From grothoff at gnu.org  Mon Jun 11 11:16:52 2018
From: grothoff at gnu.org (grothoff at gnu.org)
Date: Mon, 11 Jun 2018 11:16:52 +0200
Subject: [gnutls-help] GIT build failing
Message-ID: <5b571bde-105a-21e7-dddd-1c4449f87e28@grothoff.org>

Hi!

I have the same build issue, on Debian buster, following the
instructions from README using GNU Bison 3.0.4.


While I'm here, the issue I was trying to investigate was a failing
certificate violation for 'img.lemde.fr' using this code from
gnunet-gns-proxy.c (in GNUnet):

 chainp = gnutls_certificate_get_peers (tlsinfo->internals,
					 &cert_list_size);
 gnutls_x509_crt_init (&x509_cert);
 gnutls_x509_crt_import (x509_cert,
                         chainp,
                         GNUTLS_X509_FMT_DER);

 if (0 == (rc = gnutls_x509_crt_check_hostname (x509_cert,
                                                hostname)))
   fail(); // fails...

gnutls-cli is happy with the cert, but it doesn't seem to call
check_hostname. This is a wildcard subjectAltName in the cert (Chromium
and Firefox are happy with it).

Any advice (both on building from Git or what might be wrong with my
cert-checking logic) would be very welcome...

Happy hacking!

Christian

> On Thu, Mar 8, 2018 at 12:54 PM, Simon Friedberger <simon.tls at a-oben.org> wrote:
>> I am getting the following error when trying to build the master branch:
>>
>> ./parse-datetime.y: In function 'yylex':
>> ./parse-datetime.y:1413:20: error: dereferencing pointer to incomplete
>> type 'union YYSTYPE'
>>                lvalp->timespec.tv_sec = s;
>>                     ^
>> What might be causing this?
> 
> This is a file processed with bison/yacc. Which version do you use?
> Did you follow the instructions in README.md?
> 
> regards,
> Nikos


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xE29FC3CC.asc
Type: application/pgp-keys
Size: 4757 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180611/a8b91f32/attachment.key>

From grothoff at gnu.org  Wed Jun 13 18:42:39 2018
From: grothoff at gnu.org (Christian Grothoff)
Date: Wed, 13 Jun 2018 18:42:39 +0200
Subject: [gnutls-help] SNI in tlsproxy
Message-ID: <3d87cb2c-b44f-4a5f-16b0-fadcab8f1a28@grothoff.org>

Hi!

The attached patch fixes the tlsproxy example to enable SNI.  This
explains _part_ of the problem I was seeing with certificate
verification, the remaining question is why curl sometimes doesn't do it
as it should, but that's not a GnuTLS issue.

Happy hacking!

Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-support-SNI-in-tlsproxy.patch
Type: text/x-patch
Size: 713 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180613/9942b06a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180613/9942b06a/attachment.sig>

From nmav at gnutls.org  Tue Jun 19 08:59:44 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Tue, 19 Jun 2018 08:59:44 +0200
Subject: [gnutls-help] SNI in tlsproxy
In-Reply-To: <3d87cb2c-b44f-4a5f-16b0-fadcab8f1a28@grothoff.org>
References: <3d87cb2c-b44f-4a5f-16b0-fadcab8f1a28@grothoff.org>
Message-ID: <CAJU7za+hxdYghGGkxh8_03YsA0-ShTVoatJzbx4KrNC6SMCS3w@mail.gmail.com>

Thank you Christian. Would you like to submit to:
https://github.com/abligh/tlsproxy

gnutls uses that repo as a git submodule.

regards,
Nikos

On Wed, Jun 13, 2018 at 6:42 PM, Christian Grothoff <grothoff at gnu.org> wrote:
> Hi!
>
> The attached patch fixes the tlsproxy example to enable SNI.  This
> explains _part_ of the problem I was seeing with certificate
> verification, the remaining question is why curl sometimes doesn't do it
> as it should, but that's not a GnuTLS issue.
>
> Happy hacking!
>
> Christian
>
> _______________________________________________
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-help


From dilyan.palauzov at aegee.org  Fri Jun 22 23:33:44 2018
From: dilyan.palauzov at aegee.org (=?UTF-8?Q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD_?= =?UTF-8?Q?=D0=9F=D0=B0=D0=BB=D0=B0=D1=83=D0=B7=D0=BE=D0=B2?=)
Date: Fri, 22 Jun 2018 21:33:44 +0000
Subject: [gnutls-help] gnutls-cli-debug "|<1>| Received record packet of
 unknown type 97"
Message-ID: <452ae97bae1478aebae3c79345045d4c70dada6c.camel@aegee.org>

Hello,

1)  Why is printed "|<1>| Received record packet of unknown type 97"
below?

$  gnutls-cli-debug -p 143 --starttls-proto imap mail.aegee.org
GnuTLS debug client 3.5.18
Checking mail.aegee.org:143
|<1>| Received record packet of unknown type 97
                             for SSL 3.0 (RFC6101) support... no
                        whether we need to disable TLS 1.2... no
                        whether we need to disable TLS 1.1... no
                        whether we need to disable TLS 1.0... no
                        whether %NO_EXTENSIONS is required... no
                               whether %COMPAT is required... yes
|<1>| Received record packet of unknown type 97
                             for TLS 1.0 (RFC2246) support... no
|<1>| Received record packet of unknown type 97
 for TLS 1.0 (RFC2246) support with TLS 1.0 record version... no
|<1>| Received record packet of unknown type 97
                             for TLS 1.1 (RFC4346) support... no
|<1>| Received record packet of unknown type 97
                                  fallback from TLS 1.1 to... failed
                             for TLS 1.2 (RFC5246) support... yes
                                  fallback from TLS 1.6 to... TLS1.2

[..]

2) Why does https://lists.gnupg.org/ say "Please send questions about
using, compiling, and installing GNUTLS to gnutls-help at lists.gnutls.org
 and ask to CC you in case you are not subscribed to this mailing
list." when only subscribers can post to the mailing list?

Regards
  ?????