From MAILER-DAEMON Thu Feb 01 03:11:53 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCX2v-0007tj-CH for mharc-help-gnutls@gnu.org; Thu, 01 Feb 2007 03:11:53 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCX2s-0007sr-E0 for help-gnutls@gnu.org; Thu, 01 Feb 2007 03:11:50 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCX2q-0007s6-Mw for help-gnutls@gnu.org; Thu, 01 Feb 2007 03:11:50 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCX2q-0007s0-A3 for help-gnutls@gnu.org; Thu, 01 Feb 2007 03:11:48 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCX2p-0004Hb-Oc for help-gnutls@gnu.org; Thu, 01 Feb 2007 03:11:48 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l118BXAq029881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Feb 2007 09:11:33 +0100 X-Hashcash: 1:22:070201:help-gnutls@gnu.org::ZwCKV7qjA2vSTPR2:BNAG From: Simon Josefsson To: Vincent Thomasset References: <20070201090509.734536dd@localhost> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070201:vincent.thomasset@skynet.be::0qpq/XhGtzNWn6f8:0LkH Date: Thu, 01 Feb 2007 09:11:33 +0100 In-Reply-To: <20070201090509.734536dd@localhost> (Vincent Thomasset's message of "Thu\, 1 Feb 2007 09\:05\:09 +0100") Message-ID: <87mz3y70wa.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls4win X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 08:11:51 -0000 Vincent Thomasset writes: > Hi, > > I noticed there was a lot of local paths (namely /home/jas/...) in the > packages available at http://josefsson.org/gnutls4win/ (at least in > the .exe installer). Hi! Can you be more specific, I can't seem to be able to verify that: jas@mocca:~/gnutls4win$ grep -l 'home/jas' gnutls-*.exe jas@mocca:~/gnutls4win$ I'm not that familiar with NSIS, maybe it includes some kind of debugging information. Anyway, all the source code for what goes into the installer is on the same web site. /Simon From MAILER-DAEMON Thu Feb 01 05:43:40 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCZPo-0002fE-89 for mharc-help-gnutls@gnu.org; Thu, 01 Feb 2007 05:43:40 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCZPl-0002er-H0 for help-gnutls@gnu.org; Thu, 01 Feb 2007 05:43:37 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCZPk-0002dt-I3 for help-gnutls@gnu.org; Thu, 01 Feb 2007 05:43:36 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCZPk-0002dm-E5 for help-gnutls@gnu.org; Thu, 01 Feb 2007 05:43:36 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCZPj-0004UH-Sf for help-gnutls@gnu.org; Thu, 01 Feb 2007 05:43:36 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l11AhOq4002341 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Feb 2007 11:43:25 +0100 X-Hashcash: 1:22:070201:help-gnutls@gnu.org::iePH0B5XTxnvXJa7:DxWu X-Hashcash: 1:22:070201:gnutls-dev@gnupg.org::VIKZMSpAME7bO/yg:W5+ From: Simon Josefsson To: help-gnutls@gnu.org, gnutls-dev@gnupg.org OpenPGP: id=B565716F; url=http://josefsson.org/key.txt Date: Thu, 01 Feb 2007 11:43:24 +0100 Message-ID: <87abzy6tv7.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: Subject: [Help-gnutls] OpenCDK 0.5.13 X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 10:43:38 -0000 --=-=-= The OpenCDK library implement basic parts of the OpenPGP message format. The aim of the library is *not* to replace any available OpenPGP version. There will be no support for key management (sign, revoke, alter preferences, ...) and some other parts are only rudimentary available. The main purpose is to handle and understand OpenPGP packets and to use basic operations. For example, encrypt/decrypt, sign/verify and packet parsing routines. The library is used by GnuTLS for OpenPGP support. Noteworthy changes in version 0.5.13 (2007-02-01) ------------------------------------------------ * Fixed shared library for newly added APIs in last release. * Add -no-undefined to LDFLAGS, to make opencdk build under mingw32. * Add AC_LIBTOOL_WIN32_DLL to configure.ac, which is required for * libtool to behave correctly for cross-compiles to mingw32. * Use gnulib for mingw32 support. Noteworthy changes in version 0.5.12 (2007-02-01) ------------------------------------------------ * Add new API to extract public/secret OpenPGP key to S-expr. The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp. Patch by Mario Lenz . * Autoconf 2.60 and automake 1.10 are now required. * Doc fixes. Commercial support contracts for OpenCDK are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding OpenCDK maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use OpenCDK, or want to help others, you are invited to join our help-gnutls mailing list, see: . Here are the compressed sources (588KB): http://josefsson.org/gnutls/releases/opencdk/opencdk-0.5.13.tar.gz ftp://ftp.gnutls.org/pub/gnutls/opencdk/opencdk-0.5.13.tar.gz Here are GPG detached signatures using key 0xB565716F: http://josefsson.org/gnutls/releases/opencdk/opencdk-0.5.13.tar.gz.sig ftp://ftp.gnutls.org/pub/gnutls/opencdk/opencdk-0.5.13.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: bff9daabfe8f20824e4d167a9dc11e0908f11370 opencdk-0.5.13.tar.gz 83f37a0551027849ec9905262334525cccb201cf opencdk-0.5.13.tar.gz.sig 2a790fc3175f6c6fe1e7d4616eef1ca3f8cb7966eeffba4c12fdad94 opencdk-0.5.13.tar.gz 7ac5ac3583f7fd88b65cc42a18cc2736dca6d08a0438fa839e06f0e4 opencdk-0.5.13.tar.gz.sig Enjoy, Timo, Nikos, Simon --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iOoEAQECADQFAkXBxEwtFIAAAAAAFQAPcGthLWFkZHJlc3NAZ251cGcub3JnamFz QGV4dHVuZG8uY29tAAoJEO2iHpS1ZXFvVqwE/i4FEiWVKrfgTGhKiVkmxuSuSvEd A7WoRCLAKmnghz3egcx2V6FGsnH1padENDb4iqvdC3dr0fIQ+0U9k2xxXaCMiXvm d35SvSI/W66HiAmYRmdfL68BR3eUeuIgzH6MllF3ckAWTYAhkS5kEZGFUdMB3HXf 4CWB9u50d0MIfbOJJEHrNK9BsdTE8vB6way+gM55VRm0kgKQa6bXg4CIfsQ= =dqcR -----END PGP SIGNATURE----- --=-=-=-- From MAILER-DAEMON Thu Feb 01 10:02:15 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCdS3-0001je-Be for mharc-help-gnutls@gnu.org; Thu, 01 Feb 2007 10:02:15 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCdS1-0001jH-QV for help-gnutls@gnu.org; Thu, 01 Feb 2007 10:02:13 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCdS0-0001j4-2F for help-gnutls@gnu.org; Thu, 01 Feb 2007 10:02:13 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCdRz-0001j0-K7 for help-gnutls@gnu.org; Thu, 01 Feb 2007 10:02:11 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCdRy-0000I9-VB for help-gnutls@gnu.org; Thu, 01 Feb 2007 10:02:11 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HCdRi-00040w-RK for help-gnutls@gnu.org; Thu, 01 Feb 2007 16:01:54 +0100 Received: from messiaen.laas.fr ([140.93.21.6]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 01 Feb 2007 16:01:54 +0100 Received: from ludovic.courtes by messiaen.laas.fr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 01 Feb 2007 16:01:54 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Thu, 01 Feb 2007 16:01:49 +0100 Organization: LAAS-CNRS Lines: 26 Message-ID: <87y7nhgbvm.fsf@laas.fr> References: <87zm8jhyah.fsf@laas.fr> <17836.63955.481542.439077@squeak.fifthhorseman.net> <871wluj0tq.fsf@latte.josefsson.org> <1168974346.3210.25.camel@sarge> <87irf3kwov.fsf@latte.josefsson.org> <87ejprkt1i.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: messiaen.laas.fr X-URL: http://www.laas.fr/~lcourtes/ X-Revolutionary-Date: 13 =?iso-8859-1?Q?Pluvi=F4se?= an 215 de la =?iso-8859-1?Q?R=E9volution?= X-PGP-Key-ID: 0xEB1F5364 X-PGP-Key: http://www.laas.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 821D 815D 902A 7EAB 5CEE D120 7FBA 3D4F EB1F 5364 X-OS: powerpc-unknown-linux-gnu User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:wUJHmoYjQ2JyDyHSTT9Z7Wox/hE= Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 15:02:14 -0000 Hi, Simon Josefsson writes: > Also, creating examples and a self test for the OpenPGP stuff would be > useful. Have you managed to get it to work at all? I tried this: It works fine (with the little patches I posted), but I couldn't get `gnutls-cli' and `gnutls-serv' to work with it (haven't investigated yet). > jas@mocca:~/src/gnutls$ gpg -a --export-secret-keys b565716f > ~/privkey.gpg > > The above step would be nice to avoid, btw, although I'm not exactly > sure which file formats are supported/required. This area seems > under-documented. Yes, it'd be nice to avoid. GnuTLS key import functions now support both ASCII-armored and "raw" binary keys, it Does Work. ;-) The possible formats are documented in RFC 2440 I think. I'm not sure about the keyring format, though. Thanks, Ludovic. From MAILER-DAEMON Thu Feb 01 11:35:40 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCeuS-0003mu-Js for mharc-help-gnutls@gnu.org; Thu, 01 Feb 2007 11:35:40 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCeuR-0003mP-FA for help-gnutls@gnu.org; Thu, 01 Feb 2007 11:35:39 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCeuQ-0003le-4A for help-gnutls@gnu.org; Thu, 01 Feb 2007 11:35:39 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCeuP-0003la-Ou for help-gnutls@gnu.org; Thu, 01 Feb 2007 11:35:37 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCeuP-0001ae-B7 for help-gnutls@gnu.org; Thu, 01 Feb 2007 11:35:37 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HCeu0-00032I-GQ for help-gnutls@gnu.org; Thu, 01 Feb 2007 17:35:12 +0100 Received: from messiaen.laas.fr ([140.93.21.6]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 01 Feb 2007 17:35:12 +0100 Received: from ludovic.courtes by messiaen.laas.fr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 01 Feb 2007 17:35:12 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Thu, 01 Feb 2007 17:34:32 +0100 Organization: LAAS-CNRS Lines: 60 Message-ID: <87irelet0n.fsf@laas.fr> References: <87zm8jhyah.fsf@laas.fr> <17836.63955.481542.439077@squeak.fifthhorseman.net> <871wluj0tq.fsf@latte.josefsson.org> <1168974346.3210.25.camel@sarge> <87irf3kwov.fsf@latte.josefsson.org> <87ejprkt1i.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: messiaen.laas.fr X-URL: http://www.laas.fr/~lcourtes/ X-Revolutionary-Date: 13 =?iso-8859-1?Q?Pluvi=F4se?= an 215 de la =?iso-8859-1?Q?R=E9volution?= X-PGP-Key-ID: 0xEB1F5364 X-PGP-Key: http://www.laas.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 821D 815D 902A 7EAB 5CEE D120 7FBA 3D4F EB1F 5364 X-OS: powerpc-unknown-linux-gnu User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:k3DdeTJZ6Js3vRRn4+GAZM83d0I= Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 16:35:39 -0000 --=-=-= Hi, Simon Josefsson writes: > Also, creating examples and a self test for the OpenPGP stuff would be > useful. Have you managed to get it to work at all? It took me a while, but I finally found why `gnutls-serv' wouldn't do the job as expected (I knew it should work because I have small client/server of my own that do work). First, the patch below must be applied to `serv.c'. Then, actual DH and/or RSA parameters must be provided or generated for the server. So we end up with a command-line like this for the server: $ ./gnutls-serv --dhparams tls-dh-params \ --ctypes openpgp --pgpcertfile pub.asc \ --pgpkeyfile sec.asc And for the client: $ gnutls-cli --ctypes openpgp --pgpcertfile pub.asc \ --pgpkeyfile sec.asc -p 5556 localhost And it works like a charm, even with `--require-cert' passed to the server. Can you confirm? Thanks, Ludovic. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename*=us-ascii''%2c%2cserv.diff Content-Description: The patch --- orig/src/serv.c +++ mod/src/serv.c @@ -821,9 +821,8 @@ } gnutls_certificate_set_params_function (cert_cred, get_params); -/* gnutls_certificate_set_dh_params(cert_cred, dh_params); - * gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params); - */ + gnutls_certificate_set_dh_params(cert_cred, dh_params); + gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params); /* this is a password file (created with the included srpcrypt utility) * Read README.crypt prior to using SRP. --=-=-=-- From MAILER-DAEMON Thu Feb 01 12:22:46 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCfe2-0006MU-LZ for mharc-help-gnutls@gnu.org; Thu, 01 Feb 2007 12:22:46 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCfe1-0006Lx-AS for help-gnutls@gnu.org; Thu, 01 Feb 2007 12:22:45 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCfdy-0006KZ-NB for help-gnutls@gnu.org; Thu, 01 Feb 2007 12:22:43 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCfdy-0006KW-Kx for help-gnutls@gnu.org; Thu, 01 Feb 2007 12:22:42 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCfdy-0001wB-4h for help-gnutls@gnu.org; Thu, 01 Feb 2007 12:22:42 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HCfdw-0006ME-Fy for help-gnutls@gnu.org; Thu, 01 Feb 2007 18:22:40 +0100 Received: from messiaen.laas.fr ([140.93.21.6]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 01 Feb 2007 18:22:40 +0100 Received: from ludovic.courtes by messiaen.laas.fr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 01 Feb 2007 18:22:40 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Thu, 01 Feb 2007 18:22:36 +0100 Organization: LAAS-CNRS Lines: 20 Message-ID: <87bqkddc83.fsf@laas.fr> References: <87zm8jhyah.fsf@laas.fr> <17836.63955.481542.439077@squeak.fifthhorseman.net> <871wluj0tq.fsf@latte.josefsson.org> <1168974346.3210.25.camel@sarge> <87irf3kwov.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: messiaen.laas.fr X-URL: http://www.laas.fr/~lcourtes/ X-Revolutionary-Date: 13 =?iso-8859-1?Q?Pluvi=F4se?= an 215 de la =?iso-8859-1?Q?R=E9volution?= X-PGP-Key-ID: 0xEB1F5364 X-PGP-Key: http://www.laas.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 821D 815D 902A 7EAB 5CEE D120 7FBA 3D4F EB1F 5364 X-OS: powerpc-unknown-linux-gnu User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:Y1MLuHyvYYfzbJjritcG2VWdy3c= Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 17:22:45 -0000 Hi, Simon Josefsson writes: > It seems as if OpenCDK duplicate some of the functionality that > properly belong to GnuPG. However, as far as I know, there aren't any > APIs in GnuPG to do what OpenCDK does, even if the functionality is > there. >From [0], I have the feeling that GnuPG's OpenPGP message handling is not readily "librarifiable". So until the GnuPG developers decide to librarify it, it seems that there's no choice but to use OpenCDK in GnuTLS. However, distributing the OpenPGP message-related part of GnuPG as a library would be an additional burden for the GnuPG people, which they might want to avoid. Thanks, Ludovic. [0] http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/g10/ From MAILER-DAEMON Fri Feb 02 07:00:19 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCx5X-0006Ln-3u for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 07:00:19 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCx5V-0006Li-Di for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:00:17 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCx5T-0006LW-Gd for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:00:16 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCx5T-0006LT-D3 for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:00:15 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCx5S-0002DR-OC for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:00:15 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l12C02sF026111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Feb 2007 13:00:03 +0100 X-Hashcash: 1:22:070202:help-gnutls@gnu.org::v+8hEp6hRBjLgK6c:3/FF From: Simon Josefsson To: acril References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070202:vthomasset@gmail.com::AiCWF88JKyrQwvEn:60Kh Date: Fri, 02 Feb 2007 13:00:02 +0100 In-Reply-To: (acril's message of "Thu\, 1 Feb 2007 11\:03\:48 +0100") Message-ID: <87sldovkfx.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls4win X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 12:00:18 -0000 acril writes: >> >> Hi! Can you be more specific, I can't seem to be able to verify that: >> > > Here's the output from grep: > > bin/libgnutls-config:3:prefix=/home/jas/gnutls4win/inst ... Ah, right. There are three categories of files which includes these paths: 1) DLL's and EXE's. This is probably because of debugging symbols, and those are useful. Perhaps we could have two installers, one with debugging symbols and one without. Although that is more work for me. Having optional *.gdb files with the debugging symbols may be the proper solution, but I don't know how to do that, and whether it works under mingw32. Thoughts and help here appreciated. 2) The *-config scripts. These are shell-scripts, and they are deprecated. I've removed them from gnutls.nsi. Come to think of it, maybe we should finally remove them from the real package too... 3) The *.la files. These are generated by libtool. I'm not sure they are ever useful, especially on the installed machine where the installed prefix will differ from those encoded in libtool. However, they are only installed if 'Developer libraries' was selected in the installer. That happens to be the default, and perhaps that isn't necessary. Although right now, I suspect most people installing GnuTLS for Windows are developers. /Simon From MAILER-DAEMON Fri Feb 02 07:17:12 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCxLs-0004Dv-85 for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 07:17:12 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCxLp-0004BY-Pr for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:17:09 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCxLo-00048a-AR for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:17:09 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCxLo-00048R-7q for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:17:08 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HCxLn-0005JR-RN for help-gnutls@gnu.org; Fri, 02 Feb 2007 07:17:08 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 3F0C3D54A4 for ; Fri, 2 Feb 2007 12:17:05 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 82406-rc1YIk; Fri, 02 Feb 2007 12:17:05 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 1E608D54B5; Fri, 2 Feb 2007 12:17:03 +0000 (GMT) Received: from corniola.csp.it (corniola.csp.it [194.116.9.26]) by csa.csp.it (IMP) with HTTP for ; Fri, 2 Feb 2007 13:17:03 +0100 Message-ID: <1170418623.45c32bbf0d773@csa.csp.it> Date: Fri, 2 Feb 2007 13:17:03 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <87sldovkfx.fsf@latte.josefsson.org> In-Reply-To: <87sldovkfx.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.26 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.22; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 12:17:10 -0000 Hi all, I should implement autenthication inside of web application with gnutls. I should use OpenPGP inside TLS connection (I do not use certificate X.50= 9). It is possible in GnuTLS, but can someone indicate me any reference guide= (with example server-client)? Thanks, Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Fri Feb 02 08:23:28 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCyO0-0001qL-23 for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 08:23:28 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCyNx-0001pI-Ui for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:23:25 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCyNv-0001p6-KZ for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:23:24 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCyNv-0001p3-DL for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:23:23 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCyNu-0001Wf-RP for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:23:23 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l12DMek8019177 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Feb 2007 14:22:41 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070202:dellanna@csp.it::Yqhc2Ew1qoPkh9fT:575k X-Hashcash: 1:22:070202:help-gnutls@gnu.org::vA/C7iyKUVXPHNOQ:bwcD Date: Fri, 02 Feb 2007 14:22:40 +0100 In-Reply-To: <1170418623.45c32bbf0d773@csa.csp.it> (dellanna@csp.it's message of "Fri\, 2 Feb 2007 13\:17\:03 +0100") Message-ID: <87k5z0vgm7.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 13:23:26 -0000 dellanna@csp.it writes: > Hi all, > I should implement autenthication inside of web application with gnutls. > I should use OpenPGP inside TLS connection (I do not use certificate X.509). > It is possible in GnuTLS, but can someone indicate me any reference guide (with > example server-client)? Hi! Yes, that should be possible. There are example code for a server in the GnuTLS manual: http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html There are no explicit examples for OpenPGP clients, but modifying the standard X.509 example: http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html using the hints from: http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html should not be impossible. Note that this part of GnuTLS is not widely used, so it isn't unlikely that you run into problems. Let us know how it works for you! /Simon From MAILER-DAEMON Fri Feb 02 08:50:31 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HCyoA-00063a-VL for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 08:50:30 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HCyoA-00063V-Ab for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:50:30 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HCyo8-00063J-U2 for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:50:29 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HCyo8-00063G-Np for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:50:28 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HCyo8-00064G-41 for help-gnutls@gnu.org; Fri, 02 Feb 2007 08:50:28 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l12DoHG7028016 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Feb 2007 14:50:18 +0100 From: Simon Josefsson To: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) References: <87zm8jhyah.fsf@laas.fr> <17836.63955.481542.439077@squeak.fifthhorseman.net> <871wluj0tq.fsf@latte.josefsson.org> <1168974346.3210.25.camel@sarge> <87irf3kwov.fsf@latte.josefsson.org> <87ejprkt1i.fsf@latte.josefsson.org> <87irelet0n.fsf@laas.fr> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070202:help-gnutls@gnu.org::dTo0YT2b3+QgKLRE:I1nP X-Hashcash: 1:22:070202:ludovic.courtes@laas.fr::+WRE9LYtn+08ZJzc:N9bZ Date: Fri, 02 Feb 2007 14:50:17 +0100 In-Reply-To: <87irelet0n.fsf@laas.fr> (Ludovic =?iso-8859-1?Q?Court=E8s's?= message of "Thu\, 01 Feb 2007 17\:34\:32 +0100") Message-ID: <87fy9ovfc6.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by yxa.extundo.com id l12DoHG7028016 X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 13:50:30 -0000 ludovic.courtes@laas.fr (Ludovic Court=E8s) writes: > Hi, > > Simon Josefsson writes: > >> Also, creating examples and a self test for the OpenPGP stuff would be >> useful. Have you managed to get it to work at all? > > It took me a while, but I finally found why `gnutls-serv' wouldn't do > the job as expected (I knew it should work because I have small > client/server of my own that do work). > > First, the patch below must be applied to `serv.c'. Then, actual DH > and/or RSA parameters must be provided or generated for the server. So > we end up with a command-line like this for the server: > > $ ./gnutls-serv --dhparams tls-dh-params \ > --ctypes openpgp --pgpcertfile pub.asc \ > --pgpkeyfile sec.asc > > And for the client: > > $ gnutls-cli --ctypes openpgp --pgpcertfile pub.asc \ > --pgpkeyfile sec.asc -p 5556 localhost > > And it works like a charm, even with `--require-cert' passed to the > server. > > Can you confirm? Hi! Actually, the tools works fine without your patch, IF I use a newly generated key. Server: jas@mocca:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile ~/.gnupg-foo/p= ub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt Read Diffie Hellman parameters. Echo Server ready. Listening to port '5556'. * connection from ::ffff:127.0.0.1, port 48423 - Given server name[1]: localhost - Certificate type: OpenPGP # Key was created at: Fri Feb 2 14:32:23 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:4= 0:CD:57:C9 # NAME: Foo Bar - Peer's key is valid - Could not find a signer of the peer's key - Version: TLS 1.1 - Key Exchange: DHE DSS - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE Client: jas@mocca:~$ gnutls-cli --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile = ~/.gnupg-foo/sec.txt -p 5556 localhost Processed 1 client PGP certificate... Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - Certificate type: OpenPGP # The hostname in the key does NOT match 'localhost'. # Key was created at: Fri Feb 2 14:32:23 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:4= 0:CD:57:C9 # NAME: Foo Bar - Peer's key is valid - Could not find a signer of the peer's key - Version: TLS 1.1 - Key Exchange: DHE DSS - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: This is quit nice, but there are some things we could do to make things easier. I'm thinking that gnutls-serv should use a static hard-coded D-H parameter if the user didn't supply one on the command line. Here is what I get if I test with my own key: jas@mocca:~/src/gnutls/src$ gpg -a --export-secret-keys b565716f > ~/priv= key.gpgjas@mocca:~/src/gnutls/src$ gpg -a --export b565716f > ~/pubkey.gp= g=20 Server: jas@mocca:~/src/gnutls/src$ ./gnutls-serv --dhparams dh.pem --pgpcertfile= ~/pubkey.gpg --pgpkeyfile ~/privkey.gpg Read Diffie Hellman parameters. Echo Server ready. Listening to port '5556'. Error in handshake Error: A TLS packet with unexpected length was received. Client: jas@mocca:~/src/gnutls/src$ ./gnutls-cli --pgpcertfile ~/pubkey.gpg --pg= pkeyfile ~/privkey.gpg -p 5556 localhost Processed 1 client PGP certificate... Resolving 'localhost'... Connecting to '127.0.0.1:5556'... *** Fatal error: Decryption has failed. *** Handshake has failed GNUTLS ERROR: Decryption has failed. jas@mocca:~/src/gnutls/src$ Debugging indicates problems decrypting the challenge, in the client: |<2>| ASSERT: gnutls_pk.c:283 |<2>| ASSERT: gnutls_pk.c:359 |<2>| ASSERT: gnutls_sig.c:299 |<2>| ASSERT: gnutls_sig.c:468 |<2>| ASSERT: auth_dhe.c:233 |<2>| ASSERT: gnutls_kx.c:346 |<2>| ASSERT: gnutls_handshake.c:2235 I suspect OpenCDK uses the wrong RSA key to encrypt and/or decrypt the data. I have several old and expired keys in my private key. IIRC, even GnuPG had a similar problem with my key some time ago. /Simon From MAILER-DAEMON Fri Feb 02 10:17:14 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HD0A6-0001OG-My for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 10:17:14 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HD0A4-0001OA-O8 for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:17:12 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HD0A1-0001Nh-3W for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:17:11 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HD0A0-0001Ne-SC for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:17:08 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HD0A0-000601-GQ for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:17:08 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HD09l-0003Gk-Qu for help-gnutls@gnu.org; Fri, 02 Feb 2007 16:16:53 +0100 Received: from messiaen.laas.fr ([140.93.21.6]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 02 Feb 2007 16:16:53 +0100 Received: from ludovic.courtes by messiaen.laas.fr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 02 Feb 2007 16:16:53 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) Date: Fri, 02 Feb 2007 16:16:36 +0100 Organization: LAAS-CNRS Lines: 22 Message-ID: <8764ak7for.fsf@laas.fr> References: <87zm8jhyah.fsf@laas.fr> <17836.63955.481542.439077@squeak.fifthhorseman.net> <871wluj0tq.fsf@latte.josefsson.org> <1168974346.3210.25.camel@sarge> <87irf3kwov.fsf@latte.josefsson.org> <87ejprkt1i.fsf@latte.josefsson.org> <87irelet0n.fsf@laas.fr> <87fy9ovfc6.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: messiaen.laas.fr X-URL: http://www.laas.fr/~lcourtes/ X-Revolutionary-Date: 14 =?iso-8859-1?Q?Pluvi=F4se?= an 215 de la =?iso-8859-1?Q?R=E9volution?= X-PGP-Key-ID: 0xEB1F5364 X-PGP-Key: http://www.laas.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 821D 815D 902A 7EAB 5CEE D120 7FBA 3D4F EB1F 5364 X-OS: powerpc-unknown-linux-gnu User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:paYtw5wlAcQzN0cr3JVN99uZ16s= Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 15:17:13 -0000 Hi, Simon Josefsson writes: > Hi! Actually, the tools works fine without your patch, IF I use a > newly generated key. Hmm, but without the patch, the DH parameters aren't used since the invocation of `gnutls_certificate_set_dh_params ()' is commented out, are they? > I suspect OpenCDK uses the wrong RSA key to encrypt and/or decrypt the > data. I have several old and expired keys in my private key. IIRC, > even GnuPG had a similar problem with my key some time ago. Then the key is to blame. ;-) Or at least GnuTLS should return a more appropriate error, like `GNUTLS_A_CERTIFICATE_EXPIRED'. Thanks, Ludovic. From MAILER-DAEMON Fri Feb 02 10:43:32 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HD0ZY-00061q-N3 for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 10:43:32 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HD0ZX-00060P-A1 for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:43:31 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HD0ZW-0005zD-D8 for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:43:30 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HD0ZW-0005z2-20 for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:43:30 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HD0ZV-0002tk-JK for help-gnutls@gnu.org; Fri, 02 Feb 2007 10:43:29 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 7F2D3D54C2; Fri, 2 Feb 2007 15:43:27 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 88184-nKhVSd; Fri, 02 Feb 2007 15:43:27 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 3B9ECD54FD; Fri, 2 Feb 2007 15:43:23 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Fri, 2 Feb 2007 16:43:23 +0100 Message-ID: <1170431003.45c35c1b29a34@csa.csp.it> Date: Fri, 2 Feb 2007 16:43:23 +0100 From: dellanna@csp.it To: Simon Josefsson References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> In-Reply-To: <87k5z0vgm7.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.23; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 15:43:31 -0000 Ok, but if I try to compiler the example on manual "Echo Server with anonymou= s authentication" with command gcc, it return something like: "server.c:(.text+0x2e): undefined reference to `gnutls_set_default_priori= ty'" this function is in the package . In this example I write #include . There is something t= o configure before gnutls work correctly? Simone. Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Hi all, > > I should implement autenthication inside of web application with gnut= ls. > > I should use OpenPGP inside TLS connection (I do not use certificate > X.509). > > It is possible in GnuTLS, but can someone indicate me any reference g= uide > (with > > example server-client)? > > Hi! Yes, that should be possible. There are example code for a > server in the GnuTLS manual: > > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-Open= PGP-authentication.html > > There are no explicit examples for OpenPGP clients, but modifying the > standard X.509 example: > > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example= -with-X_002e509-certificate-support.html > > using the hints from: > > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentic= ation.html > > should not be impossible. > > Note that this part of GnuTLS is not widely used, so it isn't unlikely > that you run into problems. Let us know how it works for you! > > /Simon > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Fri Feb 02 11:18:07 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HD171-00065o-Jc for mharc-help-gnutls@gnu.org; Fri, 02 Feb 2007 11:18:07 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HD16z-00065Q-Pn for help-gnutls@gnu.org; Fri, 02 Feb 2007 11:18:05 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HD16y-00065E-Bh for help-gnutls@gnu.org; Fri, 02 Feb 2007 11:18:04 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HD16y-00065B-5u for help-gnutls@gnu.org; Fri, 02 Feb 2007 11:18:04 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HD16x-0002oh-Gg for help-gnutls@gnu.org; Fri, 02 Feb 2007 11:18:04 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l12GHrnV008908 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Feb 2007 17:17:54 +0100 From: Simon Josefsson To: ludovic.courtes@laas.fr (Ludovic =?iso-8859-1?Q?Court=E8s?=) References: <87zm8jhyah.fsf@laas.fr> <17836.63955.481542.439077@squeak.fifthhorseman.net> <871wluj0tq.fsf@latte.josefsson.org> <1168974346.3210.25.camel@sarge> <87irf3kwov.fsf@latte.josefsson.org> <87ejprkt1i.fsf@latte.josefsson.org> <87irelet0n.fsf@laas.fr> <87fy9ovfc6.fsf@latte.josefsson.org> <8764ak7for.fsf@laas.fr> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070202:ludovic.courtes@laas.fr::I+yp41iA6p/OLMWF:AVVU X-Hashcash: 1:22:070202:help-gnutls@gnu.org::ec65FCs1VWDzNk0i:Q6LW Date: Fri, 02 Feb 2007 17:17:53 +0100 In-Reply-To: <8764ak7for.fsf@laas.fr> (Ludovic =?iso-8859-1?Q?Court=E8s's?= message of "Fri\, 02 Feb 2007 16\:16\:36 +0100") Message-ID: <87abzwzg7i.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by yxa.extundo.com id l12GHrnV008908 X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: TLS/OpenPGP draft expiring soon X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 16:18:05 -0000 ludovic.courtes@laas.fr (Ludovic Court=E8s) writes: > Hi, > > Simon Josefsson writes: > >> Hi! Actually, the tools works fine without your patch, IF I use a >> newly generated key. > > Hmm, but without the patch, the DH parameters aren't used since the > invocation of `gnutls_certificate_set_dh_params ()' is commented out, > are they? Doesn't it work for you? Setting the DH and export RSA parameters are done through the 'get_params' function, if I understand correctly. >> I suspect OpenCDK uses the wrong RSA key to encrypt and/or decrypt the >> data. I have several old and expired keys in my private key. IIRC, >> even GnuPG had a similar problem with my key some time ago. > > Then the key is to blame. ;-) > > Or at least GnuTLS should return a more appropriate error, like > `GNUTLS_A_CERTIFICATE_EXPIRED'. Yes. Alas, I can't send my private key for debugging... ;) If I get time, I'll debug it. The important thing is that it seems to work. I'll add a client example and perhaps a self test too. I'm still not certain what these parameters do, though: --pgpkeyring FILE PGP Key ring file to use. --pgptrustdb FILE PGP trustdb file to use. I can guess that the former is used to search for keys when only the fingerprint is sent, and the latter is used for WoT verification, but neither seem to work. If I understand correctly, this should work: jas@mocca:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile ~/.gnupg-foo/p= ub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt --pgpkeyring ~/.gnupg-foo/pub.tx= t Read Diffie Hellman parameters. Echo Server ready. Listening to port '5556'. Error in handshake Error: Could not get OpenPGP key. jas@mocca:~$ gnutls-cli --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile = ~/.gnupg-foo/sec.txt -p 5556 localhost -f Processed 1 client PGP certificate... Resolving 'localhost'... Connecting to '127.0.0.1:5556'... *** Fatal error: Error in the push function. *** Handshake has failed GNUTLS ERROR: Error in the push function. jas@mocca:~$ But as you can see, the server wasn't able to find the OpenPGP key. The error message on the client seems sub-optimal too. Maybe this is an ASCII vs binary issue. Ah, yes, it is. After: jas@mocca:~$ gpg -a --export-secret-keys 40CD57C9 > ~/.gnupg/sec.bin jas@mocca:~$ gpg --export-secret-keys 40CD57C9 > ~/.gnupg/sec.bin Then it works: jas@mocca:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile ~/.gnupg-foo/p= ub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt --pgpkeyring ~/.gnupg-foo/pub.bi= n Read Diffie Hellman parameters. Echo Server ready. Listening to port '5556'. * connection from ::ffff:127.0.0.1, port 41465 - Given server name[1]: localhost - Certificate type: OpenPGP # Key was created at: Fri Feb 2 14:32:23 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:4= 0:CD:57:C9 # NAME: Foo Bar - Peer's key is valid - Version: TLS 1.1 - Key Exchange: DHE DSS - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE ... jas@mocca:~$ gnutls-cli --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile = ~/.gnupg-foo/sec.txt -p 5556 localhost -f Processed 1 client PGP certificate... Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - Certificate type: OpenPGP # The hostname in the key does NOT match 'localhost'. # Key was created at: Fri Feb 2 14:32:23 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:4= 0:CD:57:C9 # NAME: Foo Bar - Peer's key is valid - Could not find a signer of the peer's key - Version: TLS 1.1 - Key Exchange: DHE DSS - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: jas@mocca:~$ Although it looks pretty serious that the server doesn't complain about a missing signer for the key now. Is it using the keyring as the trustdb? The trustdb parameter doesn't seem to have the binary vs ASCII problem, and the signer stuff seem to work: jas@mocca:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile ~/.gnupg-foo/p= ub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt --pgptrustdb ~/.gnupg-foo/pub.tx= t Read Diffie Hellman parameters. Echo Server ready. Listening to port '5556'. * connection from ::ffff:127.0.0.1, port 39134 - Given server name[1]: localhost - Certificate type: OpenPGP # Key was created at: Fri Feb 2 14:32:23 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:4= 0:CD:57:C9 # NAME: Foo Bar - Peer's key is valid - Version: TLS 1.1 - Key Exchange: DHE DSS - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE client: jas@mocca:~$ gnutls-cli --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile = ~/.gnupg-foo/sec.txt -p 5556 localhost Processed 1 client PGP certificate... Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - Certificate type: OpenPGP # The hostname in the key does NOT match 'localhost'. # Key was created at: Fri Feb 2 14:32:23 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:4= 0:CD:57:C9 # NAME: Foo Bar - Peer's key is valid - Could not find a signer of the peer's key - Version: TLS 1.1 - Key Exchange: DHE DSS - Cipher: AES 128 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: So there are a few problems: * use static DH if none are supplied * fix reading of ASCII OpenPGP keyrings * fix error message in client when the server cannot find the openpgp k= ey * investigate whether the server thinks the client's cert is ok when a keyring is specified * add self-tests for the above :) and most importantly: * document how everything works, with examples like those in this messa= ge Thanks, Simon From MAILER-DAEMON Tue Feb 06 01:44:58 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEK4X-000858-Ve for mharc-help-gnutls@gnu.org; Tue, 06 Feb 2007 01:44:58 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEK4W-00084v-5G for help-gnutls@gnu.org; Tue, 06 Feb 2007 01:44:56 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEK4U-00084R-IQ for help-gnutls@gnu.org; Tue, 06 Feb 2007 01:44:54 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEK4U-00084O-Bc for help-gnutls@gnu.org; Tue, 06 Feb 2007 01:44:54 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEK4T-00086J-Qi for help-gnutls@gnu.org; Tue, 06 Feb 2007 01:44:54 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l166ibIc021911 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Feb 2007 07:44:37 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070206:dellanna@csp.it::MUgrF6kZ7DAPvEZY:6Ks7 X-Hashcash: 1:22:070206:help-gnutls@gnu.org::nmT0Ql3wIJiPC3EK:G+mH Date: Tue, 06 Feb 2007 07:44:36 +0100 In-Reply-To: <1170431003.45c35c1b29a34@csa.csp.it> (dellanna@csp.it's message of "Fri\, 2 Feb 2007 16\:43\:23 +0100") Message-ID: <87tzxzg4yz.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2007 06:44:56 -0000 dellanna@csp.it writes: > Ok, > but if I try to compiler the example on manual "Echo Server with anonymous > authentication" with command gcc, it return something like: > "server.c:(.text+0x2e): undefined reference to `gnutls_set_default_priority'" > this function is in the package . > In this example I write #include . There is something to > configure before gnutls work correctly? Did you forget to link the program with the gnutls library? You'll need to compile it using something like this: cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib -lgnutls Alternatively, if you built GnuTLS yourself, invoke 'make' in the doc/examples/ directory. The examples are built when you build GnuTLS. /Simon > Simone. > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > Hi all, >> > I should implement autenthication inside of web application with gnutls. >> > I should use OpenPGP inside TLS connection (I do not use certificate >> X.509). >> > It is possible in GnuTLS, but can someone indicate me any reference guide >> (with >> > example server-client)? >> >> Hi! Yes, that should be possible. There are example code for a >> server in the GnuTLS manual: >> >> > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html >> >> There are no explicit examples for OpenPGP clients, but modifying the >> standard X.509 example: >> >> > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html >> >> using the hints from: >> >> > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html >> >> should not be impossible. >> >> Note that this part of GnuTLS is not widely used, so it isn't unlikely >> that you run into problems. Let us know how it works for you! >> >> /Simon >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Tue Feb 06 19:30:16 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEahU-0001ju-Di for mharc-help-gnutls@gnu.org; Tue, 06 Feb 2007 19:30:16 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEahS-0001in-HS for help-gnutls@gnu.org; Tue, 06 Feb 2007 19:30:14 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEahP-0001hD-Vn for help-gnutls@gnu.org; Tue, 06 Feb 2007 19:30:14 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEahP-0001hA-Sg for help-gnutls@gnu.org; Tue, 06 Feb 2007 19:30:11 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEahP-00009T-Fi for help-gnutls@gnu.org; Tue, 06 Feb 2007 19:30:11 -0500 Received: from root by ciao.gmane.org with local (Exim 4.43) id 1HEahH-0003S7-CI for help-gnutls@gnu.org; Wed, 07 Feb 2007 01:30:03 +0100 Received: from tiar.cowlark.co.uk ([81.187.191.218]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 07 Feb 2007 01:30:03 +0100 Received: from dg by tiar.cowlark.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 07 Feb 2007 01:30:03 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: David Given Date: Tue, 06 Feb 2007 23:22:13 +0000 Lines: 55 Message-ID: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig3AB31BF05A532CB3631C9B80" X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: tiar.cowlark.co.uk User-Agent: Thunderbird 1.5.0.9 (X11/20061206) X-Enigmail-Version: 0.94.0.0 Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 00:30:14 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig3AB31BF05A532CB3631C9B80 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I'm trying to use GNUTLS to implement TLS functionality on an SMTP daemon= I've got. It's nearly working really well; the example in 7.4.5 was really use= ful. I've implemented the code in the server to do the TLS handshake, and everything works fine when I connect to it with gnutls-cli. Unfortunately= , when I try it with real data, using Thunderbird, it doesn't work. Handsha= ke fails with "Could not negotiate a supported cipher suite." Thunderbird appears to be using OpenSSL. GNUTLS *does* work with OpenSSL,= right? If so, can anyone offer any suggestions as to what might be going = on, and how to fix it? This is with GNUTLS 1.4.0-3ubuntu1 on Ubuntu Edgy Eft and Thunderbird 1.5= =2E0.9. --=20 =E2=94=8C=E2=94=80=E2=94=80 =EF=BD=84=EF=BD=87=EF=BC=A0=EF=BD=83=EF=BD=8F= =EF=BD=97=EF=BD=8C=EF=BD=81=EF=BD=92=EF=BD=8B=EF=BC=8E=EF=BD=83=EF=BD=8F=EF= =BD=8D =E2=94=80=E2=94=80=E2=94=80 http://www.cowlark.com =E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80 =E2=94=82 "I have always wished for my computer to be as easy to use as m= y =E2=94=82 telephone; my wish has come true because I can no longer figure= out how to =E2=94=82 use my telephone." --- Bjarne Stroustrup --------------enig3AB31BF05A532CB3631C9B80 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyQ2pf9E0noFvlzgRAuluAJ9SHtokcVZGTYn0x4zyKMxGIj0zfACdHprg j+jrwoJYyyLkvS+hCrElYv4= =tNiD -----END PGP SIGNATURE----- --------------enig3AB31BF05A532CB3631C9B80-- From MAILER-DAEMON Wed Feb 07 01:36:06 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEgPW-0006VW-18 for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 01:36:06 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEgPU-0006U8-F6 for help-gnutls@gnu.org; Wed, 07 Feb 2007 01:36:04 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEgPS-0006T0-Mv for help-gnutls@gnu.org; Wed, 07 Feb 2007 01:36:03 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEgPS-0006Su-Dx for help-gnutls@gnu.org; Wed, 07 Feb 2007 01:36:02 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEgPR-0002pw-FL for help-gnutls@gnu.org; Wed, 07 Feb 2007 01:36:02 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l176ZfVT000505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Feb 2007 07:35:44 +0100 From: Simon Josefsson To: David Given References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070207:dg@cowlark.com::Wtx5G1Tpz5Dv5WtG:AADj X-Hashcash: 1:22:070207:help-gnutls@gnu.org::dZatCfk/1qFzYXA/:9kc9 Date: Wed, 07 Feb 2007 07:35:40 +0100 In-Reply-To: (David Given's message of "Tue\, 06 Feb 2007 23\:22\:13 +0000") Message-ID: <87zm7qbhkz.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 06:36:04 -0000 David Given writes: > I'm trying to use GNUTLS to implement TLS functionality on an SMTP daemon I've > got. It's nearly working really well; the example in 7.4.5 was really useful. > > I've implemented the code in the server to do the TLS handshake, and > everything works fine when I connect to it with gnutls-cli. Unfortunately, > when I try it with real data, using Thunderbird, it doesn't work. Handshake > fails with "Could not negotiate a supported cipher suite." > > Thunderbird appears to be using OpenSSL. GNUTLS *does* work with OpenSSL, > right? If so, can anyone offer any suggestions as to what might be going on, > and how to fix it? > > This is with GNUTLS 1.4.0-3ubuntu1 on Ubuntu Edgy Eft and Thunderbird 1.5.0.9. That error happens if the server doesn't offer a ciphersuite that the client can accept. Often this is caused by missing X.509 CA and/or server certificate. Check with 'gnutls-cli' what key exchange is negotiated. If it is ANON, most clients will refuse to talk to you. Btw, example 7.4.5 is for anonymous authentication, try 7.4.1 instead. It is easy to change things, just add a X.509 credential and assign it to the session. /Simon From MAILER-DAEMON Wed Feb 07 04:38:10 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEjFi-0006JA-8N for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 04:38:10 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEjFe-0006I8-VJ for help-gnutls@gnu.org; Wed, 07 Feb 2007 04:38:07 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEjFe-0006Hh-4P for help-gnutls@gnu.org; Wed, 07 Feb 2007 04:38:06 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEjFe-0006Hd-0O for help-gnutls@gnu.org; Wed, 07 Feb 2007 04:38:06 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEjFd-0003ht-Dk for help-gnutls@gnu.org; Wed, 07 Feb 2007 04:38:05 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 30686D5492; Wed, 7 Feb 2007 09:38:03 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 93331-XhfVON; Wed, 07 Feb 2007 09:38:03 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 48F08D54B5; Wed, 7 Feb 2007 09:38:01 +0000 (GMT) Received: from corniola.csp.it (corniola.csp.it [194.116.9.26]) by csa.csp.it (IMP) with HTTP for ; Wed, 7 Feb 2007 10:38:01 +0100 Message-ID: <1170841081.45c99df937538@csa.csp.it> Date: Wed, 7 Feb 2007 10:38:01 +0100 From: dellanna@csp.it To: Simon Josefsson References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> In-Reply-To: <87tzxzg4yz.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.26 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.45; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 09:38:07 -0000 Hi, I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06) and I = don't know what is gnutls library directory... If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ what is the packet I need to use gnutls in my applications? In manual there aren't instructions releted to configuration of my enviro= nment. Can you help me, please? Simone. Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Ok, > > but if I try to compiler the example on manual "Echo Server with anon= ymous > > authentication" with command gcc, it return something like: > > "server.c:(.text+0x2e): undefined reference to > `gnutls_set_default_priority'" > > this function is in the package . > > In this example I write #include . There is somethi= ng to > > configure before gnutls work correctly? > > Did you forget to link the program with the gnutls library? You'll > need to compile it using something like this: > > cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib -lgnutl= s > > Alternatively, if you built GnuTLS yourself, invoke 'make' in the > doc/examples/ directory. The examples are built when you build > GnuTLS. > > /Simon > > > Simone. > > > > Scrive Simon Josefsson : > > > >> dellanna@csp.it writes: > >> > >> > Hi all, > >> > I should implement autenthication inside of web application with g= nutls. > >> > I should use OpenPGP inside TLS connection (I do not use certifica= te > >> X.509). > >> > It is possible in GnuTLS, but can someone indicate me any referenc= e > guide > >> (with > >> > example server-client)? > >> > >> Hi! Yes, that should be possible. There are example code for a > >> server in the GnuTLS manual: > >> > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-Open= PGP-authentication.html > >> > >> There are no explicit examples for OpenPGP clients, but modifying th= e > >> standard X.509 example: > >> > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example= -with-X_002e509-certificate-support.html > >> > >> using the hints from: > >> > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentic= ation.html > >> > >> should not be impossible. > >> > >> Note that this part of GnuTLS is not widely used, so it isn't unlike= ly > >> that you run into problems. Let us know how it works for you! > >> > >> /Simon > >> > >> > > > > > > > > > > ---------------------------------------------------------------- > > This message was sent using IMP, the Internet Messaging Program. > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 05:01:37 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEjcO-0008UO-Vk for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 05:01:37 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEjcM-0008TJ-FO for help-gnutls@gnu.org; Wed, 07 Feb 2007 05:01:34 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEjcK-0008Rn-5e for help-gnutls@gnu.org; Wed, 07 Feb 2007 05:01:33 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEjcJ-0008RY-2A for help-gnutls@gnu.org; Wed, 07 Feb 2007 05:01:31 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEjcI-00072m-6V for help-gnutls@gnu.org; Wed, 07 Feb 2007 05:01:30 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l17A1HSX026192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Feb 2007 11:01:21 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070207:dellanna@csp.it::mHOoPau30HY+q+r7:0Q3h X-Hashcash: 1:22:070207:help-gnutls@gnu.org::tvpGxBQY8FeQic74:3cAa Date: Wed, 07 Feb 2007 11:01:16 +0100 In-Reply-To: <1170841081.45c99df937538@csa.csp.it> (dellanna@csp.it's message of "Wed\, 7 Feb 2007 10\:38\:01 +0100") Message-ID: <87ps8mb82b.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 10:01:35 -0000 dellanna@csp.it writes: > Hi, > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06) and I don't > know what is gnutls library directory... Then it is installed in the default path, /usr/lib. You don't have to specify the -I or -L parameters at all. Just add "-lgnutls" when building it. > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ > what is the packet I need to use gnutls in my applications? > In manual there aren't instructions releted to configuration of my environment. > Can you help me, please? See the file INSTALL, but if GnuTLS comes with your distribution, you don't need to build it yourself. /Simon > Simone. > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > Ok, >> > but if I try to compiler the example on manual "Echo Server with anonymous >> > authentication" with command gcc, it return something like: >> > "server.c:(.text+0x2e): undefined reference to >> `gnutls_set_default_priority'" >> > this function is in the package . >> > In this example I write #include . There is something to >> > configure before gnutls work correctly? >> >> Did you forget to link the program with the gnutls library? You'll >> need to compile it using something like this: >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib -lgnutls >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the >> doc/examples/ directory. The examples are built when you build >> GnuTLS. >> >> /Simon >> >> > Simone. >> > >> > Scrive Simon Josefsson : >> > >> >> dellanna@csp.it writes: >> >> >> >> > Hi all, >> >> > I should implement autenthication inside of web application with gnutls. >> >> > I should use OpenPGP inside TLS connection (I do not use certificate >> >> X.509). >> >> > It is possible in GnuTLS, but can someone indicate me any reference >> guide >> >> (with >> >> > example server-client)? >> >> >> >> Hi! Yes, that should be possible. There are example code for a >> >> server in the GnuTLS manual: >> >> >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html >> >> >> >> There are no explicit examples for OpenPGP clients, but modifying the >> >> standard X.509 example: >> >> >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html >> >> >> >> using the hints from: >> >> >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html >> >> >> >> should not be impossible. >> >> >> >> Note that this part of GnuTLS is not widely used, so it isn't unlikely >> >> that you run into problems. Let us know how it works for you! >> >> >> >> /Simon >> >> >> >> >> > >> > >> > >> > >> > ---------------------------------------------------------------- >> > This message was sent using IMP, the Internet Messaging Program. >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 08:41:46 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEn3R-0002tQ-Uc for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 08:41:46 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEn3P-0002tL-LX for help-gnutls@gnu.org; Wed, 07 Feb 2007 08:41:43 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEn3O-0002t9-Rt for help-gnutls@gnu.org; Wed, 07 Feb 2007 08:41:43 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEn3O-0002t6-PQ for help-gnutls@gnu.org; Wed, 07 Feb 2007 08:41:42 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEn3O-00020W-17 for help-gnutls@gnu.org; Wed, 07 Feb 2007 08:41:42 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 5827AD54BF; Wed, 7 Feb 2007 13:41:40 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 553-nqAeo8; Wed, 07 Feb 2007 13:41:40 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 9F476D54F0; Wed, 7 Feb 2007 13:41:37 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Wed, 7 Feb 2007 14:41:37 +0100 Message-ID: <1170855697.45c9d7118c6d4@csa.csp.it> Date: Wed, 7 Feb 2007 14:41:37 +0100 From: dellanna@csp.it To: Simon Josefsson References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> In-Reply-To: <87ps8mb82b.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.48; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 13:41:44 -0000 Ok, now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr/lib/ -= lgnutls (for server with anonymous authentication) it work correctly...the output= is the following: Server ready. Listening to port '5556' But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/ -lgnutl= s on client machine (for client anonymous) it return the following error: _______________________________________________________________ /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulting to 0000000008048908 /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): undefined reference to `tcp_connect' :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close' collect2: ld returned 1 exit status _______________________________________________________________ What is the problem for you? Simone. Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Hi, > > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06) an= d I > don't > > know what is gnutls library directory... > > Then it is installed in the default path, /usr/lib. You don't have to > specify the -I or -L parameters at all. Just add "-lgnutls" when > building it. > > > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ > > what is the packet I need to use gnutls in my applications? > > In manual there aren't instructions releted to configuration of my > environment. > > Can you help me, please? > > See the file INSTALL, but if GnuTLS comes with your distribution, you > don't need to build it yourself. > > /Simon > > > Simone. > > > > Scrive Simon Josefsson : > > > >> dellanna@csp.it writes: > >> > >> > Ok, > >> > but if I try to compiler the example on manual "Echo Server with > anonymous > >> > authentication" with command gcc, it return something like: > >> > "server.c:(.text+0x2e): undefined reference to > >> `gnutls_set_default_priority'" > >> > this function is in the package . > >> > In this example I write #include . There is some= thing > to > >> > configure before gnutls work correctly? > >> > >> Did you forget to link the program with the gnutls library? You'll > >> need to compile it using something like this: > >> > >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib -lgn= utls > >> > >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the > >> doc/examples/ directory. The examples are built when you build > >> GnuTLS. > >> > >> /Simon > >> > >> > Simone. > >> > > >> > Scrive Simon Josefsson : > >> > > >> >> dellanna@csp.it writes: > >> >> > >> >> > Hi all, > >> >> > I should implement autenthication inside of web application wit= h > gnutls. > >> >> > I should use OpenPGP inside TLS connection (I do not use certif= icate > >> >> X.509). > >> >> > It is possible in GnuTLS, but can someone indicate me any refer= ence > >> guide > >> >> (with > >> >> > example server-client)? > >> >> > >> >> Hi! Yes, that should be possible. There are example code for a > >> >> server in the GnuTLS manual: > >> >> > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-Open= PGP-authentication.html > >> >> > >> >> There are no explicit examples for OpenPGP clients, but modifying= the > >> >> standard X.509 example: > >> >> > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example= -with-X_002e509-certificate-support.html > >> >> > >> >> using the hints from: > >> >> > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentic= ation.html > >> >> > >> >> should not be impossible. > >> >> > >> >> Note that this part of GnuTLS is not widely used, so it isn't unl= ikely > >> >> that you run into problems. Let us know how it works for you! > >> >> > >> >> /Simon > >> >> > >> >> > >> > > >> > > >> > > >> > > >> > ---------------------------------------------------------------- > >> > This message was sent using IMP, the Internet Messaging Program. > >> > >> > > > > > > > > > > ---------------------------------------------------------------- > > This message was sent using IMP, the Internet Messaging Program. > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 09:06:37 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEnRU-0003QI-Uz for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 09:06:37 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEnRS-0003MT-J2 for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:06:34 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEnRR-0003MC-VA for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:06:34 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEnRR-0003M9-Op for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:06:33 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEnRQ-0006FJ-Q5 for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:06:33 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l17E6E5p029218 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Feb 2007 15:06:15 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070207:help-gnutls@gnu.org::0NJMSCVhA3qDspwA:8ku8 X-Hashcash: 1:22:070207:dellanna@csp.it::z3D4H9IBlmqBmmSy:9/wy Date: Wed, 07 Feb 2007 15:06:13 +0100 In-Reply-To: <1170855697.45c9d7118c6d4@csa.csp.it> (dellanna@csp.it's message of "Wed\, 7 Feb 2007 14\:41\:37 +0100") Message-ID: <877iuuawq2.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 14:06:34 -0000 dellanna@csp.it writes: > Ok, > now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr/lib/ -lgnutls > (for server with anonymous authentication) it work correctly...the output is the > following: > > Server ready. Listening to port '5556' > > But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/ -lgnutls on > client machine (for client anonymous) it return the following error: Try: cc -o ex-client1 ex-client1.c -lgnutls instead. > _______________________________________________________________ > /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulting to > 0000000008048908 > /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): undefined > reference to `tcp_connect' > :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close' > collect2: ld returned 1 exit status > _______________________________________________________________ > > What is the problem for you? The tcp_* functions are needed. Download this file as tcp.c: http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/doc/examples/tcp.c?root=GNU+TLS+Library&content-type=text%2Fplain and build it too, e.g.: cc -o ex-client1 ex-client1.c tcp.c -lgnutls I have added that file as another section in the manual. /Simon > Simone. > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > Hi, >> > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06) and I >> don't >> > know what is gnutls library directory... >> >> Then it is installed in the default path, /usr/lib. You don't have to >> specify the -I or -L parameters at all. Just add "-lgnutls" when >> building it. >> >> > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ >> > what is the packet I need to use gnutls in my applications? >> > In manual there aren't instructions releted to configuration of my >> environment. >> > Can you help me, please? >> >> See the file INSTALL, but if GnuTLS comes with your distribution, you >> don't need to build it yourself. >> >> /Simon >> >> > Simone. >> > >> > Scrive Simon Josefsson : >> > >> >> dellanna@csp.it writes: >> >> >> >> > Ok, >> >> > but if I try to compiler the example on manual "Echo Server with >> anonymous >> >> > authentication" with command gcc, it return something like: >> >> > "server.c:(.text+0x2e): undefined reference to >> >> `gnutls_set_default_priority'" >> >> > this function is in the package . >> >> > In this example I write #include . There is something >> to >> >> > configure before gnutls work correctly? >> >> >> >> Did you forget to link the program with the gnutls library? You'll >> >> need to compile it using something like this: >> >> >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib -lgnutls >> >> >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the >> >> doc/examples/ directory. The examples are built when you build >> >> GnuTLS. >> >> >> >> /Simon >> >> >> >> > Simone. >> >> > >> >> > Scrive Simon Josefsson : >> >> > >> >> >> dellanna@csp.it writes: >> >> >> >> >> >> > Hi all, >> >> >> > I should implement autenthication inside of web application with >> gnutls. >> >> >> > I should use OpenPGP inside TLS connection (I do not use certificate >> >> >> X.509). >> >> >> > It is possible in GnuTLS, but can someone indicate me any reference >> >> guide >> >> >> (with >> >> >> > example server-client)? >> >> >> >> >> >> Hi! Yes, that should be possible. There are example code for a >> >> >> server in the GnuTLS manual: >> >> >> >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html >> >> >> >> >> >> There are no explicit examples for OpenPGP clients, but modifying the >> >> >> standard X.509 example: >> >> >> >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html >> >> >> >> >> >> using the hints from: >> >> >> >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html >> >> >> >> >> >> should not be impossible. >> >> >> >> >> >> Note that this part of GnuTLS is not widely used, so it isn't unlikely >> >> >> that you run into problems. Let us know how it works for you! >> >> >> >> >> >> /Simon >> >> >> >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > ---------------------------------------------------------------- >> >> > This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> > >> > >> > >> > >> > ---------------------------------------------------------------- >> > This message was sent using IMP, the Internet Messaging Program. >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 09:59:32 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEoGi-0003c5-PE for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 09:59:32 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEoGh-0003bj-4A for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:59:31 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEoGf-0003bW-HP for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:59:30 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEoGf-0003bT-CR for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:59:29 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEoGe-0008Rz-Ap for help-gnutls@gnu.org; Wed, 07 Feb 2007 09:59:29 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id C11FDD54E1; Wed, 7 Feb 2007 14:59:26 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 3000-G8Mzia; Wed, 07 Feb 2007 14:59:26 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 47979D54EE; Wed, 7 Feb 2007 14:59:20 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Wed, 7 Feb 2007 15:59:20 +0100 Message-ID: <1170860360.45c9e94832994@csa.csp.it> Date: Wed, 7 Feb 2007 15:59:20 +0100 From: dellanna@csp.it To: Simon Josefsson References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> In-Reply-To: <877iuuawq2.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.49; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 14:59:31 -0000 Yes, with cc -o ex-client1 ex-client1.c tcp.c -lgnutls it was generated the ou= tput " ex-client1", but if I run ./ex-client1 the application return "Connect er= ror". I work on LAN and there is the server machine in waiting on port 5556. T= he client machine should to connect on server machine with TLS. The client application is complete? Simone. Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Ok, > > now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr/li= b/ > -lgnutls > > (for server with anonymous authentication) it work correctly...the ou= tput > is the > > following: > > > > Server ready. Listening to port '5556' > > > > But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/ -lg= nutls > on > > client machine (for client anonymous) it return the following error: > > Try: > > cc -o ex-client1 ex-client1.c -lgnutls > > instead. > > > _______________________________________________________________ > > /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulting = to > > 0000000008048908 > > /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): undefi= ned > > reference to `tcp_connect' > > :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close' > > collect2: ld returned 1 exit status > > _______________________________________________________________ > > > > What is the problem for you? > > The tcp_* functions are needed. Download this file as tcp.c: > > http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/doc/examples/t= cp.c?root=3DGNU+TLS+Library&content-type=3Dtext%2Fplain > > and build it too, e.g.: > > cc -o ex-client1 ex-client1.c tcp.c -lgnutls > > I have added that file as another section in the manual. > > /Simon > > > Simone. > > > > Scrive Simon Josefsson : > > > >> dellanna@csp.it writes: > >> > >> > Hi, > >> > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06)= and I > >> don't > >> > know what is gnutls library directory... > >> > >> Then it is installed in the default path, /usr/lib. You don't have = to > >> specify the -I or -L parameters at all. Just add "-lgnutls" when > >> building it. > >> > >> > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ > >> > what is the packet I need to use gnutls in my applications? > >> > In manual there aren't instructions releted to configuration of my > >> environment. > >> > Can you help me, please? > >> > >> See the file INSTALL, but if GnuTLS comes with your distribution, yo= u > >> don't need to build it yourself. > >> > >> /Simon > >> > >> > Simone. > >> > > >> > Scrive Simon Josefsson : > >> > > >> >> dellanna@csp.it writes: > >> >> > >> >> > Ok, > >> >> > but if I try to compiler the example on manual "Echo Server wit= h > >> anonymous > >> >> > authentication" with command gcc, it return something like: > >> >> > "server.c:(.text+0x2e): undefined reference to > >> >> `gnutls_set_default_priority'" > >> >> > this function is in the package . > >> >> > In this example I write #include . There is > something > >> to > >> >> > configure before gnutls work correctly? > >> >> > >> >> Did you forget to link the program with the gnutls library? You'= ll > >> >> need to compile it using something like this: > >> >> > >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib > -lgnutls > >> >> > >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the > >> >> doc/examples/ directory. The examples are built when you build > >> >> GnuTLS. > >> >> > >> >> /Simon > >> >> > >> >> > Simone. > >> >> > > >> >> > Scrive Simon Josefsson : > >> >> > > >> >> >> dellanna@csp.it writes: > >> >> >> > >> >> >> > Hi all, > >> >> >> > I should implement autenthication inside of web application = with > >> gnutls. > >> >> >> > I should use OpenPGP inside TLS connection (I do not use > certificate > >> >> >> X.509). > >> >> >> > It is possible in GnuTLS, but can someone indicate me any > reference > >> >> guide > >> >> >> (with > >> >> >> > example server-client)? > >> >> >> > >> >> >> Hi! Yes, that should be possible. There are example code for= a > >> >> >> server in the GnuTLS manual: > >> >> >> > >> >> >> > >> >> > > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-Open= PGP-authentication.html > >> >> >> > >> >> >> There are no explicit examples for OpenPGP clients, but modify= ing > the > >> >> >> standard X.509 example: > >> >> >> > >> >> >> > >> >> > > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example= -with-X_002e509-certificate-support.html > >> >> >> > >> >> >> using the hints from: > >> >> >> > >> >> >> > >> >> > > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentic= ation.html > >> >> >> > >> >> >> should not be impossible. > >> >> >> > >> >> >> Note that this part of GnuTLS is not widely used, so it isn't > unlikely > >> >> >> that you run into problems. Let us know how it works for you! > >> >> >> > >> >> >> /Simon > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > ---------------------------------------------------------------= - > >> >> > This message was sent using IMP, the Internet Messaging Program= . > >> >> > >> >> > >> > > >> > > >> > > >> > > >> > ---------------------------------------------------------------- > >> > This message was sent using IMP, the Internet Messaging Program. > >> > >> > > > > > > > > > > ---------------------------------------------------------------- > > This message was sent using IMP, the Internet Messaging Program. > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 10:19:48 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEoaK-0006Nx-Gj for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 10:19:48 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEoaI-0006Nn-It for help-gnutls@gnu.org; Wed, 07 Feb 2007 10:19:46 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEoaH-0006NS-03 for help-gnutls@gnu.org; Wed, 07 Feb 2007 10:19:45 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEoaG-0006NP-Pf for help-gnutls@gnu.org; Wed, 07 Feb 2007 10:19:44 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEoaG-0004RX-5I for help-gnutls@gnu.org; Wed, 07 Feb 2007 10:19:44 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l17FJVuX010444 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Feb 2007 16:19:32 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070207:dellanna@csp.it::WsFF5TgEpNe4E88n:04VL X-Hashcash: 1:22:070207:help-gnutls@gnu.org::xTgG1rCLPydsvcFa:580H Date: Wed, 07 Feb 2007 16:19:31 +0100 In-Reply-To: <1170860360.45c9e94832994@csa.csp.it> (dellanna@csp.it's message of "Wed\, 7 Feb 2007 15\:59\:20 +0100") Message-ID: <873b5iatbw.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 15:19:47 -0000 dellanna@csp.it writes: > Yes, > with cc -o ex-client1 ex-client1.c tcp.c -lgnutls it was generated the output " > ex-client1", but if I run ./ex-client1 the application return "Connect error". > I work on LAN and there is the server machine in waiting on port 5556. The > client machine should to connect on server machine with TLS. > The client application is complete? The client connects to "localhost:5556". Do you have a server running there? The error you get indicate that there is no server. Remember, you will want to modify the client in order to do anything useful, so I recommend to start reading its source code to understand what it does. /Simon > Simone. > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > Ok, >> > now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr/lib/ >> -lgnutls >> > (for server with anonymous authentication) it work correctly...the output >> is the >> > following: >> > >> > Server ready. Listening to port '5556' >> > >> > But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/ -lgnutls >> on >> > client machine (for client anonymous) it return the following error: >> >> Try: >> >> cc -o ex-client1 ex-client1.c -lgnutls >> >> instead. >> >> > _______________________________________________________________ >> > /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulting to >> > 0000000008048908 >> > /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): undefined >> > reference to `tcp_connect' >> > :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close' >> > collect2: ld returned 1 exit status >> > _______________________________________________________________ >> > >> > What is the problem for you? >> >> The tcp_* functions are needed. Download this file as tcp.c: >> >> > http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/doc/examples/tcp.c?root=GNU+TLS+Library&content-type=text%2Fplain >> >> and build it too, e.g.: >> >> cc -o ex-client1 ex-client1.c tcp.c -lgnutls >> >> I have added that file as another section in the manual. >> >> /Simon >> >> > Simone. >> > >> > Scrive Simon Josefsson : >> > >> >> dellanna@csp.it writes: >> >> >> >> > Hi, >> >> > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06) and I >> >> don't >> >> > know what is gnutls library directory... >> >> >> >> Then it is installed in the default path, /usr/lib. You don't have to >> >> specify the -I or -L parameters at all. Just add "-lgnutls" when >> >> building it. >> >> >> >> > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ >> >> > what is the packet I need to use gnutls in my applications? >> >> > In manual there aren't instructions releted to configuration of my >> >> environment. >> >> > Can you help me, please? >> >> >> >> See the file INSTALL, but if GnuTLS comes with your distribution, you >> >> don't need to build it yourself. >> >> >> >> /Simon >> >> >> >> > Simone. >> >> > >> >> > Scrive Simon Josefsson : >> >> > >> >> >> dellanna@csp.it writes: >> >> >> >> >> >> > Ok, >> >> >> > but if I try to compiler the example on manual "Echo Server with >> >> anonymous >> >> >> > authentication" with command gcc, it return something like: >> >> >> > "server.c:(.text+0x2e): undefined reference to >> >> >> `gnutls_set_default_priority'" >> >> >> > this function is in the package . >> >> >> > In this example I write #include . There is >> something >> >> to >> >> >> > configure before gnutls work correctly? >> >> >> >> >> >> Did you forget to link the program with the gnutls library? You'll >> >> >> need to compile it using something like this: >> >> >> >> >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib >> -lgnutls >> >> >> >> >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the >> >> >> doc/examples/ directory. The examples are built when you build >> >> >> GnuTLS. >> >> >> >> >> >> /Simon >> >> >> >> >> >> > Simone. >> >> >> > >> >> >> > Scrive Simon Josefsson : >> >> >> > >> >> >> >> dellanna@csp.it writes: >> >> >> >> >> >> >> >> > Hi all, >> >> >> >> > I should implement autenthication inside of web application with >> >> gnutls. >> >> >> >> > I should use OpenPGP inside TLS connection (I do not use >> certificate >> >> >> >> X.509). >> >> >> >> > It is possible in GnuTLS, but can someone indicate me any >> reference >> >> >> guide >> >> >> >> (with >> >> >> >> > example server-client)? >> >> >> >> >> >> >> >> Hi! Yes, that should be possible. There are example code for a >> >> >> >> server in the GnuTLS manual: >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html >> >> >> >> >> >> >> >> There are no explicit examples for OpenPGP clients, but modifying >> the >> >> >> >> standard X.509 example: >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html >> >> >> >> >> >> >> >> using the hints from: >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html >> >> >> >> >> >> >> >> should not be impossible. >> >> >> >> >> >> >> >> Note that this part of GnuTLS is not widely used, so it isn't >> unlikely >> >> >> >> that you run into problems. Let us know how it works for you! >> >> >> >> >> >> >> >> /Simon >> >> >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ---------------------------------------------------------------- >> >> >> > This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > ---------------------------------------------------------------- >> >> > This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> > >> > >> > >> > >> > ---------------------------------------------------------------- >> > This message was sent using IMP, the Internet Messaging Program. >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 11:02:58 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEpG6-0000xx-AI for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 11:02:58 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEpG4-0000xT-CJ for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:02:56 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEpG2-0000xH-I8 for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:02:56 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEpG2-0000xE-Cc for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:02:54 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEpG1-0004IN-CB for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:02:54 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id E58F3D54B5; Wed, 7 Feb 2007 16:02:51 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 4998-EIFCtR; Wed, 07 Feb 2007 16:02:51 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 0C2BDD549D; Wed, 7 Feb 2007 16:02:43 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Wed, 7 Feb 2007 17:02:42 +0100 Message-ID: <1170864162.45c9f822ee08e@csa.csp.it> Date: Wed, 7 Feb 2007 17:02:42 +0100 From: dellanna@csp.it To: Simon Josefsson References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> In-Reply-To: <873b5iatbw.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.50; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 16:02:56 -0000 I want to build the following scenario (with gnutls) One archtecture client-server (in lan)... when client open the connection= with server, it be used TLS with autentication PGP-based. It is possible to start from ex-serv-anon and ex-client1. isn't it? There is some reference on this mechanism? (this is gnutls mechanism) Simone. Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Yes, > > with cc -o ex-client1 ex-client1.c tcp.c -lgnutls it was generated th= e > output " > > ex-client1", but if I run ./ex-client1 the application return "Connec= t > error". > > I work on LAN and there is the server machine in waiting on port 555= 6. The > > client machine should to connect on server machine with TLS. > > The client application is complete? > > The client connects to "localhost:5556". Do you have a server running > there? The error you get indicate that there is no server. > > Remember, you will want to modify the client in order to do anything > useful, so I recommend to start reading its source code to understand > what it does. > > /Simon > > > Simone. > > > > Scrive Simon Josefsson : > > > >> dellanna@csp.it writes: > >> > >> > Ok, > >> > now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr= /lib/ > >> -lgnutls > >> > (for server with anonymous authentication) it work correctly...the > output > >> is the > >> > following: > >> > > >> > Server ready. Listening to port '5556' > >> > > >> > But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/ > -lgnutls > >> on > >> > client machine (for client anonymous) it return the following erro= r: > >> > >> Try: > >> > >> cc -o ex-client1 ex-client1.c -lgnutls > >> > >> instead. > >> > >> > _______________________________________________________________ > >> > /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulti= ng to > >> > 0000000008048908 > >> > /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): und= efined > >> > reference to `tcp_connect' > >> > :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close' > >> > collect2: ld returned 1 exit status > >> > _______________________________________________________________ > >> > > >> > What is the problem for you? > >> > >> The tcp_* functions are needed. Download this file as tcp.c: > >> > >> > > > http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/doc/examples/t= cp.c?root=3DGNU+TLS+Library&content-type=3Dtext%2Fplain > >> > >> and build it too, e.g.: > >> > >> cc -o ex-client1 ex-client1.c tcp.c -lgnutls > >> > >> I have added that file as another section in the manual. > >> > >> /Simon > >> > >> > Simone. > >> > > >> > Scrive Simon Josefsson : > >> > > >> >> dellanna@csp.it writes: > >> >> > >> >> > Hi, > >> >> > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.= 06) > and I > >> >> don't > >> >> > know what is gnutls library directory... > >> >> > >> >> Then it is installed in the default path, /usr/lib. You don't ha= ve to > >> >> specify the -I or -L parameters at all. Just add "-lgnutls" when > >> >> building it. > >> >> > >> >> > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnut= ls/ > >> >> > what is the packet I need to use gnutls in my applications? > >> >> > In manual there aren't instructions releted to configuration of= my > >> >> environment. > >> >> > Can you help me, please? > >> >> > >> >> See the file INSTALL, but if GnuTLS comes with your distribution,= you > >> >> don't need to build it yourself. > >> >> > >> >> /Simon > >> >> > >> >> > Simone. > >> >> > > >> >> > Scrive Simon Josefsson : > >> >> > > >> >> >> dellanna@csp.it writes: > >> >> >> > >> >> >> > Ok, > >> >> >> > but if I try to compiler the example on manual "Echo Server = with > >> >> anonymous > >> >> >> > authentication" with command gcc, it return something like: > >> >> >> > "server.c:(.text+0x2e): undefined reference to > >> >> >> `gnutls_set_default_priority'" > >> >> >> > this function is in the package . > >> >> >> > In this example I write #include . There i= s > >> something > >> >> to > >> >> >> > configure before gnutls work correctly? > >> >> >> > >> >> >> Did you forget to link the program with the gnutls library? Y= ou'll > >> >> >> need to compile it using something like this: > >> >> >> > >> >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/li= b > >> -lgnutls > >> >> >> > >> >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in = the > >> >> >> doc/examples/ directory. The examples are built when you buil= d > >> >> >> GnuTLS. > >> >> >> > >> >> >> /Simon > >> >> >> > >> >> >> > Simone. > >> >> >> > > >> >> >> > Scrive Simon Josefsson : > >> >> >> > > >> >> >> >> dellanna@csp.it writes: > >> >> >> >> > >> >> >> >> > Hi all, > >> >> >> >> > I should implement autenthication inside of web applicati= on > with > >> >> gnutls. > >> >> >> >> > I should use OpenPGP inside TLS connection (I do not use > >> certificate > >> >> >> >> X.509). > >> >> >> >> > It is possible in GnuTLS, but can someone indicate me any > >> reference > >> >> >> guide > >> >> >> >> (with > >> >> >> >> > example server-client)? > >> >> >> >> > >> >> >> >> Hi! Yes, that should be possible. There are example code = for a > >> >> >> >> server in the GnuTLS manual: > >> >> >> >> > >> >> >> >> > >> >> >> > > >> >> >> > >> >> > > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-Open= PGP-authentication.html > >> >> >> >> > >> >> >> >> There are no explicit examples for OpenPGP clients, but mod= ifying > >> the > >> >> >> >> standard X.509 example: > >> >> >> >> > >> >> >> >> > >> >> >> > > >> >> >> > >> >> > > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example= -with-X_002e509-certificate-support.html > >> >> >> >> > >> >> >> >> using the hints from: > >> >> >> >> > >> >> >> >> > >> >> >> > > >> >> >> > >> >> > > >> >> > >> > > >> > > > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentic= ation.html > >> >> >> >> > >> >> >> >> should not be impossible. > >> >> >> >> > >> >> >> >> Note that this part of GnuTLS is not widely used, so it isn= 't > >> unlikely > >> >> >> >> that you run into problems. Let us know how it works for y= ou! > >> >> >> >> > >> >> >> >> /Simon > >> >> >> >> > >> >> >> >> > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > ------------------------------------------------------------= ---- > >> >> >> > This message was sent using IMP, the Internet Messaging Prog= ram. > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > ---------------------------------------------------------------= - > >> >> > This message was sent using IMP, the Internet Messaging Program= . > >> >> > >> >> > >> > > >> > > >> > > >> > > >> > ---------------------------------------------------------------- > >> > This message was sent using IMP, the Internet Messaging Program. > >> > >> > > > > > > > > > > ---------------------------------------------------------------- > > This message was sent using IMP, the Internet Messaging Program. > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 11:11:15 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEpO7-0004yq-05 for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 11:11:15 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEpO4-0004xl-Rd for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:11:12 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEpO4-0004xV-0B for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:11:12 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEpO3-0004xR-SY for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:11:11 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEpO3-0005pr-3A for help-gnutls@gnu.org; Wed, 07 Feb 2007 11:11:11 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l17GAQ2h019026 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 7 Feb 2007 17:10:51 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070207:dellanna@csp.it::196n1m423gzATLWk:2NdK X-Hashcash: 1:22:070207:help-gnutls@gnu.org::Ibsh3aqSuxzvdN2k:ZDR0 Date: Wed, 07 Feb 2007 17:10:21 +0100 In-Reply-To: <1170864162.45c9f822ee08e@csa.csp.it> (dellanna@csp.it's message of "Wed\, 7 Feb 2007 17\:02\:42 +0100") Message-ID: <87tzxy9ceq.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls with pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 16:11:13 -0000 dellanna@csp.it writes: > I want to build the following scenario (with gnutls) > One archtecture client-server (in lan)... when client open the connection with > server, it be used TLS with autentication PGP-based. > It is possible to start from ex-serv-anon and ex-client1. isn't it? > There is some reference on this mechanism? (this is gnutls mechanism) Yes, you should be able to start from those two examples and make that work. For testing, you should even be able to create that configuration using the command line tools gnutls-cli and gnutls-serv. That may be simpler to start with. I'm not sure what you mean by a reference, but the manual should contain the necessary documentation. You'll need to modify the code to suite your needs, of course. Don't forget to look at src/cli.c and src/serv.c (the source code to gnutls-cli and gnutls-serv) for more hints, they are slightly more capable than the example code. /Simon > Simone. > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > Yes, >> > with cc -o ex-client1 ex-client1.c tcp.c -lgnutls it was generated the >> output " >> > ex-client1", but if I run ./ex-client1 the application return "Connect >> error". >> > I work on LAN and there is the server machine in waiting on port 5556. The >> > client machine should to connect on server machine with TLS. >> > The client application is complete? >> >> The client connects to "localhost:5556". Do you have a server running >> there? The error you get indicate that there is no server. >> >> Remember, you will want to modify the client in order to do anything >> useful, so I recommend to start reading its source code to understand >> what it does. >> >> /Simon >> >> > Simone. >> > >> > Scrive Simon Josefsson : >> > >> >> dellanna@csp.it writes: >> >> >> >> > Ok, >> >> > now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr/lib/ >> >> -lgnutls >> >> > (for server with anonymous authentication) it work correctly...the >> output >> >> is the >> >> > following: >> >> > >> >> > Server ready. Listening to port '5556' >> >> > >> >> > But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/ >> -lgnutls >> >> on >> >> > client machine (for client anonymous) it return the following error: >> >> >> >> Try: >> >> >> >> cc -o ex-client1 ex-client1.c -lgnutls >> >> >> >> instead. >> >> >> >> > _______________________________________________________________ >> >> > /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulting to >> >> > 0000000008048908 >> >> > /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): undefined >> >> > reference to `tcp_connect' >> >> > :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close' >> >> > collect2: ld returned 1 exit status >> >> > _______________________________________________________________ >> >> > >> >> > What is the problem for you? >> >> >> >> The tcp_* functions are needed. Download this file as tcp.c: >> >> >> >> >> > >> > http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/doc/examples/tcp.c?root=GNU+TLS+Library&content-type=text%2Fplain >> >> >> >> and build it too, e.g.: >> >> >> >> cc -o ex-client1 ex-client1.c tcp.c -lgnutls >> >> >> >> I have added that file as another section in the manual. >> >> >> >> /Simon >> >> >> >> > Simone. >> >> > >> >> > Scrive Simon Josefsson : >> >> > >> >> >> dellanna@csp.it writes: >> >> >> >> >> >> > Hi, >> >> >> > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06) >> and I >> >> >> don't >> >> >> > know what is gnutls library directory... >> >> >> >> >> >> Then it is installed in the default path, /usr/lib. You don't have to >> >> >> specify the -I or -L parameters at all. Just add "-lgnutls" when >> >> >> building it. >> >> >> >> >> >> > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/ >> >> >> > what is the packet I need to use gnutls in my applications? >> >> >> > In manual there aren't instructions releted to configuration of my >> >> >> environment. >> >> >> > Can you help me, please? >> >> >> >> >> >> See the file INSTALL, but if GnuTLS comes with your distribution, you >> >> >> don't need to build it yourself. >> >> >> >> >> >> /Simon >> >> >> >> >> >> > Simone. >> >> >> > >> >> >> > Scrive Simon Josefsson : >> >> >> > >> >> >> >> dellanna@csp.it writes: >> >> >> >> >> >> >> >> > Ok, >> >> >> >> > but if I try to compiler the example on manual "Echo Server with >> >> >> anonymous >> >> >> >> > authentication" with command gcc, it return something like: >> >> >> >> > "server.c:(.text+0x2e): undefined reference to >> >> >> >> `gnutls_set_default_priority'" >> >> >> >> > this function is in the package . >> >> >> >> > In this example I write #include . There is >> >> something >> >> >> to >> >> >> >> > configure before gnutls work correctly? >> >> >> >> >> >> >> >> Did you forget to link the program with the gnutls library? You'll >> >> >> >> need to compile it using something like this: >> >> >> >> >> >> >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib >> >> -lgnutls >> >> >> >> >> >> >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the >> >> >> >> doc/examples/ directory. The examples are built when you build >> >> >> >> GnuTLS. >> >> >> >> >> >> >> >> /Simon >> >> >> >> >> >> >> >> > Simone. >> >> >> >> > >> >> >> >> > Scrive Simon Josefsson : >> >> >> >> > >> >> >> >> >> dellanna@csp.it writes: >> >> >> >> >> >> >> >> >> >> > Hi all, >> >> >> >> >> > I should implement autenthication inside of web application >> with >> >> >> gnutls. >> >> >> >> >> > I should use OpenPGP inside TLS connection (I do not use >> >> certificate >> >> >> >> >> X.509). >> >> >> >> >> > It is possible in GnuTLS, but can someone indicate me any >> >> reference >> >> >> >> guide >> >> >> >> >> (with >> >> >> >> >> > example server-client)? >> >> >> >> >> >> >> >> >> >> Hi! Yes, that should be possible. There are example code for a >> >> >> >> >> server in the GnuTLS manual: >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html >> >> >> >> >> >> >> >> >> >> There are no explicit examples for OpenPGP clients, but modifying >> >> the >> >> >> >> >> standard X.509 example: >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html >> >> >> >> >> >> >> >> >> >> using the hints from: >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> > >> >> >> >> >> > >> >> >> > >> > http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html >> >> >> >> >> >> >> >> >> >> should not be impossible. >> >> >> >> >> >> >> >> >> >> Note that this part of GnuTLS is not widely used, so it isn't >> >> unlikely >> >> >> >> >> that you run into problems. Let us know how it works for you! >> >> >> >> >> >> >> >> >> >> /Simon >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > ---------------------------------------------------------------- >> >> >> >> > This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ---------------------------------------------------------------- >> >> >> > This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> >> >> >> > >> >> > >> >> > >> >> > >> >> > ---------------------------------------------------------------- >> >> > This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> > >> > >> > >> > >> > ---------------------------------------------------------------- >> > This message was sent using IMP, the Internet Messaging Program. >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 07 16:28:53 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HEuLV-00012A-4Y for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 16:28:53 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEuLT-00011r-Rr for help-gnutls@gnu.org; Wed, 07 Feb 2007 16:28:51 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEuLS-00011f-Ek for help-gnutls@gnu.org; Wed, 07 Feb 2007 16:28:50 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEuLS-00011c-8O for help-gnutls@gnu.org; Wed, 07 Feb 2007 16:28:50 -0500 Received: from aare.amessage.eu ([212.112.238.55]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HEuLR-0000eo-TJ for help-gnutls@gnu.org; Wed, 07 Feb 2007 16:28:50 -0500 Received: from [IPv6:2001:6f8:134f:0:213:ceff:fe01:3e4e] (quaoar.amessage.eu [2001:6f8:134f:0:213:ceff:fe01:3e4e]) (AUTH: CRAM-MD5 m@tthias.eu, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by aare.amessage.eu with esmtp; Wed, 07 Feb 2007 22:28:08 +0100 id 0900014E.45CA4469.00004A58 Message-ID: <45CA4468.6020704@tthias.eu> Date: Wed, 07 Feb 2007 22:28:08 +0100 From: Matthias Wimmer User-Agent: Thunderbird 1.5.0.9 (X11/20070103) MIME-Version: 1.0 To: Simon Josefsson Subject: Re: [Help-gnutls] Re: Verifying subjectAltNames References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> In-Reply-To: <45BE5ABF.6020005@tthias.eu> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-detected-kernel: Linux 2.6 (newer, 3) Cc: help-gnutls@gnu.org X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 21:28:52 -0000 Hi Simon! I now implemented checking of id-on-xmppAddr in the RFC 3920 server using libtasn1 directly (to be compatible with existing versions of GnuTLS). But I am still interested in having direct id-on-xmppAddr support in GnuTLS, so I continued thinking about an interface: I don't think that our initial idea would be working. (Having one or two functions returning the OID for an otherName and its content.) This won't work, as I think we cannot know the content of the otherName.value part. In case of id-on-xmppAddr it is an UTF8String, but I guess it might also use other string representations. So we will still be only able to return known types of otherName. Right? So if I am not wrong, we should be able to just extend gnutls_x509_subject_alt_name_t to be able to represent id-on-xmppAddr and report the new value back in gnutls_x509_crt_get_subject_alt_name(). Matthias From MAILER-DAEMON Wed Feb 07 20:03:45 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HExhR-0001Ve-G6 for mharc-help-gnutls@gnu.org; Wed, 07 Feb 2007 20:03:45 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HExhO-0001TN-WF for help-gnutls@gnu.org; Wed, 07 Feb 2007 20:03:43 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HExhN-0001T7-FH for help-gnutls@gnu.org; Wed, 07 Feb 2007 20:03:42 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HExhN-0001T4-Bu for help-gnutls@gnu.org; Wed, 07 Feb 2007 20:03:41 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HExhM-0003jr-Pu for help-gnutls@gnu.org; Wed, 07 Feb 2007 20:03:41 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HExhG-0002uf-U0 for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:03:34 +0100 Received: from tiar.cowlark.co.uk ([81.187.191.218]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 08 Feb 2007 02:03:34 +0100 Received: from dg by tiar.cowlark.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 08 Feb 2007 02:03:34 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: David Given Date: Thu, 08 Feb 2007 01:12:39 +0000 Lines: 57 Message-ID: References: <87zm7qbhkz.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig208F3956D8325540BA761055" X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: tiar.cowlark.co.uk User-Agent: Thunderbird 1.5.0.9 (X11/20061206) In-Reply-To: <87zm7qbhkz.fsf@latte.josefsson.org> X-Enigmail-Version: 0.94.0.0 Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 01:03:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig208F3956D8325540BA761055 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Simon Josefsson wrote: [...] > That error happens if the server doesn't offer a ciphersuite that the > client can accept. Often this is caused by missing X.509 CA and/or > server certificate. Check with 'gnutls-cli' what key exchange is > negotiated. If it is ANON, most clients will refuse to talk to you. >=20 > Btw, example 7.4.5 is for anonymous authentication, try 7.4.1 instead. > It is easy to change things, just add a X.509 credential and assign it > to the session. Thanks. I was rather hoping to do without --- having to create a self-sig= ned certificate adds quite a lot of complexity to my install procedure --- bu= t if I have to... Incidentally, creating a private key with certtool takes several minutes.= Doing the same with openssl req appears to be more or less instant. Is th= is normal? --=20 =E2=94=8C=E2=94=80=E2=94=80 =EF=BD=84=EF=BD=87=EF=BC=A0=EF=BD=83=EF=BD=8F= =EF=BD=97=EF=BD=8C=EF=BD=81=EF=BD=92=EF=BD=8B=EF=BC=8E=EF=BD=83=EF=BD=8F=EF= =BD=8D =E2=94=80=E2=94=80=E2=94=80 http://www.cowlark.com =E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80 =E2=94=82 "I have always wished for my computer to be as easy to use as m= y =E2=94=82 telephone; my wish has come true because I can no longer figure= out how to =E2=94=82 use my telephone." --- Bjarne Stroustrup --------------enig208F3956D8325540BA761055 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFynkKf9E0noFvlzgRArRVAJ9RZ0tL7KWZwSrkyf//yK21kXU6CQCfbpfB n8N/q24WzKHV5CntXEOKbYw= =7YL9 -----END PGP SIGNATURE----- --------------enig208F3956D8325540BA761055-- From MAILER-DAEMON Thu Feb 08 01:55:42 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF3C2-00022k-Jq for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 01:55:42 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF3C0-00020X-T1 for help-gnutls@gnu.org; Thu, 08 Feb 2007 01:55:40 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF3By-0001w4-8y for help-gnutls@gnu.org; Thu, 08 Feb 2007 01:55:39 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF3By-0001vs-5S for help-gnutls@gnu.org; Thu, 08 Feb 2007 01:55:38 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HF3Bx-0005w2-K3 for help-gnutls@gnu.org; Thu, 08 Feb 2007 01:55:37 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l186tKYb014034 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 07:55:23 +0100 From: Simon Josefsson To: David Given References: <87zm7qbhkz.fsf@latte.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:dg@cowlark.com::kqeBKxnP3hunBryT:0/cN X-Hashcash: 1:22:070208:help-gnutls@gnu.org::F/FHaDhy8hW8oSwK:BJwV Date: Thu, 08 Feb 2007 07:55:19 +0100 In-Reply-To: (David Given's message of "Thu\, 08 Feb 2007 01\:12\:39 +0000") Message-ID: <87lkj99m08.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 06:55:41 -0000 David Given writes: > Simon Josefsson wrote: > [...] >> That error happens if the server doesn't offer a ciphersuite that the >> client can accept. Often this is caused by missing X.509 CA and/or >> server certificate. Check with 'gnutls-cli' what key exchange is >> negotiated. If it is ANON, most clients will refuse to talk to you. >> >> Btw, example 7.4.5 is for anonymous authentication, try 7.4.1 instead. >> It is easy to change things, just add a X.509 credential and assign it >> to the session. > > Thanks. I was rather hoping to do without --- having to create a self-signed > certificate adds quite a lot of complexity to my install procedure --- but if > I have to... Many programs refuse to work if the server doesn't have a X.509 certificate, so yes, I'm afraid you'll have to add that to your server, or modify a lot of clients. > Incidentally, creating a private key with certtool takes several minutes. > Doing the same with openssl req appears to be more or less instant. Is this > normal? Yes. Certtool calls gcry_pk_genkey in libgcrypt, and it will read from /dev/random which often blocks waiting for more entropy. I really think it should be possible to do things faster, but the Linux kernel people appear to neglect to replace the current broken /dev/random code with something faster and more secure. A strace shows that OpenSSL uses /dev/urandom (and store state in ~/.rnd) for generating private keys. That device doesn't block, and may return data with little entropy. If you run 'openssl genrsa -rand file:/dev/random' it is also quite slow. /Simon From MAILER-DAEMON Thu Feb 08 02:12:05 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF3Rt-0002Cf-81 for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 02:12:05 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF3Rr-0002Bd-6E for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:12:03 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF3Rq-0002Aa-7K for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:12:02 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF3Rq-0002AS-3q for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:12:02 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HF3Rp-0008HK-BE for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:12:01 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l187Bqb8015632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 08:11:54 +0100 From: Simon Josefsson To: Matthias Wimmer References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:help-gnutls@gnu.org::nFs+i0/y9ByLgisH:EONR X-Hashcash: 1:22:070208:m@tthias.eu::kJ0uBahJEZcalUkX:P71p Date: Thu, 08 Feb 2007 08:11:52 +0100 In-Reply-To: <45CA4468.6020704@tthias.eu> (Matthias Wimmer's message of "Wed\, 07 Feb 2007 22\:28\:08 +0100") Message-ID: <87hctx9l8n.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: Verifying subjectAltNames X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 07:12:04 -0000 Matthias Wimmer writes: > Hi Simon! > > > I now implemented checking of id-on-xmppAddr in the RFC 3920 server > using libtasn1 directly (to be compatible with existing versions of > GnuTLS). Hi Matthias! Ok. > But I am still interested in having direct id-on-xmppAddr support in > GnuTLS, so I continued thinking about an interface: I don't think that > our initial idea would be working. (Having one or two functions > returning the OID for an otherName and its content.) > This won't work, as I think we cannot know the content of the > otherName.value part. In case of id-on-xmppAddr it is an UTF8String, > but I guess it might also use other string representations. So we will > still be only able to return known types of otherName. Right? My idea was to extract the raw bytes in the 'value' field of the otherName, and let the caller figure out how to interpret it. If the caller knows about the OID, that should be simple. This should work well for you, since for id-on-xmppAddr you could use the raw string as the UTF-8 string directly. However... > So if I am not wrong, we should be able to just extend > gnutls_x509_subject_alt_name_t to be able to represent id-on-xmppAddr > and report the new value back in > gnutls_x509_crt_get_subject_alt_name(). ...yes, I think we should do this. I have a partial implementation working now, but I could use a sample certificate with a id-on-xmppAddr to finish it. Could you send me one? I'll try to figure out how to create such a certificate using certtool as well... My current idea is that gnutls_x509_crt_get_subject_alt_name() can parse "virtual" SAN's, identified by: typedef enum gnutls_x509_subject_alt_name_t { GNUTLS_SAN_DNSNAME = 1, GNUTLS_SAN_RFC822NAME, GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS, GNUTLS_SAN_OTHERNAME, /* The following are "virtual" subject alternative name types, in that they are represented by an otherName value and an OID. */ GNUTLS_SAN_XMPP = 1000 } gnutls_x509_subject_alt_name_t; So if it finds an "otherName" which it understands (currently only XMPP), it should return GNUTLS_SAN_XMPP, otherwise it will return GNUTLS_SAN_OTHERNAME and the "value" data. I have one new API that will return the otherName OID, to handle non-supported otherName's. That should make it possible for others to use GnuTLS APIs instead of having to use libtasn1 directly, for other unsupported SAN's. /Simon From MAILER-DAEMON Thu Feb 08 02:27:18 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF3gc-0008J6-Ob for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 02:27:18 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF3gb-0008J1-Fr for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:27:17 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF3ga-0008Io-5C for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:27:16 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF3gZ-0008Il-Ve for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:27:16 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HF3gZ-00021u-HG for help-gnutls@gnu.org; Thu, 08 Feb 2007 02:27:15 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l187R4bD017443 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 08:27:09 +0100 From: Simon Josefsson To: Matthias Wimmer References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:m@tthias.eu::W6c0pYP61Fl9TAeg:P2Wp X-Hashcash: 1:22:070208:help-gnutls@gnu.org::+KS7WxjOfkXf2nYy:UR5B Date: Thu, 08 Feb 2007 08:27:04 +0100 In-Reply-To: <87hctx9l8n.fsf@latte.josefsson.org> (Simon Josefsson's message of "Thu\, 08 Feb 2007 08\:11\:52 +0100") Message-ID: <87d54l9kjb.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: Verifying subjectAltNames X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 07:27:17 -0000 Simon Josefsson writes: > ...yes, I think we should do this. I have a partial implementation > working now, but I could use a sample certificate with a > id-on-xmppAddr to finish it. Could you send me one? I'll try to > figure out how to create such a certificate using certtool as well... No need, I figured enough of the XMPP protocol to get gnutls-cli to STARTTLS to it, so I got jabber.org's certificate. This should be implemented soon. /Simon From MAILER-DAEMON Thu Feb 08 03:43:23 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF4sF-0002Cu-AV for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 03:43:23 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF4sD-0002Ch-Ma for help-gnutls@gnu.org; Thu, 08 Feb 2007 03:43:21 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF4sC-0002CV-Ak for help-gnutls@gnu.org; Thu, 08 Feb 2007 03:43:21 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF4sC-0002CS-1o for help-gnutls@gnu.org; Thu, 08 Feb 2007 03:43:20 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HF4sB-0003s4-3K for help-gnutls@gnu.org; Thu, 08 Feb 2007 03:43:19 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l188h8VO029609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 09:43:12 +0100 From: Simon Josefsson To: Matthias Wimmer References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> <87d54l9kjb.fsf@latte.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:m@tthias.eu::22xPOIYfEkOPfk+9:8Y2O X-Hashcash: 1:22:070208:help-gnutls@gnu.org::BfYzt7vTwojDH/CO:Rgh+ Date: Thu, 08 Feb 2007 09:43:07 +0100 In-Reply-To: <87d54l9kjb.fsf@latte.josefsson.org> (Simon Josefsson's message of "Thu\, 08 Feb 2007 08\:27\:04 +0100") Message-ID: <878xf99h0k.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: Verifying subjectAltNames X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 08:43:21 -0000 Simon Josefsson writes: > Simon Josefsson writes: > >> ...yes, I think we should do this. I have a partial implementation >> working now, but I could use a sample certificate with a >> id-on-xmppAddr to finish it. Could you send me one? I'll try to >> figure out how to create such a certificate using certtool as well... > > No need, I figured enough of the XMPP protocol to get gnutls-cli to > STARTTLS to it, so I got jabber.org's certificate. This should be > implemented soon. Ok, we now have generic support for otherName's in SAN, and specific support for XMPP. The NEWS entry is: ** Support for 'otherName' Subject Alternative Names. The existing API gnutls_x509_crt_get_subject_alt_name may now return the new type GNUTLS_SAN_OTHERNAME together with the otherName value. To find out the otherName OID (necessary for proper parsing of the value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid. For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to simplify OID matching. Suggested by Matthias Wimmer . ** Certtool can print otherName SAN values for certificates. For known otherName OIDs (currently only id-on-xmppAddr as defined by RFC 3920), it will also print the name. ... ** API and ABI modifications: gnutls_x509_crt_get_subject_alt_othername_oid: ADD. GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element. GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element. For the jabber.org certificate, certtool in CVS prints: X.509 Extensions: Subject Alternative name: otherName: DER: 0c0a6a61626265722e6f7267 ASCII: ..jabber.org OID: 1.3.6.1.5.5.7.8.5 (id-on-xmppAddr) DNSname: jabber.org DNSname: *.jabber.org ... I'm not sure whether the 0c0a should have been stripped or not. Possibly libtasn1 should have done that. It looks like length fields (first 0c includes second length field and the final zero, second 0a give length of the string without final zero). Feedback on that would be appreciated. I suspect the lengths are specific to UTF8String, so gnutls_x509_crt_get_subject_alt_name probably shouldn't mess with it. But I'm not sure. If it helps, we can provide a decoding-function for UTF8String if you like, though. I slightly changed the API since earlier e-mails, so that gnutls_x509_crt_get_subject_alt_name doesn't return the GNUTLS_SAN_OTHERNAME_* types. It was easier to implement and will be easier to use too. Let me know if this looks good for you, and I'll release 1.7.6. /Simon From MAILER-DAEMON Thu Feb 08 04:50:44 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF5vP-0007kd-HW for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 04:50:44 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF5vN-0007iZ-ER for help-gnutls@gnu.org; Thu, 08 Feb 2007 04:50:41 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF5vK-0007h7-0k for help-gnutls@gnu.org; Thu, 08 Feb 2007 04:50:40 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF5vI-0007gy-HY for help-gnutls@gnu.org; Thu, 08 Feb 2007 04:50:36 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HF5vI-0000BB-1j for help-gnutls@gnu.org; Thu, 08 Feb 2007 04:50:36 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 461B0D54C0 for ; Thu, 8 Feb 2007 09:50:33 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 23788-Uew4NI; Thu, 08 Feb 2007 09:50:33 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 16329D54AC; Thu, 8 Feb 2007 09:50:27 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Thu, 8 Feb 2007 10:50:27 +0100 Message-ID: <1170928227.45caf26307302@csa.csp.it> Date: Thu, 8 Feb 2007 10:50:27 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> In-Reply-To: <87tzxy9ceq.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.53; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] manual GnuTLS X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 09:50:42 -0000 Hi all, in manual gnutls, subsection 7.4.3 there is an example "Echo server with OpenPGP". I see this example but it use certificate X.509 and not pgp keys. Is it a= n error in the title? Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Thu Feb 08 06:12:39 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF7Ch-00044u-NE for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 06:12:39 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF7Cg-00044Q-8u for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:12:38 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF7Cd-00043t-2u for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:12:37 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF7Cc-00043q-T3 for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:12:34 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HF7Cc-0005E7-II for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:12:34 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 29BBAD549C for ; Thu, 8 Feb 2007 11:12:33 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 26474-ImT0f8; Thu, 08 Feb 2007 11:12:33 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 034E4D5494; Thu, 8 Feb 2007 11:12:26 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Thu, 8 Feb 2007 12:12:26 +0100 Message-ID: <1170933146.45cb059ae8528@csa.csp.it> Date: Thu, 8 Feb 2007 12:12:26 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> <87d54l9kjb.fsf@latte.josefsson.org> <878xf99h0k.fsf@latte.josefsson.org> In-Reply-To: <878xf99h0k.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.34; VDF: 6.37.1.54; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] gnutls/extra.h X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 11:12:38 -0000 Hi all, can someone send me package gnutls/extra.h? If I run cc -o ex-serv-pgp ex-serv-pgp.c -I/usr/lib/ -L/usr/lib/ -lgnutls it return /tmp/ccAoyU22.o: In function `main':ex-serv-pgp.c:(.text+0x100): undefine= d reference to `gnutls_certificate_set_openpgp_keyring_file' This function in gnutls\extra.h. Isn't it istalled by default with gnutls= ? Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Thu Feb 08 06:48:56 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HF7lo-00055P-JP for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 06:48:56 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HF7lm-00053K-Ty for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:48:54 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HF7lk-0004zI-UQ for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:48:54 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HF7lk-0004yy-OZ for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:48:52 -0500 Received: from mx20.gnu.org ([199.232.41.8]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HF7lk-0003CV-2r for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:48:52 -0500 Received: from smurf.noris.de ([192.109.102.42]) by mx20.gnu.org with esmtp (Exim 4.52) id 1HF7li-0007i0-BN for help-gnutls@gnu.org; Thu, 08 Feb 2007 06:48:50 -0500 Received: from kiste.smurf.noris.de ([192.109.102.35] ident=mail) by smurf.noris.de with smtp (Exim 4.60) (envelope-from ) id 1HF7HT-0002Lx-Me; Thu, 08 Feb 2007 12:17:36 +0100 Received: (nullmailer pid 6231 invoked by uid 501); Thu, 08 Feb 2007 11:17:35 -0000 Date: Thu, 8 Feb 2007 12:17:35 +0100 To: dellanna@csp.it Subject: Re: [Help-gnutls] gnutls/extra.h Message-ID: <20070208111735.GP25410@kiste.smurf.noris.de> References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> <87d54l9kjb.fsf@latte.josefsson.org> <878xf99h0k.fsf@latte.josefsson.org> <1170933146.45cb059ae8528@csa.csp.it> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3wyj3Xt2kUWLNC5K" Content-Disposition: inline In-Reply-To: <1170933146.45cb059ae8528@csa.csp.it> User-Agent: Mutt/1.5.12-2006-07-14 From: Matthias Urlichs X-Smurf-Spam-Score: -2.6 (--) X-Smurf-Whitelist: +relay_from_hosts X-detected-kernel: Windows XP SP1+, 2000 SP3 X-Greylist: delayed 1859 seconds by postgrey-1.27 at nadesico; Thu, 08 Feb 2007 06:48:38 EST X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 11:48:55 -0000 --3wyj3Xt2kUWLNC5K Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, dellanna@csp.it: > can someone send me package gnutls/extra.h? No. ;-) > If I run > cc -o ex-serv-pgp ex-serv-pgp.c -I/usr/lib/ -L/usr/lib/ -lgnutls The -I and -L option are superfluous. You need -lgnutls-extra. >=20 > This function in gnutls\extra.h. Isn't it istalled by default with gnutls? >=20 gnutls/extra.h doesn't contain any functions. It does contain a few function *prototypes*, but that's not the same thing. --=20 Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de - - Promising costs nothing, it's the delivering that kills you. --3wyj3Xt2kUWLNC5K Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFFywbO8+hUANcKr/kRAlDAAKCDrLwU0ONIovUXU2RG32YN/XAAuACgnjUW zihm9XtmbD0SUVRwKhM6Ag0= =kqgU -----END PGP SIGNATURE----- --3wyj3Xt2kUWLNC5K-- From MAILER-DAEMON Thu Feb 08 09:44:30 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFAVi-00071e-PR for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 09:44:30 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFAVh-0006zn-37 for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:44:29 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFAVf-0006yQ-TK for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:44:28 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFAVf-0006yI-Oq for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:44:27 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFAVf-0000oo-4D for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:44:27 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l18EiAqi007795 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 15:44:13 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:dellanna@csp.it::WhJU3PQ+BgASUXW5:uNp X-Hashcash: 1:22:070208:help-gnutls@gnu.org::9TPPkegYCqqmPfbe:Jhj0 Date: Thu, 08 Feb 2007 15:44:09 +0100 In-Reply-To: <1170928227.45caf26307302@csa.csp.it> (dellanna@csp.it's message of "Thu\, 8 Feb 2007 10\:50\:27 +0100") Message-ID: <874ppwaeva.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: manual GnuTLS X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 14:44:29 -0000 dellanna@csp.it writes: > Hi all, > in manual gnutls, subsection 7.4.3 there is an example "Echo server with > OpenPGP". > I see this example but it use certificate X.509 and not pgp keys. Is it an error > in the title? Where are you looking? It does use pgp keys, see: http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html /Simon From MAILER-DAEMON Thu Feb 08 09:46:52 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFAY0-0000G2-14 for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 09:46:52 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFAXx-0000Ay-Sd for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:46:49 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFAXx-00009Q-6G for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:46:49 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFAXw-00008z-U3 for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:46:48 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFAXw-0001FO-DA for help-gnutls@gnu.org; Thu, 08 Feb 2007 09:46:48 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l18EkYrl008178 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 15:46:34 +0100 From: Simon Josefsson To: dellanna@csp.it References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> <87d54l9kjb.fsf@latte.josefsson.org> <878xf99h0k.fsf@latte.josefsson.org> <1170933146.45cb059ae8528@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:help-gnutls@gnu.org::4XMVXgN3SShjudey:6qy1 X-Hashcash: 1:22:070208:dellanna@csp.it::3k+w9eWe+kyUUUeV:PQyb Date: Thu, 08 Feb 2007 15:46:33 +0100 In-Reply-To: <1170933146.45cb059ae8528@csa.csp.it> (dellanna@csp.it's message of "Thu\, 8 Feb 2007 12\:12\:26 +0100") Message-ID: <87zm7o906u.