From jlodder at ripco.com Mon Nov 3 20:25:19 2003 From: jlodder at ripco.com (John Lodder) Date: Mon, 3 Nov 2003 13:25:19 -0600 (CST) Subject: [Help-gnutls] opencdk build error? Message-ID: <200311031925.hA3JPJ6F000073@shell2.ripco.com> I'm trying to build opencdk on Solaris 8 using gcc 3.3.2. The build fails when it gets to the 'tests' subdirectory, with undefined symbol vasprintf. Same error happens with opencdk 0.5.1 and 0.5.2; I've appended a snippet from building 0.5.2, below. Any help appreciated, and apologies if this is a common FAQ, john. ===== make[2]: Leaving directory `/local/stuff/tnt/gnutls/opencdk-0.5.2/doc' Making all in tests make[2]: Entering directory `/local/stuff/tnt/gnutls/opencdk-0.5.2/tests' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/local/stuff/tnt/gaim/build/include -I/local/stuff/tnt/gaim/build/include -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -MT t-stream.o -MD -MP -MF ".deps/t-stream.Tpo" \ -c -o t-stream.o `test -f 't-stream.c' || echo './'`t-stream.c; \ then mv -f ".deps/t-stream.Tpo" ".deps/t-stream.Po"; \ else rm -f ".deps/t-stream.Tpo"; exit 1; \ fi t-stream.c: In function `stream_clearsign': t-stream.c:446: warning: `rc' might be used uninitialized in this function t-stream.c: In function `test_keydb_routines': t-stream.c:787: warning: char format, void arg (arg 2) t-stream.c: At top level: t-stream.c:424: warning: `stream_verify' defined but not used t-stream.c:442: warning: `stream_clearsign' defined but not used /bin/bash ../libtool --mode=link gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -o t-stream t-stream.o ../src/libopencdk.la -L/local/stuff/tnt/gaim/build/lib -lgcrypt -L/local/stuff/tnt/gaim/build/lib -lgpg-error -lz mkdir .libs gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -o .libs/t-stream t-stream.o ../src/.libs/libopencdk.so -L/local/stuff/tnt/gaim/build/lib /local/stuff/tnt/gaim/build/lib/libgcrypt.so -lnsl -lsocket /local/stuff/tnt/gaim/build/lib/libgpg-error.so -lz -R/local/stuff/tnt/gaim/build/lib Undefined first referenced symbol in file vasprintf ../src/.libs/libopencdk.so ld: fatal: Symbol referencing errors. No output written to .libs/t-stream collect2: ld returned 1 exit status make[2]: *** [t-stream] Error 1 make[2]: Leaving directory `/local/stuff/tnt/gnutls/opencdk-0.5.2/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/local/stuff/tnt/gnutls/opencdk-0.5.2' make: *** [all] Error 2 From pete at geckoworks.com Mon Nov 3 22:05:57 2003 From: pete at geckoworks.com (Pete Naylor) Date: Mon, 3 Nov 2003 13:05:57 -0800 Subject: [Help-gnutls] opencdk build error? In-Reply-To: <200311031925.hA3JPJ6F000073@shell2.ripco.com> References: <200311031925.hA3JPJ6F000073@shell2.ripco.com> Message-ID: <20031103210557.GC813@geckoworks.com> John Lodder wrote... > I'm trying to build opencdk on Solaris 8 using gcc 3.3.2. The build > fails when it gets to the 'tests' subdirectory, with undefined symbol > vasprintf. Same error happens with opencdk 0.5.1 and 0.5.2; I've > appended a snippet from building 0.5.2, below. This is because Solaris 8 doesn't have vasprintf - it's unfortunately rather common for developers using Linux/FreeBSD etc to make poor assumptions regarding the availability of such functions. I worked around it by editing src/misc.c - there's a vasprintf function defined there but an #ifdef causes it to only be defined on Win32. Remove the #ifdef and the included vasprintf function works fine for Solaris. From bortzmeyer at nic.fr Wed Nov 5 13:12:28 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Wed, 5 Nov 2003 13:12:28 +0100 Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration? Message-ID: <20031105121228.GA789@nic.fr> Hello, I'm porting echoping from OpenSSL to GNU TLS and I have a question about looping. echoping can perform a given test repeatedly. What do I have to do at each iteration? I tried, at every iteration: gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd); gnutls_handshake (session); ... Work gnutls_bye (session, GNUTLS_SHUT_RDWR); But it fails at the second iteration (-10: The specified session has been invalidated for some reason. (Bad file descriptor)). I then tried: gnutls_init(&session, GNU_TLS_CLIENT); gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd); gnutls_handshake (session); ... Work gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR); gnutls_deinit (session); And it fails at the second iteration (ASN1 parser: Element was not found. (Bad file descriptor). [For the record, OpenSSL has exactly the same problems and the documentation is quite misleading.] From nmav at gnutls.org Thu Nov 6 10:12:20 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu, 6 Nov 2003 11:12:20 +0200 Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration? In-Reply-To: <20031105121228.GA789@nic.fr> References: <20031105121228.GA789@nic.fr> Message-ID: <20031106091220.GA15901@gnutls.org> On Wed, Nov 05, 2003 at 01:12:28PM +0100, Stephane Bortzmeyer wrote: > Hello, > I tried, at every iteration: > gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd); > gnutls_handshake (session); > ... Work > gnutls_bye (session, GNUTLS_SHUT_RDWR); > But it fails at the second iteration (-10: The specified session has > been invalidated for some reason. (Bad file descriptor)). Yes, this is not a correct use of a gnutls session. > I then tried: > gnutls_init(&session, GNU_TLS_CLIENT); > gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd); > gnutls_handshake (session); > ... Work > gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR); > gnutls_deinit (session); > And it fails at the second iteration (ASN1 parser: Element was not > found. (Bad file descriptor). You probably haven't called gnutls_global_init(). In any case try reading the examples on how to properly initialize a TLS session. -- Nikos Mavroyanopoulos From bortzmeyer at nic.fr Thu Nov 6 10:31:26 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 6 Nov 2003 10:31:26 +0100 Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration? In-Reply-To: <20031106091220.GA15901@gnutls.org> References: <20031105121228.GA789@nic.fr> <20031106091220.GA15901@gnutls.org> Message-ID: <20031106093126.GB15525@nic.fr> On Thu, Nov 06, 2003 at 11:12:20AM +0200, Nikos Mavroyanopoulos wrote a message of 34 lines which said: > > I then tried: > > gnutls_init(&session, GNU_TLS_CLIENT); > > gnutls_transport_set_ptr (session, gnutls_transport_ptr) sockfd); > > gnutls_handshake (session); > > ... Work > > gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR); > > gnutls_deinit (session); > > And it fails at the second iteration (ASN1 parser: Element was not > > found. (Bad file descriptor). > > You probably haven't called gnutls_global_init(). Of course I did. I just showed only the instructions that are loop-specific but, at the beginning of the program, before starting the loop, I have: gnutls_global_init (); gnutls_certificate_allocate_credentials (&xcred); > In any case try reading the examples on how to properly initialize a > TLS session. No example on the Web site covers the case of a loop. From nmav at gnutls.org Thu Nov 6 11:39:39 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu, 6 Nov 2003 12:39:39 +0200 Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration? In-Reply-To: <20031106093126.GB15525@nic.fr> References: <20031105121228.GA789@nic.fr> <20031106091220.GA15901@gnutls.org> <20031106093126.GB15525@nic.fr> Message-ID: <20031106103939.GA21140@gnutls.org> On Thu, Nov 06, 2003 at 10:31:26AM +0100, Stephane Bortzmeyer wrote: > > > gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR); > > > gnutls_deinit (session); > > > And it fails at the second iteration (ASN1 parser: Element was not > > > found. (Bad file descriptor). > > You probably haven't called gnutls_global_init(). > Of course I did. I just showed only the instructions that are > loop-specific but, at the beginning of the program, before starting > the loop, I have: > gnutls_global_init (); > gnutls_certificate_allocate_credentials (&xcred); > > In any case try reading the examples on how to properly initialize a > > TLS session. > No example on the Web site covers the case of a loop. The example in section 5.2.5 (client with resume capability) connects to a server twice by using a loop. If this doesn't help either use the following to get more detailed error reporting, or send a small program to reproduce the error. static void tls_log_func( int level, const char* str) { fprintf(stderr, "|<%d>| %s", level, str); } gnutls_global_set_log_function( tls_log_func); gnutls_global_set_log_level(2); -- Nikos Mavroyanopoulos From bortzmeyer at nic.fr Fri Nov 7 14:07:21 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Fri, 7 Nov 2003 14:07:21 +0100 Subject: [Help-gnutls] GNU TLS inside a loop: what to do at each iteration? In-Reply-To: <20031106103939.GA21140@gnutls.org> References: <20031105121228.GA789@nic.fr> <20031106091220.GA15901@gnutls.org> <20031106093126.GB15525@nic.fr> <20031106103939.GA21140@gnutls.org> Message-ID: <20031107130721.GB29701@nic.fr> On Thu, Nov 06, 2003 at 12:39:39PM +0200, Nikos Mavroyanopoulos wrote a message of 37 lines which said: > The example in section 5.2.5 (client with resume capability) > connects to a server twice by using a loop. OK, my fault, I had a gnutls_global_deinit at the wrong place in the loop. I now have the following structure: gnutls_global_init (); gnutls_certificate_allocate_credentials (&xcred); loop { gnutls_init (&session, GNUTLS_CLIENT); gnutls_set_default_priority (session); gnutls_certificate_type_set_priority (session, cert_type_priority); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_transport_set_ptr (session, (gnutls_transport_ptr) sockfd); gnutls_handshake (session); Work ... shutdown() gnutls_bye (channel.tls, GNUTLS_SHUT_RDWR); gnutls_deinit (session); } gnutls_global_deinit (); And it works fine. Many thanks. Those who want to see it: ftp://ftp.internatif.org/pub/unix/echoping/echoping-5.1-BETA.tar.gz From bortzmeyer at nic.fr Tue Nov 11 16:15:50 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Tue, 11 Nov 2003 16:15:50 +0100 Subject: [Help-gnutls] echoping 5.1 released (now with GNU TLS support) In-Reply-To: <20031105121228.GA789@nic.fr> References: <20031105121228.GA789@nic.fr> Message-ID: <20031111151550.GA2255@nic.fr> echoping 5.1 now can use GNU TLS, not only OpenSSL. Why not a list of programs using GNU TLS on www.gnutls.org? From ametzler at logic.univie.ac.at Fri Nov 28 14:52:37 2003 From: ametzler at logic.univie.ac.at (Andreas Metzler) Date: Fri, 28 Nov 2003 13:52:37 +0000 (UTC) Subject: [Help-gnutls] OpenSSL-like directory of certfiles with hash.0 name/symlink Message-ID: Hello, Does GnuTLS support reading certificates from a directory like OpenSSL does, i.e. each file contains one certificates and is either named `openssl x509 -hash -noout -in /cert/file`.0 or has a symlink with this name pointing to it? cu andreas From nmav at gnutls.org Sat Nov 29 12:50:45 2003 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat, 29 Nov 2003 13:50:45 +0200 Subject: [Help-gnutls] OpenSSL-like directory of certfiles with hash.0 name/symlink In-Reply-To: References: Message-ID: <20031129115045.GA1099@gnutls.org> On Fri, Nov 28, 2003 at 01:52:37PM +0000, Andreas Metzler wrote: > Hello, > Does GnuTLS support reading certificates from a directory like OpenSSL > does, i.e. each file contains one certificates and is either named > `openssl x509 -hash -noout -in /cert/file`.0 or has a symlink with this > name pointing to it? Hello Andreas, No there is no such function. > cu andreas -- Nikos Mavroyanopoulos