From ranjit at motorola.com Sat Dec 9 04:48:17 2006 From: ranjit at motorola.com (Avasarala Ranjit-A20990) Date: Sat, 9 Dec 2006 11:48:17 +0800 Subject: [Help-gnutls] Getting srp - tls to work -- Please Help Message-ID: <750BBC72E178114F9DC4872EBFF29A5B03B8E134@ZMY16EXM66.ds.mot.com> Hi I am trying to run the srp client/server and getting following errors: /client-srp-tls *** Handshake failed GNUTLS ERROR: A TLS packet with unexpected length was received. Segmentation fault ./echo-srp-server Echo Server ready. Listening to port '5556'. - connection from 127.0.0.1, port 34905 *** Handshake has failed (Decryption has failed.) How do I proceed further? Should I be using the srp password file? Thanks in Advance Regards Ranjit From simon at josefsson.org Sat Dec 9 10:28:35 2006 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 09 Dec 2006 10:28:35 +0100 Subject: [Help-gnutls] Re: getting gnutls-serv to work with SRP In-Reply-To: <750BBC72E178114F9DC4872EBFF29A5B03B8E077@ZMY16EXM66.ds.mot.com> (Avasarala Ranjit-A's message of "Fri\, 8 Dec 2006 19\:34\:30 +0800") References: <750BBC72E178114F9DC4872EBFF29A5B03B8E077@ZMY16EXM66.ds.mot.com> Message-ID: <87hcw5mn98.fsf@latte.josefsson.org> "Avasarala Ranjit-A20990" writes: > > Hi Simon > > I got the gnutls-cli-debug and gnutls-serv worked with x509. Now I am > facing a problem with SRP > > Server > > src/gnutls-serv --srppasswd ./tpasswd.conf > Error while setting SRP parameters > Error: The request is invalid. > Echo Server ready. Listening to port '5556'. > > Exiting via signal 2 Is your tpasswd.conf valid? You have to generate it using srptool. For example: jas at mocca:~/src/gnutls/src$ ./srptool --create-conf tpasswd.conf ... jas at mocca:~/src/gnutls/src$ ./srptool -u jas -p tpasswd -c tpasswd.conf Enter password: [I type 'FOO' here] jas at mocca:~/src/gnutls/src$ ./gnutls-serv --srppasswd ./tpasswd --srppasswdconf ./tpasswd.conf Echo Server ready. Listening to port '5556'. Then start a client as: jas at mocca:~/src/gnutls/src$ ./gnutls-cli --srpusername jas --srppasswd foo localhost --port 5556 The gnutls-serv process will then print: * connection from ::ffff:127.0.0.1, port 55729 - SRP authentication. Connected as 'jas' - Version: TLS 1.1 - Key Exchange: SRP - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE /Simon > > > Regards > Ranjit > > -----Original Message----- > From: Simon Josefsson [mailto:simon at josefsson.org] > Sent: Wednesday, December 06, 2006 11:24 PM > To: Avasarala Ranjit-A20990; Saha Diptikalyan-brp387 > Subject: Re: getting gnutls-serv to work > > Hi again. Version 1.6.0 is the latest and most stable release. > Version 1.7.0 is based on 1.6.0, but it is the experimental branch > (1.7.x), and is thus less stable and not recommended for stable work, > but it supports TLS 1.2 as well. > > I found your problem. You need to start gnutls-serv with '-g' for it to > generate Diffie-Hellman parameters. That will slow things down, since > it will generate DH params every time. To speed things up, generate the > parameters once, as follows: > > $ certtool --generate-dh-params > dh.pem ... > $ gnutls-serv --dhparams dh.pem > > The second problem is a bug in gnutls-cli-debug. A workaround is to > start gnutls-serv with a X.509 key+cert. E.g.: > > $ gnutls-serv --dhparams dh.pem --x509keyfile ~/self/certs/jas.key > --x509certfile ~/self/certs/jas.cert > > Then gnutls-cli-debug will successfully establish connections using RSA > key exchange. > > I'll work on having gnutls-cli-debug support anonymous connections when > I get back from vacation in January. > > Regards, > Simon > > "Avasarala Ranjit-A20990" writes: > >> Hi Simon >> >> Can u tell me which version of gnutls works fine, I mean which is the >> working version? >> >> Thanks in advance >> >> >> Regards >> Ranjit >> >> -----Original Message----- >> From: Simon Josefsson [mailto:simon at josefsson.org] >> Sent: Tuesday, December 05, 2006 8:19 PM >> To: Avasarala Ranjit-A20990 >> Cc: Saha Diptikalyan-brp387 >> Subject: Re: getting gnutls-serv to work >> >> "Avasarala Ranjit-A20990" writes: >> >>> Hi Simon >>> >>> I am trying to use gnutls for my work. I am trying to run >>> gnutls-cli-debug/gnutls-cli and trying to connect to gnutls-serv. But > >>> I am getting following errors: >>> >>> I am using gnutls-1.7.0 for my work. >>> >>> src/gnutls-serv --protocols TLS1.0 >>> socket() failed: Address family not supported by protocol Echo Server > >>> ready. Listening to port '5556 >>> >>> ./gnutls-cli-debug localhost -p 5556 >>> Resolving 'localhost'... >>> Connecting to '127.0.0.1:5556'... >>> Checking for TLS 1.1 support... no >>> Checking fallback from TLS 1.1 to... failed Checking for TLS 1.0 >>> support... no Checking for SSL 3.0 support... no >>> >>> Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 >>> >>> How do I proceed further? >> >> Hi! There is something wrong in the command line tools that leads to >> this, this was reported recently. The library certainly support >> SSL/TLS1.0/TLS1.1 (and as of 1.7.0, also TLS 1.2). I'm not sure if >> the problem is in the server or client tool, maybe you could try >> replacing either one with a known-working peer and see what happens. >> I suggest you try the examples instead, if your goal is to write your >> own code that uses the library. >> >> Unfortunately, I'm going on vacation next Monday, so I won't have time > >> to fix this until next year. :( I suspect it is something simple that >> have broken the command line tool. >> >> /Simon From simon at josefsson.org Sat Dec 9 10:30:29 2006 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 09 Dec 2006 10:30:29 +0100 Subject: [Help-gnutls] Re: Getting srp - tls to work -- Please Help In-Reply-To: <750BBC72E178114F9DC4872EBFF29A5B03B8E134@ZMY16EXM66.ds.mot.com> (Avasarala Ranjit-A's message of "Sat\, 9 Dec 2006 11\:48\:17 +0800") References: <750BBC72E178114F9DC4872EBFF29A5B03B8E134@ZMY16EXM66.ds.mot.com> Message-ID: <87d56tmn62.fsf@latte.josefsson.org> "Avasarala Ranjit-A20990" writes: > Hi > > I am trying to run the srp client/server and getting following errors: > > /client-srp-tls > *** Handshake failed > GNUTLS ERROR: A TLS packet with unexpected length was received. > Segmentation fault > > ./echo-srp-server > Echo Server ready. Listening to port '5556'. > > - connection from 127.0.0.1, port 34905 > *** Handshake has failed (Decryption has failed.) > > How do I proceed further? Should I be using the srp password file? Yes, you'll need a working srp password file. Btw, that crash looks bad. What's the source for 'client-srp-tls'? Is it an example that came with GnuTLS? I can't find anything by that name in the GnuTLS distribution... /Simon From simon at josefsson.org Sat Dec 9 10:32:39 2006 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 09 Dec 2006 10:32:39 +0100 Subject: [Help-gnutls] Re: Compile error In-Reply-To: (Victor Escobar's message of "Tue\, 21 Nov 2006 08\:49\:03 -0500") References: Message-ID: <878xhhmn2g.fsf@latte.josefsson.org> Victor Escobar writes: > Hi all, > When I compile the latest source on my macpro (osx 10.4.8), I get the > following error: Hi, and sorry for the slow response. I might have actually answered this already, but I didn't find an answer in the archives... Try building with ./configure --disable-cxx. The C++ compiler in Mac OS X is probably broken. Try upgrading the compiler, if the GnuTLS C++ library is important for you. /Simon > ld: Undefined symbols: > __ZN6gnutls11credentials7set_ptrEPv > /usr/bin/libtool: internal link edit command failed > make[3]: *** [libgnutlsxx.la] Error 1 > make[2]: *** [all-recursive] Error 1 > make[1]: *** [all-recursive] Error 1 > make: *** [all] Error 2 > > Please help. From himanshu.bahl at aricent.com Mon Dec 11 17:33:49 2006 From: himanshu.bahl at aricent.com (Himanshu Bahl) Date: Mon, 11 Dec 2006 22:03:49 +0530 Subject: [Help-gnutls] Help needed with gnuTLS. Message-ID: Hi, I`m trying to implement TLS over SCTP. I would be really appreciate if you could help me in this effort. There are certain function calls like recvmsg who`s counter part I`m unable to find in gnuTls function reference. Also apart from the RFC 3436 I`m unable to locate any concrete information in regards to the same. A speedy response will be really help full as I`m running in a very critical situation. Sincerely, Himanshu. Know Me http://www.aricent.com *********************** Aricent-Private *********************** "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus." -------------- next part -------------- An HTML attachment was scrubbed... URL: From ludovic.courtes at laas.fr Wed Dec 13 17:43:12 2006 From: ludovic.courtes at laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Wed, 13 Dec 2006 17:43:12 +0100 Subject: [Help-gnutls] Re: Failure to import an OpenPGP private key References: <87u01rxgqg.fsf@laas.fr> <87lkn2or1x.fsf@latte.josefsson.org> <87wt6mkt3b.fsf@laas.fr> <87odru40bq.fsf@latte.josefsson.org> Message-ID: <87fybjbvbz.fsf@laas.fr> Hi, I'm finally getting back to this issue... Simon Josefsson writes: > ludovic.courtes at laas.fr (Ludovic Court?s) writes: > >> This can be seen as a GnuTLS bug since the FORMAT argument of >> `gnutls_openpgp_privkey_import' is not honored. Does CDK provide a way >> to import ASCII-armored private keys? Otherwise, `privkey_import' >> should return `UNIMPLEMENTED_FEATURE' when FORMAT is not `RAW'. > > I agree. There is code in OpenCDK to decode ASCII-armored data, so I > suspect there is some minor bug that prevents this from working. Below is a patch (against HEAD) that allows the import of ASCII-armored OpenPGP private keys. Thanks, Ludovic. ChangeLog entry: * lib/gnutls_cert.c (_gnutls_raw_privkey_to_gkey): Pass KEY_ENC to `_E_gnutls_openpgp_raw_privkey_to_gkey ()'. * libextra/gnutls_extra.h (OPENPGP_RAW_PRIVKEY_TO_GKEY): Added a `gnutls_openpgp_key_fmt_t' argument. * libextra/gnutls_openpgp.c (_gnutls_openpgp_raw_privkey_to_gkey): Take a new FORMAT argument. When FORMAT is `BASE64', set the armor flag on OUT. (gnutls_certificate_set_openpgp_key_mem): Pass `GNUTLS_OPENPGP_FMT_RAW' as the last argument to `_gnutls_openpgp_raw_privkey_to_gkey ()'. * libextra/openpgp/gnutls_openpgp.h (_gnutls_openpgp_raw_privkey_to_gkey): Updated accordingly. * libextra/openpgp/privkey.c (gnutls_openpgp_privkey_import): Pass FORMAT to `_gnutls_openpgp_raw_privkey_to_gkey ()'. -------------- next part -------------- A non-text attachment was scrubbed... Name: ,,armored-priv-key.diff Type: text/x-patch Size: 4072 bytes Desc: The patch URL: From bortzmeyer at nic.fr Thu Dec 21 15:19:45 2006 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 21 Dec 2006 15:19:45 +0100 Subject: [Help-gnutls] Re: Help needed with gnuTLS. In-Reply-To: References: Message-ID: <20061221141945.GA26008@nic.fr> On Mon, Dec 11, 2006 at 10:03:49PM +0530, Himanshu Bahl wrote a message of 88 lines which said: > A speedy response will be really help full as I`m running in a very > critical situation. http://www.gnu.org/software/gnutls/commercial.html From fweimer at bfk.de Thu Dec 21 15:22:52 2006 From: fweimer at bfk.de (Florian Weimer) Date: Thu, 21 Dec 2006 15:22:52 +0100 Subject: [Help-gnutls] Help needed with gnuTLS. In-Reply-To: (Himanshu Bahl's message of "Mon, 11 Dec 2006 22:03:49 +0530") References: Message-ID: <82ac1he3b7.fsf@mid.bfk.de> * Himanshu Bahl: > There are certain function calls like recvmsg who`s counter part I`m > unable to find in gnuTls function reference. recvmsg and sendmsg correspond to the push and pull functions in GnuTLS. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 From himanshu.bahl at aricent.com Tue Dec 26 07:57:19 2006 From: himanshu.bahl at aricent.com (Himanshu Bahl) Date: Tue, 26 Dec 2006 12:27:19 +0530 Subject: [Help-gnutls] Help needed with gnuTLS. In-Reply-To: <82ac1he3b7.fsf@mid.bfk.de> Message-ID: Hi, I looked at the gnuTLS function library reference. I did not find the functions there that you have mentioned below. can you specify where can I get the functions prototypes. http://www.gnu.org/software/gnutls/manual/html_node/Function-reference.html#Function-reference Know Me Florian Weimer 12/21/2006 07:52 PM To Himanshu Bahl/HSS at HSS cc help-gnutls at gnu.org Subject Re: [Help-gnutls] Help needed with gnuTLS. * Himanshu Bahl: > There are certain function calls like recvmsg who`s counter part I`m > unable to find in gnuTls function reference. recvmsg and sendmsg correspond to the push and pull functions in GnuTLS. -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstra?e 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 *********************** Aricent-Private *********************** -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14706 bytes Desc: not available URL: From simon at josefsson.org Wed Dec 27 08:10:02 2006 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 27 Dec 2006 08:10:02 +0100 Subject: [Help-gnutls] Re: Help needed with gnuTLS. In-Reply-To: (Himanshu Bahl's message of "Tue\, 26 Dec 2006 12\:27\:19 +0530") References: <82ac1he3b7.fsf@mid.bfk.de> Message-ID: <87k60drf05.fsf@latte.josefsson.org> Himanshu Bahl writes: > Hi, > I looked at the gnuTLS function library reference. I did not find the > functions there that you have mentioned below. can you specify where can I > get the functions prototypes. > http://www.gnu.org/software/gnutls/manual/html_node/Function-reference.html#Function-reference Hi. I think you want to define your own push/pull functions, and make sure GnuTLS is using them instead of recv() or send(). Use gnutls_transport_set_pull_function() and gnutls_transport_set_push_function(), see the manual for function descriptions. Also see the manual on transport layers: http://www.gnu.org/software/gnutls/manual/html_node/The-transport-layer.html#The-transport-layer /Simon > > > Know Me > > > > > > Florian Weimer > 12/21/2006 07:52 PM > > > To > Himanshu Bahl/HSS at HSS > cc > help-gnutls at gnu.org > Subject > Re: [Help-gnutls] Help needed with gnuTLS. > > > > > > > * Himanshu Bahl: > >> There are certain function calls like recvmsg who`s counter part I`m >> unable to find in gnuTls function reference. > > recvmsg and sendmsg correspond to the push and pull functions in > GnuTLS. > > -- > Florian Weimer > BFK edv-consulting GmbH http://www.bfk.de/ > Kriegsstra?e 100 tel: +49-721-96201-1 > D-76133 Karlsruhe fax: +49-721-96201-99 > > > > *********************** Aricent-Private ***********************_______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > http://lists.gnu.org/mailman/listinfo/help-gnutls From ranjit at motorola.com Wed Dec 27 11:23:55 2006 From: ranjit at motorola.com (Avasarala Ranjit-A20990) Date: Wed, 27 Dec 2006 18:23:55 +0800 Subject: [Help-gnutls] Modifying tls code In-Reply-To: <87k60drf05.fsf@latte.josefsson.org> Message-ID: <750BBC72E178114F9DC4872EBFF29A5B03C50F35@ZMY16EXM66.ds.mot.com> Hi I have a requirement to have end to end SRP/TLS connection with a mechanism to send and receive data. Like the client version of SRP/TLS (gnutls-cli) should be able to send some data to server (gnutls-serv) and the server should be able to send back some data to the client(gnutls-cli). How do I go about this? Is this possible with the current tls/srp code? If yes which parts of the code I should look at? Thanks in advance Regards Ranjit - From himanshu.bahl at aricent.com Wed Dec 27 12:36:26 2006 From: himanshu.bahl at aricent.com (Himanshu Bahl) Date: Wed, 27 Dec 2006 17:06:26 +0530 Subject: [Help-gnutls] Re: Help needed with gnuTLS. In-Reply-To: <87k60drf05.fsf@latte.josefsson.org> Message-ID: Hi, Thanks. I will look into it. Sincerely, Himanshu. Know Me Simon Josefsson 12/27/2006 12:40 PM To Himanshu Bahl/HSS at HSS cc Florian Weimer , help-gnutls at