gmane.comp.encryption.gpg.gnutls.devel

windows and gnutls_certificate_set_x509_system_trust

Nikos Mavrogiannopoulos — 2012-05-17T12:00:36

Hello,
 Is there any of the windows users of gnutls interested into enhancing
gnutls_certificate_set_x509_system_trust to be supported in windows?
Currently it returns an error code on unsupported systems, but according
to [0] there may be a way to work there as well.

regards,
Nikos

[0]. http://marc.info/?l=openssl-users&m=119583966725315

[sr #108051] certtool

Toby Inkster — 2012-05-08T12:43:26

URL:
  <http://savannah.gnu.org/support/?108051>

                 Summary: certtool
                 Project: GnuTLS
            Submitted by: tobyink
            Submitted on: Tue 08 May 2012 12:43:26 GMT
                Category: Included programs
                Priority: 5 - Normal
                Severity: 1 - Wish
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

I'm trying to port a certificate generation script from OpenSSL to GnuTLS. It
would be useful if certtool supported (via the certtool.cfg file) more types
of subjectAltName.

Currently it supports e-mail addresses, domain names and IP addresses. I need
support for URIs, and it would also be nice to have support for OIDs.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108051>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[patch] fix gnutls build with automake 1.12

Nitin A Kamble — 2012-05-07T19:20:42

Attached patch fixes a build issuw of gnutls with automake 1.12

gnutls 2.12.19

Nikos Mavrogiannopoulos — 2012-05-05T17:33:51

Hello,
 I've just released gnutls 2.12.19. It includes several
bug fixes.

Version 2.12.19 (released 2012-05-05)

** libgnutls: When decoding a PKCS #11 URL the pin-source field
is assumed to be a file that stores the pin. Based on patch
by David Smith.

** libgnutls: Added strict tests in Diffie-Hellman and
SRP key exchange public keys.

** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).

** API and ABI modifications:
No changes since last version.



Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
From <ftp://ftp.gnu.org/gnu/gnutls/≥.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the BZIP2 compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.19.tar.bz2
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.19.tar.bz2

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.12.19.tar.bz2.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-2.12.19.tar.bz2.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

help me pleasssse

Francesco Viscomi — 2012-04-29T22:10:07

Hi,
i'm trying to install GnuTLS but i'm going to get crazy.

in the directory*, where i download the package gnutls-3.0.8, i run
.***<bug-gnutls< at >gnu.org>
/configure
then
run make
and then
as root run make install

everything seems to goes well, but in the directory -usr/local/bin i not
find the script libgnutls-config

[sr #108038] version 3.0.18 for windows 64 bit crashes duringinitialisation.

Bjørn Christensen — 2012-04-25T13:19:29

URL:
  <http://savannah.gnu.org/support/?108038>

                 Summary: version 3.0.18 for windows 64 bit crashes during
initialisation.   
                 Project: GnuTLS
            Submitted by: cybear
            Submitted on: Wed 25 Apr 2012 13:19:29 GMT
                Category: Extra library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: Microsoft Windows

    _______________________________________________________

Details:

I have build gnutls version 3.0.18 using nettle version 2.4 and when I call
gnutls_global_init() it calls _gnutls_rnd_init()  and deep down in
--nettle_aes_encrypt() in file aes-encrypt-internal.s:123 I get a segmentation
fault.

If I choose to build libnettle with the option --disable-assembler it works
fine.

I have no clue what is wrong but I am fairly sure it is the assembler code,
probably the calling convention.

I do not know if this is the right place to report this problem.





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108038>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[sr #108037] gnutls_cpuid assembler code follows incorrect callingconvention on Windows x64

Mann Ern Kang — 2012-04-25T03:25:56

URL:
  <http://savannah.gnu.org/support/?108037>

                 Summary: gnutls_cpuid assembler code follows incorrect
calling convention on Windows x64
                 Project: GnuTLS
            Submitted by: mannern
            Submitted on: Wed 25 Apr 2012 03:25:56 AM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: Microsoft Windows

    _______________________________________________________

Details:

The gnutls_cpuid function in file lib\accelerated\x86\coff\cpuid-x86-64-coff.s
follows the Linux parameter passing convention instead of the Windows x64 one,
resulting in a crash (access violation) if hardware acceleration is enabled on
a Windows x64 build of gnutls.

Attaching a patch. This is my first time submitting to gnutls so please let me
know if I missed out anything :)



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 25 Apr 2012 03:25:56 AM GMT  Name: cpuid-x86-64-coff.s  Size: 1kB  
By: mannern

<http://savannah.gnu.org/support/download.php?file_id=25725>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108037>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

Incompatibilities between 3.0.8 and 3.0.18

Ludovic Courtès — 2012-04-22T22:42:37

Hello,

While upgrading libchop from GnuTLS 3.0.8 to 3.0.18, I noticed a few
quirks.

First, compat.h lacks:

    typedef gnutls_openpgp_crt_fmt_t gnutls_openpgp_key_fmt_t
      _GNUTLS_GCC_ATTR_DEPRECATED;

Second, when using OpenPGP mutual authentication,
‘gnutls_certificate_get_peers’ (when called on the server side) now
returns a raw certificate, whereas it previously returned a base64
certificate.

This is in agreement with the doc of that function (dated 2008), but
different from what 3.0.8 and earlier did.

I couldn’t find it in NEWS, nor did I find the commit that changes this,
so I thought it may be worth raising it here.

Thanks,
Ludo’.

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

gnutls 3.0.19

Nikos Mavrogiannopoulos — 2012-04-22T15:21:22

Hello,
 I've just released gnutls 3.0.19. This is a bug-fix release on the
current stable branch.


* Version 3.0.19 (released 2012-04-22)

** libgnutls: When decoding a PKCS #11 URL the pin-source field
is assumed to be a file that stores the pin. Based on patch
by David Smith.

** libgnutls: gnutls_record_check_pending() no longer
returns unprocessed data, and thus ensure the non-blocking
of the next call to gnutls_record_recv().

** libgnutls: Added strict tests in Diffie-Hellman and
SRP key exchange public keys.

** libgnutls: in ECDSA and DSA TLS 1.2 authentication be less
strict in hash selection, and allow a stronger hash to
be used than the appropriate, to improve interoperability
with openssl.

** tests: Disabled floating point test, and corrections
in pkcs12 decoding tests.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.19.tar.xz

Here are the LZIP compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.lz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.lz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.19.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.19.tar.xz.sig

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.lz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.19.tar.lz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.19.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos

patch: some more documentation fixes

Patrick Pelletier — 2012-04-21T22:53:32

Here is a commit with some various documentation and comment  
nitpicks.  I've attached the output of "git format-patch" as an  
attachment to this message; I think that worked successfully the last  
time I submitted one of these.

--Patrick


_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

bug in 3.0.18: gnutls-cli fails to transfer data to gnutls-serv --echo

Alexandre Bique — 2012-04-18T21:06:08

Hi,

I reported the bug first to archlinux, but I forward it here:
https://bugs.archlinux.org/task/29531

I have a bug with GnuTLS-3.0.18, which is that my httpd server (custom
implementation) fails to serve pages to chromium and firefox goes into
an infinite loop. But in the other hand, wget (which is linked against
openssl) succeed in getting files from my server.

There is an easy thing to do to reproduce the bug:

- start a gnutls echo server: gnutls-serv --x509keyfile=key.pem
--x509certfile=cert.pem -p 4242 --disable-client-cert --nodb --generate
--echo

- start a client, and copy a big file: cat /usr/include/*.h >test-file;
gnutls-cli --insecure 0.0.0.0 -p 4242 <test-file

Then it doesn't work :^)

You can also test with an openssl client (it will fail as well): openssl
s_client -connect 0.0.0.0:4242 <test-file

I am using x86_64 architecture.

Regards,

[PATCH 1/1] Add gnutls::session::set_transport_vec_push().

Alexandre Bique — 2012-04-18T17:08:36

Hi,

This patch add missing function set_transport_vec_push() to the C++ wrapper.

Regards,

[sr #108029] Build does not honnor --disable-openpgp

Bjørn Christensen — 2012-04-17T13:30:05

URL:
  <http://savannah.gnu.org/support/?108029>

                 Summary: Build does not honnor --disable-openpgp
                 Project: GnuTLS
            Submitted by: cybear
            Submitted on: Tue 17 Apr 2012 01:30:04 PM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

I have just tried to build gnutls version 3.0.18 on Linux, AIX and windows and
all of them fails due to error in verify-tofu.c and common.c. I am building
with --disable-openpgp and these to files does not honnor the disable
setting.

added #ifdef ENABLE_OPENPGP to verify-tofu.c a couple of places seems to make
the build complete.

I have attached my version of verify-tofu.c so you can see where I had to add
the 3 defines.


/bhc



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 17 Apr 2012 01:30:04 PM GMT  Name: verify-tofu-3.0.18.c  Size: 22kB 
 By: cybear

<http://savannah.gnu.org/support/download.php?file_id=25670>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108029>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

Fix build failure on git master

Stef Walter — 2012-04-16T15:47:03

Hi there,

gnutls git master fails (for me) with the following message:

certtool-args.c:55:13: error: conflicting types for 'optionAlias'
In file included from certtool-args.h:49:0,
                 from certtool-args.c:48:
../src/libopts/autoopts/options.h:1031:12: note: previous declaration of
'optionAlias' was here
make[3]: *** [libcmd_certtool_la-certtool-args.lo] Error 1
make[3]: Leaving directory `/data/projects/gnutls/src'

Patch attached.

In addition configure.ac doesn't check for the 'autogen' tool, and so in
its absence one gets failures later on in the build.

Cheers,

Stef
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

[sr #108028] My own public method, exposed to DLL

Mallikarjun — 2012-04-16T13:28:16

URL:
  <http://savannah.gnu.org/support/?108028>

                 Summary: My own public method, exposed to DLL
                 Project: GnuTLS
            Submitted by: mallugb
            Submitted on: Mon 16 Apr 2012 01:28:15 PM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 4 - Important
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: Microsoft Windows

    _______________________________________________________

Details:

Hallo,

I would like to implement one public method in GNU-TLS, which should be linked
and exported via the DLL. 

How can I achieve the same?
Can some one please help.

Thanks.

Regards,
Malik

 




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108028>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[PATCH] make crywrap optional

Daniel Mierswa — 2012-04-15T16:13:23

---
 configure.ac |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 5350a90..4ce677f 100644
--- a/configure.ac
+++ b/configure.ac
< at >< at > -409,7 +409,14 < at >< at > AC_CHECK_FUNCS([alarm atexit dup2 epoll_create kqueue memchr memset munmap \
 putenv regcomp scandir select socket strcasecmp strchr \
 strdup strerror strncasecmp strrchr strstr strtoul uname])
 
-PKG_CHECK_MODULES(LIBIDN, libidn >= 0.0.0, [libidn=yes], [libidn=no])
+AC_ARG_ENABLE(crywrap,
+AS_HELP_STRING([--disable-crywrap], [unconditionally disable the crywrap TLS proxy service]))
+
+libidn=no
+
+if test "x$enable_crywrap" != "xno" ; then
+PKG_CHECK_MODULES(LIBIDN, libidn >= 0.0.0, [libidn=yes], [libidn=no])
+fi
 
  if test "x$libidn" != "xno" && test "$ac_cv_func_daemon" != "no";then
   crywrap=yes

LP#929108 support reading PIN from file when using PKCS#11 devices

Andreas Metzler — 2012-04-15T07:35:40

Hello,

FYI launchpad bug
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/929108 says
that specifying a PIN file for accessing PKCS#11 devices is broken in 
gnutls 3.x and 2.12.x due to a change in p11-kit.

I cannot test this, however the patch in the bug report still applies to
master. I have also seen that gnutls is using
p11_kit_uri_get_pinfile() which was marked as deprecated in favour of 
p11_kit_uri_get_pin_source() in p11-kit 0.4.

cu andreas

[3.0.18] ‘mini-loss-time’ left runningafter “make check”

Ludovic Courtès — 2012-04-09T20:07:34

Hello,

FYI “make check” in 3.0.18 leaves a ‘mini-loss-time’ process behind it.
I haven’t taken the time to investigate.

Thanks,
Ludo’.

_______________________________________________
Gnutls-devel mailing list
Gnutls-devel< at >gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel

[W32] gnutls-2.12.18 fixes

LRN — 2012-04-08T18:28:43

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

W32 support in GNUTLS 2.x deteriorated a little bit since my last
patching session. Here's a few things that require fixing:
1) gnutls-2.12.18/lib/nettle/egd.* is incompatible with W32 (uses UNIX
domain sockets, absolute UNIX-style paths, calls stat() on integer
file descriptors thought to be sockets, and uses S_IFSOCK). It should
be disabled at configure time.
2) gnutls-2.12.18/lib/nettle/rnd.c requires #include <wincrypt.h> on W32
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPgdjaAAoJEOs4Jb6SI2Cwt2AIAKklNgkkJpo1YqTcy9HasmNS
GcfV0BSRQO2ftjEh3YeEPtm9igoPoSZkzCMmRTslCCx6mD3NbZGo3qIcdJnvWDzk
RKGyZtvCLz6Fi+Wz9g9vnmKb3yIrXDvrvDh4nHYlpMCTD1ZpGdsApja99GbaC379
bTp3P321y4E5hTQWmZKNQJSygKv+JhVYkXgJoD2DTa6SF7oZwMYJSH3c9eMFH7N7
ihw9FQxSLhF3FDhfF88PCmdxIMTzFddsVNFgsN7ISSJhzgn0fYZdYIK0owP0+aP+
3bNnzajR4S6NdEhG0qzYrfEIZFGEVna+6TErLmWWeYNPGWXfAoJpOLt7y9B7O8M=
=k4Oc
-----END PGP SIGNATURE-----

1 Failed test on GNUTLS 3.0.18

Enric Caussa Morales — 2012-04-04T13:00:54

Good day.
I've been building 3.0.18 on Arch Linux PPC, and during `make check'
there's a failed test. GCC version is 4.6.2. Here's the bit that fails:

test-float.c:344: assertion failed
/bin/sh: line 5:  8887 Aborted                 EXEEXT='' srcdir='.'
abs_aux_dir='/build/src/gnutls-3.0.18/build-aux' MAKE='make' ${dir}$tst
FAIL: test-float
PASS: test-fputc

What information can I add to solve this?
Thanks,

gnutls-3.0.18 make check fails on Solaris10

Kiyoshi KANAZAWA — 2012-04-03T14:00:38

Hello,

Gnutls-3.0.18 make check fails on Solaris10 x86-64.

There are 2 types of errors.
(1) 'AF_LOCAL' undeclared
  CC     mini-loss-time.o
mini-loss-time.c: In function `start':
mini-loss-time.c:256: error: `AF_LOCAL' undeclared (first use in this function)
mini-loss-time.c:256: error: (Each undeclared identifier is reported only once
mini-loss-time.c:256: error: for each function it appears in.)
make[3]: *** [mini-loss-time.o] Error 1

This occurs also on
mini-dtls-rehandshake.o
mini-record.o
dtls-stress.o
mini-srp.o

(2) Segmentation Fault
make[3]: Entering directory `/tmp/gnutls-3.0.18/tests/pkcs12-decode'
NEON PKCS12 OK client.p12 foobar
NEON PKCS12 OK noclient.p12
NEON PKCS12 OK unclient.p12
Segmentation Fault
        Type: Encrypted

        Decrypting...
        Type: Certificate
        Type: Certificate
NEON PKCS12 FATAL pkcs12_2certs.p12
NEON PKCS12 DONE (rc 1)
FAIL: pkcs12

gnutls-3.0.17 also has the same problem.

--- Kiyoshi <yoi_no_myoujou< at >yahoo.co.jp>