From gnutls-devel at lists.gnutls.org Sun Nov 1 05:09:19 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 Nov 2020 04:09:19 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1108) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1108 The following issues require labels: - [ ] [Service Desk (from okudayukiko0 at yandex.com): Do GnuTLS bin/lib support RDRAND for headless server/client?](https://gitlab.com/gnutls/gnutls/-/issues/1096) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 1 05:09:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 Nov 2020 04:09:23 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for GOST-CTR ciphersuites from draft-smyshlyaec-tls12-gost-suites (!1144) In-Reply-To: References: Message-ID: Merge Request !1144 was closed by GnuTLS bot Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1144 Project:Branches: GostCrypt/gnutls:gost-cleaned to gnutls/gnutls:master Author: Dmitry Baryshkov Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1144 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 1 05:09:26 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 Nov 2020 04:09:26 +0000 Subject: [gnutls-devel] GnuTLS | WIP: Support for GOST-CTR ciphersuites from draft-smyshlyaec-tls12-gost-suites (!1144) In-Reply-To: References: Message-ID: GnuTLS bot commented: @lumag This merge request is marked as work in progress with no update for very long time. We are now closing it, but please re-open if you are still interested in finishing this merge request. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1144#note_439508860 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 1 16:43:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 Nov 2020 15:43:39 +0000 Subject: [gnutls-devel] GnuTLS | Build failure on Solaris 11.3 (#1109) References: Message-ID: Milhouse Vanhouten created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1109 ## Description of problem: Issues with defining _POSIX_C_SOURCE on Solaris Edit ./gnutls-3.6.15/tests/pkcs11/pkcs11-mock.h And remove this line: #define _POSIX_C_SOURCE 200809 ## Version of gnutls used: gnutls-3.6.15 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Solaris 11.3 ## How reproducible: CC pkcs11/pkcs11-mock.lo In file included from /opt/gcc-10.2.0-sparc64/lib/gcc/sparc64-sun-solaris2.11/10.2.0/include-fixed/stdio.h:24, from pkcs11/pkcs11-mock.h:24, from pkcs11/pkcs11-mock.c:22: /opt/gcc-10.2.0-sparc64/lib/gcc/sparc64-sun-solaris2.11/10.2.0/include-fixed/sys/feature_tests.h:363:2: error: #error "Compiler or options invalid for pre-UNIX 03 X/Open applications and pre-2001 POSIX applications" 363 | #error "Compiler or options invalid for pre-UNIX 03 X/Open applications \ | ^~~~~ gmake[3]: *** [Makefile:8093: pkcs11/pkcs11-mock.lo] Error 1 gmake[3]: Leaving directory '/opt/pkgbuild/objects/security/gnutls/work/gnutls-3.6.15/tests' gmake[2]: *** [Makefile:8476: all-recursive] Error 1 gmake[2]: Leaving directory '/opt/pkgbuild/objects/security/gnutls/work/gnutls-3.6.15/tests' gmake[1]: *** [Makefile:1764: all-recursive] Error 1 gmake[1]: Leaving directory '/opt/pkgbuild/objects/security/gnutls/work/gnutls-3.6.15' gmake: *** [Makefile:1689: all] Error 2 *** Error code 2 Stop. bmake[2]: stopped in /opt/pkgbuild/pkgsrc/security/gnutls *** Error code 1 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 1 23:23:35 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 01 Nov 2020 22:23:35 +0000 Subject: [gnutls-devel] GnuTLS | be more specific about what to free after gnutls_x509_crt_get_dn2 succeeds (#1110) References: Message-ID: Daniel Stenberg created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1110 ## Description of problem: The documentation for `gnutls_x509_crt_get_dn2()` and `gnutls_x509_crt_get_dn2()` does not clearly specify what to do with the buffer that is returned. Yes it says it is allocated, but it does not specify whose responsibility it is to free it, nor does it specify exactly *how* it is to be freed. This will easily lead to applications ending up leaking memory. ## Version of gnutls used: I checked the current live docs here: https://gnutls.org/reference/gnutls-x509.html#gnutls-x509-crt-get-dn2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 11:51:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 10:51:13 +0000 Subject: [gnutls-devel] GnuTLS | PKCS #12: switch default encryption to AES-256-CBC (!1348) In-Reply-To: References: Message-ID: Merge Request !1348 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1348 Project:Branches: sahprasa/gnutls:remove_3des to gnutls/gnutls:master Author: Sahana Prasad Assignee: Sahana Prasad -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1348 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 11:51:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 10:51:14 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#12: switch default encryption to AES (#799) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1348 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1348) Issue #799: https://gitlab.com/gnutls/gnutls/-/issues/799 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 14:35:22 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 13:35:22 +0000 Subject: [gnutls-devel] GnuTLS | psktool: Fix hex-encoding logic of username (!1349) In-Reply-To: References: Message-ID: Merge Request !1349 was approved by Anderson Sasaki Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349 Project:Branches: dueno/gnutls:wip/dueno/psktool-realloc to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 14:35:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 13:35:33 +0000 Subject: [gnutls-devel] GnuTLS | psktool: Fix hex-encoding logic of username (!1349) In-Reply-To: References: Message-ID: Anderson Sasaki commented: LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349#note_440026443 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 14:50:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 13:50:25 +0000 Subject: [gnutls-devel] GnuTLS | psktool: Fix hex-encoding logic of username (!1349) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349#note_440054833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 14:50:29 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 13:50:29 +0000 Subject: [gnutls-devel] GnuTLS | psktool: Fix hex-encoding logic of username (!1349) In-Reply-To: References: Message-ID: Merge Request !1349 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349 Project:Branches: dueno/gnutls:wip/dueno/psktool-realloc to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 2 16:29:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Nov 2020 15:29:55 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) References: Message-ID: Tomasz Grabiec created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1111 ## Description of problem: sha256_block_data_order_avx2 doesn't contain .cfi annotations which would provide DWARF debug info needed to backtrace through this function. This breaks with our watchdog code which calls libgcc's _Unwind_Backtrace() from a timer-triggered signal handler. Also, GDB is unable to backtrace when breakpoint is located inside the function: ``` #20 #21 0x00007f25e879c16f in sha256_block_data_order_avx2 () from /opt/scylladb/libreloc/libgnutls.so.30 Cannot access memory at address 0x382d94f1a063c1cf ``` See the fix for a similar issue in openssl: https://github.com/openssl/openssl/commit/1ef638982757ddc2536a70e6463cf4deca58640f ## Version of gnutls used: 3.6.14 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) ## How reproducible: Steps to Reproduce: * Add a breakpoint in the middle of sha256_block_data_order_avx2 * Trigger invocation of sha256_block_data_order_avx2, e.g. by opening an ssl connection * Invoke the "bt" gdb command ## Actual results: GDB is unable to backtrace to earlier frames. ## Expected results: GDB is able to backtrace to earlier frames. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 3 12:52:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Nov 2020 11:52:07 +0000 Subject: [gnutls-devel] GnuTLS | Make y parameter optional in gnutls_privkey_import_dsa_raw(). (!1351) References: Message-ID: Hans Leidekker created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351 Project:Branches: hansleidekker/gnutls:dsa_import_optional_y to gnutls/gnutls:master Author: Hans Leidekker Like 81b0a397. Windows key blobs may not include y. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 3 18:18:27 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Nov 2020 17:18:27 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/ext/status_request.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347#note_441061880 > > if (resp.data && resp.size > 0) { > + if (info->raw_ocsp_list != NULL) { Let's do this unconditionally. -- Daiki Ueno started a new discussion on lib/ext/status_request.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347#note_441061883 > if (resp.data && resp.size > 0) { > + if (info->raw_ocsp_list != NULL) { > + for(int i=0;inocsp;i++) Please place spaces accordingly to the [Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 3 18:20:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Nov 2020 17:20:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you; looks good to me (sorry for the delay) except the minor nits. Could you rebase against the latest git master to fix the CI failures? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347#note_441063203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 4 21:03:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Nov 2020 20:03:32 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS should transparently use KTLS if it's available (#1113) References: Message-ID: Ander Juaristi created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1113 The Linux kernel has been supporting KTLS for some time now. This is basically a kernel-side TLS record encryption offloading. The kernel receives plaintext data on the socket descriptor via `write()` and it builds a valid TLS record around it. The same happens when data is read with `read()`: a TLS record is expected, then decrypted and the plaintext it contains returned. After a successful TLS handshake (this happens normally on userland), you need to obtain the TLS secrets. You do this with `gnutls_record_get_state()`. Then you enable KTLS on a connected TCP socket with `setsockopt`: setsockopt(sockfd, SOL_TCP, TCP_ULP, "tls", sizeof("tls"); And finally you copy the TLS master secret to the kernel so that it can build the read and write keys. I think GnuTLS should transparently use KTLS if it's available, when either `gnutls_record_recv()` or `gnutls_record_write()` are called. If it's not available, fall back to userland encryption using Nettle, just like now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 5 15:37:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Nov 2020 14:37:07 +0000 Subject: [gnutls-devel] GnuTLS | Make y parameter optional in gnutls_privkey_import_dsa_raw(). (!1351) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you! Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351#note_442360255 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 5 15:37:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Nov 2020 14:37:11 +0000 Subject: [gnutls-devel] GnuTLS | Make y parameter optional in gnutls_privkey_import_dsa_raw(). (!1351) In-Reply-To: References: Message-ID: Merge Request !1351 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351 Project:Branches: hansleidekker/gnutls:dsa_import_optional_y to gnutls/gnutls:master Author: Hans Leidekker Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 5 15:37:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Nov 2020 14:37:15 +0000 Subject: [gnutls-devel] GnuTLS | Make y parameter optional in gnutls_privkey_import_dsa_raw(). (!1351) In-Reply-To: References: Message-ID: Merge Request !1351 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351 Project:Branches: hansleidekker/gnutls:dsa_import_optional_y to gnutls/gnutls:master Author: Hans Leidekker Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1351 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 6 08:29:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Nov 2020 07:29:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: Daiki Ueno commented: Sorry for the inconvenience, but could you increase the CI timeout from your repo setting and retrigger the failed jobs? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347#note_442835645 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 6 08:30:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Nov 2020 07:30:16 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: Merge Request !1347 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 Project:Branches: remiolivier/gnutls:mem-leak-client-cert-auth-rehandshake-ocsp to gnutls/gnutls:master Author: remiolivier Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 6 12:39:53 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Nov 2020 11:39:53 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 (!1352) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 Project:Branches: dueno/gnutls:wip/dueno/revert-allow-broken-sig to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 6 22:28:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Nov 2020 21:28:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: All discussions on Merge Request !1347 were resolved by remiolivier https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 6 22:29:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Nov 2020 21:29:12 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: remiolivier commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347#note_443439371 No problem, setting it to 2h worked for me -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347#note_443439371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 6 22:29:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Nov 2020 21:29:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: All discussions on Merge Request !1347 were resolved by remiolivier https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 7 05:09:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Nov 2020 04:09:18 +0000 Subject: [gnutls-devel] GnuTLS | Fix memory leak with client certificate auth (!1347) In-Reply-To: References: Message-ID: Merge Request !1347 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 Project:Branches: remiolivier/gnutls:mem-leak-client-cert-auth-rehandshake-ocsp to gnutls/gnutls:master Author: remiolivier Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1347 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 9 10:13:21 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Nov 2020 09:13:21 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 Project:Branches: dueno/gnutls:wip/dueno/quic to gnutls/gnutls:master Author: Daiki Ueno This upstreames the QUIC related API hosted in the `tmp-quic` branch. Fixes #826, #849, #850. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 9 18:02:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Nov 2020 17:02:15 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Daiki Ueno commented: I'm going to ship it in 3.7.0, so any comments would be appreciated. To test, check https://github.com/ueno/ngtcp2-gnutls-examples. Cc @ansasaki @sahprasa @Aniketh01 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_444319422 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 9 18:44:21 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Nov 2020 17:44:21 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS should transparently use KTLS if it's available (#1113) In-Reply-To: References: Message-ID: Daiki Ueno commented: That would certainly make sense, though it's unlikely to happen until someone comes up with a patch. If you are willing to work on it, that would be awesome. There are a couple of related issues: #1052 is about using KTLS without modification to GnuTLS, and #308 is about adding support for AF_ALG as an acceleration of crypto algorithms. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1113#note_444355023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 09:35:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 08:35:10 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_444687501 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. While it seemed like a good idea to actually reuse the `resumed_security_parameters`, it actually confuses the TLS 1.3 client as the first connection is seen as a resumed session (see the failure in `tls13-resume-x509`). I suppose on the way to avoid this is to use the local variables to temporarily store the generated session ID and its length. Also note that, as the presence of session ID in Client Hello affects the transcript hash, you might need to update `tests/tls13/prf.c`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_444687501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 11:30:06 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 10:30:06 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 was reviewed by Tom?? Mr?z -- Tom?? Mr?z started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_444776545 > + * @GNUTLS_ENCRYPTION_LEVEL_APPLICATION: application traffic secret is installed > + * > + * Enumeration of of different levels of record encryption currently in place. Typo: of of -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 13:22:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 12:22:41 +0000 Subject: [gnutls-devel] GnuTLS | build: hard require nettle 3.6 (!1322) In-Reply-To: References: Message-ID: Ivan Nikolchev commented: I can't speak for correctness of the changes, but I didn't see anything obviously wrong with the code or the config changes. r+ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322#note_444856569 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 13:36:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 12:36:09 +0000 Subject: [gnutls-devel] GnuTLS | build: hard require nettle 3.6 (!1322) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322#note_444865676 Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322#note_444865676 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 14:27:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 13:27:54 +0000 Subject: [gnutls-devel] GnuTLS | build: hard require nettle 3.6 (!1322) In-Reply-To: References: Message-ID: Merge Request !1322 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322 Branches: tmp-nettle-3.6 to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 14:48:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 13:48:55 +0000 Subject: [gnutls-devel] GnuTLS | build: hard require nettle 3.6 (!1322) In-Reply-To: References: Message-ID: All discussions on Merge Request !1322 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1322 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 14:49:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 13:49:02 +0000 Subject: [gnutls-devel] GnuTLS | build: hard require nettle 3.6 (!1322) In-Reply-To: References: Message-ID: Merge Request !1322 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322 Branches: tmp-nettle-3.6 to master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 19:03:57 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 18:03:57 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: All discussions on Merge Request !1353 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 20:37:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 19:37:14 +0000 Subject: [gnutls-devel] GnuTLS | Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications (!1339) In-Reply-To: References: Message-ID: Merge Request !1339 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1339 Project:Branches: sahprasa/gnutls:cert_validation to gnutls/gnutls:master Author: Sahana Prasad Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1339 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 20:37:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 19:37:13 +0000 Subject: [gnutls-devel] GnuTLS | Getting actual certificate path to a trusted CA (#1012) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1339 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1339) Issue #1012: https://gitlab.com/gnutls/gnutls/-/issues/1012 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 10 20:37:07 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Nov 2020 19:37:07 +0000 Subject: [gnutls-devel] GnuTLS | Adds a new API gnutls_session_set_verify_output_function() that allows TLS applications (!1339) In-Reply-To: References: Message-ID: All discussions on Merge Request !1339 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1339 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1339 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 12:31:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 11:31:37 +0000 Subject: [gnutls-devel] GnuTLS | Build failure with Xcode 12 (on macOS 10.15 and 11.0) (#1116) References: Message-ID: FX Coudert created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1116 ## Description of problem: gnutls-3.6.15 fails to build with guile 3.0.4 on macOS with Xcode 12, due to errors in the configure and configure.ac ## Version of gnutls used: gnutls-3.6.15 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Build from source, as part of Homebrew ## How reproducible: Steps to Reproduce: * ./configure --disable-dependency-tracking --disable-silent-rules --disable-static --prefix=/usr/local/Cellar/gnutls/3.6.15 --sysconfdir=/usr/local/etc --with-default-trust-store-file=/usr/local/etc/gnutls/cert.pem --with-guile-site-dir=/usr/local/Cellar/gnutls/3.6.15/share/guile/site/3.0 --with-guile-site-ccache-dir=/usr/local/Cellar/gnutls/3.6.15/lib/guile/3.0/site-ccache --with-guile-extension-dir=/usr/local/Cellar/gnutls/3.6.15/lib/guile/3.0/extensions --disable-heartbeat-support --with-p11-kit gl_cv_func_ftello_works=yes ## Actual results: checking for guile... /usr/local/opt/guile/bin/guile checking for Guile version >= 3.0... 3.0.4 checking for guild... (cached) /usr/local/opt/guile/bin/guild checking for guile-config... /usr/local/opt/guile/bin/guile-config checking for Guile site directory... /usr/local/Cellar/guile/3.0.4/share/guile/site/3.0 checking for Guile site-ccache directory using pkgconfig... /usr/local/Cellar/guile/3.0.4/lib/guile/3.0/site-ccache checking for Guile extensions directory... /usr/local/Cellar/guile/3.0.4/lib/guile/3.0/extensions checking for GUILE... yes checking whether GNU Guile is recent enough... no configure: WARNING: A sufficiently recent GNU Guile not found. Guile bindings not built. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1116 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 12:40:44 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 11:40:44 +0000 Subject: [gnutls-devel] GnuTLS | Build failure with Xcode 12 (on macOS 10.15 and 11.0) (#1116) In-Reply-To: References: Message-ID: FX Coudert commented: The reason why guile is not detect is that an error occurs: configure:69686: clang -o conftest -g -O2 -D_THREAD_SAFE -I/usr/local/Cellar/guile/3.0.4/include/guile/3.0 -I/usr/local/opt/gmp/include -I/usr/local/opt/readline/include -I/usr/local/opt/bdw-gc/include -Wl,-no_weak_imports conftest.c -lintl -L/usr/local/Cellar/guile/3.0.4/lib -L/usr/local/opt/bdw-gc/lib -lguile-3.0 -lgc >&5 conftest.c:540:1: error: implicit declaration of function 'scm_from_locale_string' is invalid in C99 [-Werror,-Wimplicit-function-declaration] scm_from_locale_string ("") ^ 1 error generated. which is an error because the function scm_from_locale_string() is not defined as it should be. That test should be fixed to include "#include " -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1116#note_445555377 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 19:24:48 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 18:24:48 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented: @sahprasa @TheRealMichaelCatanzaro would you like to check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_445821127 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 19:23:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 18:23:13 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 Project:Branches: dueno/gnutls:wip/dueno/aia-api to gnutls/gnutls:master Author: Daiki Ueno The AIA callback was previously supposed to add CA to the trust list by itself. This was error-prone, because the callback must check the new CA is trusted by the already added CA. This moves the responsibility of that check to the library. Fixes: #1100 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 19:23:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 18:23:34 +0000 Subject: [gnutls-devel] GnuTLS | Prevent misuses of gnutls_x509_trust_list_set_getissuer_function callback (#1100) In-Reply-To: References: Message-ID: Reassigned Issue 1100 https://gitlab.com/gnutls/gnutls/-/issues/1100 Assignee changed from Sahana Prasad to Daiki Ueno and Sahana Prasad -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 20:22:49 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 19:22:49 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Michael Catanzaro commented: Ah nice, I was just thinking about this earlier today. I will try using it in glib-networking and see how it goes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_445845359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 20:32:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 19:32:05 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_445848863 Sorry for the inconvenience, but could you rebase again? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_445848863 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 21:38:17 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 20:38:17 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: All discussions on Merge Request !1343 were resolved by Michael Catanzaro https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 11 21:38:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Nov 2020 20:38:16 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Michael Catanzaro commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_445875156 Done -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343#note_445875156 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 06:17:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 05:17:28 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Merge Request !1343 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/close-session to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 06:44:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 05:44:02 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: fix session leak in error path (!1343) In-Reply-To: References: Message-ID: Merge Request !1343 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/close-session to gnutls/gnutls:master Author: Michael Catanzaro Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1343 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 06:56:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 05:56:42 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 Project:Branches: dueno/gnutls:wip/dueno/disable-cipher-override to gnutls/gnutls:master Author: Daiki Ueno Those functions has been deprecated in 3.6.9 as they do not have active use cases. Fixes: #790 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:04:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:04:28 +0000 Subject: [gnutls-devel] GnuTLS | build: disable heartbeat and SRP authentication by default (!1356) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1356 Project:Branches: dueno/gnutls:wip/dueno/disable-hb-srp to gnutls/gnutls:master Author: Daiki Ueno Still manually enable those extensions in the abi/coverage job to ensure the test coverage. Fixes: #743, #943 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1356 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:06:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:06:40 +0000 Subject: [gnutls-devel] GnuTLS | Enable PSK by default (#680) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/680 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:06:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:06:12 +0000 Subject: [gnutls-devel] GnuTLS | Do not enable TLS 1.0 and TLS 1.1 by default (#940) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/940 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:07:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:07:00 +0000 Subject: [gnutls-devel] GnuTLS | Reconsider policy of skipping tests (#746) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:08:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:08:16 +0000 Subject: [gnutls-devel] GnuTLS | Remove SRP support (#943) In-Reply-To: References: Message-ID: Reassigned Issue 943 https://gitlab.com/gnutls/gnutls/-/issues/943 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:08:01 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:08:01 +0000 Subject: [gnutls-devel] GnuTLS | Cipher implementation override API is no-op (#790) In-Reply-To: References: Message-ID: Reassigned Issue 790 https://gitlab.com/gnutls/gnutls/-/issues/790 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:08:31 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:08:31 +0000 Subject: [gnutls-devel] GnuTLS | Consider dropping heartbeat support (#743) In-Reply-To: References: Message-ID: Reassigned Issue 743 https://gitlab.com/gnutls/gnutls/-/issues/743 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:08:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:08:54 +0000 Subject: [gnutls-devel] GnuTLS | Mark SHA1 as insecure for any use (#910) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:11:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:11:54 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to intercept TLS messages being sent (#849) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:11:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:11:39 +0000 Subject: [gnutls-devel] GnuTLS | Support QUIC TLS API (#826) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/826 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:12:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:12:08 +0000 Subject: [gnutls-devel] GnuTLS | provide a function to feed TLS messages from record layer (#850) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:12:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:12:24 +0000 Subject: [gnutls-devel] GnuTLS | provide a function to feed TLS messages from record layer (#850) In-Reply-To: References: Message-ID: Reassigned Issue 850 https://gitlab.com/gnutls/gnutls/-/issues/850 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:12:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:12:34 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to intercept TLS messages being sent (#849) In-Reply-To: References: Message-ID: Reassigned Issue 849 https://gitlab.com/gnutls/gnutls/-/issues/849 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:12:43 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:12:43 +0000 Subject: [gnutls-devel] GnuTLS | Support QUIC TLS API (#826) In-Reply-To: References: Message-ID: Reassigned Issue 826 https://gitlab.com/gnutls/gnutls/-/issues/826 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/826 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:13:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:13:02 +0000 Subject: [gnutls-devel] GnuTLS | Prevent misuses of gnutls_x509_trust_list_set_getissuer_function callback (#1100) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:47:44 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:47:44 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: increase the maximum PIN length from 32 to 1024 (!1357) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357 Project:Branches: dueno/gnutls:wip/dueno/max-pin-len to gnutls/gnutls:master Author: Daiki Ueno Fixes: #932 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 07:47:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 06:47:54 +0000 Subject: [gnutls-devel] GnuTLS | Key passphrase longer than 31 chars give 'No PIN given' error (#932) In-Reply-To: References: Message-ID: Reassigned Issue 932 https://gitlab.com/gnutls/gnutls/-/issues/932 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/932 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 08:31:36 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 07:31:36 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 (!1352) In-Reply-To: References: Message-ID: Merge Request !1352 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 Project:Branches: dueno/gnutls:wip/dueno/revert-allow-broken-sig to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 08:31:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 07:31:30 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 (!1352) In-Reply-To: References: Message-ID: Sahana Prasad commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352#note_446065727 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 08:59:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 07:59:15 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_x509_read_value: don't count terminating null byte for OIDs (!1358) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358 Project:Branches: dueno/gnutls:wip/dueno/ocsp-oid to gnutls/gnutls:master Author: Daiki Ueno Fixes: #805 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 08:59:29 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 07:59:29 +0000 Subject: [gnutls-devel] GnuTLS | OCSP: in several cases OID value sizes contain null terminated byte (#805) In-Reply-To: References: Message-ID: Reassigned Issue 805 https://gitlab.com/gnutls/gnutls/-/issues/805 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:04:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:04:25 +0000 Subject: [gnutls-devel] GnuTLS | Check key purpose on gnutls_certificate_verify_peers3/2 (#808) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:05:21 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:05:21 +0000 Subject: [gnutls-devel] GnuTLS | No default verification profile (#895) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/895 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:06:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:06:12 +0000 Subject: [gnutls-devel] GnuTLS | Memory leak when using client certificate auth with rehandshake and OCSP (#1107) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:05:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:05:58 +0000 Subject: [gnutls-devel] GnuTLS | be more specific about what to free after gnutls_x509_crt_get_dn2 succeeds (#1110) In-Reply-To: References: Message-ID: Reassigned Issue 1110 https://gitlab.com/gnutls/gnutls/-/issues/1110 Assignee changed to Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:05:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:05:55 +0000 Subject: [gnutls-devel] GnuTLS | be more specific about what to free after gnutls_x509_crt_get_dn2 succeeds (#1110) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:07:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:07:15 +0000 Subject: [gnutls-devel] GnuTLS | Memory leak when using client certificate auth with rehandshake and OCSP (#1107) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1107: https://gitlab.com/gnutls/gnutls/-/issues/1107 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:07:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:07:14 +0000 Subject: [gnutls-devel] GnuTLS | Memory leak when using client certificate auth with rehandshake and OCSP (#1107) In-Reply-To: References: Message-ID: Daiki Ueno commented: This has been fixed in !1347. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1107#note_446092711 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:10:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:10:30 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 (!1352) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 21, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:11:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:11:20 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 (!1352) In-Reply-To: References: Message-ID: Merge Request !1352 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 Project:Branches: dueno/gnutls:wip/dueno/revert-allow-broken-sig to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:11:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:11:10 +0000 Subject: [gnutls-devel] GnuTLS | tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2 (!1352) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review. Downstream bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1894508 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1352#note_446095693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 09:22:59 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 08:22:59 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359 Project:Branches: dueno/gnutls:wip/dueno/doc-fixes to gnutls/gnutls:master Author: Daiki Ueno The application can assume that DNs returned from `_gnutls_x509_get_dn()` are allocated with `gnutls_malloc()` and thus shall be freed with `gnutls_free()`. Fixes: #1110 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 11:27:22 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 10:27:22 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Sahana Prasad commented: @dueno Thanks for the fix. I had a similar solution, except I used find_issuer() before _gnutls_trust_list_get_issuer() which was wrong as find_issuer() does not compare the node[hash]. Instead you used _gnutls_trust_list_get_issuer() directly which checks the issuer through gnutls_x509_crt_check_issuer() anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_446217501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 12 11:42:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Nov 2020 10:42:32 +0000 Subject: [gnutls-devel] GnuTLS | Undefined reference to __imp_gnutls_free error with static build on MinGW (#1117) References: Message-ID: Josu? Andrade Gomes created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1117 ## Description of problem: Undefined reference to __imp_gnutls_free error when linking with static build of GnuTLS. ## Version of gnutls used: 3.6.15 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) gnutls.org ## How reproducible: Windows 10 Download MSYS2 from https://www.msys2.org/ Install MSYS2 Upgrade and install development packages ``` $ pacman -Syu $ pacman -S autoconf automake libtool make mingw-w64-x86_64-toolchain git $ mkdir ~/prefix` $ export set PREFIX=/home/user/prefix $ export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig $ cd ~ $ curl -O https://gmplib.org/download/gmp/gmp-6.2.0.tar.xz $ tar xf gmp-6.2.0.tar.xz $ cd gmp-6.2.0 $ ./configure --build=x86_64-w64-mingw32 --prefix=$PREFIX --enable-static --disable-shared --enable-fat $ make install $ cd ~ $ curl -O https://ftp.gnu.org/gnu/nettle/nettle-3.5.1.tar.gz $ tar xf nettle-3.5.1.tar.gz $ cd nettle-3.5.1 $ ./configure --build=x86_64-w64-mingw32 --prefix=$PREFIX --enable-static --disable-shared --enable-fat $ make install $ cd ~ $ curl -O ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/gnutls-3.6.15.tar.xz $ tar xf gnutls-3.6.15.tar.xz $ cd gnutls-3.6.15 $ ./configure --prefix=$PREFIX --enable-static --disable-shared --build=x86_64-w64-mingw32 --with-included-libtasn1 --disable-doc --disable-guile --without-p11-kit --enable-local-libopts --disable-nls --with-included-unistring $ make && make install $ cd ~ $ g++ -o bug -DWIN32 -D_WIN32 -I $PREFIX/include bug.cpp -L$PREFIX/lib -lgnutls -lhogweed -lnettle -lgmp -ladvapi32 -lws2_32 -lcrypt32 -lncrypt ``` bug.cpp ``` #include int main() { gnutls_init(0, 0); gnutls_free(0); } ``` ## Actual results: ``` D:/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/10.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe: D:\msys64\tmp\ccKcC8Qw.o:bug.cpp:(.text+0x1f): undefined reference to `__imp_gnutls_free' collect2.exe: error: ld returned 1 exit status ``` ## Expected results: No link error -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1117 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 03:25:18 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 02:25:18 +0000 Subject: [gnutls-devel] GnuTLS | The official page with binaries for Windows is returning 404 (#1036) In-Reply-To: References: Message-ID: Scott Bryant commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1036#note_446806119 These links don't work either. Getting 404 not found (like the others mentioned previously). All the best. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1036#note_446806119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 06:55:34 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 05:55:34 +0000 Subject: [gnutls-devel] GnuTLS | build: disable heartbeat and SRP authentication by default (!1356) In-Reply-To: References: Message-ID: Daiki Ueno commented: I realized that this affects the ABI and we might need to still keep stubs for those (like openpgp). At least we should take steps to first deprecate those functionality and then do actual removal. Marking as blocked and removing from the 3.7.0 milestone. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1356#note_446847596 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 06:55:53 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 05:55:53 +0000 Subject: [gnutls-devel] GnuTLS | Consider dropping heartbeat support (#743) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 06:56:06 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 05:56:06 +0000 Subject: [gnutls-devel] GnuTLS | Remove SRP support (#943) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/943 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 09:26:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 08:26:30 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_446909473 @t8m OK, that's tricky; I guess we can merge this as-is for now. Could you increase the CI timeout from your repo setting and retrigger the failed jobs? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_446909473 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 09:26:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 08:26:41 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Merge Request !1346 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 Project:Branches: t8m/gnutls:client-hello-version to gnutls/gnutls:master Author: Tom?? Mr?z Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 11:14:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 10:14:32 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) In-Reply-To: References: Message-ID: Merge Request !1359 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359 Project:Branches: dueno/gnutls:wip/dueno/doc-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 12:02:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 11:02:03 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359#note_447021780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 12:02:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 11:02:11 +0000 Subject: [gnutls-devel] GnuTLS | be more specific about what to free after gnutls_x509_crt_get_dn2 succeeds (#1110) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1359 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1359) Issue #1110: https://gitlab.com/gnutls/gnutls/-/issues/1110 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 12:02:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 11:02:11 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) In-Reply-To: References: Message-ID: Merge Request !1359 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359 Project:Branches: dueno/gnutls:wip/dueno/doc-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 12:17:57 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 11:17:57 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Tom?? Mr?z commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_447031259 @dueno I've increased the timeout but that did not solve the problem with missing libev4 in the UB+ASAN build. Not sure why that happens, but it is not related to the MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_447031259 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 12:33:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 11:33:32 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_447040643 Sorry, that should be fixed in the current master; could you rebase it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346#note_447040643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 13:24:45 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 12:24:45 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) In-Reply-To: References: Message-ID: Daniel Stenberg commented: While this is an improvement I think it still could be enhanced. This update still misses to point out that the user needs to free the `->data` pointer in the struct to which you get a pointer to. ~~~c rc = gnutls_x509_crt_get_dn2(x509_cert, &certfields); gnutls_free(certfields.data); -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359#note_447073381 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 13:35:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 12:35:16 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359#note_447079574 Indeed, though this pattern is used in other places as well; I'll try to update them altogether. By the way, @bagder do you have any comments on !1353? We are finally going to merge it :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359#note_447079574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 13:39:54 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 12:39:54 +0000 Subject: [gnutls-devel] GnuTLS | x509: clarify how to release memory allocated for DN (!1359) In-Reply-To: References: Message-ID: Daniel Stenberg commented: I'm sorry but I don't have much to add there. I've only been an indirect user of it via ngtcp2, and just a casual one too so far. :disappointed: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1359#note_447082225 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 14:21:47 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 13:21:47 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: increase the maximum PIN length from 31 to 255 (!1357) In-Reply-To: References: Message-ID: Stanislav ?idek commented: @dueno Looks good to me, did not find any problems. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357#note_447110506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 14:42:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 13:42:14 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Merge Request !1346 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 Project:Branches: t8m/gnutls:client-hello-version to gnutls/gnutls:master Author: Tom?? Mr?z Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 14:42:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 13:42:08 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: All discussions on Merge Request !1346 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 15:01:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 14:01:00 +0000 Subject: [gnutls-devel] GnuTLS | TLS 1.3 client should set legacy_record_version to TLS 1.2 after Hello Retry Request (#1053) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1346 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1346) Issue #1053: https://gitlab.com/gnutls/gnutls/-/issues/1053 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1053 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 15:01:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 14:01:00 +0000 Subject: [gnutls-devel] GnuTLS | Use proper record version in client hello after hello retry request (!1346) In-Reply-To: References: Message-ID: Merge Request !1346 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 Project:Branches: t8m/gnutls:client-hello-version to gnutls/gnutls:master Author: Tom?? Mr?z Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 15:07:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 14:07:38 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: increase the maximum PIN length from 31 to 255 (!1357) In-Reply-To: References: Message-ID: Merge Request !1357 was approved by Stanislav ?idek Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357 Project:Branches: dueno/gnutls:wip/dueno/max-pin-len to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 15:10:17 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 14:10:17 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: increase the maximum PIN length from 31 to 255 (!1357) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357#note_447144104 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 15:10:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 14:10:24 +0000 Subject: [gnutls-devel] GnuTLS | Key passphrase longer than 31 chars give 'No PIN given' error (#932) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1357 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1357) Issue #932: https://gitlab.com/gnutls/gnutls/-/issues/932 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/932 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 15:10:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 14:10:24 +0000 Subject: [gnutls-devel] GnuTLS | pkcs11: increase the maximum PIN length from 31 to 255 (!1357) In-Reply-To: References: Message-ID: Merge Request !1357 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357 Project:Branches: dueno/gnutls:wip/dueno/max-pin-len to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 13 18:41:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Nov 2020 17:41:28 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Merge Request !1354 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 Project:Branches: dueno/gnutls:wip/dueno/aia-api to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 15 05:09:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Nov 2020 04:09:09 +0000 Subject: [gnutls-devel] GnuTLS | Update predefined priority keywords (#1098) In-Reply-To: References: Message-ID: GnuTLS bot commented: @airtower-luna This issue is unlabelled after 30 days. It needs attention. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1098#note_447601152 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 15 05:09:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Nov 2020 04:09:08 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1119) References: Message-ID: GnuTLS bot created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1119 The following issues require labels: - [ ] [Update predefined priority keywords](https://gitlab.com/gnutls/gnutls/-/issues/1098) Please take care of them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 15 13:55:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Nov 2020 12:55:42 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Avi Kivity commented: Are there plans to get this fixed? This is hurting us. If it's just a matter of copying the openssl files, we can do that, but if it requires expertise then we're more or less stuck. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_447644314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 15 15:47:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Nov 2020 14:47:14 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_447666074 We have been facing some license compatibility issues in updating OpenSSL / CRYPTOGAMS derived files (see #1043), though given the patch is already in the OpenSSL_1_1_1-stable branch, perhaps we can simply pick it. @ansasaki thoughts? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_447666074 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 16 10:55:03 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Nov 2020 09:55:03 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_448006960 Sorry, @sahprasa. It's my fault not having thought it seriously, but I realized that the current usage of the issuer callback in the library is not very reasonable: we probably shouldn't modify the trust list during chain verification as a side effect. Therefore, I moved the chain amendment logic from `verify_crt` to `gnutls_x509_trust_list_verify_crt2` and rewritten it in a side-effect free manner. The missingissuer test should now cover all the possible patterns. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_448006960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 17 16:47:27 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Nov 2020 15:47:27 +0000 Subject: [gnutls-devel] libtasn1 | Test_tree and copynode test failures on clang 10+ (#30) References: Message-ID: Paul Mulders created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/30 ## Description of problem: Test_tree and copynode tests fail when compiling with recent clang versions using -O2 or higher optimization levels (on -O1 tests succeed) ## Version of libtasn1 used: 4.16.0 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) n/a, compiling it myself on Exherbo ## How reproducible: Compile libtasn1 with clang 10 or newer with -O2 optimization or higher. I used clang 11, but I found a debian log for clang 10 in Google's webcache https://webcache.googleusercontent.com/search?q=cache:zRcDmB5LK6QJ:https://clang.debian.net/logs/2020-05-01-10/libtasn1-6_4.16.0-2_unstable_clang10.log&hl=en ## Actual results: FAIL: Test_tree =============== ./Test_tree.asn:121: Warning: VisibleString is a built-in ASN.1 type. ./Test_tree.asn:123: Warning: NumericString is a built-in ASN.1 type. ./Test_tree.asn:125: Warning: IA5String is a built-in ASN.1 type. ./Test_tree.asn:127: Warning: TeletexString is a built-in ASN.1 type. ./Test_tree.asn:129: Warning: PrintableString is a built-in ASN.1 type. ./Test_tree.asn:131: Warning: UniversalString is a built-in ASN.1 type. ./Test_tree.asn:134: Warning: BMPString is a built-in ASN.1 type. ./Test_tree.asn:138: Warning: UTF8String is a built-in ASN.1 type. Error at line 707 ERROR in 254: Action 18 - Error expected: MEM_ERROR - 79 Error detected: VALUE_NOT_VALID - 0 FAIL Test_tree (exit status: 1) FAIL: copynode ============== ./pkix.asn:332: Warning: VisibleString is a built-in ASN.1 type. ./pkix.asn:334: Warning: NumericString is a built-in ASN.1 type. ./pkix.asn:336: Warning: IA5String is a built-in ASN.1 type. ./pkix.asn:338: Warning: TeletexString is a built-in ASN.1 type. ./pkix.asn:340: Warning: PrintableString is a built-in ASN.1 type. ./pkix.asn:342: Warning: UniversalString is a built-in ASN.1 type. ./pkix.asn:345: Warning: BMPString is a built-in ASN.1 type. ./pkix.asn:349: Warning: UTF8String is a built-in ASN.1 type. LIBTASN1 ERROR: VALUE_NOT_VALID Cannot copy node FAIL copynode (exit status: 1) ## Expected results: Tests succeed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/30 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 18 16:24:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Nov 2020 15:24:58 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Norbert Pocs commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450125786 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. I remade it using a local variable. Now the tests passes, except the `tests/tls13/prf` and `tests/tlsext-decoding`. Can you please clarify what these tests are doing? I don't understand them and don't know how to solve them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450125786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 18 20:25:27 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Nov 2020 19:25:27 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Daiki Ueno commented: @sahprasa @t8m do you see any issue in this MR? If not I'd like to merge it sooner, to allow oss-fuzz some time to exercise the new API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450291428 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 02:14:47 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 01:14:47 +0000 Subject: [gnutls-devel] GnuTLS | EPOLL (#1122) References: Message-ID: huangyu6572 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1122 How to use gnutls in a epoll model? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1122 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 06:03:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 05:03:55 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1119) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1119: https://gitlab.com/gnutls/gnutls/-/issues/1119 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 09:45:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 08:45:39 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Sahana Prasad commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450576301 @dueno I haven't been able to test it yet. But it's good to get merged now and if there are any comments from others, they can be addressed later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450576301 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 09:50:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 08:50:55 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Merge Request !1353 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 Project:Branches: dueno/gnutls:wip/dueno/quic to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 10:10:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 09:10:02 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Merge Request !1353 was unapproved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 Project:Branches: dueno/gnutls:wip/dueno/quic to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 10:54:55 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 09:54:55 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Merge Request !1354 was unapproved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 Project:Branches: dueno/gnutls:wip/dueno/aia-api to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 10:55:16 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 09:55:16 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Sahana Prasad commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450690636 Thanks @dueno I'm still reviewing this one. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450690636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 11:09:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 10:09:24 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Sahana Prasad started a new discussion on lib/x509/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450703813 > * in issuer array. O(n^2) so consider that before > * increasing DEFAULT_MAX_VERIFY_DEPTH. > */ > - for (i = 0; i < *clist_size; i++) { > - for (j = 1; j < *clist_size; j++) { > + for (i = 0; i < clist_size; i++) { > + for (j = 1; j < clist_size; j++) { shouldn't 'j' start from 0? what if clist[0] is the issuer of clist[1] right no we never check `gnutls_x509_crt_check_issuer(clist[1], clist[0])` or could I be missing something here -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450703813 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 11:27:59 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 10:27:59 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450723419 > * in issuer array. O(n^2) so consider that before > * increasing DEFAULT_MAX_VERIFY_DEPTH. > */ > - for (i = 0; i < *clist_size; i++) { > - for (j = 1; j < *clist_size; j++) { > + for (i = 0; i < clist_size; i++) { > + for (j = 1; j < clist_size; j++) { Note that the sorting starts from the first element in clist, which will be always present in the result. If it was a signer of other certs, clist wouldn't be sortable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450723419 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 11:34:36 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 10:34:36 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Sahana Prasad commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450728430 @dueno Could @tomato42 help with this review? (I have gone through the MR in terms of the reviewer's checklist, but @tomato42 might know the subject better) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450728430 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 12:02:17 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 11:02:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450750553 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. Thanks for the update. The `prf` test covers the [TLS exporters](https://tools.ietf.org/html/rfc8446#section-7.5), which is a mechanism to allow applications to use keying material derived from the TLS session; that means the keying material is calculated over the exchanged handshake messages. As we are now sending non-empty session ID, the values embedded in the test needs to be updated (you can run the test locally and paste the new value there). The other test also assumes an empty session ID and needs an update something like [tlsext-decoding.c.diff](/uploads/cf5703c72899fdc439bac48bc938786e/tlsext-decoding.c.diff). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450750553 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:03:33 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:03:33 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_x509_read_value: don't count terminating null byte for OIDs (!1358) In-Reply-To: References: Message-ID: Sahana Prasad commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358#note_450825072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:03:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:03:37 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_x509_read_value: don't count terminating null byte for OIDs (!1358) In-Reply-To: References: Message-ID: Merge Request !1358 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358 Project:Branches: dueno/gnutls:wip/dueno/ocsp-oid to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:17:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:17:12 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: Sahana Prasad started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355#note_450843065 > output the complete path to the trusted root during certificate > chain verification (#1012) > > +** libgnutls: the crypto implementation override APIs deprecated in 3.6.9 are Nit - Could we maybe add the names of those 4 APIs here? LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355#note_450843065 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:17:47 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:17:47 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: Merge Request !1355 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 Project:Branches: dueno/gnutls:wip/dueno/disable-cipher-override to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:33:52 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:33:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450863838 > goto cleanup; > } > > + uint8_t resumed_session_id[GNUTLS_MAX_SESSION_ID_SIZE]; > + memcpy(resumed_session_id, session->internals.resumed_security_parameters.session_id, session_id_len); I think you could avoid memcpy by having a pointer to either `session->internals.resumed_security_parameters.session_id` or `session->security_parameters.session_id` (in TLS 1.3). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450863838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:37:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:37:11 +0000 Subject: [gnutls-devel] GnuTLS | OCSP: in several cases OID value sizes contain null terminated byte (#805) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1358 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1358) Issue #805: https://gitlab.com/gnutls/gnutls/-/issues/805 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/805 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:37:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:37:10 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_x509_read_value: don't count terminating null byte for OIDs (!1358) In-Reply-To: References: Message-ID: Merge Request !1358 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358 Project:Branches: dueno/gnutls:wip/dueno/ocsp-oid to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:37:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:37:30 +0000 Subject: [gnutls-devel] GnuTLS | _gnutls_x509_read_value: don't count terminating null byte for OIDs (!1358) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1358#note_450869654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:37:57 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:37:57 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355#note_450870557 > output the complete path to the trusted root during certificate > chain verification (#1012) > > +** libgnutls: the crypto implementation override APIs deprecated in 3.6.9 are Indeed; let amend it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355#note_450870557 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 13:41:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 12:41:42 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Sahana Prasad commented on a discussion on lib/x509/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450876749 > * in issuer array. O(n^2) so consider that before > * increasing DEFAULT_MAX_VERIFY_DEPTH. > */ > - for (i = 0; i < *clist_size; i++) { > - for (j = 1; j < *clist_size; j++) { > + for (i = 0; i < clist_size; i++) { > + for (j = 1; j < clist_size; j++) { I got confused with the example with [D, C, A, H, G] as input and Round 1 [A, C, D, H, G] return 1 Round 2 [A, C, D, H, G] return 2 Round 3 [A, C, D, G, H] -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450876749 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 14:29:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 13:29:42 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450920787 unfortunately, I don't really know what kind of APIs are necessary for implementing QUIC from what I know of gnutls (which is very very little) the MR looks ok -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_450920787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 15:15:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 14:15:11 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Merge Request !1353 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 Project:Branches: dueno/gnutls:wip/dueno/quic to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 15:27:41 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 14:27:41 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450977991 > * in issuer array. O(n^2) so consider that before > * increasing DEFAULT_MAX_VERIFY_DEPTH. > */ > - for (i = 0; i < *clist_size; i++) { > - for (j = 1; j < *clist_size; j++) { > + for (i = 0; i < clist_size; i++) { > + for (j = 1; j < clist_size; j++) { Right, the example is incorrect; that should be something like: - the initial input is: [A, C, E, D, G, I, H] - round 1: [A, C, E, D, G, I, H], return 1 - round 2: [A, C, D, E, G, I, H], return 3 - round 3: [A, C, D, E, G, H, I], return 3 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_450977991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 16:38:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 15:38:40 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Norbert Pocs commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_451038762 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. The `tlsext-decoding` passing now. (haven't pushed yet) There will be problem with the `prf`, because the output keeps changing everytime. The session_id is generated randomly, therefore it can not be compared with a static value. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_451038762 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 17:09:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 16:09:58 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_451066704 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. Oh that's strange, as we are overriding the random function with the [static one](https://gitlab.com/gnutls/gnutls/-/blob/master/tests/tls13/prf.c#L75). Let me check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_451066704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 17:11:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 16:11:28 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_451067733 > * in issuer array. O(n^2) so consider that before > * increasing DEFAULT_MAX_VERIFY_DEPTH. > */ > - for (i = 0; i < *clist_size; i++) { > - for (j = 1; j < *clist_size; j++) { > + for (i = 0; i < clist_size; i++) { > + for (j = 1; j < clist_size; j++) { On a related note, we might eventually want to use a proper topological sort algorithm. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_451067733 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 18:20:01 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 17:20:01 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: All discussions on Merge Request !1353 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 18:20:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 17:20:00 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_451135130 Anyway, thank you for checking. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_451135130 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 18:20:10 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 17:20:10 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Merge Request !1353 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 Project:Branches: dueno/gnutls:wip/dueno/quic to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 20:04:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 19:04:28 +0000 Subject: [gnutls-devel] GnuTLS | provide a function to feed TLS messages from record layer (#850) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1353 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1353) Issue #850: https://gitlab.com/gnutls/gnutls/-/issues/850 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/850 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 20:04:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 19:04:28 +0000 Subject: [gnutls-devel] GnuTLS | Support QUIC TLS API (#826) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1353 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1353) Issue #826: https://gitlab.com/gnutls/gnutls/-/issues/826 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/826 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 20:04:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 19:04:28 +0000 Subject: [gnutls-devel] GnuTLS | provide a callback to intercept TLS messages being sent (#849) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1353 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1353) Issue #849: https://gitlab.com/gnutls/gnutls/-/issues/849 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/849 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 19 20:04:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Nov 2020 19:04:28 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Merge Request !1353 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 Project:Branches: dueno/gnutls:wip/dueno/quic to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 05:55:29 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 04:55:29 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: All discussions on Merge Request !1355 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 05:55:36 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 04:55:36 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: Merge Request !1355 was scheduled to merge after pipeline succeeds by Daiki Ueno Merge Request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 Project:Branches: dueno/gnutls:wip/dueno/disable-cipher-override to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 05:55:44 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 04:55:44 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355#note_451412838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 07:43:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 06:43:11 +0000 Subject: [gnutls-devel] GnuTLS | Cipher implementation override API is no-op (#790) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1355 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1355) Issue #790: https://gitlab.com/gnutls/gnutls/-/issues/790 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 07:43:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 06:43:11 +0000 Subject: [gnutls-devel] GnuTLS | crypto-backend: remove ability of overriding ciphers (!1355) In-Reply-To: References: Message-ID: Merge Request !1355 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 Project:Branches: dueno/gnutls:wip/dueno/disable-cipher-override to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1355 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 11:26:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 10:26:32 +0000 Subject: [gnutls-devel] GnuTLS | Gnutls 3.6.14 fails to compile on Mac OS Catalina (#1033) In-Reply-To: References: Message-ID: Lancelot de Ferri?re commented: Still not working under 3.6.15 The error at compilation time can be skipped by adding --disable-doc, but it then fails at link-time. I haven't been able to easily patch it so far. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1033#note_451577664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 11:37:40 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 10:37:40 +0000 Subject: [gnutls-devel] GnuTLS | Gnutls 3.6.14 fails to compile on Mac OS Catalina (#1033) In-Reply-To: References: Message-ID: Ross Nicholson commented: This patch works under 3.6.15 [03-undo-libtasn1-cisdigit.patch](/uploads/63e08bfb075e2a775d7124ee43d058fd/03-undo-libtasn1-cisdigit.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1033#note_451585569 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 14:34:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 13:34:15 +0000 Subject: [gnutls-devel] GnuTLS | Add QUIC related API functions (!1353) In-Reply-To: References: Message-ID: Tom?? Mr?z commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_451699866 I have no further comments than I already added. I think it is OK to merge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1353#note_451699866 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 17:01:01 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 16:01:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_certificate_set_x509_key_file - private key (#1123) References: Message-ID: Achim Kraus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1123 I'm currently wondering, why gnutls version 3.5.18 and 3.6.15 reject to read a ec-private key generated by the java keytool. Using a demo key ``` -----BEGIN PRIVATE KEY----- MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBgNuyqKuRW0RxU1DVs aEpBPtVRVLRZYq6hZRzvZ6igBw== -----END PRIVATE KEY----- ``` for `gnutls_certificate_set_x509_key_file` I get: "gnutls_certificate_set_x509_key_file: 'ASN1 parser: Error in DER parsing.'" Using: ``` -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYDbsqirkVtEcVNQ1 bGhKQT7VUVS0WWKuoWUc72eooAehRANCAAQUaejXTuQWAngC8AFC+IT2FMmUR4Hj B9LcvnxDknyytbFK6cSCeIht+vSnxKHD4LVcBzMXEmufxKMUJWo4qOuu -----END PRIVATE KEY----- ``` works. The difference is the explicit public key as bit-string. According [RFC 5915 - 3. Elliptic Curve Private Key Format](https://tools.ietf.org/html/rfc5915#section-3) > Though the ASN.1 indicates publicKey is OPTIONAL, implementations that conform to this document SHOULD always include the publicKey field. that field is optional. Even the `SHOULD` doesn't justify, why it seems to be required. Using `gnutls_certificate_set_x509_simple_pkcs12_file` unfortunately also fails. Is there a trick, how to use the private key without the optional public one? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1123 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 20 17:27:27 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Nov 2020 16:27:27 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_451838696 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. On my environment, [this](/uploads/4b67942682f5e8653bcd417773cb75df/tls13-prf.c.diff) makes the test work reliably. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_451838696 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 15:10:25 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 14:10:25 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Sahana Prasad commented on a discussion on lib/x509/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_452109710 > * in issuer array. O(n^2) so consider that before > * increasing DEFAULT_MAX_VERIFY_DEPTH. > */ > - for (i = 0; i < *clist_size; i++) { > - for (j = 1; j < *clist_size; j++) { > + for (i = 0; i < clist_size; i++) { > + for (j = 1; j < clist_size; j++) { @dueno yes -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_452109710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 15:14:06 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 14:14:06 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Sahana Prasad commented: LGTM, please merge if all the gnutls-cli cases (that we previously tested) work CA_AUTO_RETRIEVE. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_452110163 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 15:14:23 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 14:14:23 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Merge Request !1354 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 Project:Branches: dueno/gnutls:wip/dueno/aia-api to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 17:46:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 16:46:09 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_452129588 It works at least against incomplete-chain.badssl.com, though it might be too simple. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_452129588 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 17:46:22 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 16:46:22 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_452129618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 17:46:31 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 16:46:31 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: All discussions on Merge Request !1354 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 17:46:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 16:46:38 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Merge Request !1354 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 Project:Branches: dueno/gnutls:wip/dueno/aia-api to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 17:46:38 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 16:46:38 +0000 Subject: [gnutls-devel] GnuTLS | Prevent misuses of gnutls_x509_trust_list_set_getissuer_function callback (#1100) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno via merge request !1354 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1354) Issue #1100: https://gitlab.com/gnutls/gnutls/-/issues/1100 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1100 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 21 18:19:22 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Nov 2020 17:19:22 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_certificate_set_x509_key_file - private key (#1123) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report; that indeed seems like a bug: the [decoding logic](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/privkey.c#L298) treats the public key as mandatory. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1123#note_452133408 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 23 07:50:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Nov 2020 06:50:42 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: include when checking scm_* functions (!1360) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1360 Project:Branches: dueno/gnutls:wip/dueno/guile-fixes to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1116 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1360 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 23 07:53:58 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Nov 2020 06:53:58 +0000 Subject: [gnutls-devel] GnuTLS | Build failure with Xcode 12 (on macOS 10.15 and 11.0) (#1116) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report and analysis. Would you like to confirm that !1360 fixes the issue? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1116#note_452429669 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 23 22:11:24 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Nov 2020 21:11:24 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Avi Kivity commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_453044076 A gentle ping. Can we make progress, given it's just copying a file? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_453044076 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 06:52:44 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 05:52:44 +0000 Subject: [gnutls-devel] GnuTLS | Hurt test failure (#1124) References: Message-ID: Witold Baryluk created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1124 gnutls do fails to run tests on Hurd. Hurd doesn't have `netstat` or `ss` unfortunately. This makes `testpkcs11.sh` to fail: ``` FAIL: testpkcs11.sh =================== Testing PKCS11 support usage: ../../tests/testpkcs11.sh: [pkcs15|softhsm|sc-hsm] assuming 'softhsm' * Initializing smart card... ok * Token: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=abeb55df037f4134;token=GnuTLS-Test * Setting SO PIN... ok * Re-setting SO PIN... ok * Setting too large SO PIN... ok ... ... ... * Testing signatures using the private key... ok * Testing RSA-PSS signatures using the private key... ok * Testing signatures using the private key (with ID)... ok * Using PKCS #11 with gnutls-cli (full URLs)... neither ss nor netstat found FAIL testpkcs11.sh (exit status: 1) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1124 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 07:56:13 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 06:56:13 +0000 Subject: [gnutls-devel] GnuTLS | Hurt test failure (#1124) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thank you for the report; @baryluk do you happen to know any alternative to those commands in Hurd? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1124#note_453218508 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 09:21:39 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 08:21:39 +0000 Subject: [gnutls-devel] GnuTLS | EPOLL (#1122) In-Reply-To: References: Message-ID: Daiki Ueno commented: Could you elaborate a bit more about what do you mean with "epoll model"? In general, polling is outside the scope of the library. For example, the [gnutls-serv](https://gitlab.com/gnutls/gnutls/-/blob/master/src/serv.c#L1594) calls out `select` by itself; that means it would be straightforward to rewrite it with epoll's level-triggered interface. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1122#note_453261625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 09:44:02 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 08:44:02 +0000 Subject: [gnutls-devel] GnuTLS | Issues require labels (#1108) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1108: https://gitlab.com/gnutls/gnutls/-/issues/1108 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 09:56:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 08:56:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_453288081 > > #ifdef TLS13_APPENDIX_D4 > if (max_ver->tls13_sem && > - session->security_parameters.session_id_size == 0) { > + session->internals.resumed_security_parameters.session_id_size == 0) { > > /* Under TLS1.3 we generate a random session ID to make > * the TLS1.3 session look like a resumed TLS1.2 session */ > - ret = _gnutls_generate_session_id(session->security_parameters. > + ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters. [This](/uploads/b28f2a3fd8f81b02cbeff37b142c36b2/tls13-prf-early.c.diff) should fix the other failure (tls13/prf-early.sh). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_453288081 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 10:55:30 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 09:55:30 +0000 Subject: [gnutls-devel] GnuTLS | verify-tofu: return errors from store functions if callback fails (!1361) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361 Project:Branches: dueno/gnutls:wip/dueno/verify-tofu-cstore to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1092 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 14:36:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 13:36:05 +0000 Subject: [gnutls-devel] GnuTLS | Update openssl submodule to fix backtrace info (!1362) References: Message-ID: Anderson Sasaki created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362 Project:Branches: ansasaki/gnutls:update_openssl to gnutls/gnutls:master Author: Anderson Sasaki Update the openssl submodule to the current OpenSSL_1_1_1-stable and re-generate the assembly source files. The goal is to fix the crash when unwinding the backtrace reported in #1111 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 14:41:59 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 13:41:59 +0000 Subject: [gnutls-devel] GnuTLS | Unwinding from sha256_block_data_order_avx2 crashes the process, GDB unable to backtrace (#1111) In-Reply-To: References: Message-ID: Anderson Sasaki commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_453519547 Following @dueno suggestion, I proposed the !1362 merge request which updates the openssl submodule to the current OpenSSL_1_1_1-stable and re-generate the assembly source files. @avi.kivity @tgrabiec Could you please check if !1362 fixes the issue? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1111#note_453519547 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 14:43:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 13:43:50 +0000 Subject: [gnutls-devel] GnuTLS | Update openssl submodule to fix backtrace info (!1362) In-Reply-To: References: Message-ID: Merge Request !1362 was approved by Daiki Ueno Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362 Project:Branches: ansasaki/gnutls:update_openssl to gnutls/gnutls:master Author: Anderson Sasaki Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 24 14:44:14 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Nov 2020 13:44:14 +0000 Subject: [gnutls-devel] GnuTLS | Update openssl submodule to fix backtrace info (!1362) In-Reply-To: References: Message-ID: Daiki Ueno commented: Looks good to me, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362#note_453521409 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 25 07:24:00 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Nov 2020 06:24:00 +0000 Subject: [gnutls-devel] GnuTLS | Update openssl submodule to fix backtrace info (!1362) In-Reply-To: References: Message-ID: Merge Request !1362 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362 Project:Branches: ansasaki/gnutls:update_openssl to gnutls/gnutls:master Author: Anderson Sasaki Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1362 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 25 17:08:09 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Nov 2020 16:08:09 +0000 Subject: [gnutls-devel] GnuTLS | verify-tofu: return errors from store functions if callback fails (!1361) In-Reply-To: References: Message-ID: Merge Request !1361 was approved by Sahana Prasad Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361 Project:Branches: dueno/gnutls:wip/dueno/verify-tofu-cstore to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 25 17:08:15 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Nov 2020 16:08:15 +0000 Subject: [gnutls-devel] GnuTLS | verify-tofu: return errors from store functions if callback fails (!1361) In-Reply-To: References: Message-ID: Sahana Prasad commented: LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361#note_454447521 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 26 06:00:12 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Nov 2020 05:00:12 +0000 Subject: [gnutls-devel] GnuTLS | verify-tofu: return errors from store functions if callback fails (!1361) In-Reply-To: References: Message-ID: Daiki Ueno commented: Thanks for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361#note_454788866 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 26 06:00:44 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Nov 2020 05:00:44 +0000 Subject: [gnutls-devel] GnuTLS | verify-tofu: return errors from store functions if callback fails (!1361) In-Reply-To: References: Message-ID: Merge Request !1361 was merged Merge Request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361 Project:Branches: dueno/gnutls:wip/dueno/verify-tofu-cstore to gnutls/gnutls:master Author: Daiki Ueno Assignees: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1361 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 26 09:33:08 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Nov 2020 08:33:08 +0000 Subject: [gnutls-devel] GnuTLS | init_fds test fails inside user namespace (#1125) References: Message-ID: Ryan Burns created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1125 ## Description of problem: `init_fds` test fails when run inside of a [nix-user-chroot](https://github.com/nix-community/nix-user-chroot) user namespaced environment. Maybe the user namespace changes the way fds are assigned, or occupies some slots so the new ones are not at index 3? I'm also not sure whether this is a property of Linux user namespaces in general, or something that nix-user-chroot is doing in particular. ``` FAIL: init_fds ============== doit:59: could not open fd, or OS doesn't assign fds in a serial way (-1) FAIL init_fds (exit status: 1) ``` Relevant test section: https://gitlab.com/gnutls/gnutls/-/blob/3.6.15/tests/init_fds.c#L56-61 ## Version of gnutls used: 3.6.15 (But should apply to any version with `init_fds` test, as it hasn't been modified since it was introduced) ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Nixpkgs unstable x86_64-linux ## To reproduce: Install Nix as a non-root user following nix-user-chroot's [installation instructions](https://github.com/nix-community/nix-user-chroot#installation). Inside the user chroot, run: ```sh nix-build '' -A gnutls --check # check flag forces local rebuild+test ``` ## Expected/Actual Behavior The build/test command passes on * NixOS * non-NixOS with multi-user Nix installation (root daemon builders) * non-NixOS with single-user Nix installation (non-root, with user-owned /nix) But fails on * non-NixOS with Nix via nix-user-chroot (non-root, user-owned folder user namespace mounted to /nix) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1125 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 26 11:55:20 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Nov 2020 10:55:20 +0000 Subject: [gnutls-devel] GnuTLS | init_fds test fails when sssd is running (#1125) In-Reply-To: References: Message-ID: Ryan Burns commented: I completely misdiagnosed this originally, hopefully I've identified the actual cause now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1125#note_455085776 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 26 23:24:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Nov 2020 22:24:28 +0000 Subject: [gnutls-devel] GnuTLS | Wrong CDP in certificate (#1126) References: Message-ID: Thomas Karlsson created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1126 ## Description of problem: When signing a CSR, the CDP is copied from the signing CA's CDP. The CDP should be specified, if needed, in the template. Copying of the signing CA's CDP is most of the time wrong, unless (which doesn't make sense) a CDP exists in the Root CA's certificate. ## Version of gnutls used: The latest checkout on branch master ## How reproducible: Steps to Reproduce: *root-ca.cfg* organization = "Initech"\ cn = "Initech Root CA"\ expiration_days = 700\ ca\ cert_signing_key\ crl_signing_key *issuing-ca.cfg* organization = "Initech"\ cn = "Initech CA"\ expiration_days = 350\ crl_dist_points = "http://crl.initech.lan/Initech_Root_CA.crl" \ ca\ signing_key\ cert_signing_key\ crl_signing_key\ path_len = 0 *servercert.cfg* organization = "Initech"\ cn = "test.example.com"\ expiration_days = 350\ crl_dist_points = "http://crl.initech.lan/Initech_CA.crl" \ tls_www_server\ key_agreement\ data_encipherment certtool --generate-privkey --sec-param high --outfile Initech_Root_CA-key.pem\ certtool --generate-self-signed --load-privkey Initech_Root_CA-key.pem --template root-ca.cfg --outfile Initech_Root_CA-cert.pem\ certtool --generate-privkey --sec-param medium --outfile Initech_CA-key.pem\ certtool --generate-request --load-privkey Initech_CA-key.pem --template issuing-ca.cfg --outfile Initech_CA-csr.pem\ certtool --generate-certificate --load-ca-privkey Initech_Root_CA-key.pem --load-ca-certificate Initech_Root_CA-cert.pem --load-request Initech_CA-csr.pem --template issuing-ca.cfg --outfile Initech_CA-cert.pem\ certtool --generate-privkey --sec-param medium --outfile test.initech.lan-key.pem\ certtool --generate-request --load-privkey test.initech.lan-key.pem --template servercert.cfg --outfile test.initech.lan-csr.pem\ certtool --generate-certificate --load-ca-privkey Initech_CA-key.pem --load-ca-certificate Initech_CA-cert.pem --load-request test.initech.lan-csr.pem --template servercert.cfg --outfile test.initech.lan-cert.pem ## Actual results: CDP in server certificate points to Root CA's CRL ## Expected results: CDP in server certificate points to the Issuing CA's specified CDP. ## Proposed fix --- certtool.c.org 2020-11-26 23:16:24.415557527 +0100 +++ certtool.c 2020-11-26 23:19:09.234423551 +0100 @@ -781,10 +781,8 @@ /* always set CRL distribution points on CAs, but also on certificates * generated with --generate-self-signed. The latter is to retain * compatibility with previous versions of certtool. */ - if (ca_status || (!proxy && ca_crt == NULL)) { + if (ca_status || (!proxy)) { get_crl_dist_point_set(crt); - } else if (!proxy && ca_crt != NULL) { - gnutls_x509_crt_cpy_crl_dist_points(crt, ca_crt); } *ret_key = key; -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1126 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 29 18:23:28 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 29 Nov 2020 17:23:28 +0000 Subject: [gnutls-devel] GnuTLS | fuzz: fix handshake fuzzer issues spotted by oss-fuzz (!1363) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 Project:Branches: dueno/gnutls:wip/dueno/fuzzer-fixes to gnutls/gnutls:master Author: Daiki Ueno Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 05:19:42 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 04:19:42 +0000 Subject: [gnutls-devel] libtasn1 | fuzz/corpus2array: fix build with gnu89 (!70) References: Message-ID: Rosen Penev created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70 Project:Branches: mangix/libtasn1:mangix-master-patch-15289 to gnutls/libtasn1:master Author: Rosen Penev Just a simple compilation fix. GCC 4.8.5 does not default to gnu99 or gnu11. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/70 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 07:18:04 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 06:18:04 +0000 Subject: [gnutls-devel] GnuTLS | fuzz: fix handshake fuzzer issues spotted by oss-fuzz (!1363) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.7.0 (Jun 3, 2020?Nov 28, 2020) ( https://gitlab.com/gnutls/gnutls/-/milestones/20 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 15:58:56 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 14:58:56 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) References: Message-ID: ihsinme created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 Project:Branches: ihsinme/gnutls:ihsinme-master-patch-42280 to gnutls/gnutls:master Author: ihsinme your check is incorrect. since the variables are unsigned, it is equivalent to val->size != 2. so I suggest a simple fix for the error. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [x] Any issues marked for closing are addressed * [x] There is a test suite reasonably covering new functionality or modifications * [x] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [x] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 17:10:32 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 16:10:32 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/x509/x509_dn.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457262256 > > /* remove spaces from the end */ > while(val->size > 0 && c_isspace(val->data[val->size-1])) { > - if (val->size-2 > 0 && val->data[val->size-2] == '\\') > + if (val->size > 2 && val->data[val->size-2] == '\\') Not your fault, but I wonder if this logic works when the '\\' appears at the beginning of the data (i.e., shouldn't `val->size > 2` be `val->size > 1`?). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457262256 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 17:11:11 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 16:11:11 +0000 Subject: [gnutls-devel] GnuTLS | fix invalid unsigned arithmetic. (!1364) In-Reply-To: References: Message-ID: Daiki Ueno commented: Well spotted, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1364#note_457262787 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 17:31:50 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 16:31:50 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Michael Catanzaro started a new discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_457282115 > * The callback function should return 0 if the missing issuer certificate > * for 'crt' was properly populated and added to the 'tlist' using > * gnutls_x509_trust_list_add_cas() or non-zero to continue the certificate list > * verification but with issuer as %NULL. Hi, sorry for the delay. I'm testing this now. This last two paragraphs of the documentation are no longer correct: the callback should no longer attempt to verify the certificate or modify the tlist. Instead, it should return 0 if the 'issuers' array was successfully imported, or non-zero to continue the certificate list verification but with issuer as %NULL. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_457282115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 18:31:05 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 17:31:05 +0000 Subject: [gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354) In-Reply-To: References: Message-ID: Michael Catanzaro commented on a discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_457328122 > * The callback function should return 0 if the missing issuer certificate > * for 'crt' was properly populated and added to the 'tlist' using > * gnutls_x509_trust_list_add_cas() or non-zero to continue the certificate list > * verification but with issuer as %NULL. I will submit a MR for this documentation problem. I tested this with glib-networking and confirmed it functions properly. Amazing, thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_457328122 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 30 20:21:37 2020 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Nov 2020 19:21:37 +0000 Subject: [gnutls-devel] GnuTLS | x509: Improve documentation of new set_getissuer_function (!1365) References: Message-ID: Michael Catanzaro created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365 Project:Branches: TheRealMichaelCatanzaro/gnutls:mcatanzaro/getissuer_func_docs to gnutls/gnutls:master Author: Michael Catanzaro Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1365 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: