From gnutls-devel at lists.gnutls.org Wed Apr 1 00:34:17 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 31 Mar 2020 22:34:17 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) References: Message-ID: Michael Cronenworth created an issue: https://gitlab.com/gnutls/gnutls/-/issues/962 ## Description of problem: Last known working compile was 3.6.9. Trying to compile 3.6.13 on Fedora Rawhide results in this failure:
Making all in nettle
make[4]: Entering directory '/builddir/build/BUILD/gnutls-3.6.13/build_win64/lib/nettle'
curve448/eccdata.exe curve448 38 6 32 > curve448/ecc-curve448-32.hT && mv curve448/ecc-curve448-32.hT curve448/ecc-curve448-32.h
curve448/eccdata.exe curve448 38 6 64 > curve448/ecc-curve448-64.hT && mv curve448/ecc-curve448-64.hT curve448/ecc-curve448-64.h
/bin/sh: curve448/eccdata.exe: No such file or directory
/bin/sh: curve448/eccdata.exe: No such file or directory
## Version of gnutls used: 3.6.13 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora Rawhide ## How reproducible: Steps to Reproduce: * Take configure from https://src.fedoraproject.org/rpms/mingw-gnutls/blob/master/f/mingw-gnutls.spec * make -j$CPUS V=1 ## Actual results: Build failure. ## Expected results: Build success. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:48 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:48 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#963) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/963 The following issues require labels: - [ ] [Valgrind: Testsuite fails when libgnutls is built with -O2](https://gitlab.com/gnutls/gnutls/-/issues/944) - [ ] [Service Desk (from noloader at gmail.com): GnuTLS 3.6.12 and Failed slow tests with --disable-full-test-suite](https://gitlab.com/gnutls/gnutls/-/issues/929) - [ ] [Speed up or avoid bootstrap in CI runners](https://gitlab.com/gnutls/gnutls/-/issues/891) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:48 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:48 +0000 Subject: [gnutls-devel] GnuTLS | Valgrind: Testsuite fails when libgnutls is built with -O2 (#944) In-Reply-To: References: Message-ID: GnuTLS bot commented: @rockdaboot This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/944#note_315192853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:50 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): GnuTLS 3.6.12 and "Error: no such instruction: `xgetbv'" (#928) In-Reply-To: References: Message-ID: Issue was closed by GnuTLS bot Issue #928: https://gitlab.com/gnutls/gnutls/-/issues/928 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/928 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:53 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:53 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): GnuTLS 3.6.12 and "Error: no such instruction: `xgetbv'" (#928) In-Reply-To: References: Message-ID: GnuTLS bot commented: @support-bot This issue was marked as needinfo with no update for long time. We are now closing it, but please re-open if it is still relevant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/928#note_315192864 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:49 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:49 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): GnuTLS 3.6.12 and Failed slow tests with --disable-full-test-suite (#929) In-Reply-To: References: Message-ID: GnuTLS bot commented: @support-bot This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/929#note_315192859 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:53 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:53 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix linking of libecore.a on Solaris (!773) In-Reply-To: References: Message-ID: Merge Request !773 was closed by GnuTLS bot Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/773 Branches: fix-makefile-on-solaris to master Author: Tim R?hsen Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/773 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:49 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:49 +0000 Subject: [gnutls-devel] GnuTLS | Speed up or avoid bootstrap in CI runners (#891) In-Reply-To: References: Message-ID: GnuTLS bot commented: @rockdaboot This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/891#note_315192860 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 06:09:53 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 04:09:53 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Fix linking of libecore.a on Solaris (!773) In-Reply-To: References: Message-ID: GnuTLS bot commented: @rockdaboot This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/773#note_315192876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 07:30:25 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 05:30:25 +0000 Subject: [gnutls-devel] GnuTLS | multiple remote PKCS#11 modules not working (#961) In-Reply-To: References: Message-ID: Daiki Ueno commented: The check is exercised in two occasions: 1. called from `gnutls_pkcs11_add_provider` to manually register the module 2. called from `gnutls_pkcs11_init` to automatically enumerate registered modules For (1), I think we can simply skip the check, because that is user's intention obviously. For (2), I would suggest adding a flag, say `GNUTLS_PKCS11_FLAG_ALLOW_DUPLICATE`, to explicitly skip the check. Then we could expose it from `p11tool`. How does this sound? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/961#note_315211225 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 07:31:30 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 05:31:30 +0000 Subject: [gnutls-devel] GnuTLS | Added reproducer for fix in !1225 (!1227) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1227#note_315211461 See !1228. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1227#note_315211461 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 12:21:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 10:21:50 +0000 Subject: [gnutls-devel] GnuTLS | DTLS client hello contains a random value of all zeroes (#960) In-Reply-To: References: Message-ID: darix commented: does this warrant a CVE? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/960#note_315423651 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 21:32:47 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 19:32:47 +0000 Subject: [gnutls-devel] GnuTLS | DTLS client hello contains a random value of all zeroes (#960) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Yes, but we cannot assign a CVE. Internally we use our identifiers: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 and I've asked the red hat security team to assign a CVE. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/960#note_315822245 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 21:36:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 19:36:50 +0000 Subject: [gnutls-devel] GnuTLS | multiple remote PKCS#11 modules not working (#961) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: > For (1), I think we can simply skip the check, because that is user's intention obviously. For (2), I would > suggest adding a flag, say `GNUTLS_PKCS11_FLAG_ALLOW_DUPLICATE`, to explicitly skip the check. Then we > could expose it from `p11tool`. > How does this sound? This would address the problem with p11tool, but other applications will not be able to use that URI unless modified. We can disable that check completely (anyway that was making it better on a very rare case). Is there something that the remoting server can do as it is now (without code changes)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/961#note_315823922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 21:40:08 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 19:40:08 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from noloader@gmail.com): GnuTLS 3.6.13 test results (#964) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Our CI is based on fedora and it seems there is an official build: https://koji.fedoraproject.org/koji/buildinfo?buildID=1486643 Could it be something related to your system? Would you like to check the failure reasons? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/964#note_315825997 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 1 21:46:57 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 01 Apr 2020 19:46:57 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thanks for bringing that up. We have a CI that builds the DLLs via mingw in fedora, do these help? The commands: https://gitlab.com/gnutls/gnutls/-/blob/master/.gitlab-ci.yml#L310 The packages used: https://gitlab.com/gnutls/build-images/-/blob/master/docker-mingw/Dockerfile The run itself: https://gitlab.com/gnutls/gnutls/-/jobs/491918107 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_315829671 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 16:18:35 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 14:18:35 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Michael Cronenworth commented: The core issue is that the tarball is shipping 'lib/nettle/curve448/eccdata.stamp' and this causes the eccdata.exe target to never get built. Removing that touchfile builds the EXE and the entire compile completes. A secondary issue of you adding an executed binary to the compile is that this will fail on non-x86_64 build hosts. Fedora MinGW packages are built 'noarch' because gcc can build any type of PE on any arch, but you cannot run any PE on any arch. With this new requirement the Fedora builds will fail when they get placed on a i686, ARM, or PPC build host. Is there any way to skip building lib/nettle? Excuse my ignorance of GnuTLS code design. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_316371476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 17:26:38 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 15:26:38 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) References: Message-ID: Andreas Fuchs created an issue: https://gitlab.com/gnutls/gnutls/-/issues/965 ## Description of problem: Calling `p11tool --list-tokens` hangs indefinitely; but only when compiled using clang using gcc succeeds as expected. ## Version of gnutls used: 3.6.10-1.fc30.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora 30 Docker ## How reproducible: This branch introduces a p11tool based test to our CI system: https://github.com/AndreasFuchsSIT/tpm2-pkcs11/tree/p11tool_tests This is the build by travis: https://travis-ci.org/github/AndreasFuchsSIT/tpm2-pkcs11/builds/669628934 To test locally: ```sh cd tpm2-pkcs11 #and switch to branch docker run --cap-add=SYS_PTRACE -it --env-file "$PWD/.ci/docker.env" \ -v "$PWD:/workspace/tpm2-pkcs11" "tpm2software/tpm2-tss:fedora-30" \ /bin/bash #inside docker export CC=clang ./.ci/docker.run ``` Note: if you `export CC=gcc` the p11tool tests succeed ## Actual results: Program hangs indefinitely. Calltrace: ```c $ gdb -p $(pidof p11tool | cut -d " " -f 1) [... a bunch of symbol resolutions ...] (gdb) bt #0 futex_abstimed_wait (private=0, abstime=0x0, expected=2, futex_word=) at ../sysdeps/unix/sysv/linux/futex-internal.h:172 #1 __pthread_rwlock_wrlock_full (abstime=0x0, rwlock=0x7f0f026779a0 <__libc_setlocale_lock>) at pthread_rwlock_common.c:807 #2 __GI___pthread_rwlock_wrlock (rwlock=0x7f0f026779a0 <__libc_setlocale_lock>) at pthread_rwlock_wrlock.c:27 #3 0x00007f0f024e5ab7 in __newlocale (category_mask=, category_mask at entry=8127, locale=locale at entry=0x7f0eff1bfd61 "POSIX", base=, base at entry=0x0) at newlocale.c:163 #4 0x00007f0eff1b66a1 in p11_library_init_impl () at ../common/library.c:160 #5 0x00007f0f03344f4a in call_init (l=, argc=argc at entry=4, argv=argv at entry=0x7ffc034f5cb8, env=env at entry=0x7ffc034f5ce0) at dl-init.c:72 #6 0x00007f0f03345051 in call_init (env=0x7ffc034f5ce0, argv=0x7ffc034f5cb8, argc=4, l=) at dl-init.c:30 #7 _dl_init (main_map=main_map at entry=0x61a000000080, argc=4, argv=0x7ffc034f5cb8, env=0x7ffc034f5ce0) at dl-init.c:119 #8 0x00007f0f03348fae in dl_open_worker (a=a at entry=0x7ffc034f4dc0) at dl-open.c:510 #9 0x00007f0f025ece09 in __GI__dl_catch_exception (exception=exception at entry=0x7ffc034f4da0, operate=operate at entry=0x7f0f03348bc0 , args=args at entry=0x7ffc034f4dc0) at dl-error-skeleton.c:196 #10 0x00007f0f0334882e in _dl_open (file=0x604000000510 "/usr/lib64/pkcs11/p11-kit-trust.so", mode=-2147483646, caller_dlopen=0x7f0f02910c74 <__interceptor_dlopen(char const*, int)+244>, nsid=-2, argc=4, argv=, env=0x7ffc034f5ce0) at dl-open.c:592 #11 0x00007f0f0229b39c in dlopen_doit (a=a at entry=0x7ffc034f4fe0) at dlopen.c:66 #12 0x00007f0f025ece09 in __GI__dl_catch_exception (exception=exception at entry=0x7ffc034f4f80, operate=operate at entry=0x7f0f0229b340 , args=args at entry=0x7ffc034f4fe0) at dl-error-skeleton.c:196 #13 0x00007f0f025ecea3 in __GI__dl_catch_error (objname=objname at entry=0x7f0f032aedb0 , errstring=errstring at entry=0x7f0f032aedb8 , mallocedp=mallocedp at entry=0x7f0f032aeda8 , operate=operate at entry=0x7f0f0229b340 , args=args at entry=0x7ffc034f4fe0) at dl-error-skeleton.c:215 #14 0x00007f0f0229bb09 in _dlerror_run (operate=operate at entry=0x7f0f0229b340 , args=args at entry=0x7ffc034f4fe0) at dlerror.c:170 #15 0x00007f0f0229b42a in __dlopen (file=, mode=) at dlopen.c:87 #16 0x00007f0f02910c74 in __interceptor_dlopen (filename=0x604000000510 "/usr/lib64/pkcs11/p11-kit-trust.so", flag=2) at /usr/src/debug/compiler-rt-8.0.0-1.fc30.x86_64/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:5969 #17 0x00007f0f0202b4fc in dlopen_and_get_function_list (funcs=0x7ffc034f58a0, path=0x604000000510 "/usr/lib64/pkcs11/p11-kit-trust.so", mod=0x617000000080) at ../p11-kit/modules.c:429 #18 load_module_from_file_inlock (path=0x604000000510 "/usr/lib64/pkcs11/p11-kit-trust.so", result=result at entry=0x7ffc034f5928, name=) at ../p11-kit/modules.c:429 #19 0x00007f0f0202baa7 in take_config_and_load_module_inlock (verbose=false, critical=false, config=0x7ffc034f5920, name=0x7ffc034f5918) at ../p11-kit/modules.c:597 #20 load_registered_modules_unlocked (flags=flags at entry=0) at ../p11-kit/modules.c:682 #21 0x00007f0f0202c89f in load_registered_modules_unlocked (flags=0) at ../p11-kit/modules.c:2032 #22 p11_modules_load_inlock_reentrant (flags=0, results=0x7ffc034f5a20) at ../p11-kit/modules.c:1987 #23 0x00007f0f0202c927 in p11_kit_modules_load (reserved=0x0, flags=0) at ../p11-kit/modules.c:2092 #24 0x00007f0f0202ccb2 in p11_kit_modules_load_and_initialize (flags=flags at entry=0) at ../p11-kit/modules.c:2216 #25 0x00007f0f0274c3ca in auto_load (trusted=trusted at entry=0) at pkcs11.c:933 #26 0x00007f0f0274de37 in gnutls_pkcs11_init (flags=1, deprecated_config_file=0x0) at pkcs11.c:1006 #27 0x0000557d8b3c3bf3 in cmd_parser (argv=, argc=8) at p11tool.c:187 #28 main (argc=, argv=) at p11tool.c:75 ``` ## Expected results: Modules are loaded and tokens listed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 18:02:16 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 16:02:16 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Daiki Ueno commented: What about with `p11-kit list-modules`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_316478207 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 18:05:03 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 16:05:03 +0000 Subject: [gnutls-devel] GnuTLS | Build failure on macOS Catalina 10.15.4 under Xcode 11.4. (#966) References: Message-ID: Dan Cross created an issue: https://gitlab.com/gnutls/gnutls/-/issues/966 ## Description of problem: When using macOS Catalina (10.15.4) and Xcode 11.4, gnutls fails to build with a linker error. ## Version of gnutls used: 3.6.12 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Homebrew ## How reproducible: Steps to Reproduce: * Install Homebrew on a Mac (brew.sh) * `brew update` * `brew install gnutls` ## Actual results: `gnutls-cli` fails to build with a linker error: ``` ld: weak import of symbol '___darwin_check_fd_set_overflow' not supported becaus e of option: -no_weak_imports for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) ``` This was reported to Homebrew, which said to file a ticket upstream: https://github.com/Homebrew/homebrew-core/issues/52348 ## Expected results: GNU TLS installs and builds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 18:08:03 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 16:08:03 +0000 Subject: [gnutls-devel] GnuTLS | multiple remote PKCS#11 modules not working (#961) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/961#note_316482728 I don't think it can be (cleanly) supported in p11-kit side. > We can disable that check completely (anyway that was making it better on a very rare case). If so, can you just add an opposite option, say `GNUTLS_PKCS11_FLAG_CHECK_DUPLICATE`, to re-enable the check and document the behavior change? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/961#note_316482728 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 18:32:58 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 16:32:58 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Andreas Fuchs commented: That's working. >From the test-script: ```sh [...] + p11-kit list-modules p11-kit-trust: p11-kit-trust.so library-description: PKCS#11 Kit Trust Module library-manufacturer: PKCS#11 Kit library-version: 0.23 token: System Trust manufacturer: PKCS#11 Kit model: p11-kit-trust serial-number: 1 hardware-version: 0.23 flags: token-initialized token: Default Trust manufacturer: PKCS#11 Kit model: p11-kit-trust serial-number: 1 hardware-version: 0.23 flags: write-protected token-initialized opensc: opensc-pkcs11.so library-description: OpenSC smartcard framework library-manufacturer: OpenSC Project library-version: 0.19 tpm2_pkcs11: /workspace/tpm2-pkcs11/build/src/.libs/libtpm2_pkcs11.so library-description: TPM2.0 Cryptoki library-manufacturer: tpm2-software.github.io library-version: 0.0 token: manufacturer: IBM model: SW TPM serial-number: 0000000000000000 hardware-version: 1.59 firmware-version: 25.35 flags: rng login-required [...] + p11tool -d 9999 --list-tokens [hangs] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_316498741 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 2 18:40:17 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 02 Apr 2020 16:40:17 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Andreas Fuchs commented: Also, having turned on our debug outputs, it seems that not even `C_GetFunctionList` or `C_Initialize` are called on our pkcs11 library. Seems like something broken before we are dl()'ed... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_316502947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 03:14:16 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 01:14:16 +0000 Subject: [gnutls-devel] GnuTLS | status-request-revoked test fails after 2020-10-24 (#967) References: Message-ID: Bernhard M_ Wiedemann created an issue: https://gitlab.com/gnutls/gnutls/-/issues/967 While working on reproducible builds for openSUSE, I found that our gnutls package fails to build after 2020-10-24 because ca_cert_pem in `tests/status-request-revoked.c` has ``` Not Before: Thu Oct 24 14:03:00 UTC 2019 Not After: Sat Oct 24 14:03:00 UTC 2020 ``` If you renew it (e.g. with certtool -u), please make it valid until at least 2049. Background: As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future. The usual offset is +15 years, because that is how long I expect some software will be used in some places. This showed up failing tests in our package build. See https://reproducible-builds.org/ for why this matters. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/967 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 06:37:24 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 04:37:24 +0000 Subject: [gnutls-devel] GnuTLS | DTLS client hello contains a random value of all zeroes (#960) In-Reply-To: References: Message-ID: Huzaifa Sidhpurwala commented: @nmav can you ask mitre for a CVE pls? https://cveform.mitre.org/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/960#note_316790361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 11:42:15 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 09:42:15 +0000 Subject: [gnutls-devel] GnuTLS | IDNA: require libidn2 2.0.0 (!1229) In-Reply-To: References: Message-ID: Merge Request !1229 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1229 Project:Branches: nmav/gnutls:tmp-libidn-simplify to gnutls/gnutls:master Author: Nikos Mavrogiannopoulos Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1229 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 11:42:15 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 09:42:15 +0000 Subject: [gnutls-devel] GnuTLS | gnutls uses libidn2 internal symbols which were dropped (#832) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1229 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1229) Issue #832: https://gitlab.com/gnutls/gnutls/-/issues/832 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 13:09:22 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 11:09:22 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228#note_317050304 > dnl We use its presence to detect C11 threads > AC_CHECK_HEADERS([threads.h]) > > +AC_CHECK_HEADERS([valgrind/memcheck.h]) My only comment is do we want to have this unconditional (could it have any repercursions such as performance cost in normal builds) or should we limit it in our CI when `--enable-valgrind-tests` is given? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228#note_317050304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 13:11:20 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 11:11:20 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Merge Request !1223 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 Project:Branches: CendioOssman/gnutls:compare_dn to gnutls/gnutls:master Author: Pierre Ossman (Work account) Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 13:12:25 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 11:12:25 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Would you like to resolve the conflicts in order to merge it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317051934 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 13:44:29 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 11:44:29 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Pierre Ossman (Work account) commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317099120 I can have a look if you want. I'm not that familiar with GitLab though. Is it a matter of doing a `git rebase master` and then a force push? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317099120 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 14:35:21 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 12:35:21 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317151311 I'd expect so -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317151311 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 14:40:03 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 12:40:03 +0000 Subject: [gnutls-devel] GnuTLS | DTLS client hello contains a random value of all zeroes (#960) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I've done so. I have a ticket they are looking at it. @dueno pointed that it looks similar [this mozilla NSS bug](https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384) which has moderate severity. It could be that I overestimated the severity. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/960#note_317155755 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 15:37:23 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 13:37:23 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Pierre Ossman (Work account) commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317200777 Done. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317200777 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 17:04:05 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 15:04:05 +0000 Subject: [gnutls-devel] GnuTLS | status-request-revoked test fails after 2020-10-24 (#967) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Hi, Would you like to send a merge request to change that test to run under datefudge? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/967#note_317272158 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 18:07:31 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 16:07:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Support AIA (downloading intermeidate certs) (#968) References: Message-ID: Tim R?hsen created an issue: https://gitlab.com/gnutls/gnutls/-/issues/968 Some intermediate certs needs to be downloaded to verify the chain, see https://savannah.gnu.org/bugs/?58097 https://discussions.qualys.com/thread/12098 Would be nice to have this GnuTLS or at least gnutls-cli. ``` $ gnutls-cli -V www.xocolatl.com 443 gnutls-cli 3.6.12 tim at ryzen:~/src/wget2$ gnutls-cli -V www.xocolatl.com 443 Processed 128 CA certificate(s). Resolving 'www.xocolatl.com:443'... Connecting to '116.202.171.177:443'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - X.509 Certificate Information: Version: 3 Serial Number (hex): 03a081e7536daaa191406e66046a8cc59bfe Issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US Validity: Not Before: Mon Mar 02 14:50:14 UTC 2020 Not After: Sun May 31 14:50:14 UTC 2020 Subject: CN=chili.xocolatl.com Subject Public Key Algorithm: RSA Algorithm Security Level: Medium (2048 bits) Modulus (bits 2048): 00:bd:15:47:f4:b4:c5:f5:ae:1e:cd:68:06:99:c6:e7 d3:33:6c:4d:18:36:56:f6:72:c8:08:f2:29:9c:06:88 f4:26:a6:82:d7:54:be:be:1c:4c:04:e0:6b:94:76:d0 b9:c9:99:8b:4c:70:91:89:93:a6:25:ec:b1:af:0a:9a 60:72:3c:6e:f9:fb:47:a1:62:75:62:ea:e4:00:fb:46 a4:f1:a4:db:e9:3a:5c:44:d6:9c:d3:26:d0:0d:22:67 82:a6:e4:4b:c6:b1:e4:2a:80:2a:3c:de:2d:1b:c1:a3 3c:ba:33:d4:57:23:d8:08:6e:81:99:66:e3:84:73:7a 13:fb:c0:c6:58:5f:4c:df:3a:38:a6:da:6f:ac:f0:d7 30:b8:00:34:95:b6:6c:4a:5c:2a:8f:a1:b8:62:b0:68 c6:1c:3a:8b:8e:5e:80:24:85:71:ee:da:ea:0b:70:fe 01:d7:72:48:3f:fc:e7:66:ca:56:5b:5d:7b:16:5e:8f dd:f4:8a:b9:e9:24:03:c7:2f:b1:f0:fa:2f:96:d4:5f 3d:bc:8a:e5:8e:20:b4:ee:3e:27:2a:f7:7e:66:66:84 b7:3f:cc:41:23:3d:77:82:a3:cf:e2:31:5b:8c:47:ed 33:1a:9c:56:17:dc:9f:29:ac:b2:88:5e:73:17:cb:ea e1 Exponent (bits 24): 01:00:01 Extensions: Key Usage (critical): Digital signature. Key encipherment. Key Purpose (not critical): TLS WWW Server. TLS WWW Client. Basic Constraints (critical): Certificate Authority (CA): FALSE Subject Key Identifier (not critical): d0fca29770368ad5e8b43841c0e9db19646ea92c Authority Key Identifier (not critical): a84a6a63047dddbae6d139b7a64565eff3a8eca1 Authority Information Access (not critical): Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) Access Location URI: http://ocsp.int-x3.letsencrypt.org Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) Access Location URI: http://cert.int-x3.letsencrypt.org/ Subject Alternative Name (not critical): DNSname: chili.xocolatl.com DNSname: www.xocolatl.com DNSname: xocolatl.com Certificate Policies (not critical): 2.23.140.1.2.1 1.3.6.1.4.1.44947.1.1.1 URI: http://cps.letsencrypt.org Unknown extension 1.3.6.1.4.1.11129.2.4.2 (not critical): ASCII: ......w.^.s..V...6H}.I.2z.........u..qEX...p.........H0F.!..Q!F.....T at .6:$.=.y.......L...i..!...n....9..:_.w8_....e..S.(...P...v......... N.f.+..% gk..p..IS-...^...p.........G0E.!..K|J..x."w.$.......}.Y.C.xd.O..,. 0.9:r....c..x...Z,)..9.>...3.... Hexdump: 0481f300f10077005ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558000001709bf0cead0000040300483046022100a2512146cc919901025440d5363a24a53d02799b96b10bd0f8b84cd08a9969c7022100a6d86effb9fdee3919113a5f9877385fb985f4c965cd94531528d9828150efcc007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e000001709bf0ce9e0000040300473045022100e24b7c4ab21b78d62277e924c68b85ffc1f48d7d0459df43fb7864964f0d042c022030bf393a72b8fabcb9639e8678c3a22e5a2c29ff1839d53e1ceead33fad4ada2 Signature Algorithm: RSA-SHA256 Signature: 2e:02:db:96:c9:e6:28:73:da:8b:c9:7a:42:00:81:2a 3d:e7:dc:e6:ff:76:f4:c8:e7:64:82:0a:84:49:6c:a9 ec:b5:33:2a:bb:a9:88:0f:1b:20:4c:ec:c1:f2:14:ae 61:26:b3:ca:e5:2d:f6:f2:36:a8:0a:1d:98:90:88:c8 55:c5:a3:33:05:fe:75:3a:23:ce:f1:9c:90:57:72:df 64:34:26:a2:86:73:7d:a1:44:8d:13:ca:fa:8e:e4:6f 36:58:01:f1:9c:73:da:51:e5:f8:b1:f6:f5:92:e5:ad 1f:3b:a6:fc:d5:ca:5d:2f:6d:14:f4:5d:f1:2c:ed:69 31:72:88:a9:15:a6:f5:a6:56:1f:4c:4b:9b:b7:04:26 92:9a:aa:37:93:0e:9e:5d:b5:21:0c:48:45:22:63:59 08:b2:4b:8b:8b:db:a4:e0:f6:3c:d0:f6:47:cd:18:ad 04:ff:4e:d8:89:7e:1a:c2:ad:4c:e2:54:b4:28:2e:fc a1:7f:f6:e0:4b:e2:5d:8e:24:0a:ac:ce:3f:0a:dd:de 4d:dc:75:7e:28:10:4a:3d:41:0d:b9:66:8f:59:15:15 f8:50:dc:29:88:6f:26:cc:ff:d0:ec:2e:5a:9b:a8:43 25:d8:7a:41:5e:58:29:7e:c1:a1:87:17:12:68:cc:79 Other Information: Fingerprint: sha1:04e0297bf5bed2239302699b8acce8880bac3d3b sha256:cc2270f59f27dea652e90a0451d235e37c9b7bf64d1712aaf8a9709351ba3721 Public Key ID: sha1:6752bef04694d1fe2d0483c6ac18fcabfb690508 sha256:fcdedeb113ed0f8de4f04b9965420a31d9f0af5d3917c70e7f76560933fa1cf7 Public Key PIN: pin-sha256:/N7esRPtD43k8EuZZUIKMdnwr105F8cOf3ZWCTP6HPc= -----BEGIN CERTIFICATE----- MIIFfTCCBGWgAwIBAgISA6CB51NtqqGRQG5mBGqMxZv+MA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMDIxNDUwMTRaFw0y MDA1MzExNDUwMTRaMB0xGzAZBgNVBAMTEmNoaWxpLnhvY29sYXRsLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0VR/S0xfWuHs1oBpnG59MzbE0Y Nlb2csgI8imcBoj0JqaC11S+vhxMBOBrlHbQucmZi0xwkYmTpiXssa8KmmByPG75 +0ehYnVi6uQA+0ak8aTb6TpcRNac0ybQDSJngqbkS8ax5CqAKjzeLRvBozy6M9RX I9gIboGZZuOEc3oT+8DGWF9M3zo4ptpvrPDXMLgANJW2bEpcKo+huGKwaMYcOouO XoAkhXHu2uoLcP4B13JIP/znZspWW117Fl6P3fSKuekkA8cvsfD6L5bUXz28iuWO ILTuPicq935mZoS3P8xBIz13gqPP4jFbjEftMxqcVhfcnymssohecxfL6uECAwEA AaOCAogwggKEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0Pyil3A2itXotDhBwOnb GWRuqSwwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5 cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5 cHQub3JnLzA9BgNVHREENjA0ghJjaGlsaS54b2NvbGF0bC5jb22CEHd3dy54b2Nv bGF0bC5jb22CDHhvY29sYXRsLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0 Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AF6nc/nfVsDntTZIfdBJ4DJ6 kZoMhKESEoQYdZaBcUVYAAABcJvwzq0AAAQDAEgwRgIhAKJRIUbMkZkBAlRA1TY6 JKU9AnmblrEL0Pi4TNCKmWnHAiEApthu/7n97jkZETpfmHc4X7mF9MllzZRTFSjZ goFQ78wAdgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXCb8M6e AAAEAwBHMEUCIQDiS3xKsht41iJ36STGi4X/wfSNfQRZ30P7eGSWTw0ELAIgML85 OnK4+ry5Y56GeMOiLlosKf8YOdU+HO6tM/rUraIwDQYJKoZIhvcNAQELBQADggEB AC4C25bJ5ihz2ovJekIAgSo959zm/3b0yOdkggqESWyp7LUzKrupiA8bIEzswfIU rmEms8rlLfbyNqgKHZiQiMhVxaMzBf51OiPO8ZyQV3LfZDQmooZzfaFEjRPK+o7k bzZYAfGcc9pR5fix9vWS5a0fO6b81cpdL20U9F3xLO1pMXKIqRWm9aZWH0xLm7cE JpKaqjeTDp5dtSEMSEUiY1kIskuLi9uk4PY80PZHzRitBP9O2Il+GsKtTOJUtCgu /KF/9uBL4l2OJAqszj8K3d5N3HV+KBBKPUENuWaPWRUV+FDcKYhvJsz/0OwuWpuo QyXYekFeWCl+waGHFxJozHk= -----END CERTIFICATE----- - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/968 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 20:48:26 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 18:48:26 +0000 Subject: [gnutls-devel] GnuTLS | status-request-revoked test fails after 2020-10-24 (#967) In-Reply-To: References: Message-ID: Bernhard M_ Wiedemann commented: I'm not sure how to best apply it to the .c file. Could you make a MR and I test it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/967#note_317419866 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 3 22:08:41 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 03 Apr 2020 20:08:41 +0000 Subject: [gnutls-devel] GnuTLS | Provide gzipped tarballs (#969) References: Message-ID: Karl-Philipp Richter created an issue: https://gitlab.com/gnutls/gnutls/-/issues/969 Most container only provide a minimal set of tools which often don't include a large set of (de)compression tools. `gzip` is mostly supported without the need to install additional software. Therefore providing gzipped tarballs is useful when using gnutls installations from source inside containers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 4 06:11:41 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 04 Apr 2020 04:11:41 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228#note_317552481 > dnl We use its presence to detect C11 threads > AC_CHECK_HEADERS([threads.h]) > > +AC_CHECK_HEADERS([valgrind/memcheck.h]) I would rather enable it unconditionally, given the cost is negligible: ``` 18:59 >ueno< thanks; is there any performance penalty if I unconditionally instrument a program with VALGRIND_MAKE_MEM_UNDEFINED 18:59 >ueno< like https://gitlab.com/gnutls/gnutls/-/merge_requests/1228/diffs 19:00 =mjw= Nothing is zero cost, but it is really minimal. 19:01 =mjw= It inserts some instructions that are basically NOPs, but that valgrind recognizes as a valgrind client request 19:03 =mjw= If you want to make it even less overhead you can use if ((flags & GNUTLS_CLIENT) && RUNNING_ON_VALGRIND) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228#note_317552481 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 4 11:41:39 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 04 Apr 2020 09:41:39 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: Tim R?hsen commented: LGTM, but leave approval to @nmav -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228#note_317585077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:02:04 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:02:04 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.6.14 (Mar 31, 2020?Jun 1, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/28 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:03:43 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:03:43 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: All discussions on Merge Request !1223 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:03:51 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:03:51 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Merge Request !1223 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 Project:Branches: CendioOssman/gnutls:compare_dn to gnutls/gnutls:master Author: Pierre Ossman (Work account) Assignee: Nikos Mavrogiannopoulos -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:03:51 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:03:51 +0000 Subject: [gnutls-devel] GnuTLS | Valid cert fails to verify due to different DN encodings (#553) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1223 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1223) Issue #553: https://gitlab.com/gnutls/gnutls/-/issues/553 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/553 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:04:01 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:04:01 +0000 Subject: [gnutls-devel] GnuTLS | Compare DNs by comparing their string representations (!1223) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1223#note_317791596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:04:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:04:09 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: All discussions on Merge Request !1228 were resolved by Nikos Mavrogiannopoulos https://gitlab.com/gnutls/gnutls/-/merge_requests/1228 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:04:40 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:04:40 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: Merge Request !1228 was approved by Nikos Mavrogiannopoulos Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228 Branches: tmp-valgrind-memcheck to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:04:56 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:04:56 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: Merge Request !1228 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228 Branches: tmp-valgrind-memcheck to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:05:13 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:05:13 +0000 Subject: [gnutls-devel] GnuTLS | build: use valgrind client request to detect undefined memory use (!1228) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1228#note_317791782 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:33:43 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:33:43 +0000 Subject: [gnutls-devel] GnuTLS | Provide gzipped tarballs (#969) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I understand you rationale but could you provide more information to understand why is this a general problem that we should address? I suspect if you need to install gnutls from source in a container you can install `xz` along several of its dependencies. When deploying on run-time you can have the minimal dependencies required without xz. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/969#note_317795775 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:36:24 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:36:24 +0000 Subject: [gnutls-devel] GnuTLS | status-request-revoked test fails after 2020-10-24 (#967) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Ah, I didn't see it was a `.c` file. In that case you can bring something like: https://gitlab.com/gnutls/gnutls/-/blob/master/tests/x509-verify-with-crl.c#L162 with the time updated to today's time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/967#note_317796141 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 13:37:31 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 11:37:31 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Support AIA (downloading intermeidate certs) (#968) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: @rockdaboot isn't this duplicate of the issue Daiki marked above? If not, would you like to clarify what is the difference? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/968#note_317796274 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 14:35:38 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 12:35:38 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Support AIA (downloading intermediate certs) (#968) In-Reply-To: References: Message-ID: Tim R?hsen commented: Right. #202 is about extending the API of libgnutls with a callback. This is about to use it in gnutls-cli so that we have a demo implementation. With that I would implement it for wget/wget2. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/968#note_317805293 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 18:22:56 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 16:22:56 +0000 Subject: [gnutls-devel] GnuTLS | Provide gzipped tarballs (#969) In-Reply-To: References: Message-ID: Karl-Philipp Richter commented: @nmav The problem can be solved easily as you described in a container. Other approaches include providing a gzipped tarball created from the xz-compressed tarball on a remote location or in a customized container. To put it simple: my usecase is odd. If you have the possibility to create gzipped tarballs easily, I'd be grateful, I cannot however state that this is a necessity with a use case that applies to a noticible audience. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/969#note_317853133 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 5 18:31:51 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 05 Apr 2020 16:31:51 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix status-request-revoked after 2020-10-24 (!1230) References: Message-ID: Bernhard M_ Wiedemann created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230 Project:Branches: bmwiedemann/gnutls:ftbfs20201024 to gnutls/gnutls:master Author: Bernhard M. Wiedemann Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 10:12:48 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 08:12:48 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix status-request-revoked after 2020-10-24 (!1230) In-Reply-To: References: Message-ID: Tim R?hsen commented: Please check that CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) and restart the failed jobs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230#note_318132652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 10:49:16 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 08:49:16 +0000 Subject: [gnutls-devel] GnuTLS | multiple remote PKCS#11 modules not working (#961) In-Reply-To: References: Message-ID: Marc Kleine-Budde commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/961#note_318161192 Something like `GNUTLS_PKCS11_FLAG_FILTER_DUPLICATE` sounds good - change the check to really check for duplicated smartcards instead of providers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/961#note_318161192 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 11:01:15 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 09:01:15 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix status-request-revoked after 2020-10-24 (!1230) In-Reply-To: References: Message-ID: Bernhard M_ Wiedemann commented: Cannot find that Setting/CICD : ![gitlab-com-cicd](/uploads/5b9efd37b9b846bc5cfa3d4e36563515/gitlab-com-cicd.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230#note_318176240 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 11:15:21 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 09:15:21 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix status-request-revoked after 2020-10-24 (!1230) In-Reply-To: References: Message-ID: Tim R?hsen commented: That is a project setting (in your gnutls fork), not a general setting. With my fork the URL is https://gitlab.com/rockdaboot/gnutls/-/settings/ci_cd -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230#note_318189322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 14:46:44 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 12:46:44 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 Branches: tmp-check-soname to master Author: Daiki Ueno Previously, we hard-coded soname of the linked libraries for FIPS integrity checking. That required downstream packagers to manually adjust the relevant code if they link libgnutls with a different interface versions. This patch automates that process with the configure script. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 14:53:23 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 12:53:23 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix status-request-revoked after 2020-10-24 (!1230) In-Reply-To: References: Message-ID: Merge Request !1230 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230 Project:Branches: bmwiedemann/gnutls:ftbfs20201024 to gnutls/gnutls:master Author: Bernhard M_ Wiedemann Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 16:04:14 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 14:04:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: Fix status-request-revoked after 2020-10-24 (!1230) In-Reply-To: References: Message-ID: Merge Request !1230 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230 Project:Branches: bmwiedemann/gnutls:ftbfs20201024 to gnutls/gnutls:master Author: Bernhard M_ Wiedemann Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1230 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 6 16:04:17 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 06 Apr 2020 14:04:17 +0000 Subject: [gnutls-devel] GnuTLS | status-request-revoked test fails after 2020-10-24 (#967) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos via merge request !1230 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1230) Issue #967: https://gitlab.com/gnutls/gnutls/-/issues/967 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/967 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 7 04:45:43 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 07 Apr 2020 02:45:43 +0000 Subject: [gnutls-devel] GnuTLS | certtool cannot extend certs beyond 2049-12-31 (#971) References: Message-ID: Bernhard M_ Wiedemann created an issue: https://gitlab.com/gnutls/gnutls/-/issues/971 While working on reproducible builds for openSUSE, I found that certtool cannot extend certs beyond 2049-12-31 Maybe related to 5b3230ffc472903ba49614afe85c3e576a1b6b9b that says `we generate dates with GeneralizedTime format after 2050` Here is a recent example from LibreOffice, but I have seen this problem before with several other certs: ``` libreoffice-core> certtool -u --load-ca-privkey desktop/qa/data/test-PK-signing.pem --load-ca-certificate desktop/qa/data/test-cert-chain-1.pem --load-certificate desktop/qa/data/test-cert-chain-3.pem > x Generating a signed certificate... Activation/Expiration time. The certificate will expire in (days): 11111 set_expiration: ASN1 parser: Element was not found. ``` The error is probably produced from a `src/certtool.c` call to `gnutls_x509_crt_set_expiration_time` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 7 13:42:01 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 07 Apr 2020 11:42:01 +0000 Subject: [gnutls-devel] GnuTLS | add a callback to retrieve missing chain certificates (#202) In-Reply-To: References: Message-ID: Sahana Prasad commented: I will take up this task and start working on it from today. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/202#note_319131374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 7 14:28:43 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 07 Apr 2020 12:28:43 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) References: Message-ID: Anderson Sasaki created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232 Project:Branches: ansasaki/gnutls:cli-wait-resumption to gnutls/gnutls:master Author: Anderson Sasaki This adds the command line option ``--waitresumption`` to ``gnutls-cli`` to make the client to wait longer for the resumption data under TLS1.3. When the option is provided, the client will use a timeout increased by 5 seconds when waiting for the resumption data. If no ticket is received, then the execution continues as if the ticket was not sent by the server. This is useful to force the client to wait for the resumption data when the server takes long to send the ticket, allowing the session resumption to be tested. This is a common scenario in CI systems where the testing machines have limited resources. The changes were tested locally using https://github.com/tomato42/tlslite-ng server with the following patch applied to make the server to delay sending the resumption data: ``` diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py index 5c8dcc5..30cbd34 100644 --- a/tlslite/tlsconnection.py +++ b/tlslite/tlsconnection.py @@ -2452,6 +2452,9 @@ class TLSConnection(TLSRecordLayer): encrypted_ticket = cipher.seal(iv, ticket.write(), b'') + # delay sending the ticket for a while + time.sleep(1) + # encapsulate the ticket and send to client new_ticket = NewSessionTicket() new_ticket.create(settings.ticketLifetime, ``` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 7 14:55:07 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 07 Apr 2020 12:55:07 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Anderson Sasaki commented: Looks good to me! I tried locally and it worked. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231#note_319196722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 8 04:17:18 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 08 Apr 2020 02:17:18 +0000 Subject: [gnutls-devel] GnuTLS | certtool cannot extend certs beyond 2049-12-31 (#971) In-Reply-To: References: Message-ID: Bernhard M_ Wiedemann commented: commit 5834822b17eb1d7f33ce29cbe265e39d91e3b9ef is also interesting. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/971#note_319623531 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 9 20:13:01 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 09 Apr 2020 18:13:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1232 was reviewed by Stanislav ?idek -- Stanislav ?idek started a new discussion on src/cli-args.def: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_321299906 > +flag = { > + name = waitresumption; > + descrip = "Wait longer for resumption data under TLS1.3"; Shouldn't there be an `arg-type`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 02:06:07 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 10 Apr 2020 00:06:07 +0000 Subject: [gnutls-devel] GnuTLS | Build failure on macOS Catalina 10.15.4 under Xcode 11.4. (#966) In-Reply-To: References: Message-ID: Dave Abrahams commented: FWIW, I had the same issue, and removing `LDFLAGS=-Wl,-no_weak_imports` from the Makefile makes the build work for me on this platform. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/966#note_321460026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 17:39:25 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 10 Apr 2020 15:39:25 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. I tried to make it also work on the platforms not using `.so` as the suffix (e.g., mingw and macOS) for what it's worth, but realized that `ldd.m4` doesn't work nicely. So I gave up and stick with the `.so` support only. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231#note_321817114 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 17:45:22 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 10 Apr 2020 15:45:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Daiki Ueno commented: I suggest making it possible to wait indefinitely, rather than hard-coding the duration (5 seconds). That would be possible with `gnutls_handshake_set_hook_function()` as mentioned in the `gnutls_session_get_data2()` documentation, and possibly a [self-pipe trick](https://cr.yp.to/docs/selfpipe.html). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_321820905 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 21:17:01 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 10 Apr 2020 19:17:01 +0000 Subject: [gnutls-devel] GnuTLS | certtool cannot extend certs beyond 2049-12-31 (#971) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: I think you've identified the root cause. The problem is that there is a different type used to store the time depending on the actual time, and the update command as implemented can only overwrite values, but not change the type. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/971#note_321929611 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 21:17:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 10 Apr 2020 19:17:50 +0000 Subject: [gnutls-devel] GnuTLS | Provide gzipped tarballs (#969) In-Reply-To: References: Message-ID: Issue was closed by Nikos Mavrogiannopoulos Issue #969: https://gitlab.com/gnutls/gnutls/-/issues/969 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/969 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 21:17:49 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 10 Apr 2020 19:17:49 +0000 Subject: [gnutls-devel] GnuTLS | Provide gzipped tarballs (#969) In-Reply-To: References: Message-ID: Nikos Mavrogiannopoulos commented: Ok, closing but feel free to re-open if you or someone else believes there is a general problem we should address. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/969#note_321929915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 11 14:56:26 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 11 Apr 2020 12:56:26 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Daiki Ueno commented: It seems that the "Approve" button is still not shown for the people with access levels lower than "Developer", even if he is in the "Default" approvers list. Nikos said that it will show up if I manually create an approval rule, so I did. @ansasaki, could you check if you can approve now? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231#note_322103730 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 12 12:11:48 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 12 Apr 2020 10:11:48 +0000 Subject: [gnutls-devel] GnuTLS | RELEASES.md: describe the release process [ci skip] (!1202) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on RELEASES.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/1202#note_322261026 > |stable|3.6.x |bi-monthly | > |next |- | | > + > + > +# Release process > + > + 0. Create a new 'milestone' for the next release and move all issues present in the > + current release milestone. > + 1. Verification of release notes: ensure that release notes ([NEWS](NEWS)) exist > + for this release, and include all significant changes since last release. > + 2. Update of release date in [NEWS](NEWS), and bump of version number in > + [configure.ac](configure.ac) as well as soname numbers in [m4/hooks.m4](m4/hooks.m4). > + 3. make distcheck > + 4. git tag -s $(VERSION). The 3.6.12 was including both the 3.6.12 and > + gnutls_3_6_12 tags, but it may make sense to only use the version from > + now on. I'm a bit disappointed that this convention change was introduced without any discussion. In git, prefixing "v" is a [common](https://semver.org/#is-v123-a-semantic-version) [practice](https://git-scm.com/book/en/v2/Git-Basics-Tagging), and it wouldn't confuse tools like [git-version-gen](https://git.savannah.gnu.org/cgit/gnulib.git/tree/build-aux/git-version-gen#n89). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1202#note_322261026 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 12 12:15:30 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 12 Apr 2020 10:15:30 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 Branches: tmp-xts-ig-a9 to master Author: Daiki Ueno The [implementation guidance](https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf) suggest that a check of key1 != key2 should be done at any place before the keys are used. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 12 12:17:54 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 12 Apr 2020 10:17:54 +0000 Subject: [gnutls-devel] GnuTLS | WIP: add more functions necessary for QUIC (!1197) In-Reply-To: References: Message-ID: Merge Request !1197 was closed by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1197 Project:Branches: dueno/gnutls:tmp-draft-ietf-quic-tls-25 to gnutls/gnutls:tmp-ephemeral-api Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1197 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 12 12:17:53 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 12 Apr 2020 10:17:53 +0000 Subject: [gnutls-devel] GnuTLS | WIP: add more functions necessary for QUIC (!1197) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm closing this as the pending patches are currently kept in `tmp-quic` branch. I'll submit MR for each soon. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1197#note_322261908 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 08:25:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 13 Apr 2020 06:25:09 +0000 Subject: [gnutls-devel] GnuTLS | handshake-tls13: add session flag to disable sending session tickets (!1234) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1234 Branches: tmp-no-auto-send-ticket to master Author: Daiki Ueno While GnuTLS by default implicitly sends NewSessionTicket during handshake, application protocols like QUIC set a clear boundary between "in handshake" and "post handshake", and NST must be sent in the post handshake state. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1234 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 16:04:27 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 13 Apr 2020 14:04:27 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Michael Cronenworth commented: This arrangement won't currently work for Fedora's Koji build system. Multilib is not enabled so it will not install 32-bit wine in a 64-bit buildroot. Could you generate this data prior to generating the release tarball so running the binary is not required? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_322670228 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 02:41:32 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 00:41:32 +0000 Subject: [gnutls-devel] GnuTLS | Deadlock in _gnutls_epoch_get on mutex epoch_lock with msmtp and gnutls 3.6.7 (#758) In-Reply-To: References: Message-ID: Alex commented: seems to be related to nss-resolve somehow... valgrind reports that pthread_mutex_lock from _gnutls_epoch_get accesses uninitialized memory. strangely, it doesn't on Arch though. I've tried recompiling systemd, gnutls, and msmtp with conservative CFLAGS (-O2 -ggdb3) as well as identical CFLAGS/LDFLAGS to Arch, and it still only happens on Gentoo. also tried kernel.randomize_va_space=0, no difference on either. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/758#note_323006229 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 09:41:38 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 07:41:38 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231#note_323232246 I still don't see the button. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231#note_323232246 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 13:19:30 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 11:19:30 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) References: Message-ID: Dmitry Baryshkov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 Project:Branches: GostCrypt/gnutls:no-nettle-internal to gnutls/gnutls:master Author: Dmitry Baryshkov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 13:27:13 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 11:27:13 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: Dmitry Baryshkov started a new discussion on lib/nettle/cipher.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_323440649 > length, dst, src); > } > > +static void > +_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, > + const uint8_t *key) > +{ > + if (safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) > + _gnutls_switch_lib_state(LIB_STATE_ERROR); > + else > + xts_aes128_set_encrypt_key(xts_key, key); This will result in an error even in non-FIPS-enabled case. Is this expected? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_323440649 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 13:28:30 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 11:28:30 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: Dmitry Baryshkov commented on a discussion on lib/nettle/cipher.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_323441975 > length, dst, src); > } > > +static void > +_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, > + const uint8_t *key) > +{ > + if (safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) > + _gnutls_switch_lib_state(LIB_STATE_ERROR); > + else > + xts_aes128_set_encrypt_key(xts_key, key); Moreover in non-FIPS case if I understand correctly, this will result in GnuTLS silently ignoring key changes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_323441975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 13:41:04 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 11:41:04 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging 96edefc8d5f85e2b61ba5563173c86f36cb81ef4 into b143a756aee850b0a0d3bdfdfaa51ee27cb2f25f - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-79d63981fca8c29e47788f5ea28eee04b84117c9) **fixed alerts:** * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_323450211 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:21:20 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:21:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion on src/cli-args.def: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_323478064 > doc = ""; > }; > > +flag = { > + name = waitresumption; > + descrip = "Wait longer for resumption data under TLS1.3"; I think it is not necessary as the option does not receive an argument. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_323478064 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:21:21 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:21:21 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: All discussions on Merge Request !1232 were resolved by Anderson Sasaki https://gitlab.com/gnutls/gnutls/-/merge_requests/1232 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:27:37 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:27:37 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_323482424 I can make it to wait indefinitely by passing ``GNUTLS_INDEFINITE_TIMEOUT`` to ``gnutls_system_recv_timeout()`` (which actually was my first approach; I changed it to use a finite timeout due to a suggestion from Nikos as it would make the client to block). Would that be acceptable? Could you explain the benefit of using a more complicated implementation like the self-pipe trick? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_323482424 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:28:36 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:28:36 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/nettle/ecc-gost-curve.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_323483118 > -#define nettle_get_gost_gc512a _gnutls_get_gost_gc512a > +#define nettle_get_gost_gc256b _gnutls_nettle_curve448_get_gost_gc256b > +#define nettle_get_gost_gc512a _gnutls_nettle_curve448_get_gost_gc512a The prefix should be `_gnutls_nettle_ecc_`? -- Daiki Ueno started a new discussion on devel/import-ecc-from-nettle.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_323483123 > - esac > - case $dst in > + */ecc-gost-gc256b.c) Not a blocker for now, but if the number of manual patching increases, it might make sense to actually keep patches as we do in `gl/override` for gnulib import. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:29:02 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:29:02 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, thanks for doing this! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_323483458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:29:08 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:29:08 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Merge Request !1235 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 Project:Branches: GostCrypt/gnutls:no-nettle-internal to gnutls/gnutls:master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 14:49:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 12:49:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion on src/cli-args.def: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_323503260 > doc = ""; > }; > > +flag = { > + name = waitresumption; > + descrip = "Wait longer for resumption data under TLS1.3"; Ah, sorry, then I misunderstood; I thought that user specifies the timeout time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_323503260 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 15:14:11 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 13:14:11 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/cipher.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_323523284 > length, dst, src); > } > > +static void > +_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, > + const uint8_t *key) > +{ > + if (safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) > + _gnutls_switch_lib_state(LIB_STATE_ERROR); > + else > + xts_aes128_set_encrypt_key(xts_key, key); Good catch, should be safer now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_323523284 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 15:14:12 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 13:14:12 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: All discussions on Merge Request !1233 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 17:09:19 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 15:09:19 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging 7745be8d46f3a8a8c3824a469b26515469ebb911 into b143a756aee850b0a0d3bdfdfaa51ee27cb2f25f - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-ac5b7351042fdc2da66360c6a2913784baac3818) **fixed alerts:** * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_323657510 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 17:59:10 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 15:59:10 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging d1f44454d6831aade6c8ee478da2da767a75dc63 into b143a756aee850b0a0d3bdfdfaa51ee27cb2f25f - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-78f7f4143869d533e56e13dcdc84c51f76cf6ff4) **fixed alerts:** * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_323703430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 20:37:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 14 Apr 2020 18:37:50 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Alan Jowett commented: FWIW, I am seeing a similar issue when building on Alpine Linux v.3.10.4. Build fails with: ``` 2020-04-14T18:11:10.9969030Z [INFO] [2421] make[4]: Entering directory '/source/src/linux/gnutls/lib/nettle' 2020-04-14T18:11:10.9975506Z [INFO] [2422] GEN curve448/ecc-curve448-32.h 2020-04-14T18:11:10.9977887Z ##[warning][Build] [Build GnuTLS] [2423] /bin/sh: curve448/eccdata: not found 2020-04-14T18:11:10.9979289Z [WARN] [2423] /bin/sh: curve448/eccdata: not found 2020-04-14T18:11:10.9980428Z [INFO] [2424] GEN curve448/ecc-curve448-64.h 2020-04-14T18:11:10.9982595Z ##[warning][Build] [Build GnuTLS] [2425] make[4]: *** [Makefile:2656: curve448/ecc-curve448-32.h] Error 127 2020-04-14T18:11:10.9984628Z [WARN] [2425] make[4]: *** [Makefile:2656: curve448/ecc-curve448-32.h] Error 127 2020-04-14T18:11:10.9986021Z ##[warning][Build] [Build GnuTLS] [2426] make[4]: *** Waiting for unfinished jobs.... 2020-04-14T18:11:10.9987357Z [WARN] [2426] make[4]: *** Waiting for unfinished jobs.... 2020-04-14T18:11:10.9988474Z ##[warning][Build] [Build GnuTLS] [2427] /bin/sh: curve448/eccdata: not found 2020-04-14T18:11:10.9989478Z [WARN] [2427] /bin/sh: curve448/eccdata: not found ``` Fix is to delete lib/nettle/curve448/eccdata.stamp -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_323796929 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 06:08:36 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 04:08:36 +0000 Subject: [gnutls-devel] GnuTLS | Improving X.509 certificate validation errors (#950) In-Reply-To: References: Message-ID: GnuTLS bot commented: @mukrop This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/950#note_324028473 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 06:08:38 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 04:08:38 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add CI tarball build (!809) In-Reply-To: References: Message-ID: GnuTLS bot commented: @rockdaboot This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/809#note_324028486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 06:08:36 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 04:08:36 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#972) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/972 The following issues require labels: - [ ] [Improving X.509 certificate validation errors](https://gitlab.com/gnutls/gnutls/-/issues/950) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 06:08:39 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 04:08:39 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Add CI tarball build (!809) In-Reply-To: References: Message-ID: Merge Request !809 was closed by GnuTLS bot Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/809 Project:Branches: rockdaboot/gnutls:tmp-tarball-build to gnutls/gnutls:master Author: Tim R?hsen Assignee: Tim R?hsen -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/809 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 18:12:51 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 16:12:51 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Tim R?hsen commented: This pull request **fixes 1 alert** when merging 389a25694b85750d7813d8fbe0ae8a4483889214 into b143a756aee850b0a0d3bdfdfaa51ee27cb2f25f - [view on LGTM.com](https://lgtm.com/projects/gl/gnutls/gnutls/rev/pr-ccac8417094ae739d69ebe19fa1c30f61a726633) **fixed alerts:** * 1 for FIXME comment --- *Comment posted by [LGTM.com](https://lgtm.com)* -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_324519283 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 18:20:42 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 16:20:42 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Dmitry Baryshkov commented on a discussion on lib/nettle/ecc-gost-curve.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_324524901 > #endif > #endif > > -#define nettle_get_gost_gc256b _gnutls_get_gost_gc256b > -#define nettle_get_gost_gc512a _gnutls_get_gost_gc512a > +#define nettle_get_gost_gc256b _gnutls_nettle_curve448_get_gost_gc256b > +#define nettle_get_gost_gc512a _gnutls_nettle_curve448_get_gost_gc512a fixed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235#note_324524901 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 18:21:32 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 16:21:32 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: All discussions on Merge Request !1235 were resolved by Dmitry Baryshkov https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 19:10:45 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 15 Apr 2020 17:10:45 +0000 Subject: [gnutls-devel] GnuTLS | Stop using Nettle and Hogweed internal symbols (!1235) In-Reply-To: References: Message-ID: Merge Request !1235 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 Project:Branches: GostCrypt/gnutls:no-nettle-internal to gnutls/gnutls:master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 09:52:02 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 07:52:02 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Andreas Fuchs commented: I got an strace of the whole thing. Maybe this helps ? ```c + strace -e trace=file p11tool --list-tokens execve("/usr/bin/p11tool", ["p11tool", "--list-tokens"], 0x7ffc2137c6e8 /* 46 vars */) = 0 openat(AT_FDCWD, "/usr/lib64/clang/8.0.0/lib/linux/libclang_rt.asan-x86_64.so", O_RDONLY|O_CLOEXEC) = 3 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/tls/haswell/x86_64/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/tls/haswell/x86_64", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/tls/haswell/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/tls/haswell", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/tls/x86_64/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/tls/x86_64", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/tls/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/tls", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/haswell/x86_64/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/haswell/x86_64", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/haswell/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/haswell", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/x86_64/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/x86_64", 0x7ffdd98d2e10) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/lib/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) stat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/lib64/libgnutls.so.30", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libopts.so.25", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libopts.so.25", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libtasn1.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libtasn1.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libstdc++.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libstdc++.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libdl.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/librt.so.1", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libm.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libp11-kit.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libp11-kit.so.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libidn2.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libidn2.so.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libunistring.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libunistring.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libnettle.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libnettle.so.6", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libhogweed.so.4", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libhogweed.so.4", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libgmp.so.10", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libgmp.so.10", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/local/lib/libffi.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libffi.so.6", O_RDONLY|O_CLOEXEC) = 3 readlink("/proc/self/exe", "/usr/bin/p11tool", 4096) = 16 open("/proc/self/cmdline", O_RDONLY) = 3 open("/proc/self/environ", O_RDONLY) = 3 open("/proc/self/environ", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 open("/proc/self/maps", O_RDONLY) = 3 stat("llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/workspace/tpm2-pkcs11/build/../tools/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("./src/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/root/.local/bin//llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/ibmtpm974/src/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/usr/local/sbin/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/usr/local/bin/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/usr/sbin/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/usr/bin/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/sbin/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/bin/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) stat("/workspace/tpm2-pkcs11/tools/llvm-symbolizer", 0x7ffdd98d3020) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/proc/sys/crypto/fips_enabled", O_RDONLY) = -1 ENOENT (No such file or directory) access("/etc/system-fips", F_OK) = -1 ENOENT (No such file or directory) stat("/etc/crypto-policies/back-ends/gnutls.config", {st_mode=S_IFREG|0644, st_size=394, ...}) = 0 openat(AT_FDCWD, "/etc/crypto-policies/back-ends/gnutls.config", O_RDONLY) = 3 openat(AT_FDCWD, "/workspace/tpm2-pkcs11/build/../tools", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "./src", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/root/.local/bin/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/ibmtpm974/src", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/local/sbin", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/usr/local/bin", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/usr/sbin", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 openat(AT_FDCWD, "/usr/bin", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 access("/usr/bin/p11tool", R_OK|X_OK) = 0 openat(AT_FDCWD, "/etc/pkcs11/pkcs11.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/pkcs11/modules", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 stat("/etc/pkcs11/modules/.", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/etc/pkcs11/modules/..", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/etc/pkcs11/modules/tpm2_pkcs11.module", {st_mode=S_IFREG|0644, st_size=65, ...}) = 0 openat(AT_FDCWD, "/etc/pkcs11/modules/tpm2_pkcs11.module", O_RDONLY|O_CLOEXEC) = 4 openat(AT_FDCWD, "/usr/share/p11-kit/modules", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 stat("/usr/share/p11-kit/modules/p11-kit-trust.module", {st_mode=S_IFREG|0644, st_size=902, ...}) = 0 openat(AT_FDCWD, "/usr/share/p11-kit/modules/p11-kit-trust.module", O_RDONLY|O_CLOEXEC) = 4 stat("/usr/share/p11-kit/modules/.", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/share/p11-kit/modules/..", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/share/p11-kit/modules/opensc.module", {st_mode=S_IFREG|0644, st_size=383, ...}) = 0 openat(AT_FDCWD, "/usr/share/p11-kit/modules/opensc.module", O_RDONLY|O_CLOEXEC) = 4 openat(AT_FDCWD, "/usr/lib64/pkcs11/p11-kit-trust.so", O_RDONLY|O_CLOEXEC) = 3 [ hangs here ] ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_325020424 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 13:29:28 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 11:29:28 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Andreas Fuchs commented: Just FYI: it even hangs on `p11-tool --version`. So given this bug, I cannot even test for certain versions and skip... :-( -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_325185415 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 13:38:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 11:38:09 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Andreas Fuchs commented: One more thing I found: apparently this only happens if preloading libasan on clang... Without libasan, it's working (more or less)... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_325192649 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 20:03:29 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 18:03:29 +0000 Subject: [gnutls-devel] GnuTLS | build: attempt to fix build issues on FreeBSD (!1236) References: Message-ID: Dmitry Baryshkov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1236 Branches: tmp-fix-ecc-freebsd to master Author: Dmitry Baryshkov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1236 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 00:08:34 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 22:08:34 +0000 Subject: [gnutls-devel] GnuTLS | handshake-tls13: add session flag to disable sending session tickets (!1234) In-Reply-To: References: Message-ID: Merge Request !1234 was approved by Dmitry Baryshkov Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1234 Branches: tmp-no-auto-send-ticket to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1234 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 00:09:27 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 22:09:27 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: Merge Request !1233 was approved by Dmitry Baryshkov Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 Branches: tmp-xts-ig-a9 to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 00:30:15 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 16 Apr 2020 22:30:15 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: Dmitry Baryshkov commented: Can we test it in tls-session-ext-register somehow? LGTM otherwise -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_325774876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 09:52:20 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 17 Apr 2020 07:52:20 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Andreas Fuchs commented: Ok, so without libasan it does not hang anymore, but the module is not listed, even though strace shows that the .so file was opened. Using gcc to compile my module works though... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_326020455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 17:14:00 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 17 Apr 2020 17:14:00 +0200 Subject: [gnutls-devel] goodbye Message-ID: Hi, It has been a very long run for me on this project, facing diverse challenges, and learning new things but I think it is time for me to move on. I will no longer participate in developing or releasing gnutls. My involvement in the last few weeks were quite stressful for me and that reinforced my conviction that I should move on, as I have opted for different challenges that do not leave time for me working on the project. I was very lucky to be working with and meeting very nice and interesting people through this project. I am very proud for the current development team -Daiki, Dmitry, Tim- and I wish you good luck! Please support them to this difficult and sometimes unappreciated task. I also wish to thank everyone who has contributed to the project over the years in any way. Thank you! Nikos From gnutls-devel at lists.gnutls.org Sat Apr 18 13:06:55 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sat, 18 Apr 2020 11:06:55 +0000 Subject: [gnutls-devel] GnuTLS | p11-kit / p11tool hang on clang (#965) In-Reply-To: References: Message-ID: Tim R?hsen commented: >From your first backtrace can be seen that the glibc function `newlocale` hangs. It is called indirectly via dlopen. I wonder if the same happens without gnutls. Can you compile and run a simple program which just calls ``` p11_kit_modules_load_and_initialize(0); ``` ? Another shot worth would be to test with clang-10. BTW, the blocker for a clang asan CI runner is a malfunction with the openssl server. It's OK with gcc asan. So I wonder if there are subtle issues with clang's asan. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/965#note_326622500 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 07:22:41 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 05:22:41 +0000 Subject: [gnutls-devel] GnuTLS | build: attempt to fix build issues on FreeBSD (!1236) In-Reply-To: References: Message-ID: Merge Request !1236 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1236 Branches: tmp-fix-ecc-freebsd to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1236 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 07:24:34 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 05:24:34 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233#note_326779158 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 07:24:41 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 05:24:41 +0000 Subject: [gnutls-devel] GnuTLS | xts: check key block according to FIPS-140-2 IG A.9 (!1233) In-Reply-To: References: Message-ID: Merge Request !1233 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 Branches: tmp-xts-ig-a9 to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 07:29:18 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 05:29:18 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_326779442 My point was that, if the `--waitresumption` option just causes the client to use a bit longer timeout, the option name sounds misleading (because it has nothing to do with resumption). On the other hand, if it actually waits for NST, it may make more sense to wait indefinitely. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_326779442 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 08:19:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 06:19:09 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect results returned when converting pem file to der (#973) References: Message-ID: Suhwan created an issue: https://gitlab.com/gnutls/gnutls/-/issues/973 ## Description of problem: The results (exit status & output) are incorrect when converting pem file to der. I tested GnuTLS with Libressl, openssl, and mbedtls. ## Version of gnutls used: 3.6.13 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) - Description: Ubuntu 18.04.1 LTS - Release: 18.04 ## How reproducible: Steps to Reproduce: 1. build GnuTLS 3.6.13 2. run following command `certtool --outder -i --infile $PoC --outfile /tmp/tmp.der` [issue_973](/uploads/51bec54e8e30c6460610576c9034f543/issue_973) ## Actual results: ``` program : Libressl version : 3.1.0 exit status : 0 ``` ``` program : openssl version : commit 031c9bd3f3e9a02fa126c7dbc47f3d934678a195 exit status : 0 ``` ``` program : mbedtls version : 2.22.0 . Loading the PEM file ... ok . Converting from PEM to DER ... ok . Writing the DER file ... ok exit status : 0 ``` ``` program : gnutls version : 3.6.13 import error: Error in the certificate. exit status : 1 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 09:39:17 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 07:39:17 +0000 Subject: [gnutls-devel] GnuTLS | build: attempt to fix build issues on FreeBSD (!1236) In-Reply-To: References: Message-ID: Merge Request !1236 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1236 Branches: tmp-fix-ecc-freebsd to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1236 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 12:52:08 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 10:52:08 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) References: Message-ID: Hanspeter Niederstrasser created an issue: https://gitlab.com/gnutls/gnutls/-/issues/974 ## Description of problem: `override-ciphers` and `test-ciphers.sh` tests fail on macOS. ## Version of gnutls used: Failure occurs on GnuTLS 3.6.11.1 - 3.6.13. v3.6.10 passes everything. ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) macOS 10.13.6 (building via Fink package manager) ## How reproducible: Steps to Reproduce: * Build gnutls with [these configure parameters](https://github.com/fink/fink-distributions/blob/master/10.9-libcxx/stable/main/finkinfo/crypto/gnutls30-shlibs.info#L39), then `make`, and run tests with `make check`. ## Actual results: This is the output from `tests/slow/test-suite.log`: ``` FAIL: test-ciphers.sh ===================== default cipher tests failed FAIL test-ciphers.sh (exit status: 1) FAIL: override-ciphers ====================== overridden cipher tests failed FAIL override-ciphers (exit status: 1) ``` The individual logs for the 2 failed tests do not show any more details. ## Expected results: All tests should pass. Issue #929 mentions these tests failing, but that's really about some tests are being run even though the `--disable-full-test-suite` option was used. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:18:36 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 11:18:36 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Tim R?hsen commented: - What is the content of `"%p/etc/gnutls/default-priorities"` ? - Are you really using gcc 4.0 ? (And if so, what is the test result with a modern gcc ?) - Please add/upload `config.log` and `tests/slow/test-ciphers.sh.log` if possible -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326823271 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:36:57 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 11:36:57 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect results returned when converting pem file to der (#973) In-Reply-To: References: Message-ID: Tim R?hsen commented: ``` $ GNUTLS_DEBUG_LEVEL=9 src/certtool -i --infile /tmp/issue_973.pem ... |<2>| signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: 1.2.840.66.15245.1.1.4, 1.2.840.113549.1.1.4 |<3>| ASSERT: x509.c[compare_sig_algorithm]:330 |<3>| ASSERT: x509.c[gnutls_x509_crt_import]:615 |<3>| ASSERT: x509.c[gnutls_x509_crt_list_import]:3834 import error: Error in the certificate. ``` GnuTLS is a bit nitpicking about what is allowed and may have stricter constraints then other X509 libraries. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/973#note_326826120 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:39:44 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 11:39:44 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Hanspeter Niederstrasser commented: * %p/etc/gnutls/default-priorities does not exist (%p is a replacement token for the actual install prefix, which equals `/sw` for the default Fink prefix) * `GCC: 4.0` is a token for the GCC-ABI that the Fink project uses internally. The actual compiler used is Apple's clang: `Apple LLVM version 10.0.0 (clang-1000.11.45.5)` [config.log](/uploads/56fbaf39721f6fe0c26d8a3026a90b71/config.log) [test-ciphers.sh.log](/uploads/6346e550508928b73a7389d404c1b600/test-ciphers.sh.log) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326826513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:40:41 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 11:40:41 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect results returned when converting pem file to der (#973) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #973: https://gitlab.com/gnutls/gnutls/-/issues/973 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:40:40 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 11:40:40 +0000 Subject: [gnutls-devel] GnuTLS | Incorrect results returned when converting pem file to der (#973) In-Reply-To: References: Message-ID: Tim R?hsen commented: If you have some major issues with existing implementation (e.g. can't contact web sites), feel free to reopen with as much details as possible. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/973#note_326826676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:56:17 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 11:56:17 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Tim R?hsen commented: `test-ciphers.sh` seems to fail on the (internal) self-test of libgnutls. Please give me the output of ``` cd tests/slow GNUTLS_DEBUG_LEVEL=9 ./cipher-test ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326828700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 14:03:40 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 12:03:40 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Hanspeter Niederstrasser commented: ``` $ GNUTLS_DEBUG_LEVEL=9 ./cipher-test gnutls[2]: Enabled GnuTLS 3.6.13 logging... gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected gnutls[2]: cfg: unable to access: /sw/etc/gnutls/default-priorities: 2 <2>| running tests for: AES-128-CCM <3>| ASSERT: aes-ccm-x86-aesni.c[aes_ccm_aead_decrypt]:128 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <3>| ASSERT: aes-ccm-x86-aesni.c[aes_ccm_aead_decrypt]:128 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <3>| ASSERT: aes-ccm-x86-aesni.c[aes_ccm_aead_decrypt]:128 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <3>| ASSERT: aes-ccm-x86-aesni.c[aes_ccm_aead_decrypt]:128 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <2>| AES-128-CCM self check succeeded <2>| running scatter (iovec) tests for: AES-128-CCM <2>| AES-128-CCM scatter self check succeeded <2>| compat: running tests for: AES-128-CCM <3>| ASSERT: crypto-api.c[gnutls_cipher_init]:71 <2>| running tests for: AES-256-CCM <3>| ASSERT: aes-ccm-x86-aesni.c[aes_ccm_aead_decrypt]:128 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <3>| ASSERT: aes-ccm-x86-aesni.c[aes_ccm_aead_decrypt]:128 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <2>| AES-256-CCM self check succeeded <2>| running scatter (iovec) tests for: AES-256-CCM <2>| AES-256-CCM scatter self check succeeded <2>| compat: running tests for: AES-256-CCM <3>| ASSERT: crypto-api.c[gnutls_cipher_init]:71 <2>| AES-128-CBC self check succeeded <2>| AES-192-CBC self check succeeded <2>| AES-256-CBC self check succeeded <2>| 3DES-CBC self check succeeded <2>| ARCFOUR-128 self check succeeded <2>| running tests for: AES-128-GCM <3>| ASSERT: aes-gcm-x86-pclmul-avx.c[aesni_gcm_aead_decrypt]:351 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <3>| ASSERT: aes-gcm-x86-pclmul-avx.c[aesni_gcm_aead_decrypt]:351 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <3>| ASSERT: aes-gcm-x86-pclmul-avx.c[aesni_gcm_aead_decrypt]:351 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <2>| AES-128-GCM self check succeeded <2>| running scatter (iovec) tests for: AES-128-GCM <2>| AES-128-GCM scatter self check succeeded <2>| compat: running tests for: AES-128-GCM <2>| AES-128-GCM compat self check succeeded <2>| running tests for: AES-256-GCM <3>| ASSERT: aes-gcm-x86-pclmul-avx.c[aesni_gcm_aead_decrypt]:351 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <2>| AES-256-GCM self check succeeded <2>| running scatter (iovec) tests for: AES-256-GCM <2>| AES-256-GCM scatter self check succeeded <2>| compat: running tests for: AES-256-GCM <2>| AES-256-GCM compat self check succeeded <2>| running tests for: CHACHA20-POLY1305 <3>| ASSERT: cipher.c[wrap_nettle_cipher_aead_decrypt]:1033 <3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:827 <2>| CHACHA20-POLY1305 self check succeeded <2>| running scatter (iovec) tests for: CHACHA20-POLY1305 <2>| CHACHA20-POLY1305 scatter self check succeeded <2>| compat: running tests for: CHACHA20-POLY1305 <2>| CHACHA20-POLY1305 compat self check succeeded <2>| AES-128-CFB8 self check succeeded <2>| AES-128-CFB8 decryption of test vector 0 failed with block size 1! <3>| ASSERT: crypto-selftests.c[test_cipher_all_block_sizes]:813 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326829882 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 14:23:32 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 12:23:32 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thanks, so AES-128-CFB8 decryption fails for some reason. Which version of nettle are you testing with ? @lumag, @dueno Any idea ? Especially that gcc has no issues is weird. Testing with clang-10 (note that clang on OSX has a different version scheme) on Debian also shows no issues. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326832596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 14:42:02 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 12:42:02 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Hanspeter Niederstrasser commented: Installed nettle is 3.5.1. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326835186 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 15:28:08 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 13:28:08 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Daiki Ueno commented: This configure check seems to be insufficient: ```sh # Check if nettle has CFB8 support if test -z "$ac_cv_func_nettle_cfb8_encrypt"; then # nettle_cfb8_decrypt in nettle 3.5 is known to be broken ver=`$PKG_CONFIG --modversion nettle` if expr "$ver" : '^3\.5\b' >/dev/null; then ac_cv_func_nettle_cfb8_encrypt=no fi fi ``` The fix is only available in nettle 3.6. The workaround is to run `configure` with `ac_cv_func_nettle_cfb8_encrypt=no`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326842009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 16:00:48 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 14:00:48 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Hanspeter Niederstrasser commented: Adding `ac_cv_func_nettle_cfb8_encrypt=no` made everything pass since nettle 3.6 is unreleased. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326849652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 17:54:57 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 15:54:57 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Issue was closed by Tim R?hsen Issue #974: https://gitlab.com/gnutls/gnutls/-/issues/974 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 17:54:56 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 19 Apr 2020 15:54:56 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thank you @dueno, nice catch ! The configure check needs GNU coreutils installed and PKG_CONFIG / PKG_CONFIG_PATH properly configured. We should soon required nettle 3.6+. @nieder Thanks for providing the needed the details :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_326877639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 08:12:36 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 20 Apr 2020 06:12:36 +0000 Subject: [gnutls-devel] GnuTLS | handshake-tls13: add session flag to disable sending session tickets (!1234) In-Reply-To: References: Message-ID: Merge Request !1234 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1234 Branches: tmp-no-auto-send-ticket to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1234 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 15:45:45 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 20 Apr 2020 13:45:45 +0000 Subject: [gnutls-devel] GnuTLS | add a callback to retrieve missing chain certificates (#202) In-Reply-To: References: Message-ID: Reassigned Issue 202 https://gitlab.com/gnutls/gnutls/-/issues/202 Assignee changed to Sahana Prasad -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/202 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 16:44:46 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 20 Apr 2020 14:44:46 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Stanislav ?idek commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_327390240 So what about actually making the argument parametrized? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_327390240 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 05:51:35 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 03:51:35 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: only write the OCSP response to outfile when --outpem is used (#975) References: Message-ID: Joseph Nahmias created an issue: https://gitlab.com/gnutls/gnutls/-/issues/975 Hello, When invoking ocsptool like this: `ocsptool --ask --load-cert /etc/ssl/example.org/example_org-20190505.crt --load-issuer /etc/ssl/example.org/intermediate.crt --outpem --outfile /tmp/ocsp_test.pem` I expect `/tmp/ocsp_test.pem` to only include the OCSP response, that is the text between the `-----BEGIN OCSP RESPONSE-----` and `-----END OCSP RESPONSE-----`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 06:03:08 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 04:03:08 +0000 Subject: [gnutls-devel] GnuTLS | ocsptool: only write the OCSP response to outfile when --outpem is used (#975) In-Reply-To: References: Message-ID: Joseph Nahmias commented: As a workaround, I'm currently using the following: `ocsptool --ask --load-cert /etc/ssl/example.org/example_org-20190505.crt --load-issuer /etc/ssl/example.org/intermediate.crt --outpem 2>/dev/null | sed -n '/^-----BEGIN/,/^-----END/p'` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/975#note_327738568 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 14:19:06 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 12:19:06 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) References: Message-ID: Dmitry Baryshkov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 Branches: tmp-update-gostdsa-vko to master Author: Dmitry Baryshkov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 14:23:32 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 12:23:32 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: Merge Request !1224 was approved by Dmitry Baryshkov Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224 Branches: tmp-ext-name to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 15:40:59 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 13:40:59 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/nettle/gost/gostdsa2.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237#note_328161781 > > +#if HAVE_CONFIG_H > +# include "config.h" though it's a matter of taste, I would put `#include "config.h"` outside of `extern "C"` block without `#ifdef` condition. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 15:41:05 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 13:41:05 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) In-Reply-To: References: Message-ID: Merge Request !1237 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 Branches: tmp-update-gostdsa-vko to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 15:41:27 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 13:41:27 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237#note_328162192 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 16:50:00 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 14:50:00 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) In-Reply-To: References: Message-ID: All discussions on Merge Request !1237 were resolved by Dmitry Baryshkov https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 16:50:03 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 14:50:03 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) In-Reply-To: References: Message-ID: Dmitry Baryshkov commented on a discussion on lib/nettle/gost/gostdsa2.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237#note_328221555 > extern "C" { > #endif > > +#if HAVE_CONFIG_H > +# include "config.h" Done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237#note_328221555 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 16:58:32 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 14:58:32 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_328230414 It was a bit tricky because there is no API to retrieve extension name registered per session; I tried to add one in a separate commit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_328230414 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 18:07:00 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 16:07:00 +0000 Subject: [gnutls-devel] GnuTLS | gost: update gostdsa_vko to follow Nettle (!1237) In-Reply-To: References: Message-ID: Merge Request !1237 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 Branches: tmp-update-gostdsa-vko to master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1237 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 19:51:19 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 17:51:19 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_328345916 Before adding the new API, we probably want to bump the .abi files after the 3.6.13 release. It would be nice if this is automated (or at least done by the bot), but I'll do that manually unless we come up with a better idea. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_328345916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 20:29:30 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 21 Apr 2020 18:29:30 +0000 Subject: [gnutls-devel] GnuTLS | Add support for AES Key Wrap (#976) References: Message-ID: Nicolas Mora created an issue: https://gitlab.com/gnutls/gnutls/-/issues/976 ## Description of the feature: I would like GnuTLS to support AES Key Wrap as described in the [RFC 3394](https://tools.ietf.org/html/rfc3394) ## Applications that this feature may be relevant to: Implement the AES Key wrapper Cryptographic Algorithms for Key Management algorithm described in the [JWA specifications](https://tools.ietf.org/html/rfc7518#section-4): A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW, and those where AESKW is used in complement with other key management algs: ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW ## Is this feature implemented in other libraries (and which) OpenSSL: https://www.openssl.org/docs/man1.1.1/man3/EVP_aes_256_cbc.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 22 18:40:53 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 22 Apr 2020 16:40:53 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/Makefile.am: do not force static (!61) References: Message-ID: Fabrice Fontaine created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61 Project:Branches: ffontaine/libtasn1:master to gnutls/libtasn1:master Author: Fabrice Fontaine Don't force static when linking corpus2arry to libtasn1 otherwise the build will fail if libtasn1 has been built only as a shared library: ``` CCLD corpus2array /home/fabrice/buildroot/output/host/lib/gcc/arm-buildroot-linux-musleabihf/8.4.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: attempted static link of dynamic object `../lib/.libs/libtasn1.so' collect2: error: ld returned 1 exit status ``` Signed-off-by: Fabrice Fontaine -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/61 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 23 14:03:38 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 23 Apr 2020 12:03:38 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 fails for tokens with CKF_USER_PIN_INITIALIZED but not CKF_LOGIN_REQUIRED (#977) References: Message-ID: David Woodhouse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/977 In https://gitlab.com/openconnect/openconnect/-/issues/123 a user reports that their PKCS#11 token doesn't work with OpenConnect. I have fixed the OpenSSL build by logging in even if `CKF_LOGIN_REQUIRED` isn't set (a bug in the provider, arguably, but that's about par for the course with vendor-provided crap), if `CKF_USER_PIN_INITIALIZED` is set. I've added a test case, but disabled it for the GnuTLS build for now as I think it needs to be fixed *in* GnuTLS (although if a workaround in OpenConnect is possible that would be very useful to have). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 23 14:17:19 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 23 Apr 2020 12:17:19 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 fails for tokens with CKF_USER_PIN_INITIALIZED but not CKF_LOGIN_REQUIRED (#977) In-Reply-To: References: Message-ID: David Woodhouse commented: https://gitlab.com/openconnect/openconnect/-/commit/dfc8958961cb5072f0ee9a138ea582e8b9649d5f -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/977#note_329979960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 16:40:28 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 14:40:28 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Merge Request !1231 was approved by Sahana Prasad Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 Branches: tmp-check-soname to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 16:41:04 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 14:41:04 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Sahana Prasad commented: approved on behalf of Anderson as he could not see the approval button. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231#note_331014021 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 18:33:24 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 16:33:24 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: All discussions on Merge Request !1231 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 19:41:08 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 17:41:08 +0000 Subject: [gnutls-devel] GnuTLS | fips: check library soname during configure (!1231) In-Reply-To: References: Message-ID: Merge Request !1231 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 Branches: tmp-check-soname to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 19:46:58 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 17:46:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_331161850 After checking with @rockdaboot , it turned out that we only bump those files when there is really an ABI change detected by the abi checker (like 'const' addition). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224#note_331161850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 19:46:58 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 17:46:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: All discussions on Merge Request !1224 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1224 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 19:47:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Fri, 24 Apr 2020 17:47:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_ext_register: keep track of extension name (!1224) In-Reply-To: References: Message-ID: Merge Request !1224 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224 Branches: tmp-ext-name to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1224 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 19:40:43 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Sun, 26 Apr 2020 17:40:43 +0000 Subject: [gnutls-devel] GnuTLS | nettle: expose SIV-CMAC through the AEAD interface (!1238) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1238 Branches: tmp-siv to master Author: Daiki Ueno This adds a couple of new cipher algorithms `GNUTLS_CIPHER_AES_128_SIV` and `GNUTLS_CIPHER_AES_256_SIV`, exposing `nettle_siv_cmac_aes{128,256}*` functions. Note that they can only used with the AEAD interface. This also automates import of CFB8, CMAC, and XTS from nettle and fixes the configure check pointed at #974 about `nettle_cfb8_decrypt`. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1238 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:12:24 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 27 Apr 2020 02:12:24 +0000 Subject: [gnutls-devel] libtasn1 | asn1_array2tree: fix memleaks in asn1_array2tree, free the unused child (!60) In-Reply-To: References: Message-ID: Merge Request !60 was closed by whzhe51 Merge Request url: https://gitlab.com/gnutls/libtasn1/-/merge_requests/60 Project:Branches: whzhe51/libtasn1:test1 to gnutls/libtasn1:master Author: whzhe51 Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/60 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:31:28 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 27 Apr 2020 02:31:28 +0000 Subject: [gnutls-devel] libtasn1 | fix memleaks in asn1_array2tree, free the unused child (!62) References: Message-ID: whzhe51 created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/62 Project:Branches: whzhe51/libtasn1:test2 to gnutls/libtasn1:master Author: whzhe51 Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/62 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:36:19 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 27 Apr 2020 02:36:19 +0000 Subject: [gnutls-devel] libtasn1 | asn1_array2tree: fix memleaks in asn1_array2tree, free the unused child (!59) In-Reply-To: References: Message-ID: Merge Request !59 was closed by whzhe51 Merge Request url: https://gitlab.com/gnutls/libtasn1/-/merge_requests/59 Project:Branches: whzhe51/libtasn1:host to gnutls/libtasn1:master Author: whzhe51 Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/59 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 07:28:31 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 27 Apr 2020 05:28:31 +0000 Subject: [gnutls-devel] GnuTLS | 2 slow tests fail on macOS (#974) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm going to fix the configure check as part of https://gitlab.com/gnutls/gnutls/-/merge_requests/1238/diffs?commit_id=88f1ee1358cdd45740a08e9a919dab23be1664d6. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/974#note_331725492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 07:30:07 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 27 Apr 2020 05:30:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_331725835 If the option is renamed to `--timeout` or something, parametrizing the argument would make sense. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_331725835 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 13:24:56 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Mon, 27 Apr 2020 11:24:56 +0000 Subject: [gnutls-devel] GnuTLS | Add support for AES Key Wrap (#976) In-Reply-To: References: Message-ID: Dmitry Baryshkov commented: @babelouest In which way would you like to use key wrapping? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/976#note_331969785 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 02:08:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 28 Apr 2020 00:08:09 +0000 Subject: [gnutls-devel] GnuTLS | gost: use gostdsa-vko from nettle 3.6rc2 (!1239) References: Message-ID: Dmitry Baryshkov created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239 Project:Branches: GostCrypt/gnutls:tmp-nettle-vko to gnutls/gnutls:master Author: Dmitry Baryshkov Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 06:27:28 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 28 Apr 2020 04:27:28 +0000 Subject: [gnutls-devel] GnuTLS | gost: use gostdsa-vko from nettle 3.6rc2 (!1239) In-Reply-To: References: Message-ID: Daiki Ueno commented: OK, this seems to require importing the new `poly1305-internal.h`; otherwise looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239#note_332482282 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 13:56:49 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 28 Apr 2020 11:56:49 +0000 Subject: [gnutls-devel] GnuTLS | gost: use gostdsa-vko from nettle 3.6rc2 (!1239) In-Reply-To: References: Message-ID: Merge Request !1239 was approved by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239 Project:Branches: GostCrypt/gnutls:tmp-nettle-vko to gnutls/gnutls:master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 14:12:09 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 28 Apr 2020 12:12:09 +0000 Subject: [gnutls-devel] GnuTLS | tlsfuzzer: updated to latest upstream (!1240) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1240 Project:Branches: FrantisekKrenzelok/gnutls:master to gnutls/gnutls:master Author: Franti?ek Kren?elok Add a description of the new feature/bug fix. Reference any relevant bugs.. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1240 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 14:27:13 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Tue, 28 Apr 2020 12:27:13 +0000 Subject: [gnutls-devel] GnuTLS | tlsfuzzer: updated to latest upstream (!1240) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1240 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/suite/tls-fuzzer/gnutls-cert.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1240#note_332841253 > "-p", "@PORT@"] > }, > - {"name": "test-certificate-malformed.py", Is it okay to disable this test script entirely? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1240 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 05:30:44 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 03:30:44 +0000 Subject: [gnutls-devel] GnuTLS | Copyright year is updated on build (#980) References: Message-ID: Bernhard M_ Wiedemann created an issue: https://gitlab.com/gnutls/gnutls/-/issues/980 ## Description of problem: Copyright year is updated on build (in configure) ## Version of gnutls used: 3.6.13 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) openSUSE ## How reproducible: Always Steps to Reproduce: * build gnutls from scratch in current year and a later year (can use `qemu -rtc base=`) * compare binaries ## Actual results: building today's version in 2025 produces `Copyright (C) 2000-2025 Free Software Foundation, and others` and differs from a binary built today. ## Expected results: Software builds should be reproducible. See https://reproducible-builds.org/ for why this matters. https://gitlab.com/gnutls/gnutls/-/merge_requests/928#note_145264928 seems to be the preferred approach. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 09:03:46 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 07:03:46 +0000 Subject: [gnutls-devel] GnuTLS | devel: provide external git diff driver for *.abi files (!1214) In-Reply-To: References: Message-ID: Daiki Ueno commented: I believe this is a pretty safe change; the diff driver is only used when opted, like gnulib's ChangeLog merge driver. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1214#note_333420009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 09:15:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 07:15:50 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/962#note_333426138 Actually the intent of the stamp file is not to regenerated files (`lib/nettle/curve448/ecc-curve448-{32,64}.h`), and those files are actually included in the tarball. Perhaps touching those files might help? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_333426138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 09:33:31 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 07:33:31 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/962#note_333445767 Also, can you paste the actual `configure` command line? The spec file has several macro indirections and it's hard to figure out what options are used. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_333445767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 09:46:30 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 07:46:30 +0000 Subject: [gnutls-devel] GnuTLS | Copyright year is updated on build (#980) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thanks for bringing this upo again, we lost track of this. So we have to move the code from !928 into `bootstrap.conf`. AFAIR, we only need $YEAR in one place and could set it there from the `bootstrap.conf` code. The use of the `git` command should be ok at that place. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/980#note_333455142 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 10:00:02 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 08:00:02 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 fails for tokens with CKF_USER_PIN_INITIALIZED but not CKF_LOGIN_REQUIRED (#977) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm wondering if this is something p11-kit could help (e.g., by having a module config to amend the token flags). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/977#note_333464202 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 12:37:47 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 10:37:47 +0000 Subject: [gnutls-devel] GnuTLS | Service Desk (from spencerwestmusic@gmail.com): Broken links on download page (#978) In-Reply-To: References: Message-ID: Tim R?hsen commented: Thanks for reporting. Maybe the Gitlab layout changed. You can find the files at https://gitlab.com/gnutls/gnutls/-/jobs/491918188/artifacts/download https://gitlab.com/gnutls/gnutls/-/jobs/491918191/artifacts/download -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/978#note_333582402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 12:48:06 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 10:48:06 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) References: Message-ID: Tim R?hsen created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241 Branches: tmp-reproducible-build to master Author: Tim R?hsen Closes #980 ## Checklist * [*] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [*] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 12:48:52 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 10:48:52 +0000 Subject: [gnutls-devel] GnuTLS | Copyright year is updated on build (#980) In-Reply-To: References: Message-ID: Tim R?hsen commented: Please review / test !1241 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/980#note_333591513 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 14:48:13 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 12:48:13 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333681827 > echo "If everything looks well, commit the gnulib update with:" > echo " git commit -m "Update gnulib submodule" gnulib" > > +# Update Copyright year in tools and docs > + > +update-copyright-year: > + $(AM_V_at)$(SED) -i "s/\"2000-....\"/\"2000-`date +%Y`\"/g" src/args-std.def.in > + $(AM_V_at)$(SED) -i "s/ 2001-.... / 2001-`date +%Y` /g" doc/gnutls.texi Aren't those regular expressions a bit too lax, e.g. you could use `[0-9]\{4,\}'? Also for updating .texi files, the `update-copyright` script from gnulib might do a better job? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333681827 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 14:55:25 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 12:55:25 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333696810 > echo "If everything looks well, commit the gnulib update with:" > echo " git commit -m "Update gnulib submodule" gnulib" > > +# Update Copyright year in tools and docs > + > +update-copyright-year: > + $(AM_V_at)$(SED) -i "s/\"2000-....\"/\"2000-`date +%Y`\"/g" src/args-std.def.in > + $(AM_V_at)$(SED) -i "s/ 2001-.... / 2001-`date +%Y` /g" doc/gnutls.texi I don't think the rules are too lax. Also, it's a manual process with a manual commit+push to a sperate branch, creating an MR, getting an approval etc. We can't use gnulib's update-copyright script as it will recursively scan all files and update them. That's not what we want. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333696810 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 14:59:12 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 12:59:12 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333701454 > echo "If everything looks well, commit the gnulib update with:" > echo " git commit -m "Update gnulib submodule" gnulib" > > +# Update Copyright year in tools and docs > + > +update-copyright-year: > + $(AM_V_at)$(SED) -i "s/\"2000-....\"/\"2000-`date +%Y`\"/g" src/args-std.def.in > + $(AM_V_at)$(SED) -i "s/ 2001-.... / 2001-`date +%Y` /g" doc/gnutls.texi > We can't use gnulib's update-copyright script as it will recursively scan all files and update them. That's not what we want. No, it's not the case. It can be used with an explicit argument, like: ```sh UPDATE_COPYRIGHT_USE_INTERVALS=2 UPDATE_COPYRIGHT_YEAR=2021 UPDATE_COPYRIGHT_HOLDER='Nikos Mavrogiannopoulos' gnulib/build-aux/update-copyright doc/gnutls.texi ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333701454 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 15:48:36 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 13:48:36 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Michael Cronenworth commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/962#note_333751891 Thanks for the pointer about the ecc-curve448 files. I need a new set of eyes. It is indeed a timestamp problem. Reverting the spec changes from last year around the MinGW configure/build macros fixes this so that timestamps are not an issue. The generated files are now used and the compile completes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962#note_333751891 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 15:48:50 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 13:48:50 +0000 Subject: [gnutls-devel] GnuTLS | Compile failure on Mingw-w64 (#962) In-Reply-To: References: Message-ID: Issue was closed by Michael Cronenworth Issue #962: https://gitlab.com/gnutls/gnutls/-/issues/962 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/962 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 16:58:02 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 14:58:02 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333812943 > echo "If everything looks well, commit the gnulib update with:" > echo " git commit -m "Update gnulib submodule" gnulib" > > +# Update Copyright year in tools and docs > + > +update-copyright-year: > + $(AM_V_at)$(SED) -i "s/\"2000-....\"/\"2000-`date +%Y`\"/g" src/args-std.def.in > + $(AM_V_at)$(SED) -i "s/ 2001-.... / 2001-`date +%Y` /g" doc/gnutls.texi Oh, I missed that it takes arguments. Thanks for pointing it out. I will amend the MR later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333812943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 17:23:46 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 15:23:46 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_333842111 Sorry for taking long to get back to this. In the end I think the best is to make it to block waiting for the new session ticket. I tried more sophisticated ways to get that by setting the hook and all, but it added to much complexity for something that should be simple. I changed the code to simply loop waiting until the new session ticket arrives and the `GNUTLS_SFLAGS_SESSION_TICKET` is set. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_333842111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 18:55:53 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 16:55:53 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) In-Reply-To: References: Message-ID: Tim R?hsen commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333907901 > echo "If everything looks well, commit the gnulib update with:" > echo " git commit -m "Update gnulib submodule" gnulib" > > +# Update Copyright year in tools and docs > + > +update-copyright-year: > + $(AM_V_at)$(SED) -i "s/\"2000-....\"/\"2000-`date +%Y`\"/g" src/args-std.def.in > + $(AM_V_at)$(SED) -i "s/ 2001-.... / 2001-`date +%Y` /g" doc/gnutls.texi Sorry, but that converts to ``` Copyright @copyright{} 2001--2021 Nikos Mavrogiannopoulos ``` Do you see the two dashes instead of one ? I have the feeling that we are shooting birds with cannons. We have a working solution - why are we going to overcomplicate that ? update-copyright is complex and not even doing what we expect it to do... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333907901 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 19:21:51 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Wed, 29 Apr 2020 17:21:51 +0000 Subject: [gnutls-devel] GnuTLS | New make target 'update-copyright-year' (!1241) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on cfg.mk: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333921271 > echo "If everything looks well, commit the gnulib update with:" > echo " git commit -m "Update gnulib submodule" gnulib" > > +# Update Copyright year in tools and docs > + > +update-copyright-year: > + $(AM_V_at)$(SED) -i "s/\"2000-....\"/\"2000-`date +%Y`\"/g" src/args-std.def.in > + $(AM_V_at)$(SED) -i "s/ 2001-.... / 2001-`date +%Y` /g" doc/gnutls.texi I don't see any reason that we can't change it to double dashes, but yes, I agree that it might be overkill. In that case, however, I would suggest using more generic (but restrictive) substitution, like: ```sh sed '/^copyright = {/ { n; s/\( *date *= *\)"\([[:digit:]]*\)-\([[:digit:]]*\)"/\1"\2-2021"/ }' src/args-std.def.in sed 's/\(Copyright @copyright{} \)\([[:digit:]]*\)-\([[:digit:]]*\)/\1\2-2021/' doc/gnutls.texi ``` That would prevent accidental match in the future. Sorry for bikeshedding :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1241#note_333921271 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 07:12:42 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 05:12:42 +0000 Subject: [gnutls-devel] GnuTLS | doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip] (!1242) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1242 Branches: tmp-reproducible-sig-doc to master Author: Daiki Ueno Fixes #953. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1242 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 07:15:13 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 05:15:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on src/cli.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334142478 > gnutls_datum_t edata = {NULL, 0}; > > if (gnutls_session_is_resumed(hd->session) == 0) { > - /* not resumed - obtain the session data */ > - ret = gnutls_session_get_data2(hd->session, &rdata); > - if (ret < 0) { > - rdata.data = NULL; > - } > + do { > + /* not resumed - obtain the session data */ > + ret = gnutls_session_get_data2(hd->session, &rdata); Wouldn't this create a busy-loop under TLS 1.2 or earlier, as the wait logic in the function is only enabled for TLS 1.3? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334142478 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 10:49:46 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 08:49:46 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion on src/cli.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334252536 > gnutls_datum_t edata = {NULL, 0}; > > if (gnutls_session_is_resumed(hd->session) == 0) { > - /* not resumed - obtain the session data */ > - ret = gnutls_session_get_data2(hd->session, &rdata); > - if (ret < 0) { > - rdata.data = NULL; > - } > + do { > + /* not resumed - obtain the session data */ > + ret = gnutls_session_get_data2(hd->session, &rdata); The documentation I added is wrong, this version also works with TLS 1.2 as the checked flag `GNUTLS_SFLAGS_SESSION_TICKET` is also set in TLS 1.2. It will block if the server does not send the session ticket in the same way it would block in TLS 1.3. I'll fix the documentation and the commit message. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334252536 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:45:19 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 11:45:19 +0000 Subject: [gnutls-devel] GnuTLS | gost: use gostdsa-vko from nettle 3.6rc2 (!1239) In-Reply-To: References: Message-ID: Merge Request !1239 was merged Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239 Project:Branches: GostCrypt/gnutls:tmp-nettle-vko to gnutls/gnutls:master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 14:17:07 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 12:17:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Inconsistent OCSP behavior regarding intermediate depending on stapling (#981) References: Message-ID: Hanno B?ck created an issue: https://gitlab.com/gnutls/gnutls/-/issues/981 I noticed a curious behavior of gnutls-cli regarding OCSP checks and intermediate certs. It seems when passing the --ocsp option the intermediate cert will be ocsp checked, but only if ocsp stapling is not set. To test (first fake a bad ocsp server by redirecting identrust's OCSP to localhost): `echo "127.0.0.1 isrg.trustid.ocsp.identrust.com" >> /etc/hosts` `gnutls-cli --ocsp zucker.schokokeks.org:443` `gnutls-cli --ocsp letsencrypt.org:443` The first connection will succeed, the second will not. The difference is the first host enables OCSP Stapling. I believe what's happening is that when the client detects OCSP stapling it will skip direct OCSP checks. But Stapling only staples the OCSP reply for the end-entity cert, not the intermediate. I generally think it's valuable to have a way to check the intermediate. I am not sure it should be done by default. In any case: I guess this should not depend on OCSP stapling. I propose one of the following changes: 1. Declare/document that --ocsp always checks the intermediate and if the end-entity OCSP comes via stapling still connect to the intermediate. 2. Declare/document that --ocsp never checks the intermediate and add another option --ocsp-check-chain or something like this that will enable intermediate checks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 15:54:03 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 13:54:03 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion on src/cli.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334505861 > gnutls_datum_t edata = {NULL, 0}; > > if (gnutls_session_is_resumed(hd->session) == 0) { > - /* not resumed - obtain the session data */ > - ret = gnutls_session_get_data2(hd->session, &rdata); > - if (ret < 0) { > - rdata.data = NULL; > - } > + do { > + /* not resumed - obtain the session data */ > + ret = gnutls_session_get_data2(hd->session, &rdata); I changed my mind, making it specific for TLS 1.3, in which we can actually wait for tickets sent asynchronous after the handshake is finished, makes more sense. I changed the code to only take effect for TLS 1.3. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334505861 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 16:40:06 2020 From: gnutls-devel at lists.gnutls.org (Development of GNU's TLS library) Date: Thu, 30 Apr 2020 14:40:06 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli: Add option to wait longer for resumption data (!1232) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/cli.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334543727 > gnutls_datum_t edata = {NULL, 0}; > > if (gnutls_session_is_resumed(hd->session) == 0) { > - /* not resumed - obtain the session data */ > - ret = gnutls_session_get_data2(hd->session, &rdata); > - if (ret < 0) { > - rdata.data = NULL; > - } > + do { > + /* not resumed - obtain the session data */ > + ret = gnutls_session_get_data2(hd->session, &rdata); I missed to mention that clearly, but there is no point waiting in TLS 1.2, because NST is sent only during handshake in TLS 1.2 (see RFC5077). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1232#note_334543727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: