gmane.comp.encryption.gpg.gnutls.devel

Re: [sr #108051] certtool

Nikos Mavrogiannopoulos — 2012-05-11T20:23:45


I've added support for it in certtool.

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=c4951af8b85be1963f8dc67f97fb82df55e0fced

regards,
Nikos

Re: [oss-security] CVE Request: evolution-data-server lacks SSLchecking in its libsoup users

Nikos Mavrogiannopoulos — 2012-05-11T19:40:11



No this patch doesn't include that functionality.

regards,
Nikos


_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

Re: [oss-security] CVE Request: evolution-data-server lacks SSLchecking in its libsoup users

Бранко Мајић — 2012-05-11T16:50:14

A small curiosity - this function only supports working with single
large file? No support for something like hashed directory
(OpenSSL-style)?

On Fri, 11 May 2012 13:55:50 +0200
Nikos Mavrogiannopoulos <nmav< at >gnutls.org> wrote:

Re: [sr #108051] certtool

Toby Inkster — 2012-05-09T13:56:24

Yes, URIs are used by WebID
<http://www.w3.org/2005/Incubator/webid/spec/>. Lack of support for URI
subjectAltNames in certtool is why I'm currently reliant on OpenSSL.

-Toby

Re: [PATCH v2 gnutls] introducegnutls_certificate_set_x509_system_trust

Nikos Mavrogiannopoulos — 2012-05-09T14:32:36



Applied, thank you.

Re: [patch] fix gnutls build with automake 1.12

Nikos Mavrogiannopoulos — 2012-05-09T06:22:12



Thank you. Applied.

regards,
Nikos

Re: [sr #108051] certtool

Nikos Mavrogiannopoulos — 2012-05-09T06:12:21



Are these fields being used by anyone? I understand they might
be good to have them for completeness, but on the practical side
does it change anything? rfc2818 that defines
a way to verify hostnames for https isn't mentioning those two
fields at all.

If there are no known practical applications, I'll not spend any
resources on these, but of course I'll accept any patch that adds
them.

regards,
Nikos

Re: [sr #108051] certtool

Toby Inkster — 2012-05-08T21:43:30

On Tue, 8 May 2012 09:10:03 -0700
Peter Williams <home_pw< at >msn.com> wrote:


It was mostly just an afterthought. I have an OID, and it would be nice
to stuff it in there.

The main part of the wish is for URIs though.

Re: Problem with int types persists on nettle 2.4 and gnutls 3.0.19on Solaris 9 Sparc

Paul Eggert — 2012-05-08T21:17:06

Yes, that's the idea.  Thanks.

Re: [sr #108051] certtool

Peter Williams — 2012-05-08T16:10:03

Out of interest, why do you want the oid name form alternate?

It's just that the oid name form has such a very rare place in today's world, and only one group I know of uses it (for its actually quite special role in the modern  Internet).

Sent from my iPhone

On May 8, 2012, at 5:43 AM, "Toby Inkster" <INVALID.NOREPLY< at >gnu.org> wrote:

[sr #108051] certtool

Toby Inkster — 2012-05-08T12:43:26

URL:
  <http://savannah.gnu.org/support/?108051>

                 Summary: certtool
                 Project: GnuTLS
            Submitted by: tobyink
            Submitted on: Tue 08 May 2012 12:43:26 GMT
                Category: Included programs
                Priority: 5 - Normal
                Severity: 1 - Wish
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

I'm trying to port a certificate generation script from OpenSSL to GnuTLS. It
would be useful if certtool supported (via the certtool.cfg file) more types
of subjectAltName.

Currently it supports e-mail addresses, domain names and IP addresses. I need
support for URIs, and it would also be nice to have support for OIDs.




    _______________________________________________________

Reply to this item at:

[patch] fix gnutls build with automake 1.12

Nitin A Kamble — 2012-05-07T19:20:42

Attached patch fixes a build issuw of gnutls with automake 1.12

Re: Problem with int types persists on nettle 2.4 and gnutls 3.0.19on Solaris 9 Sparc

Bruno Haible — 2012-05-06T14:38:04

It doesn't exist so far. But it is feasible. - On the other hand, it
looks like nettle-stdint.h can already be easily trimmed in this way,
by undefining _STDINT_NEED_INT_LEAST_T and _STDINT_NEED_INT_FAST_T ?

Bruno

gnutls 2.12.19

Nikos Mavrogiannopoulos — 2012-05-05T17:33:51

Hello,
 I've just released gnutls 2.12.19. It includes several
bug fixes.

Version 2.12.19 (released 2012-05-05)

** libgnutls: When decoding a PKCS #11 URL the pin-source field
is assumed to be a file that stores the pin. Based on patch
by David Smith.

** libgnutls: Added strict tests in Diffie-Hellman and
SRP key exchange public keys.

** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).

** API and ABI modifications:
No changes since last version.



Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
From <ftp://ftp.gnu.org/gnu/gnutls/≥.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the BZIP2 compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.19.tar.bz2
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.19.tar.bz2

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ft

Re: help me pleasssse

Andreas Metzler — 2012-05-02T16:32:05



This was dropped ages ago:

Quoting NEWS:
* Version 2.8.0 (released 2009-05-27)
[...]
*** Old libgnutls.m4 and libgnutls-config scripts removed.
Please use pkg-config instead.
------------

cu andreas

help me pleasssse

Francesco Viscomi — 2012-04-29T22:10:07

Hi,
i'm trying to install GnuTLS but i'm going to get crazy.

in the directory*, where i download the package gnutls-3.0.8, i run
.***<bug-gnutls< at >gnu.org>
/configure
then
run make
and then
as root run make install

everything seems to goes well, but in the directory -usr/local/bin i not
find the script libgnutls-config

Re: Problem with int types persists on nettle 2.4 and gnutls 3.0.19on Solaris 9 Sparc

Simon Josefsson — 2012-04-27T13:46:18

fre 2012-04-27 klockan 14:54 +0200 skrev Niels Möller:

Using system headers if available seems like a good idea.


What is the difference?  This sounds bad.


If they are unused, we could remove the definitions.


Yes.  Understanding what the differences is, and which one is right, seems useful first though.  If the problem is in gnulib, we can fix that and GnuTLS will have the new variant soon.

/Simon



_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

Re: Problem with int types persists on nettle 2.4 and gnutls 3.0.19on Solaris 9 Sparc

Dagobert Michelsen — 2012-04-27T12:23:13

Hi Niels,

Am 05.05.2011 um 13:35 schrieb Dagobert Michelsen:

I just verified that the problem persists with nettle 2.4 and gnutls-3.0.19. As you seem to have
access to the Solaris buildfarm it would be cool if you could finally fix this as it blocks
new releases of gnutls for the OpenCSW distribution.


Best regards

  -- Dago

[sr #108038] version 3.0.18 for windows 64 bit crashes duringinitialisation.

Mann Ern Kang — 2012-04-26T00:51:29

Follow-up Comment #4, sr #108038 (project gnutls):

Posted to the nettle-bugs mailing list.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108038>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[sr #108038] version 3.0.18 for windows 64 bit crashes duringinitialisation.

Mann Ern Kang — 2012-04-25T15:19:06

Follow-up Comment #2, sr #108038 (project gnutls):

I believe this is a different issue. The fix mentioned only corrects the
parameter passing for the cpuid assembler code inside gnutls. 

I came across this issue while building nettle for Windows x64 earlier on.
This crash is actually due to the assembler code for aes inside nettle. The
RNG for gnutls uses yarrow from nettle, which in turn uses some aes functions
internally. Nettle has custom assembler code for aes, which after inspecting
the .asm files, appears to support only the Linux calling convention on x86_64
(based on nettle 2.4).

As such, this seems to be more of a nettle problem rather than a gnutls one.

Cheers,
Mann Ern

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108038>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[sr #108038] version 3.0.18 for windows 64 bit crashes duringinitialisation.

Nikos Mavrogiannopoulos — 2012-04-25T15:29:35

Follow-up Comment #3, sr #108038 (project gnutls):

Ah, ok then. May I ask you to report it also to nettle?
http://www.lysator.liu.se/~nisse/nettle/


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108038>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/