gnu.org Subject Re: Help needed with gnuTLS. Himanshu Bahl writes: > Hi, > I looked at the gnuTLS function library reference. I did not find the > functions there that you have mentioned below. can you specify where can I > get the functions prototypes. > http://www.gnu.org/software/gnutls/manual/html_node/Function-reference.html#Function-reference Hi. I think you want to define your own push/pull functions, and make sure GnuTLS is using them instead of recv() or send(). Use gnutls_transport_set_pull_function() and gnutls_transport_set_push_function(), see the manual for function descriptions. Also see the manual on transport layers: http://www.gnu.org/software/gnutls/manual/html_node/The-transport-layer.html#The-transport-layer /Simon > > > Know Me > > > > > > Florian Weimer > 12/21/2006 07:52 PM > > > To > Himanshu Bahl/HSS at HSS > cc > help-gnutls at gnu.org > Subject > Re: [Help-gnutls] Help needed with gnuTLS. > > > > > > > * Himanshu Bahl: > >> There are certain function calls like recvmsg who`s counter part I`m >> unable to find in gnuTls function reference. > > recvmsg and sendmsg correspond to the push and pull functions in > GnuTLS. > > -- > Florian Weimer > BFK edv-consulting GmbH http://www.bfk.de/ > Kriegsstra?e 100 tel: +49-721-96201-1 > D-76133 Karlsruhe fax: +49-721-96201-99 > > > > *********************** Aricent-Private ***********************_______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > http://lists.gnu.org/mailman/listinfo/help-gnutls *********************** Aricent-Private *********************** "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus." -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14706 bytes Desc: not available URL: From simon at josefsson.org Wed Dec 27 21:40:51 2006 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 27 Dec 2006 21:40:51 +0100 Subject: [Help-gnutls] Re: Modifying tls code In-Reply-To: <750BBC72E178114F9DC4872EBFF29A5B03C50F35@ZMY16EXM66.ds.mot.com> (Avasarala Ranjit-A's message of "Wed\, 27 Dec 2006 18\:23\:55 +0800") References: <87k60drf05.fsf@latte.josefsson.org> <750BBC72E178114F9DC4872EBFF29A5B03C50F35@ZMY16EXM66.ds.mot.com> Message-ID: <87d5659ing.fsf@latte.josefsson.org> "Avasarala Ranjit-A20990" writes: > > Hi > > I have a requirement to have end to end SRP/TLS connection with a > mechanism to send and receive data. Like the client version of SRP/TLS > (gnutls-cli) should be able to send some data to server (gnutls-serv) > and the server should be able to send back some data to the > client(gnutls-cli). > > How do I go about this? Is this possible with the current tls/srp code? > If yes which parts of the code I should look at? I'm not sure what you are asking for. Implementing a client and server that use TLS+SRP to protect the channel, and then send data back and forward between the client and server is certainly possible, and quite easy. There are example TLS+SRP code in doc/examples/, see ex-client-srp.c and ex-serv-srp.c. Are you asking for something more specific? /Simon From simon at josefsson.org Thu Dec 28 09:29:56 2006 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 28 Dec 2006 09:29:56 +0100 Subject: [Help-gnutls] Re: Failure to import an OpenPGP private key In-Reply-To: <87fybjbvbz.fsf@laas.fr> (Ludovic =?iso-8859-1?Q?Court=E8s's?= message of "Wed\, 13 Dec 2006 17\:43\:12 +0100") References: <87u01rxgqg.fsf@laas.fr> <87lkn2or1x.fsf@latte.josefsson.org> <87wt6mkt3b.fsf@laas.fr> <87odru40bq.fsf@latte.josefsson.org> <87fybjbvbz.fsf@laas.fr> Message-ID: <878xgsa0e3.fsf@latte.josefsson.org> ludovic.courtes at laas.fr (Ludovic Court?s) writes: > Hi, > > I'm finally getting back to this issue... > > Simon Josefsson writes: > >> ludovic.courtes at laas.fr (Ludovic Court?s) writes: >> >>> This can be seen as a GnuTLS bug since the FORMAT argument of >>> `gnutls_openpgp_privkey_import' is not honored. Does CDK provide a way >>> to import ASCII-armored private keys? Otherwise, `privkey_import' >>> should return `UNIMPLEMENTED_FEATURE' when FORMAT is not `RAW'. >> >> I agree. There is code in OpenCDK to decode ASCII-armored data, so I >> suspect there is some minor bug that prevents this from working. > > Below is a patch (against HEAD) that allows the import of ASCII-armored > OpenPGP private keys. Hi! Thanks for working on this. However, your patch changes the external API/ABI, which is something we _really_ don't want to do unless we can avoid it. It seems a better patch would be to have _gnutls_openpgp_raw_privkey_to_gkey be able to figure out the format of the input automatically -- that seems possible to implement. Just go over the input and look for non-ASCII characters (or just some specific non-ASCII character like \0, which I assume is guaranteed to always be present in OpenPGP binary keys, to avoid problems with non-ASCII characters in a Comment: field or similar), and set the armor flag accordingly. What do you think? If you agree, I'd appreciate if you could suggest a specific patch to implement this. Btw, to be able to use your patch, we'd might need a copyright assignment, if the patch is large.. would that be a problem? I can send you the forms offline. Thanks, Simon From simon at josefsson.org Thu Dec 28 10:59:27 2006 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 28 Dec 2006 10:59:27 +0100 Subject: [Help-gnutls] GnuTLS 1.6.1 Message-ID: <87r6uk8hog.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.6.1! This is a bugfix-only release on the stable branch. This version is what we recommend for those who need a stable version of GnuTLS. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. GnuTLS is developed for GNU/Linux, but works on many Unix-like systems and comes with a binary installer for Windows. * Version 1.6.1 (released 2006-12-28) ** Fix the list of trusted CAs that server's send to clients. Before, the list contained issuer DN's instead of subject DN's of the trusted CAs. Reported by Max Kellermann . ** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. Reported by Max Kellermann . ** Encode UID fields in DN's as DirectoryString. Before GnuTLS encoded and parsed UID fields as IA5String. This was incorrect, it should have used DirectoryString. Now it will use DirectoryString for the UID field, but for backwards compatibility it will also accept IA5String UID's. Reported by Max Kellermann . ** Fix ./configure failure with non-GCC compilers. This fixes the following error message: configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. Reported by "Michael C. Vergallen" . ** API and ABI modifications: No changes since last version. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ Here are the compressed sources (4.1MB): ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.6.1.tar.bz2 http://josefsson.org/gnutls/releases/gnutls-1.6.1.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.6.1.tar.bz2.sig http://josefsson.org/gnutls/releases/gnutls-1.6.1.tar.bz2.sig For more information about GnuTLS for Windows: http://josefsson.org/gnutls4win/ The Windows binary installer and PGP signature: http://josefsson.org/gnutls4win/gnutls-1.6.1.exe (14MB) http://josefsson.org/gnutls4win/gnutls-1.6.1.exe.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: e9517a6ad324245a5ebf8d86a16fc1486cd0b6ee gnutls-1.6.1.tar.bz2 98452c23fa832d7088eb98876b3f60ee0d087ced gnutls-1.6.1.tar.bz2.sig 7711a351913731db25e12b20bc6f51e488f28df9c2673efdfa6e35034884cb41 gnutls-1.6.1.tar.bz2 dfc24ac71c0897bbaf525580f2459fcbc3d2cf07a6220e3c21ebe6252be41e2a gnutls-1.6.1.tar.bz2.sig 24a453427987cbe5e3735a16dff8fc39ab5120e8 gnutls-1.6.1.exe 5d4505ab2a4369284086fe03b93e329947665804 gnutls-1.6.1.exe.sig 0d9e860e09fba520d04f5a674d9b9e11e8f4c33514c491cf5793197eeb5ab210 gnutls-1.6.1.exe 459d9f240e438d57a6220b37cefb3c62f73319d85c0551d6948b495dbfe9177b gnutls-1.6.1.exe.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: