
Subject: [gnutls-devel] GnuTLS | Addressed issue with ECDSA key export
 under PKCS#8 (!707)
In-Reply-To: <merge_request_14118513@gitlab.com>
References: <merge_request_14118513@gitlab.com>
 <reply-05eb6d84afae0c8c7bfef8a680769a52@gitlab.com>
Message-ID: <379b74b1563b41310a13c696220c614d@gitlab.com>

Merge Request !707 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/707
Branches: tmp-fix-pkcs8-export to master
Author: Nikos Mavrogiannopoulos
Assignee: Hubert Kario

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/707
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/a61305d4/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 22:32:38 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 20:32:38 +0000
Subject: [gnutls-devel] GnuTLS | session resumption fails with
 www.google.com (#525)
References: <reply-ccca0109e9aa6e1412e3a0ddd030e9c9@gitlab.com>
Message-ID: <issue_12891983@gitlab.com>

New Issue was created.

Issue 525: https://gitlab.com/gnutls/gnutls/issues/525
Author:    Nikos Mavrogiannopoulos
Assignee:  

```
./gnutls-cli www.openssl.org --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 --fastopen --resume
```

```
- Connecting again- trying to resume previous session
Resolving 'www.google.com:443'...
Connecting to '172.217.17.68:443'...
*** Fatal error: An illegal parameter has been received.
*** handshake has failed: An illegal parameter has been received.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/525
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/b323caff/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 22:37:56 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Fri, 20 Jul 2018 20:37:56 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-e202901ef0fab898a5ce453a9743d9d0@gitlab.com>
Message-ID: <d9cb922bed84f562ea0f79cc9cd9e0e2@gitlab.com>

All discussions on Merge Request !709 were resolved by Nikos Mavrogiannopoulos

https://gitlab.com/gnutls/gnutls/merge_requests/709

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/0c8056ed/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 23:13:22 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Fri, 20 Jul 2018 21:13:22 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
References: <reply-c6e472b25a7f6dc599cb2dffd2579995@gitlab.com>
Message-ID: <merge_request_14275240@gitlab.com>

New Merge Request !714

https://gitlab.com/gnutls/gnutls/merge_requests/714

Project:Branches: GostCrypt/gnutls:fix-cert-callbacks to gnutls/gnutls:master
Author:    Dmitry Eremin-Solenikov
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


Add a description of the new feature/bug fix. Reference any relevant bugs.

## Checklist
 * [x] Code modified for feature
 * [ ] Test suite updated with functionality tests

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/d8effc4a/attachment.html>

From gitlab at mg.gitlab.com  Fri Jul 20 23:15:53 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Fri, 20 Jul 2018 21:15:53 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-754aacd9493977321aa2f0a2be9c4229@gitlab.com>
Message-ID: <note_89410667@gitlab.com>

Basically I've stumbled upon such segfault when running `gnutls-cli-debug` against a server requesting certificate. I can try implementing test using gnutls-serv + gnutls-cli-debug, but this looks like an overkill. So I'm open to the suggestions on how to test this properly.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89410667
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/a0f035ba/attachment-0001.html>

From gitlab at mg.gitlab.com  Sat Jul 21 14:08:35 2018
From: gitlab at mg.gitlab.com (Tom)
Date: Sat, 21 Jul 2018 12:08:35 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-3aab1a14f9b28402c8dc586b7e2613b5@gitlab.com>
Message-ID: <note_89468432@gitlab.com>

I figured that it is a GTK-DOC issue. I had a big list of GTK-DOC errors before and therefore I've updated GTK-DOC to the latest available version (v1.28.1). That solved most of the issues except the ones that I've listed in my start post. Which version are you using?

Furthermore, I've already tried all the stuff you've proposed. It doesn't solve the problem. Any ideas what to do next?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89468432
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/7b90dfc1/attachment.html>

From gitlab at mg.gitlab.com  Sat Jul 21 14:08:37 2018
From: gitlab at mg.gitlab.com (Tom)
Date: Sat, 21 Jul 2018 12:08:37 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-6d6cf7c211956b0904312a78ba069e5e@gitlab.com>
Message-ID: <bbd394e4429008daa5aacc53fe3286d8@gitlab.com>

Issue was reopened by Tom

Issue 514: https://gitlab.com/gnutls/gnutls/issues/514


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/aba179b7/attachment.html>

From gitlab at mg.gitlab.com  Sat Jul 21 14:59:20 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sat, 21 Jul 2018 12:59:20 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-ce89975abfd7a165f3264644fe9896fa@gitlab.com>
Message-ID: <note_89471096@gitlab.com>

Mint is a Debian derivative - I have Debian unstable here (gtk-doc-tools 1.28-1).

What is the output of `ls -la | grep gtk` ? Here:
```
lrwxrwxrwx   1 tim tim      29 Jul 19 11:51 gtk-doc.m4 -> /usr/share/aclocal/gtk-doc.m4
lrwxrwxrwx   1 tim tim      36 Jul 19 11:51 gtk-doc.make -> /usr/share/gtk-doc/data/gtk-doc.make
```

Do you have the same problem when working from a fresh gnutls clone ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89471096
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/90e911bc/attachment.html>

From gitlab at mg.gitlab.com  Sat Jul 21 17:13:57 2018
From: gitlab at mg.gitlab.com (Tom)
Date: Sat, 21 Jul 2018 15:13:57 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-440791ee1e7939edaf200eac7405e300@gitlab.com>
Message-ID: <note_89474600@gitlab.com>

My output is:

    lrwxrwxrwx  1 tom tom      29 Jul 21 14:04 gtk-doc.m4 -> /usr/share/aclocal/gtk-doc.m4  
    lrwxrwxrwx  1 tom tom      36 Jul 21 14:04 gtk-doc.make -> /usr/share/gtk-doc/data/gtk-doc.make 

I've tried a fresh clone twice and it has the same problem.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89474600
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/00b4ff95/attachment.html>

From gitlab at mg.gitlab.com  Sat Jul 21 19:13:55 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sat, 21 Jul 2018 17:13:55 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-f10c6262104120f1e340daa92596f416@gitlab.com>
Message-ID: <note_89480076@gitlab.com>

I am a bit clueless... poking in the dark

What is `ls -la /usr/share/aclocal/gtk-doc.m4 /usr/share/gtk-doc/data/gtk-doc.make` ? Here
```
-rw-r--r-- 1 root root  4528 M?r 29 09:52 /usr/share/aclocal/gtk-doc.m4
-rw-r--r-- 1 root root 10784 M?r 29 09:52 /usr/share/gtk-doc/data/gtk-doc.make
```

Could you try to downgrade automake to 1.15 ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89480076
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/d84f0241/attachment.html>

From gitlab at mg.gitlab.com  Sat Jul 21 19:21:30 2018
From: gitlab at mg.gitlab.com (Tom)
Date: Sat, 21 Jul 2018 17:21:30 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-f5104d0b113f9221649b84fb9de93c2e@gitlab.com>
Message-ID: <note_89480435@gitlab.com>

Here:

    -rw-r--r-- 1 root root  4528 Mar 29 09:52 /usr/share/aclocal/gtk-doc.m4
    -rw-r--r-- 1 root root 10784 Mar 29 09:52 /usr/share/gtk-doc/data/gtk-doc.make

I'll try to do a downgrade.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89480435
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/ec93e9ab/attachment-0001.html>

From gitlab at mg.gitlab.com  Sat Jul 21 19:28:27 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sat, 21 Jul 2018 17:28:27 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-0b9e76af52ba0413960ddb2266a92e1d@gitlab.com>
Message-ID: <note_89480765@gitlab.com>

I set up Mint with the attached Dockerfile, ./bootstrap had no problems. But it looks like the image is not as up-to-date as your system. Perhaps you can add the needed commands to the Dockerfile to build the same system as yours and I'll try here.

[Dockerfile](/uploads/1fa2391e7b5758f9a38307d5ec39f621/Dockerfile)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89480765
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/4ac49886/attachment.html>

From gitlab at mg.gitlab.com  Sat Jul 21 19:51:21 2018
From: gitlab at mg.gitlab.com (Tom)
Date: Sat, 21 Jul 2018 17:51:21 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-92ba6ee631bdcd2dac2c7b53145cd798@gitlab.com>
Message-ID: <note_89481540@gitlab.com>

Downgrading did not solve the problem. Errors remain exactly the same. I'll try the docker approach.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89481540
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180721/6d2e116a/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 08:06:05 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 06:06:05 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-f8f094ef18d0afda809bf49bdb61dd04@gitlab.com>
Message-ID: <note_89500938@gitlab.com>

Maybe replicate the call to credentials function and use `test_cli_serv` (eg like `set_x509_key_mem.c`)?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89500938
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/dc8e0344/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 08:14:47 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 06:14:47 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-51cdcdee9585acdc293e6d8c607bcf46@gitlab.com>
Message-ID: <note_89501123@gitlab.com>

Nikos Mavrogiannopoulos started a new discussion on src/cli.c:

>  		ssh = strictssh;
>  	}
>  
> -	if (HAVE_OPT(VERIFY_HOSTNAME))
> +	if (HAVE_OPT(VERIFY_HOSTNAME)) {
>  		host = OPT_ARG(VERIFY_HOSTNAME);
> -	else
> +		canonicalize_host((char *) host, NULL, 0);

Look good, but the upgrade to const and then cast to non-const, looks quite ugly. We can give up completely with the const for host, or maybe do a canonicalize on the OPT_ARG, and then assign it? e.g.,
```
canonicalize_host(OPT_ARG(VERIFY_HOSTNAME), NULL, 0);
host = OPT_ARG(VERIFY_HOSTNAME);
```
It's equivalent, but avoids casts to and from const.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89501123
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/78aab1b3/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 08:15:37 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 06:15:37 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-7e066e78ae2936f8086f2d614db5e84e@gitlab.com>
Message-ID: <03c635bc24dc6f1f66850036a18d0cbe@gitlab.com>

Reassigned Merge Request 709

https://gitlab.com/gnutls/gnutls/merge_requests/709

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/5b352282/attachment-0001.html>

From gitlab at mg.gitlab.com  Sun Jul 22 08:15:14 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 06:15:14 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-c145d060f5060c43871ec7d4b076a5a3@gitlab.com>
Message-ID: <note_89501129@gitlab.com>

Nikos Mavrogiannopoulos started a new discussion on src/cli.c:

>  	 */
>  	if (disable_extensions == 0 && disable_sni == 0) {
>  		if (HAVE_OPT(SNI_HOSTNAME)) {
> -			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
> -					       OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME)));
> +			const char *sni_host = OPT_ARG(SNI_HOSTNAME);

It seems we can void the const here completely.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89501129
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/7070bd33/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 08:17:56 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 06:17:56 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-d7bcd3a2166bce2936f5d7cedad21d8b@gitlab.com>
Message-ID: <note_89501206@gitlab.com>

Maybe we should mention the 'Resolves #532' or 'fixes #532' in the commit itself as well, for closing the bug automatically, but more importantly for tracking later on why this was added.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89501206
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/b785e0f9/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 12:54:12 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sun, 22 Jul 2018 10:54:12 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <note_89501123@gitlab.com>
References: <merge_request_14221892@gitlab.com> <note_89501123@gitlab.com>
 <reply-c8232efd67d0b6e6083cd46b962f8ffb@gitlab.com>
Message-ID: <note_89512456@gitlab.com>

Tim R?hsen commented on a discussion on src/cli.c:

>  		ssh = strictssh;
>  	}
>  
> -	if (HAVE_OPT(VERIFY_HOSTNAME))
> +	if (HAVE_OPT(VERIFY_HOSTNAME)) {
>  		host = OPT_ARG(VERIFY_HOSTNAME);
> -	else
> +		canonicalize_host((char *) host, NULL, 0);

OPT_ARG resolves to a 'const char *' (`argString` in `opt_arg_union_t`).

So what you propose makes it even more ugly.

To avoid the cast we can
- make host a char array, wide enough for hostnames (the pro would be a size limit on the input)
- use strdup()
- ask autoconf to remove the const from `argString`

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89512456
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/b0ec3eb0/attachment-0001.html>

From gitlab at mg.gitlab.com  Sun Jul 22 12:54:28 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sun, 22 Jul 2018 10:54:28 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <note_89501129@gitlab.com>
References: <merge_request_14221892@gitlab.com> <note_89501129@gitlab.com>
 <reply-0519465c8acb2ad5f927508e2af9f7c0@gitlab.com>
Message-ID: <note_89512474@gitlab.com>

Tim R?hsen commented on a discussion on src/cli.c:

>  	 */
>  	if (disable_extensions == 0 && disable_sni == 0) {
>  		if (HAVE_OPT(SNI_HOSTNAME)) {
> -			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
> -					       OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME)));
> +			const char *sni_host = OPT_ARG(SNI_HOSTNAME);

see above, same problem

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89512474
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/8aec3b9a/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 12:55:13 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sun, 22 Jul 2018 10:55:13 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-f5a9f40f19359bb9f5ba9fbaf9b705f5@gitlab.com>
Message-ID: <note_89512515@gitlab.com>

> mention the 'Resolves #532' or 'fixes #532' in the commit...

Done

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89512515
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/37ef7396/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 14:17:02 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 12:17:02 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <note_89512456@gitlab.com>
References: <merge_request_14221892@gitlab.com> <note_89501123@gitlab.com>
 <note_89512456@gitlab.com>
 <reply-b565f2d417b49b1d806dfe0ced4a82b0@gitlab.com>
Message-ID: <note_89516382@gitlab.com>

Nikos Mavrogiannopoulos commented on a discussion on src/cli.c:

>  		ssh = strictssh;
>  	}
>  
> -	if (HAVE_OPT(VERIFY_HOSTNAME))
> +	if (HAVE_OPT(VERIFY_HOSTNAME)) {
>  		host = OPT_ARG(VERIFY_HOSTNAME);
> -	else
> +		canonicalize_host((char *) host, NULL, 0);

Ok, none of the options are better than the current approach. Let's keep it then.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89516382
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/bac13a12/attachment-0001.html>

From gitlab at mg.gitlab.com  Sun Jul 22 14:17:03 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 12:17:03 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-f6b64e6d00e19ee1d54af1fe2af549c8@gitlab.com>
Message-ID: <c849a907dc21519cdfd31ce32c5e6f9d@gitlab.com>

All discussions on Merge Request !709 were resolved by Nikos Mavrogiannopoulos

https://gitlab.com/gnutls/gnutls/merge_requests/709

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/4d6950bb/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 14:17:29 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 12:17:29 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-bab120b3a52917ea3b5dca97c4a3f382@gitlab.com>
Message-ID: <6e7b51ab3251af0bc058e7efd7d5d45d@gitlab.com>

Merge Request !709 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/709
Branches: tmp-fix-521 to master
Author: Tim R?hsen
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/e93aa097/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 14:17:11 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 12:17:11 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-d7bb5b0b2596bfe2dd8643ced513513b@gitlab.com>
Message-ID: <ac03192ea38e62d6b1cf3391c735d87b@gitlab.com>

Merge Request !709 was approved by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/709
Branches: tmp-fix-521 to master
Author: Tim R?hsen
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/3885e0be/attachment-0001.html>

From gitlab at mg.gitlab.com  Sun Jul 22 14:18:31 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Sun, 22 Jul 2018 12:18:31 +0000
Subject: [gnutls-devel] GnuTLS | Remove trailing dot from hostname input
 (!709)
In-Reply-To: <merge_request_14221892@gitlab.com>
References: <merge_request_14221892@gitlab.com>
 <reply-b7fa5d63b15edea68a9d172c1d233f25@gitlab.com>
Message-ID: <note_89516431@gitlab.com>

Merged but ouch. That actually fixed #521

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89516431
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/9359b54d/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 14:36:10 2018
From: gitlab at mg.gitlab.com (ilovezfs)
Date: Sun, 22 Jul 2018 12:36:10 +0000
Subject: [gnutls-devel] GnuTLS | Undefined symbol _strdupa build failure for
 3.6.3 (#527)
References: <reply-555c4a83ffa3724b322ca3e00211d7eb@gitlab.com>
Message-ID: <issue_12903344@gitlab.com>

New Issue was created.

Issue 527: https://gitlab.com/gnutls/gnutls/issues/527
Author:    ilovezfs
Assignee:  

Complete log: https://gist.githubusercontent.com/ilovezfs/ee99a7d449051ba04de37a0e1030045a/raw/61e55c00494fdc12731f3720ff61518e347c5f6a/gistfile1.txt

## Description of problem:
The build fails on macOS with clang, tested on 10.11, 10.12, and 10.13. The build also fails with GCC 8 in the same way.

## Version of gnutls used:
3.6.3

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Attempting to upgrade the development spec version in the Homebrew formula from 3.6.2 -> 3.6.3.

## How reproducible:

Steps to Reproduce:

Fails during `make`

## Actual results:

```
bash-3.2$ make -j1
<snip>
Making all in doc
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in examples
/bin/sh ../../libtool  --tag=CC   --mode=link clang -fno-common -W -Wabi -Waddress -Wall -Wattributes -Wbad-function-cast -Wbuiltin-macro-redefined -Wcast-align -Wchar-subscripts -Wcomment -Wcomments -Wdangling-else -Wdate-time -Wdeprecated -Wdeprecated-declarations -Wdisabled-optimization -Wdiv-by-zero -Wdouble-promotion -Wduplicate-decl-specifier -Wempty-body -Wendif-labels -Wenum-compare -Wextra -Wformat-extra-args -Wformat-security -Wformat-zero-length -Wignored-attributes -Wignored-qualifiers -Wimplicit -Wimplicit-function-declaration -Wimplicit-int -Wincompatible-pointer-types -Winit-self -Wint-conversion -Wint-to-pointer-cast -Winvalid-pch -Wlogical-not-parentheses -Wmain -Wmissing-braces -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wmultichar -Wnarrowing -Wnested-externs -Wnonnull -Wnull-dereference -Wodr -Wold-style-definition -Woverflow -Wpacked -Wparentheses -Wpointer-arith -Wpointer-sign -Wpointer-to-int-cast -Wpragmas -Wreturn-type -Wsequence-point -Wshadow -Wshift-count-negative -Wshift-count-overflow -Wshift-negative-value -Wsizeof-array-argument -Wsizeof-pointer-memaccess -Wstrict-aliasing -Wstrict-prototypes -Wswitch -Wswitch-bool -Wtautological-compare -Wtrigraphs -Wtype-limits -Wuninitialized -Wunknown-pragmas -Wunused -Wunused-function -Wunused-label -Wunused-local-typedefs -Wunused-parameter -Wunused-result -Wunused-value -Wunused-variable -Wvarargs -Wvariadic-macros -Wvolatile-register-var -Wwrite-strings -Wno-missing-field-initializers -Wno-missing-field-initializers -Wno-unused-parameter -fdiagnostics-show-option  -g -O2 -no-install -Wl,-no_weak_imports -o tlsproxy/tlsproxy tlsproxy/buffer.o tlsproxy/crypto-gnutls.o tlsproxy/tlsproxy.o libexamples.la ../../lib/libgnutls.la ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la    
libtool: warning: '-no-install' is ignored for x86_64-apple-darwin15.6.0
libtool: warning: assuming '-no-fast-install' instead
libtool: link: clang -fno-common -W -Wabi -Waddress -Wall -Wattributes -Wbad-function-cast -Wbuiltin-macro-redefined -Wcast-align -Wchar-subscripts -Wcomment -Wcomments -Wdangling-else -Wdate-time -Wdeprecated -Wdeprecated-declarations -Wdisabled-optimization -Wdiv-by-zero -Wdouble-promotion -Wduplicate-decl-specifier -Wempty-body -Wendif-labels -Wenum-compare -Wextra -Wformat-extra-args -Wformat-security -Wformat-zero-length -Wignored-attributes -Wignored-qualifiers -Wimplicit -Wimplicit-function-declaration -Wimplicit-int -Wincompatible-pointer-types -Winit-self -Wint-conversion -Wint-to-pointer-cast -Winvalid-pch -Wlogical-not-parentheses -Wmain -Wmissing-braces -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wmultichar -Wnarrowing -Wnested-externs -Wnonnull -Wnull-dereference -Wodr -Wold-style-definition -Woverflow -Wpacked -Wparentheses -Wpointer-arith -Wpointer-sign -Wpointer-to-int-cast -Wpragmas -Wreturn-type -Wsequence-point -Wshadow -Wshift-count-negative -Wshift-count-overflow -Wshift-negative-value -Wsizeof-array-argument -Wsizeof-pointer-memaccess -Wstrict-aliasing -Wstrict-prototypes -Wswitch -Wswitch-bool -Wtautological-compare -Wtrigraphs -Wtype-limits -Wuninitialized -Wunknown-pragmas -Wunused -Wunused-function -Wunused-label -Wunused-local-typedefs -Wunused-parameter -Wunused-result -Wunused-value -Wunused-variable -Wvarargs -Wvariadic-macros -Wvolatile-register-var -Wwrite-strings -Wno-missing-field-initializers -Wno-missing-field-initializers -Wno-unused-parameter -fdiagnostics-show-option -g -O2 -Wl,-no_weak_imports -o tlsproxy/.libs/tlsproxy tlsproxy/buffer.o tlsproxy/crypto-gnutls.o tlsproxy/tlsproxy.o  ./.libs/libexamples.a ../../lib/.libs/libgnutls.dylib -L/usr/local/Cellar/p11-kit/0.23.12/lib -lp11-kit -lunistring -L/usr/local/Cellar/libtasn1/4.13/lib -ltasn1 -L/usr/local/Cellar/nettle/3.4/lib -lnettle -lhogweed -lgmp ../../gl/.libs/libgnu.a ../../src/gl/.libs/libgnu_gpl.a -framework CoreFoundation -framework Security
Undefined symbols for architecture x86_64:
  "_strdupa", referenced from:
      _main in tlsproxy.o
      _runproxy in tlsproxy.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[4]: *** [tlsproxy/tlsproxy] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
bash-3.2$ 
```

## Expected results:


A successful build.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/527
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/573a1bfb/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 18:55:18 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sun, 22 Jul 2018 16:55:18 +0000
Subject: [gnutls-devel] GnuTLS | Undefined symbol _strdupa build failure
 for 3.6.3 (#527)
In-Reply-To: <issue_12903344@gitlab.com>
References: <issue_12903344@gitlab.com>
 <reply-907e9a5ba84af2fd30cd0700f4f86234@gitlab.com>
Message-ID: <note_89533823@gitlab.com>

Thanks for the report. It has already been addressed by 13b9d5656fed6352fad08d8c979e0a861fa69509 (in the master branch).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/527#note_89533823
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/181f0096/attachment.html>

From gitlab at mg.gitlab.com  Sun Jul 22 18:55:19 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Sun, 22 Jul 2018 16:55:19 +0000
Subject: [gnutls-devel] GnuTLS | Undefined symbol _strdupa build failure
 for 3.6.3 (#527)
In-Reply-To: <issue_12903344@gitlab.com>
References: <issue_12903344@gitlab.com>
 <reply-b3d894c98fd42056123141ef25d671d3@gitlab.com>
Message-ID: <d475393261b5ccbf371526a175fa84f4@gitlab.com>

Issue was closed by Tim R?hsen
Issue #527: https://gitlab.com/gnutls/gnutls/issues/527

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/527
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180722/d8c57b06/attachment-0001.html>

From gitlab at mg.gitlab.com  Mon Jul 23 13:07:23 2018
From: gitlab at mg.gitlab.com (Anderson Sasaki)
Date: Mon, 23 Jul 2018 11:07:23 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
In-Reply-To: <merge_request_14263326@gitlab.com>
References: <merge_request_14263326@gitlab.com>
 <reply-5f5bc4ab0368eb23a6318a8adab391a4@gitlab.com>
Message-ID: <note_89692378@gitlab.com>

@nmav Rebased

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712#note_89692378
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/57df9350/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 13:07:58 2018
From: gitlab at mg.gitlab.com (Anderson Sasaki)
Date: Mon, 23 Jul 2018 11:07:58 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-serv: support resumption with
 large keys (!713)
In-Reply-To: <merge_request_14263439@gitlab.com>
References: <merge_request_14263439@gitlab.com>
 <reply-c9fe0d28d003a9fcd2b58659a72adcc5@gitlab.com>
Message-ID: <note_89692467@gitlab.com>

@nmav Rebased

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/713#note_89692467
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/f8916706/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 13:17:38 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Mon, 23 Jul 2018 11:17:38 +0000
Subject: [gnutls-devel] GnuTLS | Few small patches (!715)
References: <reply-d4dc186b30f6b6f74f9e0036ce95be69@gitlab.com>
Message-ID: <merge_request_14339417@gitlab.com>

New Merge Request !715

https://gitlab.com/gnutls/gnutls/merge_requests/715

Project:Branches: GostCrypt/gnutls:misc-fixes to gnutls/gnutls:master
Author:    Dmitry Eremin-Solenikov
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


Several small patches refactoring exising code and fixing debug output.

## Checklist
 * [x] Code modified for feature

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/715
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/3940417d/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 13:30:33 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Mon, 23 Jul 2018 11:30:33 +0000
Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com):
 GnuTLS cannot find Nettle 3.4 (#526)
In-Reply-To: <issue_12900981@gitlab.com>
References: <issue_12900981@gitlab.com>
 <reply-11158665335ee6c6a202b8507f639cc4@gitlab.com>
Message-ID: <note_89696767@gitlab.com>

```
configure:9752: checking for NETTLE
configure:9760: $PKG_CONFIG --exists --print-errors "nettle >= 3.1"
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc'
to the PKG_CONFIG_PATH environment variable
Package 'nettle', required by 'virtual:world', not found
```

You have to set PKG_CONFIG_PATH so that pkg-config finds it's configuration in /usr/local/lib/pkg-config/ (or lib64, wherever it is).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/526#note_89696767
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/3510ecd5/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 13:53:07 2018
From: gitlab at mg.gitlab.com (GitLab Support Bot)
Date: Mon, 23 Jul 2018 11:53:07 +0000
Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com):
 GnuTLS cannot find Nettle 3.4 (#526)
In-Reply-To: <issue_12900981@gitlab.com>
References: <issue_12900981@gitlab.com>
 <reply-2ba9313788d0d073eec81eef7116b582@gitlab.com>
Message-ID: <note_89701802@gitlab.com>

Thanks Tim.

That's the thing, PKG_CONFIG_PATH is set to
/usr/local/lib/64/pkgconfig. It seems the configure test is not using
it.

This should confirm it. I added the following to my build script:

    echo "**********************************"
    echo "PKG_CONFIG_PATH: ${BUILD_PKGCONFIG[*]}"
    echo "**********************************"

Then configure is executed:

    PKG_CONFIG_PATH="${BUILD_PKGCONFIG[*]}" \
    CPPFLAGS="${BUILD_CPPFLAGS[*]}" \
    CFLAGS="${BUILD_CFLAGS[*]}" \
    CXXFLAGS="${BUILD_CXXFLAGS[*]}" \
    LDFLAGS="${BUILD_LDFLAGS[*]}" \
    LIBS="-lhogweed -lnettle -lgmp ${BUILD_LIBS[*]}" \
./configure ...

I see:

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/526#note_89701802
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/5e2dba26/attachment-0001.html>

From gitlab at mg.gitlab.com  Mon Jul 23 14:33:46 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Mon, 23 Jul 2018 12:33:46 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-da047ba148d48c8ae68030e5dcfdb007@gitlab.com>
Message-ID: <note_89711403@gitlab.com>

@nmav hopefully the test should be fine now.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89711403
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/9cc84858/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 15:09:37 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Mon, 23 Jul 2018 13:09:37 +0000
Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com):
 GnuTLS cannot find Nettle 3.4 (#526)
In-Reply-To: <issue_12900981@gitlab.com>
References: <issue_12900981@gitlab.com>
 <reply-0436a7a354509a8aef1d5963dd62f04a@gitlab.com>
Message-ID: <note_89723036@gitlab.com>

Check the existence and contents of /usr/local/lib/64/pkgconfig/nettle.pc.

And if it looks OK, leave away LIBS= because that information has to be taken from nettle.pc. I can guess that both collide. Also be careful with LDFLAGS.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/526#note_89723036
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/c19ba233/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 15:50:03 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Mon, 23 Jul 2018 13:50:03 +0000
Subject: [gnutls-devel] GnuTLS | Few small patches (!715)
In-Reply-To: <merge_request_14339417@gitlab.com>
References: <merge_request_14339417@gitlab.com>
 <reply-21be29cd81f5ecd534769a3eb3cd1f80@gitlab.com>
Message-ID: <4871a385829094735a5dc5a5f68033e4@gitlab.com>

Merge Request !715 was approved by Tim R?hsen
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/715
Project:Branches: GostCrypt/gnutls:misc-fixes to gnutls/gnutls:master
Author: Dmitry Eremin-Solenikov
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/715
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/3ae14ff0/attachment-0001.html>

From gitlab at mg.gitlab.com  Mon Jul 23 15:54:56 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Mon, 23 Jul 2018 13:54:56 +0000
Subject: [gnutls-devel] GnuTLS | Few small patches (!715)
In-Reply-To: <merge_request_14339417@gitlab.com>
References: <merge_request_14339417@gitlab.com>
 <reply-34f47bf995d0a96e4c7493e76f03c358@gitlab.com>
Message-ID: <note_89736708@gitlab.com>

Please rebase

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/715#note_89736708
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/0ffebbd4/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 16:23:02 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 23 Jul 2018 14:23:02 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-serv: support resumption with
 large keys (!713)
In-Reply-To: <merge_request_14263439@gitlab.com>
References: <merge_request_14263439@gitlab.com>
 <reply-153e13504af8606160bef04aa6bacc7b@gitlab.com>
Message-ID: <fceec71033f0ffa04cec512203fd0798@gitlab.com>

Merge Request !713 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/713
Project:Branches: ansasaki/gnutls:resump_large_key to gnutls/gnutls:gnutls_3_3_x
Author: Anderson Sasaki
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/713
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/15f5410e/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 16:24:34 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 23 Jul 2018 14:24:34 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
In-Reply-To: <merge_request_14263326@gitlab.com>
References: <merge_request_14263326@gitlab.com>
 <reply-fcf5fb3ebfb89d6feae01536503f3e6f@gitlab.com>
Message-ID: <6c92eeb47da754d9906d0f2f9e25a155@gitlab.com>

Merge Request !712 was closed by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/712
Project:Branches: ansasaki/gnutls:test_pkcs11 to gnutls/gnutls:gnutls_3_3_x
Author: Anderson Sasaki
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/c5ce9ec2/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 16:24:37 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 23 Jul 2018 14:24:37 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
In-Reply-To: <merge_request_14263326@gitlab.com>
References: <merge_request_14263326@gitlab.com>
 <reply-1d32e1b5f2b40ca155c31428be82772e@gitlab.com>
Message-ID: <note_89744930@gitlab.com>

Merged. Thank you.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712#note_89744930
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/bd2ca4ff/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 16:24:39 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 23 Jul 2018 14:24:39 +0000
Subject: [gnutls-devel] GnuTLS | Backport testpkcs11 from master branch
 (!712)
In-Reply-To: <merge_request_14263326@gitlab.com>
References: <merge_request_14263326@gitlab.com>
 <reply-52564ce9f8637b299f62dccdc440cc59@gitlab.com>
Message-ID: <8e5ccaad4b6c0dd632436640d132834a@gitlab.com>

Reassigned Merge Request 712

https://gitlab.com/gnutls/gnutls/merge_requests/712

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/712
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/5fc5316d/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 17:21:27 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Mon, 23 Jul 2018 15:21:27 +0000
Subject: [gnutls-devel] GnuTLS | Few small patches (!715)
In-Reply-To: <merge_request_14339417@gitlab.com>
References: <merge_request_14339417@gitlab.com>
 <reply-eb12f117ea12915781986b8ad7decebb@gitlab.com>
Message-ID: <note_89762206@gitlab.com>

@rockdaboot rebased

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/715#note_89762206
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/1c3d0b6d/attachment-0001.html>

From gitlab at mg.gitlab.com  Mon Jul 23 17:22:22 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Mon, 23 Jul 2018 15:22:22 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <merge_request_14259256@gitlab.com>
References: <merge_request_14259256@gitlab.com>
 <reply-4f2d23ca3bac26590c9fa692fa1f1d96@gitlab.com>
Message-ID: <ee3e36cb72a03fc86ee8634ab1276a3b@gitlab.com>

Reassigned Merge Request 711

https://gitlab.com/gnutls/gnutls/merge_requests/711

Assignee changed  to Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/ae7f0baf/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 22:14:10 2018
From: gitlab at mg.gitlab.com (Hristo Venev)
Date: Mon, 23 Jul 2018 20:14:10 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when no
 certificates are returned by legacy_cert_cb1 (#528)
References: <reply-60957da4b02656a1ec39c0ad7662572f@gitlab.com>
Message-ID: <issue_12931786@gitlab.com>

New Issue was created.

Issue 528: https://gitlab.com/gnutls/gnutls/issues/528
Author:    Hristo Venev
Assignee:  

This bug was introduced in 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2 (I think) and appears in version 3.6.3. 

When the legacy callback returns no certificates (st2.ncerts == 0, st2.cert == NULL), alloc_and_load_x509_certs returns NULL on line 397 in lib/cert-cred.c. This makes the function return GNUTLS_E_MEMORY_ERROR, which is then transformed to GNUTLS_E_USER_ERROR by call_cert_get_callback.

glib-networking 2.56 seems to always provide a callback for client connections, so this should break quite a lot.

Sorry if I'm slow to respond, ,my email client doesn't provide a client certificate, and I can't check my email.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/509c0a72/attachment.html>

From gitlab at mg.gitlab.com  Mon Jul 23 22:33:20 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Mon, 23 Jul 2018 20:33:20 +0000
Subject: [gnutls-devel] GnuTLS | Few small patches (!715)
In-Reply-To: <merge_request_14339417@gitlab.com>
References: <merge_request_14339417@gitlab.com>
 <reply-e506ba88a7889efd1fe558f2efdf7420@gitlab.com>
Message-ID: <85658576a16693ed54dc70eac8222ea8@gitlab.com>

Merge Request !715 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/715
Project:Branches: GostCrypt/gnutls:misc-fixes to gnutls/gnutls:master
Author: Dmitry Eremin-Solenikov
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/715
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180723/ff41e62d/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 08:43:46 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 06:43:46 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-74b80240318f66d60d7d474119d909d5@gitlab.com>
Message-ID: <note_89874631@gitlab.com>

Thanks, that seems to be resolved by !714

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528#note_89874631
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/8a2c7845/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 08:44:21 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 06:44:21 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-4572e57cd0bf6fa1faec3b21f6873ccc@gitlab.com>
Message-ID: <257cfea557c1b1b93b29641ce3160a70@gitlab.com>

Reassigned Merge Request 714

https://gitlab.com/gnutls/gnutls/merge_requests/714

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/b89f51b4/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 08:45:08 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 06:45:08 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-d658a220787ac9b7d35971d1f0e947d8@gitlab.com>
Message-ID: <note_89874930@gitlab.com>

Nikos Mavrogiannopoulos started a new discussion on tests/null_retrieve_function.c:

> +/*
> + * Copyright (C) 2011-2012 Free Software Foundation, Inc.
> + *
> + * Author: Nikos Mavrogiannopoulos

nit: copyright and author information seem incorrect

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89874930
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/efefb761/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 24 08:45:49 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 06:45:49 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-c79459ee2011d0c91ba13a6052a2259f@gitlab.com>
Message-ID: <note_89875047@gitlab.com>

Thank you. Other than the nit it looks straightforward fix, and good to me.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89875047
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/c1b6ec2c/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 09:40:23 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Tue, 24 Jul 2018 07:40:23 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-5c465ca925a0eb8a31f7e77d7e274223@gitlab.com>
Message-ID: <7561259545b35492d884353f590aa3a0@gitlab.com>

All discussions on Merge Request !714 were resolved by Dmitry Eremin-Solenikov

https://gitlab.com/gnutls/gnutls/merge_requests/714

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/29f8f5e0/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 09:40:23 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Tue, 24 Jul 2018 07:40:23 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <note_89884778@gitlab.com>
References: <merge_request_14275240@gitlab.com> <note_89874930@gitlab.com>
 <note_89884778@gitlab.com>
 <reply-3f4aa878217ed0fa14d8468f308eecf7@gitlab.com>
Message-ID: <note_89884870@gitlab.com>

Dmitry Eremin-Solenikov commented on a discussion on tests/null_retrieve_function.c:

> +/*
> + * Copyright (C) 2011-2012 Free Software Foundation, Inc.
> + *
> + * Author: Nikos Mavrogiannopoulos

Added my copyright and dropped Author field

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89884870
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/f9343ed4/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 11:33:29 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 09:33:29 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-4080f4e0aeeeb65b1abd6d20bb234ff8@gitlab.com>
Message-ID: <note_89911792@gitlab.com>

Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714#note_89911792
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/4f8e124c/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 11:33:33 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 09:33:33 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-0e567ea272496208a1abd3c9454be3c9@gitlab.com>
Message-ID: <8dcf654e7aa5e5aa3c708944aafe5150@gitlab.com>

Merge Request !714 was approved by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/714
Project:Branches: GostCrypt/gnutls:fix-cert-callbacks to gnutls/gnutls:master
Author: Dmitry Eremin-Solenikov
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/8693cadc/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 24 11:40:58 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Tue, 24 Jul 2018 09:40:58 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-6bee9270aec5f24d25f8a5be21e7f4ce@gitlab.com>
Message-ID: <note_89913625@gitlab.com>

Any news ? Did you compare the install packages from Dockerfile with the packages installed on your system ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_89913625
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/95a02881/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 12:13:51 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 10:13:51 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-7e59bc187df9bd8e6ac411fd110f6274@gitlab.com>
Message-ID: <772a2c4649a9e9bdffb99f21891c8c78@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #528: https://gitlab.com/gnutls/gnutls/issues/528

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/91c36195/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 12:13:52 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 10:13:52 +0000
Subject: [gnutls-devel] GnuTLS | cert-cred: fix possible segfault when
 resetting cert retrieval function (!714)
In-Reply-To: <merge_request_14275240@gitlab.com>
References: <merge_request_14275240@gitlab.com>
 <reply-52ff900545ce01a2297c44573e625c40@gitlab.com>
Message-ID: <7dc2bfa029acf1b677b521f0e5ccfd43@gitlab.com>

Merge Request !714 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/714
Project:Branches: GostCrypt/gnutls:fix-cert-callbacks to gnutls/gnutls:master
Author: Dmitry Eremin-Solenikov
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/714
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/0d022a2b/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 12:47:28 2018
From: gitlab at mg.gitlab.com (Hristo Venev)
Date: Tue, 24 Jul 2018 10:47:28 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-851e5e7c85441fae997ddd52f5a24e43@gitlab.com>
Message-ID: <note_89928397@gitlab.com>

I'm not sure I see how !714 fixes the issue. From my understanding, !714 only makes a difference when the callback is set to non-NULL and then to NULL.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528#note_89928397
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/dd514a51/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 12:59:44 2018
From: gitlab at mg.gitlab.com (Hristo Venev)
Date: Tue, 24 Jul 2018 10:59:44 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-db37e5b5bfd3a6e4e8e6afdd8a0cbd7a@gitlab.com>
Message-ID: <note_89930653@gitlab.com>

So, reproducing the issue... Start a server that accepts but does not require client certificates. Use glib-networking (latest stable, not master) (or something else that sets a legacy callback 1 that returns no certificates) to connect to it. You should get GNUTLS_E_USER_CANCELLED.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528#note_89930653
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/ae367638/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 15:07:15 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 13:07:15 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-8a6cded29ebb30f8deef1bf9284d1185@gitlab.com>
Message-ID: <note_89959567@gitlab.com>

Ok, reopening for reevaluation

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528#note_89959567
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/1dfdc39d/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 24 15:07:17 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 13:07:17 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-9dca57d48a96d07854bc810bd1a57195@gitlab.com>
Message-ID: <15a49dea1683569e737c9b4f2ce2e719@gitlab.com>

Issue was reopened by Nikos Mavrogiannopoulos

Issue 528: https://gitlab.com/gnutls/gnutls/issues/528


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/238074e6/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 16:45:31 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 14:45:31 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by the
 gnutls_certificate_retrieve_function callbacks (!716)
References: <reply-6513422624e02319d8eb6057c0681530@gitlab.com>
Message-ID: <merge_request_14381206@gitlab.com>

New Merge Request !716

https://gitlab.com/gnutls/gnutls/merge_requests/716

Branches: tmp-fix-empty-certs to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


In 9829ef9a we introduced a wrapper over the older callback functions which didn't handle this case.


## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/590fc2ca/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 16:45:52 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 14:45:52 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-0fc8451d2d82d685e0176cda40f65f83@gitlab.com>
Message-ID: <24d7c33f5d1afa5fb62b20687f8f669c@gitlab.com>

Reassigned Issue 528

https://gitlab.com/gnutls/gnutls/issues/528

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/ba376d8d/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 16:49:08 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 14:49:08 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-b5d377910be33dce8191416ad66afac5@gitlab.com>
Message-ID: <note_89992636@gitlab.com>

@lumag that very similar to your previous PR (and actually re-uses the test), would you like to review it?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716#note_89992636
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/0d1a5461/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 16:50:24 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 14:50:24 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-911b91129fe4269678aef2d204ac94bd@gitlab.com>
Message-ID: <note_89992950@gitlab.com>

Actually you're right. I'm opened MR !716

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528#note_89992950
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/9283cab6/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 20:57:32 2018
From: gitlab at mg.gitlab.com (Alon Bar-Lev)
Date: Tue, 24 Jul 2018 18:57:32 +0000
Subject: [gnutls-devel] GnuTLS | [test] gnutls-3.6.3 - cert-tests/crl fails
 (#529)
References: <reply-fdeb21055eda1af92e08d9965e2dd2bd@gitlab.com>
Message-ID: <issue_12957876@gitlab.com>

New Issue was created.

Issue 529: https://gitlab.com/gnutls/gnutls/issues/529
Author:    Alon Bar-Lev
Assignee:  

Hi,

I read that no mailing list... so reporting here...

I get the following while testing:

```
CRL default number 2 didn't succeed as expected
                CRL Number (not critical): 3c1972a0130e179003936fcf2294b64e9d0f16
FAIL crl (exit status: 1)
```

What additional information do you need?

Thanks!

Alon

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/529
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/dcd41f0b/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 24 20:59:45 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 18:59:45 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: automatically retry failed
 jobs (!717)
References: <reply-1f5ccd7b71fae68c2030cb97334cf8ce@gitlab.com>
Message-ID: <merge_request_14402204@gitlab.com>

New Merge Request !717

https://gitlab.com/gnutls/gnutls/merge_requests/717

Branches: tmp-auto-retries to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


This uses the `retry` keyword in `.gitlab-ci.yml` to automatically retry failed jobs. The reason for that is that several jobs fail due to infrastructure issues (systems disappearing), and retrying them manually is not a pleasant process.

## Checklist
 * [x] Code modified for feature

## Reviewer's checklist:
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/717
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/4aea6596/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 21:02:31 2018
From: gitlab at mg.gitlab.com (Hristo Venev)
Date: Tue, 24 Jul 2018 19:02:31 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-4c930d3cdc603c702159a9e720d321a0@gitlab.com>
Message-ID: <note_90058870@gitlab.com>

I can confirm that #528 seems to be fixed by this MR. Thanks!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716#note_90058870
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/ed74f6fa/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 21:27:23 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 19:27:23 +0000
Subject: [gnutls-devel] GnuTLS | [test] gnutls-3.6.3 - cert-tests/crl
 fails (#529)
In-Reply-To: <issue_12957876@gitlab.com>
References: <issue_12957876@gitlab.com>
 <reply-8c558105cfb46c130ffc91e66243c06a@gitlab.com>
Message-ID: <note_90062880@gitlab.com>

The changes in crl script since 3.6.2 are:
tests: check explicitly the size of time_t
tests: remove check for broken datefudge
tests: add negative tests for certtool crl numbers
certtool: use larger serial and CRL numbers

We can rule out the first if `ac_cv_sizeof_time_t` is correct (e.g., 4 in a 32-bit system and 8 in 64-bit system). The second, make sure you have datefudge >= 1.22. Hopefully we don't need to check the rest.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/529#note_90062880
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/8ec68238/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 21:52:32 2018
From: gitlab at mg.gitlab.com (Dmitry Eremin-Solenikov)
Date: Tue, 24 Jul 2018 19:52:32 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-081256520d4e5e0900736b981d02c85a@gitlab.com>
Message-ID: <note_90067289@gitlab.com>

@nmav it looks correct from my point of view.
Reviewed-by: Dmitry Eremin-Solenikov

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716#note_90067289
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/76c1e141/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:05:33 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:05:33 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-815611127da20d83729208eca9a8e621@gitlab.com>
Message-ID: <note_90069165@gitlab.com>

I was wondering why you didn't click the Approve button, but then I realized you were not in that group. I've now added you. Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716#note_90069165
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/44560bda/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:05:38 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:05:38 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-d0c7d84d0b60c73b65d499d4eeb86125@gitlab.com>
Message-ID: <446b16c469eb4fe84c9431fc935541e8@gitlab.com>

Reassigned Merge Request 716

https://gitlab.com/gnutls/gnutls/merge_requests/716

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/24a7f5fa/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:29:46 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:29:46 +0000
Subject: [gnutls-devel] GnuTLS | call_legacy_cert_cb1 doesn't work when
 no certificates are returned by legacy_cert_cb1 (#528)
In-Reply-To: <issue_12931786@gitlab.com>
References: <issue_12931786@gitlab.com>
 <reply-e436011cae6fa6a4af87bcfb766c4047@gitlab.com>
Message-ID: <4d8392ddf43e9e126af21d742dbcf8dd@gitlab.com>

Issue was closed by Nikos Mavrogiannopoulos
Issue #528: https://gitlab.com/gnutls/gnutls/issues/528

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/528
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/08d07bf5/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:30:07 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:30:07 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: automatically retry
 failed jobs (!717)
In-Reply-To: <merge_request_14402204@gitlab.com>
References: <merge_request_14402204@gitlab.com>
 <reply-0e807b0eac6fb35b4069dd712fcbc119@gitlab.com>
Message-ID: <06be704e2b570ebe41124cd628169c69@gitlab.com>

Merge Request !717 was closed by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/717
Branches: tmp-auto-retries to master
Author: Nikos Mavrogiannopoulos
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/717
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/3770bd45/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:30:07 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:30:07 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: automatically retry
 failed jobs (!717)
In-Reply-To: <merge_request_14402204@gitlab.com>
References: <merge_request_14402204@gitlab.com>
 <reply-d45d7c0934c41471de40511ddbce689f@gitlab.com>
Message-ID: <note_90072589@gitlab.com>

Merged manually.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/717#note_90072589
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/e2718de0/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:30:21 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:30:21 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-35425d0d3b8418634eae0850750d8e88@gitlab.com>
Message-ID: <note_90072632@gitlab.com>

Merged manually.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716#note_90072632
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/ab491d22/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:30:08 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:30:08 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: automatically retry
 failed jobs (!717)
In-Reply-To: <merge_request_14402204@gitlab.com>
References: <merge_request_14402204@gitlab.com>
 <reply-7043987e6b99fc9e51e49aa949e95ef5@gitlab.com>
Message-ID: <c87949377bd9539d3e8caad03b73309b@gitlab.com>

Reassigned Merge Request 717

https://gitlab.com/gnutls/gnutls/merge_requests/717

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/717
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/2f037b39/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:30:22 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Tue, 24 Jul 2018 20:30:22 +0000
Subject: [gnutls-devel] GnuTLS | allow no certificates to be reported by
 the gnutls_certificate_retrieve_function callbacks (!716)
In-Reply-To: <merge_request_14381206@gitlab.com>
References: <merge_request_14381206@gitlab.com>
 <reply-b02cbc4a1a81f8291765256a5fc9533d@gitlab.com>
Message-ID: <f38b21488a15133f8789ae05adcf6665@gitlab.com>

Merge Request !716 was closed by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/716
Branches: tmp-fix-empty-certs to master
Author: Nikos Mavrogiannopoulos
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/716
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/f7b4084a/attachment-0001.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:36:40 2018
From: gitlab at mg.gitlab.com (Alon Bar-Lev)
Date: Tue, 24 Jul 2018 20:36:40 +0000
Subject: [gnutls-devel] GnuTLS | [test] gnutls-3.6.3 - cert-tests/crl
 fails (#529)
In-Reply-To: <issue_12957876@gitlab.com>
References: <issue_12957876@gitlab.com>
 <reply-c3ddbda74457e52ed36a9f36ecfa5fe9@gitlab.com>
Message-ID: <27b8b900817e9e299e9335338f9df041@gitlab.com>

Issue was closed by Alon Bar-Lev
Issue #529: https://gitlab.com/gnutls/gnutls/issues/529

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/529
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/44b02569/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 22:36:39 2018
From: gitlab at mg.gitlab.com (Alon Bar-Lev)
Date: Tue, 24 Jul 2018 20:36:39 +0000
Subject: [gnutls-devel] GnuTLS | [test] gnutls-3.6.3 - cert-tests/crl
 fails (#529)
In-Reply-To: <issue_12957876@gitlab.com>
References: <issue_12957876@gitlab.com>
 <reply-67f1002f0cc495a32681e2003043fdce@gitlab.com>
Message-ID: <note_90073596@gitlab.com>

Thanks!
The version of datefudge was indeed the problem.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/529#note_90073596
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/4f16f59e/attachment.html>

From gitlab at mg.gitlab.com  Tue Jul 24 23:33:51 2018
From: gitlab at mg.gitlab.com (=?UTF-8?B?VGltIFLDvGhzZW4=?=)
Date: Tue, 24 Jul 2018 21:33:51 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: automatically retry
 failed jobs (!717)
In-Reply-To: <merge_request_14402204@gitlab.com>
References: <merge_request_14402204@gitlab.com>
 <reply-e1dde9841aa0a8eb87104adec0e10a7f@gitlab.com>
Message-ID: <2258df46684375686292f9e895c85a8d@gitlab.com>

Merge Request !717 was approved by Tim R?hsen
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/717
Branches: tmp-auto-retries to master
Author: Nikos Mavrogiannopoulos
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/717
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180724/793b3376/attachment-0001.html>

From gitlab at mg.gitlab.com  Wed Jul 25 09:26:44 2018
From: gitlab at mg.gitlab.com (Martin Pitt)
Date: Wed, 25 Jul 2018 07:26:44 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
References: <reply-a6922050192040c11e29375567c7b6ab@gitlab.com>
Message-ID: <issue_12969985@gitlab.com>

New Issue was created.

Issue 530: https://gitlab.com/gnutls/gnutls/issues/530
Author:    Martin Pitt
Assignee:  

Since Fedora Rawhide and Fedora testing updated GnuTLS to 3.6.3, our Cockpit unit tests for TLS connections [fail](https://github.com/cockpit-project/cockpit/issues/9723) during handshake:
```
$ ./test-httpstream
./test-httpstream terminated with SIGABRT
FAIL: test-httpstream 7 /http-stream/tls/basic

FAIL: test-httpstream 12 /http-stream/tls/authority-good
cockpit-bridge-Message: 14:08:31.926: https://localhost:42005/test: couldn't read: Error performing TLS handshake: The operation was cancelled due to user error
**
cockpit-bridge:ERROR:src/bridge/test-httpstream.c:815:test_tls_authority_bad: Got unexpected message: https://localhost:42005/test: couldn't read: Error performing TLS handshake: The operation was cancelled due to user error instead of cockpit-bridge-Message: *Unacceptable TLS certificate:*untrusted-issuer*

FAIL: test-httpstream 13 /http-stream/tls/authority-bad
ERROR: test-httpstream process failed: 250
```

This can be reproduced without Cockpit, just a simple [standalone reproducer](https://piware.de/tmp/glib-networking-tls-9723.c) using glib-networking:

```
curl -O https://raw.githubusercontent.com/cockpit-project/cockpit/master/src/bridge/mock-server.crt
curl -O https://raw.githubusercontent.com/cockpit-project/cockpit/master/src/bridge/mock-server.key
curl -O https://piware.de/tmp/glib-networking-tls-9723.c
gnutls-serv --x509keyfile ./mock-server.key --x509certfile ./mock-server.crt --port 9999
# in another terminal:
gcc -g -O0 `pkg-config --cflags --libs gio-2.0` glib-networking-tls-9723.c
./a.out
```

This works with GnuTLS 3.6.2, as currently in Fedora 28:
```
** Message: 09:19:51.913: successfully connected
HTTP/1.0 200 OK
Content-type: text/html


<HTML>[...]
```

But it fails with GnuTLS 3.6.3 (on the client side -- didn't test the server side). I extracted libgnutls.so.30 from a rawhide mock chroot and put it into /tmp/. Then `LD_LIBRARY_PATH=/tmp ./a.out` reproduces the bug:
```
** Message: 09:21:00.794: successfully connected
**
ERROR:glib-networking-tls-9723.c:36:main: assertion failed (error == NULL): Error performing TLS handshake: The operation was cancelled due to user error (g-tls-error-quark, 1)
Aborted (core dumped)
```

The server says:
```
* Accepted connection from IPv4 127.0.0.1 port 59050 on Wed Jul 25 09:21:21 2018
Error in handshake: Error in the pull function.
```

Notes:
  * This works against an OpenSSL server:

        openssl s_server -cert ./mock-server.crt -key ./mock-server.key -port 

    (You need to type something onto the server side to see it on the client - but if you are there, you are past the connection)

 * This doesn't depend on the actual certificates. I tried a different one, and it fails in the same way. The above ones are the ones from Cockpit's tests, and are convenient to use.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/708cef33/attachment.html>

From gitlab at mg.gitlab.com  Wed Jul 25 09:28:43 2018
From: gitlab at mg.gitlab.com (Martin Pitt)
Date: Wed, 25 Jul 2018 07:28:43 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-5a9738d8af8f7a280d19b54eeb96b2ef@gitlab.com>
Message-ID: <note_90188340@gitlab.com>

A git bisect shows that this introduced the regression: https://gitlab.com/gnutls/gnutls/commit/9829ef9a3ca06d . This was part of the [TLS 1.3 merge](https://gitlab.com/gnutls/gnutls/merge_requests/600).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530#note_90188340
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/22ba5703/attachment.html>

From gitlab at mg.gitlab.com  Wed Jul 25 10:25:04 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Wed, 25 Jul 2018 08:25:04 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-48e2f3a53a75e93ac822cbad62b8f293@gitlab.com>
Message-ID: <note_90201175@gitlab.com>

Thanks, could be this !716 ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530#note_90201175
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/b85837c1/attachment.html>

From gitlab at mg.gitlab.com  Wed Jul 25 10:25:16 2018
From: gitlab at mg.gitlab.com (Nikos Mavrogiannopoulos)
Date: Wed, 25 Jul 2018 08:25:16 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-c17afa8dee1ec7c6547a5a4008860869@gitlab.com>
Message-ID: <6d404ef3c9df08503eec17303477a91f@gitlab.com>

Reassigned Issue 530

https://gitlab.com/gnutls/gnutls/issues/530

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/b715ac72/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 10:42:09 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 08:42:09 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-49fe44c064b163f67d4fdab0bb015266@gitlab.com>
Message-ID: <mailman.4378.1532508142.30381.gnutls-devel@lists.gnutls.org>

@nmav: We already confirmed that master works, so very likely. Sanne is currently running another bisect to confirm. I'll report back here.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530#note_90205229
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/cea4ff65/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 10:53:14 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 08:53:14 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-60d78519b8a6b5fb31ec5a5e6aaed5b3@gitlab.com>
Message-ID: <mailman.4381.1532508807.30381.gnutls-devel@lists.gnutls.org>

I ran the test with 6a7976 and it works.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530#note_90208000
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/56f50eb7/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 15:36:53 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 13:36:53 +0000
Subject: [gnutls-devel] GnuTLS | session resumption fails with
 www.google.com (#525)
In-Reply-To: <issue_12891983@gitlab.com>
References: <issue_12891983@gitlab.com>
 <reply-602fe8f036d1afea529fb7b72b4a04ff@gitlab.com>
Message-ID: <mailman.4386.1532525825.30381.gnutls-devel@lists.gnutls.org>

It sometimes works and sometimes not (www.google.com).

www.openssl.org doesn't support TLS1.3 as it seems.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/525#note_90297438
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/84225e04/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 15:40:24 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 13:40:24 +0000
Subject: [gnutls-devel] GnuTLS | Fixes on TLS1.3 support (!718)
References: <reply-61f61224ad3314274db0f68fcc884eff@gitlab.com>
Message-ID: <mailman.4389.1532526036.30381.gnutls-devel@lists.gnutls.org>

New Merge Request !718

https://gitlab.com/gnutls/gnutls/merge_requests/718

Branches: tmp-tls13-fixes to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


This addresses an error in the handling of pre-shared key extension on server side, and avoids downgrading version to TLS1.2 temporarily after an HRR is received.

## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests (partially - 2nd part only)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/718
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/7fc69b3c/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 15:40:41 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 13:40:41 +0000
Subject: [gnutls-devel] GnuTLS | session resumption fails with
 www.google.com (#525)
In-Reply-To: <issue_12891983@gitlab.com>
References: <issue_12891983@gitlab.com>
 <reply-d4c4dfcf7c7b57a40c0555732c8c138f@gitlab.com>
Message-ID: <mailman.4390.1532526052.30381.gnutls-devel@lists.gnutls.org>

Reassigned Issue 525

https://gitlab.com/gnutls/gnutls/issues/525

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/525
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/fb1d8ce7/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 15:41:22 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 13:41:22 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-e8050dbb8db241d2156248275c2627a5@gitlab.com>
Message-ID: <mailman.4391.1532526093.30381.gnutls-devel@lists.gnutls.org>

Thank you for verifying that!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530#note_90298598
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/a77414ce/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 15:41:25 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 13:41:25 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS 3.6.3 connection failure: Error
 performing TLS handshake: The operation was cancelled due to user error
 (#530)
In-Reply-To: <issue_12969985@gitlab.com>
References: <issue_12969985@gitlab.com>
 <reply-781b134186458c557ea08b2c2b6c59c6@gitlab.com>
Message-ID: <mailman.4392.1532526097.30381.gnutls-devel@lists.gnutls.org>

Issue was closed by Nikos Mavrogiannopoulos
Issue #530: https://gitlab.com/gnutls/gnutls/issues/530

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/530
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/f82be8d1/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 15:44:22 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 13:44:22 +0000
Subject: [gnutls-devel] GnuTLS | session resumption fails with
 www.google.com (#525)
In-Reply-To: <issue_12891983@gitlab.com>
References: <issue_12891983@gitlab.com>
 <reply-fdaa28d2d0122df50390ca42c277a314@gitlab.com>
Message-ID: <mailman.4393.1532526273.30381.gnutls-devel@lists.gnutls.org>

It was a wrong check in gnutls side, it will be fixed with !718

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/525#note_90299390
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/30c6a55b/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 16:35:08 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 14:35:08 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-b7fc2a3f5757edea77d69b22cca8d35c@gitlab.com>
Message-ID: <mailman.4394.1532529319.30381.gnutls-devel@lists.gnutls.org>

Reassigned Merge Request 706

https://gitlab.com/gnutls/gnutls/merge_requests/706

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/3bf146b3/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 16:45:31 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 14:45:31 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-6d06aefb59f5f72aab8888ce5f4bcb71@gitlab.com>
Message-ID: <mailman.4395.1532529943.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos started a new discussion on lib/ext/early_data.c:

> +#include "num.h"
> +#include "hello_ext_lib.h"
> +#include <ext/early_data.h>
> +
> +static int early_data_recv_params(gnutls_session_t session,
> +				  const uint8_t * data,
> +				  size_t data_size);
> +static int early_data_send_params(gnutls_session_t session,
> +				  gnutls_buffer_st * extdata);
> +
> +const hello_ext_entry_st ext_mod_early_data = {
> +	.name = "Early Data",
> +	.tls_id = 42,
> +	.gid = GNUTLS_EXTENSION_EARLY_DATA,
> +	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
> +		    GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST,

Is the last flag necessary? That extension doesn't seem to be sent by the server (btw. There is a typo in the description of this flag fixed with 29062eda446e83f8e8e70e0b4c4eec81a886172b )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90322866
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/f686f771/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 16:46:44 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 14:46:44 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-f2945dd08ba3dc16a98bd82d6547d009@gitlab.com>
Message-ID: <mailman.4398.1532530015.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos started a new discussion on lib/gnutls_int.h:

>  
>  	tls13_ticket_t tls13_ticket;
>  
> +	/* server: whether early_data extension was seen in ClientHello */
> +	bool early_data_indicated;

Hmm, hmm since that's a flag only, why not re-use hsk_flags?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90323231
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/83f01355/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 16:52:14 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 14:52:14 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-b6aa64b97612a9a62a3d5a5e15b7950a@gitlab.com>
Message-ID: <mailman.4399.1532530346.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos started a new discussion on lib/record.c:

>  				  "Discarded message[%u] due to invalid decryption\n",
>  				  (unsigned int)
>  				  _gnutls_uint64touint32(packet_sequence));
> +
> +		/* as 0-RTT is not implemented yet, when early data is
> +		 * indicated, skip decryption failure up to
> +		 * max_early_data_size. */
> +		if (session->internals.early_data_indicated &&

There is an audit log above which could be too loud if real 0-rtt is added. What if we use separate logging levels (e.g., record_log when discarding early data)? That way there will be less noise due to expected workflow.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90324681
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/37ea87a7/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 16:55:42 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 14:55:42 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-018b00bb72fab6d8aaf13483b0e18afc@gitlab.com>
Message-ID: <mailman.4400.1532530555.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos started a new discussion on lib/record.c:

>  				  "Discarded message[%u] due to invalid decryption\n",
>  				  (unsigned int)
>  				  _gnutls_uint64touint32(packet_sequence));
> +
> +		/* as 0-RTT is not implemented yet, when early data is
> +		 * indicated, skip decryption failure up to
> +		 * max_early_data_size. */
> +		if (session->internals.early_data_indicated &&
> +		    record.type == GNUTLS_APPLICATION_DATA) {
> +			if (record.length > session->security_parameters.max_early_data_size - session->internals.early_data_received) {

Is `early_data_received` always smaller to `max_early_data_size`? I'm thinking that since the types are all uint32_t, maybe it is safer to use addition instead. E.g., instead of `uint16_t` > `uint32_t` - `uint32_t` have:
```
uint32_t + uint16_t > uint32_t
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90325507
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/1aefef9c/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 17:23:27 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 15:23:27 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <note_90323231@gitlab.com>
References: <merge_request_14094230@gitlab.com> <note_90323231@gitlab.com>
 <reply-dfca428875767e3af08e3505518ba45c@gitlab.com>
Message-ID: <mailman.4407.1532532219.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno commented on a discussion on lib/gnutls_int.h:

>  
>  	tls13_ticket_t tls13_ticket;
>  
> +	/* server: whether early_data extension was seen in ClientHello */
> +	bool early_data_indicated;

Thank you, that would be simpler; I haven't thought about it.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90331842
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/01d44f06/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 25 17:26:27 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Wed, 25 Jul 2018 15:26:27 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <note_90325507@gitlab.com>
References: <merge_request_14094230@gitlab.com> <note_90325507@gitlab.com>
 <reply-71dc62ed92d87cdc3b2ca41d712d5797@gitlab.com>
Message-ID: <mailman.4408.1532532398.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno commented on a discussion on lib/record.c:

>  				  "Discarded message[%u] due to invalid decryption\n",
>  				  (unsigned int)
>  				  _gnutls_uint64touint32(packet_sequence));
> +
> +		/* as 0-RTT is not implemented yet, when early data is
> +		 * indicated, skip decryption failure up to
> +		 * max_early_data_size. */
> +		if (session->internals.early_data_indicated &&
> +		    record.type == GNUTLS_APPLICATION_DATA) {
> +			if (record.length > session->security_parameters.max_early_data_size - session->internals.early_data_received) {

I am not sure why using addition is safer here; I followed the general guidance on writing such conditions:
http://www.enyo.de/fw/notes/style-guide-conditions.html
(`record.length` won't be that large, though).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90332802
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180725/b96de4c2/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 08:44:34 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 06:44:34 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <note_90332802@gitlab.com>
References: <merge_request_14094230@gitlab.com> <note_90325507@gitlab.com>
 <note_90332802@gitlab.com>
 <reply-70ad7efe61ee24324b547c50050c5dcf@gitlab.com>
Message-ID: <mailman.4413.1532587487.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on lib/record.c:

>  				  "Discarded message[%u] due to invalid decryption\n",
>  				  (unsigned int)
>  				  _gnutls_uint64touint32(packet_sequence));
> +
> +		/* as 0-RTT is not implemented yet, when early data is
> +		 * indicated, skip decryption failure up to
> +		 * max_early_data_size. */
> +		if (session->internals.early_data_indicated &&
> +		    record.type == GNUTLS_APPLICATION_DATA) {
> +			if (record.length > session->security_parameters.max_early_data_size - session->internals.early_data_received) {

That seems like a nice document, thanks for the pointer. It requires for `session->internals.early_data_received` to be less than or equal to `session->security_parameters.max_early_data_size`. That was not clear to me from the code above, however reading the code below it is now clear (sorry I interrupted my review yesterday at this point exactly).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90449115
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/8c45eeaf/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 08:47:31 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 06:47:31 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-32449d4bbfe4a0bb61cc957f513b4053@gitlab.com>
Message-ID: <mailman.4416.1532587663.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos started a new discussion on lib/tls13/session_ticket.c:

>  				goto cleanup;
>  			}
>  
> -			ret = _gnutls_buffer_append_prefix(&buf, 16, 0);
> +			_gnutls_free_datum(&ticket.ticket);
> +
> +			ret = _gnutls_extv_append_init(&buf);
>  			if (ret < 0) {
>  				gnutls_assert();
>  				goto cleanup;
>  			}
> +			init_pos = ret;
>  
> -			_gnutls_free_datum(&ticket.ticket);
> +			ret = _gnutls_extv_append(&buf, ext_mod_early_data.tls_id, session,

Doesn't this extension make the client think that the server supports zero-rtt?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90449622
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/61c76db6/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 10:04:14 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 08:04:14 +0000
Subject: [gnutls-devel] GnuTLS | Fixes on TLS1.3 support (!718)
In-Reply-To: <merge_request_14431363@gitlab.com>
References: <merge_request_14431363@gitlab.com>
 <reply-a2d906f50368c1b85a75336fbaf369c7@gitlab.com>
Message-ID: <mailman.4417.1532592267.30381.gnutls-devel@lists.gnutls.org>

Merge Request !718 was approved by Tim R?hsen
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/718
Branches: tmp-tls13-fixes to master
Author: Nikos Mavrogiannopoulos
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/718
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/c483baa0/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 10:04:24 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 08:04:24 +0000
Subject: [gnutls-devel] GnuTLS | session resumption fails with
 www.google.com (#525)
In-Reply-To: <issue_12891983@gitlab.com>
References: <issue_12891983@gitlab.com>
 <reply-464ced963aba5c626e5304e746a20e8a@gitlab.com>
Message-ID: <mailman.4420.1532592274.30381.gnutls-devel@lists.gnutls.org>

Issue was closed by Tim R?hsen
Issue #525: https://gitlab.com/gnutls/gnutls/issues/525

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/525
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/5f5f01bf/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 10:04:25 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 08:04:25 +0000
Subject: [gnutls-devel] GnuTLS | Fixes on TLS1.3 support (!718)
In-Reply-To: <merge_request_14431363@gitlab.com>
References: <merge_request_14431363@gitlab.com>
 <reply-a547a0176cca4ddf1f3dda27c929a2cd@gitlab.com>
Message-ID: <mailman.4421.1532592283.30381.gnutls-devel@lists.gnutls.org>

Merge Request !718 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/718
Branches: tmp-tls13-fixes to master
Author: Nikos Mavrogiannopoulos
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/718
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/85bbe768/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 10:06:07 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 08:06:07 +0000
Subject: [gnutls-devel] GnuTLS | Fixes on TLS1.3 support (!718)
In-Reply-To: <merge_request_14431363@gitlab.com>
References: <merge_request_14431363@gitlab.com>
 <reply-b698db7d8c4943018f08342799cf2e36@gitlab.com>
Message-ID: <mailman.4422.1532592378.30381.gnutls-devel@lists.gnutls.org>

Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/718#note_90465115
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/3b5af92d/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 10:20:26 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 08:20:26 +0000
Subject: [gnutls-devel] GnuTLS | test the reception of multiple and
 split async handshake messages (NST) (#511)
In-Reply-To: <issue_12542006@gitlab.com>
References: <issue_12542006@gitlab.com>
 <reply-0ae243f59538b69d70be646e8a1dc6d8@gitlab.com>
Message-ID: <mailman.4423.1532593238.30381.gnutls-devel@lists.gnutls.org>

That could be tested using tlslite: 
 https://github.com/tomato42/tlslite-ng/pull/287

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/511#note_90468239
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/ebb8da1e/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 11:27:10 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 09:27:10 +0000
Subject: [gnutls-devel] GnuTLS | verify that we successfully fragment
 large handshake messages (#513)
In-Reply-To: <issue_12563557@gitlab.com>
References: <issue_12563557@gitlab.com>
 <reply-523aa7a0024c4a997281c701186a4975@gitlab.com>
Message-ID: <mailman.4424.1532597242.30381.gnutls-devel@lists.gnutls.org>

Reassigned Issue 513

https://gitlab.com/gnutls/gnutls/issues/513

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/513
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/6a2746fa/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 11:29:28 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 09:29:28 +0000
Subject: [gnutls-devel] GnuTLS | tests: added unit test of handshake with
 large certificate (!719)
References: <reply-61ab6ba0f98d0badae7a8f376a873d63@gitlab.com>
Message-ID: <mailman.4425.1532597380.30381.gnutls-devel@lists.gnutls.org>

New Merge Request !719

https://gitlab.com/gnutls/gnutls/merge_requests/719

Branches: tmp-test-large-cert to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


This checks whether handshake message fragmentation and de-fragmentation is functional on server and client. As a side-effect it improves certtool's handling of large certificates.

## Checklist
 * [x] Test suite updated with functionality tests

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/d6457c84/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 26 12:43:05 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Thu, 26 Jul 2018 10:43:05 +0000
Subject: [gnutls-devel] GnuTLS | tlsfuzzer: enable PSK tests (#508)
In-Reply-To: <issue_12497547@gitlab.com>
References: <issue_12497547@gitlab.com>
 <reply-e7d60e11721de57ed3f0ac1a3afbf581@gitlab.com>
Message-ID: <mailman.4427.1532601798.30381.gnutls-devel@lists.gnutls.org>

Reassigned Issue 508

https://gitlab.com/gnutls/gnutls/issues/508

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/508
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180726/ed65d0f0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 10:46:45 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 08:46:45 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <merge_request_14259256@gitlab.com>
References: <merge_request_14259256@gitlab.com>
 <reply-57843e59ec1b56d070e513900e5b390b@gitlab.com>
Message-ID: <mailman.4435.1532681219.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno started a new discussion on src/serv.c:

>  					    (j->tls_session, accept_fd);
>  					set_read_funcs(j->tls_session);
>  					j->handshake_ok = 0;
> -					j->no_close = 0;

If I read it correctly, this is the place where `j` is first initialized; doesn't it need to initialize `j->close_ok` here?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90735551
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/0311a1d4/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 12:53:52 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 10:53:52 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <merge_request_14259256@gitlab.com>
References: <merge_request_14259256@gitlab.com>
 <reply-c2e37c0fd32724f14cda9d5e9f104192@gitlab.com>
Message-ID: <mailman.4440.1532688845.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno started a new discussion on lib/tls13/finished.c:

>  
>  	hash_size = session->security_parameters.prf->output_size;
>  
> -	if (session->security_parameters.entity == GNUTLS_CLIENT)
> -		base_key = session->key.proto.tls13.hs_skey;
> -	else
> -		base_key = session->key.proto.tls13.hs_ckey;
> +	if (!session->internals.initial_negotiation_completed) {

This pattern (line 78 to 88) also appears in `_gnutls13_send_finished`. Maybe it could be factored out as a macro or a separate function?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90764015
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/e327a20a/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 13:06:11 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 11:06:11 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-de2b655261eb1dc705dcc278f25894f9@gitlab.com>
Message-ID: <mailman.4441.1532689583.30381.gnutls-devel@lists.gnutls.org>

Hubert Kario started a new discussion on tests/suite/tls-fuzzer/tls-fuzzer-psk.sh:

> +	exit 77
> +fi
> +
> +rm -f "$OUTFILE"
> +
> +pushd tlsfuzzer
> +test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
> +test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
> +
> +wait_for_free_port $PORT
> +
> +retval=0
> +
> +PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:-KX-ALL:+DHE-PSK:+ECDHE-PSK:+PSK"
> +
> +TLS_PY=./tlslite-ng/scripts/tls.py

unused variable?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719#note_90766095
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/7147e96f/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:15:42 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:15:42 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <note_90779032@gitlab.com>
References: <merge_request_14451695@gitlab.com> <note_90766095@gitlab.com>
 <note_90779032@gitlab.com>
 <reply-4d4539a4a788c0be0e99bf612e8b0966@gitlab.com>
Message-ID: <mailman.4442.1532693752.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on tests/suite/tls-fuzzer/tls-fuzzer-psk.sh:

> +	exit 77
> +fi
> +
> +rm -f "$OUTFILE"
> +
> +pushd tlsfuzzer
> +test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa
> +test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null
> +
> +wait_for_free_port $PORT
> +
> +retval=0
> +
> +PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:-KX-ALL:+DHE-PSK:+ECDHE-PSK:+PSK"
> +
> +TLS_PY=./tlslite-ng/scripts/tls.py

Thanks. Removed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719#note_90782367
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/6f6b9f84/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:15:42 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:15:42 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-5620e7c0eec4405dfc347227e9e8b21c@gitlab.com>
Message-ID: <mailman.4445.1532693762.30381.gnutls-devel@lists.gnutls.org>

All discussions on Merge Request !719 were resolved by Nikos Mavrogiannopoulos

https://gitlab.com/gnutls/gnutls/merge_requests/719

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/88108487/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:16:27 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:16:27 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-2f58c0d5592642fdd356db91e0e5ef95@gitlab.com>
Message-ID: <mailman.4446.1532693799.30381.gnutls-devel@lists.gnutls.org>

Hubert Kario started a new discussion on src/common.c:

>  			print_ecdh_info(session, "Ephemeral ");
>  	}
>  
> +	version = gnutls_protocol_get_version(session);
>  	tmp =
> -	    SU(gnutls_protocol_get_name
> -	       (gnutls_protocol_get_version(session)));
> +	    SU(gnutls_protocol_get_name(version));
>  	printf("- Version: %s\n", tmp);
>  
> -	tmp = SU(gnutls_kx_get_name(kx));
> -	printf("- Key Exchange: %s\n", tmp);
> +	if (version < GNUTLS_TLS1_3) {
> +		tmp = SU(gnutls_kx_get_name(kx));
> +		printf("- Key Exchange: %s\n", tmp);

aren't there 3 distinct key exchange types in TLS1.3? PSK, DH-PSK, and DH-Cert?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719#note_90782562
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/bb7d5de5/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:20:44 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:20:44 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-4632db9464ee9f003d5599cba5ce3098@gitlab.com>
Message-ID: <mailman.4447.1532694055.30381.gnutls-devel@lists.gnutls.org>

Merge Request !719 was approved by Hubert Kario
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/719
Branches: tmp-test-large-cert to master
Author: Nikos Mavrogiannopoulos
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/98186c21/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:24:43 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:24:43 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <note_90782562@gitlab.com>
References: <merge_request_14451695@gitlab.com> <note_90782562@gitlab.com>
 <reply-7038eb44aca4b1dfe69dee9c31a18869@gitlab.com>
Message-ID: <mailman.4450.1532694294.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on src/common.c:

>  			print_ecdh_info(session, "Ephemeral ");
>  	}
>  
> +	version = gnutls_protocol_get_version(session);
>  	tmp =
> -	    SU(gnutls_protocol_get_name
> -	       (gnutls_protocol_get_version(session)));
> +	    SU(gnutls_protocol_get_name(version));
>  	printf("- Version: %s\n", tmp);
>  
> -	tmp = SU(gnutls_kx_get_name(kx));
> -	printf("- Key Exchange: %s\n", tmp);
> +	if (version < GNUTLS_TLS1_3) {
> +		tmp = SU(gnutls_kx_get_name(kx));
> +		printf("- Key Exchange: %s\n", tmp);

Right. This API however returns values compatible with the TLS1.2 ones. That is it will make the key exchange look as similar to TLS1.2 as possible (will report DHE-RSA for example). That's why I removed it as the "description" value is better suited for TLS1.3 or later.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719#note_90784271
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/8a3f6448/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:29:18 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:29:18 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-a58cf9630e3a1933989058a8c45a769e@gitlab.com>
Message-ID: <mailman.4451.1532694569.30381.gnutls-devel@lists.gnutls.org>

All discussions on Merge Request !719 were resolved by Nikos Mavrogiannopoulos

https://gitlab.com/gnutls/gnutls/merge_requests/719

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/6459fc1a/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:29:22 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:29:22 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-754ff583c21fa14791b5f735ea536d0f@gitlab.com>
Message-ID: <mailman.4452.1532694572.30381.gnutls-devel@lists.gnutls.org>

Reassigned Merge Request 719

https://gitlab.com/gnutls/gnutls/merge_requests/719

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/07b1b43e/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:29:18 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:29:18 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <note_90784271@gitlab.com>
References: <merge_request_14451695@gitlab.com> <note_90782562@gitlab.com>
 <note_90784271@gitlab.com>
 <reply-5004528d6c7930e724da8c03f0c3c35d@gitlab.com>
Message-ID: <mailman.4453.1532694577.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on src/common.c:

>  			print_ecdh_info(session, "Ephemeral ");
>  	}
>  
> +	version = gnutls_protocol_get_version(session);
>  	tmp =
> -	    SU(gnutls_protocol_get_name
> -	       (gnutls_protocol_get_version(session)));
> +	    SU(gnutls_protocol_get_name(version));
>  	printf("- Version: %s\n", tmp);
>  
> -	tmp = SU(gnutls_kx_get_name(kx));
> -	printf("- Key Exchange: %s\n", tmp);
> +	if (version < GNUTLS_TLS1_3) {
> +		tmp = SU(gnutls_kx_get_name(kx));
> +		printf("- Key Exchange: %s\n", tmp);

(resolving it, to be able to merge; open an issue if you think that's info could be useful)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719#note_90785245
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/b95cd322/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 14:57:22 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 12:57:22 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <note_90735551@gitlab.com>
References: <merge_request_14259256@gitlab.com> <note_90735551@gitlab.com>
 <reply-2262c2d43336fc396dc527eeaa581adf@gitlab.com>
Message-ID: <mailman.4456.1532696255.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on src/serv.c:

>  					    (j->tls_session, accept_fd);
>  					set_read_funcs(j->tls_session);
>  					j->handshake_ok = 0;
> -					j->no_close = 0;

You're right. Updated.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90791486
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/b4410e9c/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:00:53 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:00:53 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <note_90764015@gitlab.com>
References: <merge_request_14259256@gitlab.com> <note_90764015@gitlab.com>
 <reply-d7daebc61a0b386bc8e8147042572114@gitlab.com>
Message-ID: <mailman.4457.1532696466.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on lib/tls13/finished.c:

>  
>  	hash_size = session->security_parameters.prf->output_size;
>  
> -	if (session->security_parameters.entity == GNUTLS_CLIENT)
> -		base_key = session->key.proto.tls13.hs_skey;
> -	else
> -		base_key = session->key.proto.tls13.hs_ckey;
> +	if (!session->internals.initial_negotiation_completed) {

It is similar, but different keys are assigned on each case:
```
if (!session->internals.initial_negotiation_completed) {
         if (session->security_parameters.entity == GNUTLS_CLIENT)
                 base_key = session->key.proto.tls13.hs_ckey; <----

```

vs.
```
if (!session->internals.initial_negotiation_completed) {
        if (session->security_parameters.entity == GNUTLS_CLIENT)
                base_key = session->key.proto.tls13.hs_skey; <----

```

Not sure if it can be abstracted easily.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90792582
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/a72817e0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:03:42 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:03:42 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <merge_request_14259256@gitlab.com>
References: <merge_request_14259256@gitlab.com>
 <reply-7100177c0318a2ddc003abfb64b10115@gitlab.com>
Message-ID: <mailman.4458.1532696635.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno started a new discussion on lib/handshake-tls13.c:

> +			IMED_RET("generate app keys", ret, 0);
>  
> -		if (session->internals.resumed != RESUME_FALSE)
> -			_gnutls_set_resumed_parameters(session);
> +			/* set traffic keys */
> +			ret = _tls13_connection_state_init(session, STAGE_APP);
> +			IMED_RET("set app keys", ret, 0);
> +		}
>  		/* fall through */
> -	case STATE112:
> -
> -		ret = _gnutls13_send_session_ticket(session, 1, AGAIN(STATE112));
> -		STATE = STATE112;
> -		IMED_RET("send session ticket", ret, 0);
> +	case STATE114:
> +		if (!(session->internals.hsk_flags & HSK_EARLY_START_USED)) {

Wouldn't it make sense to check `HSK_TLS13_TICKET_SENT` instead?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90793220
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/9fb1060f/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:08:12 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:08:12 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <merge_request_14259256@gitlab.com>
References: <merge_request_14259256@gitlab.com>
 <reply-f2fc2a8cb9acb9044031105ed56f24bd@gitlab.com>
Message-ID: <mailman.4461.1532696906.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno started a new discussion on lib/handshake-tls13.c:

> +			IMED_RET("generate app keys", ret, 0);
> +
> +			ret = _tls13_write_connection_state_init(session, STAGE_APP);
> +			IMED_RET("set write app keys", ret, 0);
> +
> +			_gnutls_handshake_log("HSK[%p]: switching early to application traffic keys\n", session);
> +		}
> +
> +		/* fall through */
> +	case STATE108:
> +		if (session->internals.resumed != RESUME_FALSE)
> +			_gnutls_set_resumed_parameters(session);
> +
> +		/* If we didn't request a client certificate we can send tickets now
> +		 * and return early */
> +		if (session->internals.hsk_flags & HSK_EARLY_START_USED) {

So this means a ticket are sent early by default, even when `GNUTLS_ENABLE_EARLY_START` is not set.  Wouldn't that cause any interoperability issue?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90794268
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/800b5ee5/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:14:59 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:14:59 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <merge_request_14259256@gitlab.com>
References: <merge_request_14259256@gitlab.com>
 <reply-4da3a68c7fe0513346889c5f308977fe@gitlab.com>
Message-ID: <mailman.4462.1532697310.30381.gnutls-devel@lists.gnutls.org>

Other than the comments and questions inlined, the patches look good to me.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90795888
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/846359ce/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:33:02 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:33:02 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <note_90794268@gitlab.com>
References: <merge_request_14259256@gitlab.com> <note_90794268@gitlab.com>
 <reply-39dd537b210368239e7da3769abe841f@gitlab.com>
Message-ID: <mailman.4463.1532698393.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on lib/handshake-tls13.c:

> +			IMED_RET("generate app keys", ret, 0);
> +
> +			ret = _tls13_write_connection_state_init(session, STAGE_APP);
> +			IMED_RET("set write app keys", ret, 0);
> +
> +			_gnutls_handshake_log("HSK[%p]: switching early to application traffic keys\n", session);
> +		}
> +
> +		/* fall through */
> +	case STATE108:
> +		if (session->internals.resumed != RESUME_FALSE)
> +			_gnutls_set_resumed_parameters(session);
> +
> +		/* If we didn't request a client certificate we can send tickets now
> +		 * and return early */
> +		if (session->internals.hsk_flags & HSK_EARLY_START_USED) {

What do you have in mind? The sending of the ticket early, is an improvement to the current situation as it allows the client to have it in cache/queue when the handshake is complete. It is described in the TLS1.3 as:
```
   Although the resumption master secret depends on the client's
   second flight, servers which do not request client authentication MAY
   compute the remainder of the transcript independently and then send a
   NewSessionTicket immediately upon sending its Finished rather than
   waiting for the client Finished.  This might be appropriate in cases
   where the client is expected to open multiple TLS connections in
   parallel and would benefit from the reduced overhead of a resumption
   handshake, for example.
```

The worrying part is point 2 from 4.4.4:
```
       Servers MAY send data after sending their first flight, but
       because the handshake is not yet complete, they have no assurance
       of either the peer's identity or of its liveness
```
but as we are only doing that for the "unauthenticated client" it shouldn't matter.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90800941
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/e247c0fe/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:33:26 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:33:26 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <note_90322866@gitlab.com>
References: <merge_request_14094230@gitlab.com> <note_90322866@gitlab.com>
 <reply-da894157ee7ca8d4caff44a999c8f11f@gitlab.com>
Message-ID: <mailman.4466.1532698416.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno commented on a discussion on lib/ext/early_data.c:

> +#include "num.h"
> +#include "hello_ext_lib.h"
> +#include <ext/early_data.h>
> +
> +static int early_data_recv_params(gnutls_session_t session,
> +				  const uint8_t * data,
> +				  size_t data_size);
> +static int early_data_send_params(gnutls_session_t session,
> +				  gnutls_buffer_st * extdata);
> +
> +const hello_ext_entry_st ext_mod_early_data = {
> +	.name = "Early Data",
> +	.tls_id = 42,
> +	.gid = GNUTLS_EXTENSION_EARLY_DATA,
> +	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
> +		    GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST,

Removed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90801027
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/6edc22a5/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:34:28 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:34:28 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <note_90324681@gitlab.com>
References: <merge_request_14094230@gitlab.com> <note_90324681@gitlab.com>
 <reply-c5c9d6a7e2e62af6e7208ad13f8def4a@gitlab.com>
Message-ID: <mailman.4467.1532698481.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno commented on a discussion on lib/record.c:

>  				  "Discarded message[%u] due to invalid decryption\n",
>  				  (unsigned int)
>  				  _gnutls_uint64touint32(packet_sequence));
> +
> +		/* as 0-RTT is not implemented yet, when early data is
> +		 * indicated, skip decryption failure up to
> +		 * max_early_data_size. */
> +		if (session->internals.early_data_indicated &&

Yes, changed order of the audit log and early data check and added a separate logging with record_log.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90801272
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/0f8722b7/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:35:14 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:35:14 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-6b320e5edc290479099b285ac9ccd901@gitlab.com>
Message-ID: <mailman.4468.1532698526.30381.gnutls-devel@lists.gnutls.org>

All discussions on Merge Request !706 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/merge_requests/706

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/0bf8dabd/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:35:22 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:35:22 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <note_90793220@gitlab.com>
References: <merge_request_14259256@gitlab.com> <note_90793220@gitlab.com>
 <reply-f64d1d83f9e1d319e7890657e1b818e0@gitlab.com>
Message-ID: <mailman.4471.1532698539.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on lib/handshake-tls13.c:

> +			IMED_RET("generate app keys", ret, 0);
>  
> -		if (session->internals.resumed != RESUME_FALSE)
> -			_gnutls_set_resumed_parameters(session);
> +			/* set traffic keys */
> +			ret = _tls13_connection_state_init(session, STAGE_APP);
> +			IMED_RET("set app keys", ret, 0);
> +		}
>  		/* fall through */
> -	case STATE112:
> -
> -		ret = _gnutls13_send_session_ticket(session, 1, AGAIN(STATE112));
> -		STATE = STATE112;
> -		IMED_RET("send session ticket", ret, 0);
> +	case STATE114:
> +		if (!(session->internals.hsk_flags & HSK_EARLY_START_USED)) {

Makes sense. Updated.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90801393
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/8206dcf0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:35:37 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:35:37 +0000
Subject: [gnutls-devel] GnuTLS | TLS 1.3: ignore "early_data" extension
 (!706)
In-Reply-To: <note_90449622@gitlab.com>
References: <merge_request_14094230@gitlab.com> <note_90449622@gitlab.com>
 <reply-9ddd6fb9fd73b04795c18cdab23676a9@gitlab.com>
Message-ID: <mailman.4472.1532698549.30381.gnutls-devel@lists.gnutls.org>

Daiki Ueno commented on a discussion on lib/tls13/session_ticket.c:

>  				goto cleanup;
>  			}
>  
> -			ret = _gnutls_buffer_append_prefix(&buf, 16, 0);
> +			_gnutls_free_datum(&ticket.ticket);
> +
> +			ret = _gnutls_extv_append_init(&buf);
>  			if (ret < 0) {
>  				gnutls_assert();
>  				goto cleanup;
>  			}
> +			init_pos = ret;
>  
> -			_gnutls_free_datum(&ticket.ticket);
> +			ret = _gnutls_extv_append(&buf, ext_mod_early_data.tls_id, session,

That's correct; removed this part.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90801464
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/9a1350f8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 15:57:38 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 13:57:38 +0000
Subject: [gnutls-devel] GnuTLS | tls1.3: server returns early on
 handshake when no cert is provided by client (!711)
In-Reply-To: <note_90800941@gitlab.com>
References: <merge_request_14259256@gitlab.com> <note_90794268@gitlab.com>
 <note_90800941@gitlab.com>
 <reply-966b39c876482903308ee00bb1a352fc@gitlab.com>
Message-ID: <mailman.4475.1532699869.30381.gnutls-devel@lists.gnutls.org>

Nikos Mavrogiannopoulos commented on a discussion on lib/handshake-tls13.c:

> +			IMED_RET("generate app keys", ret, 0);
> +
> +			ret = _tls13_write_connection_state_init(session, STAGE_APP);
> +			IMED_RET("set write app keys", ret, 0);
> +
> +			_gnutls_handshake_log("HSK[%p]: switching early to application traffic keys\n", session);
> +		}
> +
> +		/* fall through */
> +	case STATE108:
> +		if (session->internals.resumed != RESUME_FALSE)
> +			_gnutls_set_resumed_parameters(session);
> +
> +		/* If we didn't request a client certificate we can send tickets now
> +		 * and return early */
> +		if (session->internals.hsk_flags & HSK_EARLY_START_USED) {

Reading the above again, actually the code above doesn't do it only for the unauthenticated client, but also for PSK. Ouch. Updating.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_90806820
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/6d2bda79/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 16:16:56 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 14:16:56 +0000
Subject: [gnutls-devel] GnuTLS | tlsfuzzer: enable PSK tests (#508)
In-Reply-To: <issue_12497547@gitlab.com>
References: <issue_12497547@gitlab.com>
 <reply-db2eb5f8bfb23126fbd5f521799d3c89@gitlab.com>
Message-ID: <mailman.4476.1532701027.30381.gnutls-devel@lists.gnutls.org>

Issue was closed by Nikos Mavrogiannopoulos
Issue #508: https://gitlab.com/gnutls/gnutls/issues/508

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/508
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/0f117f9c/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 16:16:58 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 14:16:58 +0000
Subject: [gnutls-devel] GnuTLS | tests: improved test suite (!719)
In-Reply-To: <merge_request_14451695@gitlab.com>
References: <merge_request_14451695@gitlab.com>
 <reply-02ef84bfb009e561fe898705c6fdaf4b@gitlab.com>
Message-ID: <mailman.4477.1532701030.30381.gnutls-devel@lists.gnutls.org>

Merge Request !719 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/719
Branches: tmp-test-large-cert to master
Author: Nikos Mavrogiannopoulos
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/719
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/6c332155/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 16:16:57 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 14:16:57 +0000
Subject: [gnutls-devel] GnuTLS | verify that we successfully fragment
 large handshake messages (#513)
In-Reply-To: <issue_12563557@gitlab.com>
References: <issue_12563557@gitlab.com>
 <reply-28f815fd4327cfa80197dd214145bbc0@gitlab.com>
Message-ID: <mailman.4478.1532701036.30381.gnutls-devel@lists.gnutls.org>

Issue was closed by Nikos Mavrogiannopoulos
Issue #513: https://gitlab.com/gnutls/gnutls/issues/513

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/513
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/cbb918bf/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 18:33:27 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 16:33:27 +0000
Subject: [gnutls-devel] GnuTLS | WIP: TLS 1.3: ignore "early_data"
 extension (!706)
In-Reply-To: <merge_request_14094230@gitlab.com>
References: <merge_request_14094230@gitlab.com>
 <reply-dbf6931b135af8babaf92b81f48871e9@gitlab.com>
Message-ID: <mailman.4481.1532709218.30381.gnutls-devel@lists.gnutls.org>

I realized that this fails with the latest tlsfuzzer, in particular when early data is processed _after_ sending HRR (in that case, cipher is null and the decryption still succeeds); moving back to WIP.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/706#note_90837497
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/b1ff3eb3/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 23:18:55 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 21:18:55 +0000
Subject: [gnutls-devel] GnuTLS | -Wabi warnings when compiling with GCC 8
 (#531)
References: <reply-5808b990b81290cc3253557e180d02c2@gitlab.com>
Message-ID: <mailman.4486.1532726346.30381.gnutls-devel@lists.gnutls.org>

New Issue was created.

Issue 531: https://gitlab.com/gnutls/gnutls/issues/531
Author:    Dmitry Eremin-Solenikov
Assignee:  

Compiling GnuTLS with GCC 8.1 (Debian testing) results in the build log flooded with the following warning messages:
```
cc1: warning: -Wabi won't warn about anything [-Wabi]
cc1: note: -Wabi warns about differences from the most up-to-date ABI, which is also used by default
cc1: note: use e.g. -Wabi=11 to warn about changes from GCC 7
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/531
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/05b56cc5/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 23:49:15 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 21:49:15 +0000
Subject: [gnutls-devel] GnuTLS | Fix gcc-8 -Wabi warnings (!720)
References: <reply-8a878a689bd7b405816b651856908bd8@gitlab.com>
Message-ID: <mailman.4487.1532728166.30381.gnutls-devel@lists.gnutls.org>

New Merge Request !720

https://gitlab.com/gnutls/gnutls/merge_requests/720

Branches: tmp-fix-wabi to master
Author:    Tim R?hsen
Assignee:  
Approvers: Simon Josefsson, Nikos Mavrogiannopoulos, Dmitry Eremin-Solenikov, Hubert Kario, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


Fixes #531

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/720
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/6e6ae4f6/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 27 23:51:33 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 21:51:33 +0000
Subject: [gnutls-devel] GnuTLS | -Wabi warnings when compiling with GCC
 8 (#531)
In-Reply-To: <issue_13046101@gitlab.com>
References: <issue_13046101@gitlab.com>
 <reply-ac4d4d2a4980b09643d0d6a2935f8808@gitlab.com>
Message-ID: <mailman.4488.1532728334.30381.gnutls-devel@lists.gnutls.org>

Thanks, !720 addresses this. Though it should better be fixed in gnulib, it is annoying enough to fix it now and here.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/531#note_90886383
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/a63e096b/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 00:12:48 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 22:12:48 +0000
Subject: [gnutls-devel] GnuTLS | Fix gcc-8 -Wabi warnings (!720)
In-Reply-To: <merge_request_14528054@gitlab.com>
References: <merge_request_14528054@gitlab.com>
 <reply-484f525d95c000a1514db82d38ae3eb5@gitlab.com>
Message-ID: <mailman.4489.1532729619.30381.gnutls-devel@lists.gnutls.org>

Merge Request !720 was approved by Dmitry Eremin-Solenikov
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/720
Branches: tmp-fix-wabi to master
Author: Tim R?hsen
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/720
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/d5ecbfd6/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 00:13:07 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Fri, 27 Jul 2018 22:13:07 +0000
Subject: [gnutls-devel] GnuTLS | Fix gcc-8 -Wabi warnings (!720)
In-Reply-To: <merge_request_14528054@gitlab.com>
References: <merge_request_14528054@gitlab.com>
 <reply-39870e08e3c8f6e8fd2f43e5e81daa19@gitlab.com>
Message-ID: <mailman.4490.1532729629.30381.gnutls-devel@lists.gnutls.org>

This MR fixes warnings for me.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/720#note_90908114
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180727/bd7b7a8a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 11:52:09 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Sat, 28 Jul 2018 09:52:09 +0000
Subject: [gnutls-devel] GnuTLS | Fix gcc-8 -Wabi warnings (!720)
In-Reply-To: <merge_request_14528054@gitlab.com>
References: <merge_request_14528054@gitlab.com>
 <reply-d5f33f19f1edef55cab82f22c7000f6a@gitlab.com>
Message-ID: <mailman.4506.1532771541.30381.gnutls-devel@lists.gnutls.org>

Merge Request !720 was merged
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/720
Branches: tmp-fix-wabi to master
Author: Tim R?hsen
Assignee: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/720
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180728/b01e7b21/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 11:52:09 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Sat, 28 Jul 2018 09:52:09 +0000
Subject: [gnutls-devel] GnuTLS | -Wabi warnings when compiling with GCC
 8 (#531)
In-Reply-To: <issue_13046101@gitlab.com>
References: <issue_13046101@gitlab.com>
 <reply-95f06003723d51fcea517ab12993ea98@gitlab.com>
Message-ID: <mailman.4507.1532771549.30381.gnutls-devel@lists.gnutls.org>

Issue was closed by Tim R?hsen
Issue #531: https://gitlab.com/gnutls/gnutls/issues/531

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/531
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180728/b58e17a8/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 21:58:59 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Sat, 28 Jul 2018 19:58:59 +0000
Subject: [gnutls-devel] GnuTLS | trailing dot needs to be stripped for
 certificate matching (#521)
In-Reply-To: <issue_12828102@gitlab.com>
References: <issue_12828102@gitlab.com>
 <reply-541d12c474be73986d5853883b1561f9@gitlab.com>
Message-ID: <mailman.4518.1532807951.30381.gnutls-devel@lists.gnutls.org>

Closed by !709

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/521#note_90978136
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180728/778e3200/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 21:59:02 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Sat, 28 Jul 2018 19:59:02 +0000
Subject: [gnutls-devel] GnuTLS | trailing dot needs to be stripped for
 certificate matching (#521)
In-Reply-To: <issue_12828102@gitlab.com>
References: <issue_12828102@gitlab.com>
 <reply-70b1c697ffbbc18b1ef4cb0da2e824a0@gitlab.com>
Message-ID: <mailman.4519.1532807953.30381.gnutls-devel@lists.gnutls.org>

Issue was closed by Nikos Mavrogiannopoulos
Issue #521: https://gitlab.com/gnutls/gnutls/issues/521

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/521
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180728/5b12e149/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 28 22:02:34 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Sat, 28 Jul 2018 20:02:34 +0000
Subject: [gnutls-devel] GnuTLS | MinGW: gnutls_hash_fast() fails with
 -402 (GNUTLS_E_LIB_IN_ERROR_STATE) (#486)
In-Reply-To: <issue_12187316@gitlab.com>
References: <issue_12187316@gitlab.com>
 <reply-c8a96249fd314332054f816300c27a33@gitlab.com>
Message-ID: <mailman.4520.1532808163.30381.gnutls-devel@lists.gnutls.org>

Is that still the case?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/486#note_90978246
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180728/fbd5a6ff/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 29 19:57:46 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Sun, 29 Jul 2018 17:57:46 +0000
Subject: [gnutls-devel] GnuTLS | Bootstrap fails (#514)
In-Reply-To: <issue_12598463@gitlab.com>
References: <issue_12598463@gitlab.com>
 <reply-0e3fb80ec86310997745aaad90c67009@gitlab.com>
Message-ID: <mailman.4523.1532887076.30381.gnutls-devel@lists.gnutls.org>

I'm still testing and trying some stuff. I'll get back to you soon.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/514#note_91037781
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180729/158cef70/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 30 08:47:28 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Mon, 30 Jul 2018 06:47:28 +0000
Subject: [gnutls-devel] GnuTLS | keep same session ID (#484)
In-Reply-To: <issue_12141045@gitlab.com>
References: <issue_12141045@gitlab.com>
 <reply-d6b98d494c48059db48b3cfacadae857@gitlab.com>
Message-ID: <mailman.4529.1532933259.30381.gnutls-devel@lists.gnutls.org>

Re-opening as there is a possible solution (added in description) for addressing the issue.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/484#note_91091584
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180730/1c066702/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 30 08:47:33 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Mon, 30 Jul 2018 06:47:33 +0000
Subject: [gnutls-devel] GnuTLS | keep same session ID (#484)
In-Reply-To: <issue_12141045@gitlab.com>
References: <issue_12141045@gitlab.com>
 <reply-068f39c239eb0f9463627bc5432dc63e@gitlab.com>
Message-ID: <mailman.4530.1532933263.30381.gnutls-devel@lists.gnutls.org>

Issue was reopened by Nikos Mavrogiannopoulos

Issue 484: https://gitlab.com/gnutls/gnutls/issues/484


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/484
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180730/338c9e0f/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 30 08:47:34 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Mon, 30 Jul 2018 06:47:34 +0000
Subject: [gnutls-devel] GnuTLS | keep same session ID (#484)
In-Reply-To: <issue_12141045@gitlab.com>
References: <issue_12141045@gitlab.com>
 <reply-8f039db1e0d881d513c34f0384b2a2d4@gitlab.com>
Message-ID: <mailman.4531.1532933273.30381.gnutls-devel@lists.gnutls.org>

Reassigned Issue 484

https://gitlab.com/gnutls/gnutls/issues/484

Assignee changed from Nikos Mavrogiannopoulos to Unassigned

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/484
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180730/f0d8cf92/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 30 17:00:43 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Mon, 30 Jul 2018 15:00:43 +0000
Subject: [gnutls-devel] GnuTLS | WIP: resumption: keep persistent session
 identifiers (!721)
References: <reply-1f555d9a289103677d7a3b8b701118eb@gitlab.com>
Message-ID: <mailman.4537.1532962858.30381.gnutls-devel@lists.gnutls.org>

New Merge Request !721

https://gitlab.com/gnutls/gnutls/merge_requests/721

Branches: tmp-persistent-id to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


This patch introduces persistent session identifiers under TLS1.2 and TLS1.3.

## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [ ] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/721
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180730/93f86ae6/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 31 11:38:46 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Tue, 31 Jul 2018 09:38:46 +0000
Subject: [gnutls-devel] GnuTLS | certtool: added example of converting to
 DER in manpage (!722)
References: <reply-2ca087f056338c317d183334590cddf0@gitlab.com>
Message-ID: <mailman.4549.1533029938.30381.gnutls-devel@lists.gnutls.org>

New Merge Request !722

https://gitlab.com/gnutls/gnutls/merge_requests/722

Branches: tmp-add-cert-der-example to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim R?hsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tom?? Mr?z, Anderson Sasaki and GnuTLS devel mailing list


This adds an example with converting to DER from PEM.

## Checklist
 * [x] Documentation updated

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/722
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180731/43debe58/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 31 13:24:28 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Tue, 31 Jul 2018 11:24:28 +0000
Subject: [gnutls-devel] GnuTLS | certtool: added example of converting
 to DER in manpage (!722)
In-Reply-To: <merge_request_14617731@gitlab.com>
References: <merge_request_14617731@gitlab.com>
 <reply-3cb15b2a7349b76212f7e2ecdaef1d81@gitlab.com>
Message-ID: <mailman.4550.1533036278.30381.gnutls-devel@lists.gnutls.org>

LGTM

Just two questions / remarks
- if file names end with `.pem` or `.der`, `--inder` / `--outder` shouldn't be needed. Especially since there is no `--inpem` / `--outpem`. The current situation is very unintuitive to me as a casual user.
- converting .pem to .der and back gives me a CA cert with 2531 bytes while the original is just 729 bytes. why is that and how to communicate this unexpected result to the user ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/722#note_91513138
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180731/fa21da90/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 31 13:30:18 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Tue, 31 Jul 2018 11:30:18 +0000
Subject: [gnutls-devel] GnuTLS | certtool: added example of converting
 to DER in manpage (!722)
In-Reply-To: <merge_request_14617731@gitlab.com>
References: <merge_request_14617731@gitlab.com>
 <reply-c3c779aedfed2131e98899859f1ecf24@gitlab.com>
Message-ID: <mailman.4551.1533036628.30381.gnutls-devel@lists.gnutls.org>

> converting .pem to .der and back gives me a CA cert with 2531 bytes while the original is just 729 bytes. why is that and how to communicate this unexpected result to the user ?

Hmm, the pem format is also used to output information about the certificate itself (because it is textual). There is already an issue open for it;lets move the discussion there: https://gitlab.com/gnutls/gnutls/issues/487

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/722#note_91514281
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180731/2d3eaad8/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 31 13:30:37 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Tue, 31 Jul 2018 11:30:37 +0000
Subject: [gnutls-devel] GnuTLS | certtool: added example of converting
 to DER in manpage (!722)
In-Reply-To: <merge_request_14617731@gitlab.com>
References: <merge_request_14617731@gitlab.com>
 <reply-8a5bdff9ae2874ef751caf63c70b63c6@gitlab.com>
Message-ID: <mailman.4552.1533036649.30381.gnutls-devel@lists.gnutls.org>

Reassigned Merge Request 722

https://gitlab.com/gnutls/gnutls/merge_requests/722

Assignee changed  to Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/722
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180731/439edaa7/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 31 13:33:22 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Tue, 31 Jul 2018 11:33:22 +0000
Subject: [gnutls-devel] GnuTLS | certtool: added example of converting
 to DER in manpage (!722)
In-Reply-To: <merge_request_14617731@gitlab.com>
References: <merge_request_14617731@gitlab.com>
 <reply-8670bbbaba7585f8ed4bbba7edb29e6d@gitlab.com>
Message-ID: <mailman.4553.1533036812.30381.gnutls-devel@lists.gnutls.org>

Merge Request !722 was closed by Nikos Mavrogiannopoulos
Merge Request url: https://gitlab.com/gnutls/gnutls/merge_requests/722
Branches: tmp-add-cert-der-example to master
Author: Nikos Mavrogiannopoulos
Assignee: Nikos Mavrogiannopoulos

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/722
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180731/7762dd08/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 31 13:33:26 2018
From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library)
Date: Tue, 31 Jul 2018 11:33:26 +0000
Subject: [gnutls-devel] GnuTLS | certtool: added example of converting
 to DER in manpage (!722)
In-Reply-To: <merge_request_14617731@gitlab.com>
References: <merge_request_14617731@gitlab.com>
 <reply-937a32a4d91fd71e42983b35fd220244@gitlab.com>
Message-ID: <mailman.4554.1533036821.30381.gnutls-devel@lists.gnutls.org>

Merged manually. Let's discuss remaining issues; maybe we can track the feature request about filenames separately as well (I agree that these are confusing issues and certtool could be more clever)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/722#note_91514833
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180731/2ad0ffc3/attachment.html>