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: gnutls/extra.h X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 14:46:50 -0000 dellanna@csp.it writes: > Hi all, > can someone send me package gnutls/extra.h? > If I run > cc -o ex-serv-pgp ex-serv-pgp.c -I/usr/lib/ -L/usr/lib/ -lgnutls > it return > > /tmp/ccAoyU22.o: In function `main':ex-serv-pgp.c:(.text+0x100): undefined > reference to `gnutls_certificate_set_openpgp_keyring_file' > > This function in gnutls\extra.h. Isn't it istalled by default with gnutls? You need to read the manual more carefully. The OpenPGP support is in the libgnutls-extra library, so you'll need to link to it too: cc -o ex-serv-pgp ex-serv-pgp.c -lgnutls -lgnutls-extra /Simon From MAILER-DAEMON Thu Feb 08 15:54:27 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFGHj-0007nS-7G for mharc-help-gnutls@gnu.org; Thu, 08 Feb 2007 15:54:27 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFGHh-0007jY-C4 for help-gnutls@gnu.org; Thu, 08 Feb 2007 15:54:25 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFGHf-0007iJ-VB for help-gnutls@gnu.org; Thu, 08 Feb 2007 15:54:25 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFGHf-0007iG-Rf for help-gnutls@gnu.org; Thu, 08 Feb 2007 15:54:23 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFGHf-0007WG-9e for help-gnutls@gnu.org; Thu, 08 Feb 2007 15:54:23 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l18KsERk022155 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Feb 2007 21:54:15 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070208:help-gnutls@gnu.org::BvxAR1xF2j3ycKi8:8oj0 X-Hashcash: 1:22:070208:dellanna@csp.it::34rjUxYqVOjBntf6:8LBH Date: Thu, 08 Feb 2007 21:54:13 +0100 In-Reply-To: <1170946974.45cb3b9ea8b72@csa.csp.it> (dellanna@csp.it's message of "Thu\, 8 Feb 2007 16\:02\:54 +0100") Message-ID: <87r6t08j62.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: manual GnuTLS X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2007 20:54:25 -0000 dellanna@csp.it writes: > Hi, > thank you for the correct link. > In the pdf version that I send you as attachment, there is an error. > I think it is an error of "writing" because pag 68 there is the following row: > > gnutls_certificate_credentials_t x509_cred; > > and in the same page there is: > > gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred). Yes, you are right, and that was fixed some time ago. You can get the latest manual from . There has been many improvements since the version you appear to be using, so I recommend to upgrade to avoid these kind of problems. /Simon > Simone. > > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > Hi all, >> > in manual gnutls, subsection 7.4.3 there is an example "Echo server with >> > OpenPGP". >> > I see this example but it use certificate X.509 and not pgp keys. Is it an >> error >> > in the title? >> >> Where are you looking? It does use pgp keys, see: >> >> > http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html >> >> /Simon >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Fri Feb 09 08:44:29 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFW3B-0008Ak-59 for mharc-help-gnutls@gnu.org; Fri, 09 Feb 2007 08:44:29 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFW38-0008Aa-WD for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:44:27 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFW36-0008AC-JQ for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:44:26 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFW36-0008A9-GQ for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:44:24 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HFW36-0006pR-1K for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:44:24 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 8A09ED54BE for ; Fri, 9 Feb 2007 13:44:21 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 58703-PIVh0Y; Fri, 09 Feb 2007 13:44:21 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 90461D54BB; Fri, 9 Feb 2007 13:44:19 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Fri, 9 Feb 2007 14:44:19 +0100 Message-ID: <1171028659.45cc7ab380d42@csa.csp.it> Date: Fri, 9 Feb 2007 14:44:19 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> In-Reply-To: <87r6t08j62.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.64; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 13:44:27 -0000 Hi all, I tried to test the example in manual "Echo Server with OpenPGP" (subsect= ion 7.4.3). It work correctly on server side; infact it return "Echo Server ready. Li= stening to port '5556' ", But on client side I used gnutls-client. The problem is the following: 1. if I run gnutls-cli -p 5556 hostname on server side was returned "hand= shake failed" 2. If I run gnutls-cli -p 5556 hostname -s was returned the same error. I think this error was occur because the server wait to receive pgp key, = isn't it? I'm not very familiar with gnutls-cli; how can I use it to test authentication-pgp? If I use "man gnutls-cli" it return the manual but it is vey short :). Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Fri Feb 09 08:50:08 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFW8d-0002Gh-Tc for mharc-help-gnutls@gnu.org; Fri, 09 Feb 2007 08:50:07 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFW8c-0002Fe-V2 for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:50:07 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFW8b-0002EX-4j for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:50:06 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFW8b-0002EB-07 for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:50:05 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFW8a-0007rx-F5 for help-gnutls@gnu.org; Fri, 09 Feb 2007 08:50:04 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l19Dnh4h011534 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Feb 2007 14:49:43 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070209:dellanna@csp.it::5zO0B6qqJWbE3J8i:BzzE X-Hashcash: 1:22:070209:help-gnutls@gnu.org::iE+yM8lEGGxSV3yQ:bWdr Date: Fri, 09 Feb 2007 14:49:42 +0100 In-Reply-To: <1171028659.45cc7ab380d42@csa.csp.it> (dellanna@csp.it's message of "Fri\, 9 Feb 2007 14\:44\:19 +0100") Message-ID: <87odo34f0p.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 13:50:07 -0000 dellanna@csp.it writes: > Hi all, > I tried to test the example in manual "Echo Server with OpenPGP" (subsection > 7.4.3). > It work correctly on server side; infact it return "Echo Server ready. Listening > to port '5556' ", > But on client side I used gnutls-client. The problem is the following: > 1. if I run gnutls-cli -p 5556 hostname on server side was returned "handshake > failed" > 2. If I run gnutls-cli -p 5556 hostname -s was returned the same error. > > I think this error was occur because the server wait to receive pgp key, isn't > it? > > I'm not very familiar with gnutls-cli; how can I use it to test > authentication-pgp? > If I use "man gnutls-cli" it return the manual but it is vey short :). Are you still using gnutls 1.4.4? Run 'gnutls-cli --version' to find out. If so, I think you'll need to upgrade, there has been several OpenPGP related fixes since that release. I don't provide unpaid support for old versions. Btw, you can test whether your gnutls-cli is OK or not by pointing it at test.gnutls.org. With the latest release, the following works: $ gnutls-cli -p 5556 test.gnutls.org Resolving 'test.gnutls.org'... Connecting to '217.13.230.178:5556'... - Successfully sent 0 certificate(s) to server. - Certificate type: OpenPGP # The hostname in the key matches 'test.gnutls.org'. # Key was created at: Tue Feb 6 16:27:20 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: 59:6B:97:17:CB:98:9A:14:25:FE:AD:1C:AE:5F:AD:3E:5D:1D:14:D8 # NAME: test.gnutls.org - Peer's key is valid - Could not find a signer of the peer's key - Version: TLS 1.2 - Key Exchange: DHE DSS - Cipher: AES 256 CBC - MAC: SHA - Compression: LZO - Handshake was completed - Simple Client Mode: /Simon From MAILER-DAEMON Fri Feb 09 09:03:41 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFWLl-0000FO-AO for mharc-help-gnutls@gnu.org; Fri, 09 Feb 2007 09:03:41 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFWLj-0000FJ-9F for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:03:39 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFWLh-0000F7-OB for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:03:38 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFWLh-0000F4-Jl for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:03:37 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HFWLg-0001Un-O6 for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:03:37 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 14361D54C2; Fri, 9 Feb 2007 14:03:36 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 59251-MLLA7e; Fri, 09 Feb 2007 14:03:35 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 9EFA7D54BE; Fri, 9 Feb 2007 14:03:33 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Fri, 9 Feb 2007 15:03:33 +0100 Message-ID: <1171029813.45cc7f358ea00@csa.csp.it> Date: Fri, 9 Feb 2007 15:03:33 +0100 From: dellanna@csp.it To: Simon Josefsson References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> In-Reply-To: <87odo34f0p.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.65; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 14:03:39 -0000 Ok, the version of my gnutls-client is 1.2.9 and the output of test is the following: resolving 'test.gnutls.org'... Connecting to '217.13.230.178:5556'... - Successfully sent 0 certificate(s) to server. - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate matches 'test.gnutls.org'. # valid since: Tue Feb 6 14:02:11 CET 2007 # expires at: Wed Feb 6 14:02:11 CET 2008 # fingerprint: CB:4A:00:E0:65:A5:C3:9D:E0:5D:AB:CF:3A:2C:82:74 # Subject's DN: O=3DGnuTLS test server,CN=3Dtest.gnutls.org # Issuer's DN: CN=3DGnuTLS test CA - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS 1.1 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: As you can see, It don't support OpenPGP. Can you send me link of latest = version of gnutls-cli, please? Simone. Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Hi all, > > I tried to test the example in manual "Echo Server with OpenPGP" > (subsection > > 7.4.3). > > It work correctly on server side; infact it return "Echo Server ready= . > Listening > > to port '5556' ", > > But on client side I used gnutls-client. The problem is the following= : > > 1. if I run gnutls-cli -p 5556 hostname on server side was returned > "handshake > > failed" > > 2. If I run gnutls-cli -p 5556 hostname -s was returned the same erro= r. > > > > I think this error was occur because the server wait to receive pgp k= ey, > isn't > > it? > > > > I'm not very familiar with gnutls-cli; how can I use it to test > > authentication-pgp? > > If I use "man gnutls-cli" it return the manual but it is vey short :)= . > > Are you still using gnutls 1.4.4? Run 'gnutls-cli --version' to find > out. If so, I think you'll need to upgrade, there has been several > OpenPGP related fixes since that release. I don't provide unpaid > support for old versions. > > Btw, you can test whether your gnutls-cli is OK or not by pointing it > at test.gnutls.org. With the latest release, the following works: > > $ gnutls-cli -p 5556 test.gnutls.org > Resolving 'test.gnutls.org'... > Connecting to '217.13.230.178:5556'... > - Successfully sent 0 certificate(s) to server. > - Certificate type: OpenPGP > # The hostname in the key matches 'test.gnutls.org'. > # Key was created at: Tue Feb 6 16:27:20 CET 2007 > # Key expires: Never > # PGP Key version: 4 > # PGP Key public key algorithm: DSA (1024 bits) > # PGP Key fingerprint: > 59:6B:97:17:CB:98:9A:14:25:FE:AD:1C:AE:5F:AD:3E:5D:1D:14:D8 > # NAME: test.gnutls.org > > - Peer's key is valid > - Could not find a signer of the peer's key > - Version: TLS 1.2 > - Key Exchange: DHE DSS > - Cipher: AES 256 CBC > - MAC: SHA > - Compression: LZO > - Handshake was completed > > - Simple Client Mode: > > /Simon > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Fri Feb 09 09:14:46 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFWWU-0005CN-7S for mharc-help-gnutls@gnu.org; Fri, 09 Feb 2007 09:14:46 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFWWS-0005CI-Ca for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:14:44 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFWWP-0005AW-QL for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:14:43 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFWWP-0005AJ-Kc for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:14:41 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFWWP-0003Ri-4L for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:14:41 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l19EERE8016856 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Feb 2007 15:14:30 +0100 From: Simon Josefsson To: dellanna@csp.it References: <87sldovkfx.fsf@latte.josefsson.org> <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070209:help-gnutls@gnu.org::mS9FCV7hPOiF9ABF:Dd4T X-Hashcash: 1:22:070209:dellanna@csp.it::dnOxqtXAPsKXCf8B:X0HI Date: Fri, 09 Feb 2007 15:14:26 +0100 In-Reply-To: <1171029813.45cc7f358ea00@csa.csp.it> (dellanna@csp.it's message of "Fri\, 9 Feb 2007 15\:03\:33 +0100") Message-ID: <87k5yr4dvh.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 14:14:44 -0000 dellanna@csp.it writes: > Ok, > the version of my gnutls-client is 1.2.9 and the output of test is the > following: ... Try starting it with '--ctypes openpgp'. However, I suspect it is too old. > As you can see, It don't support OpenPGP. Can you send me link of > latest version of gnutls-cli, please? See . /Simon From MAILER-DAEMON Fri Feb 09 09:17:49 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFWZR-0005mf-75 for mharc-help-gnutls@gnu.org; Fri, 09 Feb 2007 09:17:49 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFWZP-0005lo-Bv for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:17:47 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFWZM-0005kk-T0 for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:17:46 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFWZM-0005kg-L9 for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:17:44 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFWZM-00044P-3O for help-gnutls@gnu.org; Fri, 09 Feb 2007 09:17:44 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l19EHWEa018024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Feb 2007 15:17:33 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070209:help-gnutls@gnu.org::Ylq2A5XFBnVZq+mb:6MN X-Hashcash: 1:22:070209:dellanna@csp.it::NXtHg8Vx9y5G4eBa:0XgHH Date: Fri, 09 Feb 2007 15:17:31 +0100 In-Reply-To: <87k5yr4dvh.fsf@latte.josefsson.org> (Simon Josefsson's message of "Fri\, 09 Feb 2007 15\:14\:26 +0100") Message-ID: <87fy9f4dqc.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 14:17:47 -0000 Simon Josefsson writes: >> As you can see, It don't support OpenPGP. Can you send me link of >> latest version of gnutls-cli, please? > > See . Btw, for better OpenPGP support, you will need the latest development branch. Get it from: ftp://ftp.gnutls.org/pub/gnutls/devel /Simon From MAILER-DAEMON Fri Feb 09 10:06:25 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFXKT-0006ig-4i for mharc-help-gnutls@gnu.org; Fri, 09 Feb 2007 10:06:25 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFXKQ-0006h6-W4 for help-gnutls@gnu.org; Fri, 09 Feb 2007 10:06:23 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFXKO-0006ee-Rc for help-gnutls@gnu.org; Fri, 09 Feb 2007 10:06:21 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFXKO-0006eT-FV for help-gnutls@gnu.org; Fri, 09 Feb 2007 10:06:20 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HFXKN-0004gS-Tz for help-gnutls@gnu.org; Fri, 09 Feb 2007 10:06:20 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 4FCB7D549D; Fri, 9 Feb 2007 15:06:18 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 61111-mde3He; Fri, 09 Feb 2007 15:06:18 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 247DDD549F; Fri, 9 Feb 2007 15:06:12 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Fri, 9 Feb 2007 16:06:12 +0100 Message-ID: <1171033572.45cc8de40fbc5@csa.csp.it> Date: Fri, 9 Feb 2007 16:06:12 +0100 From: dellanna@csp.it To: Simon Josefsson References: <1170418623.45c32bbf0d773@csa.csp.it> <87k5z0vgm7.fsf@latte.josefsson.org> <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> In-Reply-To: <87fy9f4dqc.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.65; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 15:06:23 -0000 Scrive Simon Josefsson : > Btw, for better OpenPGP support, you will need the latest development > branch. Get it from: > > ftp://ftp.gnutls.org/pub/gnutls/devel > > /Simon > > I installed the new version of gnutls, but the problem that it was return= ed is the same. Any advise? P.S. What means "Simple Client Mode"? Simone ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Sat Feb 10 12:07:47 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HFvhT-0003nE-Fz for mharc-help-gnutls@gnu.org; Sat, 10 Feb 2007 12:07:47 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HFvhR-0003n7-He for help-gnutls@gnu.org; Sat, 10 Feb 2007 12:07:45 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HFvhQ-0003mt-Dv for help-gnutls@gnu.org; Sat, 10 Feb 2007 12:07:45 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HFvhQ-0003mq-7T for help-gnutls@gnu.org; Sat, 10 Feb 2007 12:07:44 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HFvhP-0003jh-On for help-gnutls@gnu.org; Sat, 10 Feb 2007 12:07:43 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HFvhH-00018E-8w for help-gnutls@gnu.org; Sat, 10 Feb 2007 18:07:35 +0100 Received: from tiar.cowlark.co.uk ([81.187.191.218]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 10 Feb 2007 18:07:35 +0100 Received: from dg by tiar.cowlark.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 10 Feb 2007 18:07:35 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: David Given Date: Sat, 10 Feb 2007 17:07:54 +0000 Lines: 58 Message-ID: References: <87zm7qbhkz.fsf@latte.josefsson.org> <87lkj99m08.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig699572C49A9B3A92F41FDBED" X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: tiar.cowlark.co.uk User-Agent: Thunderbird 1.5.0.9 (X11/20061206) In-Reply-To: <87lkj99m08.fsf@latte.josefsson.org> X-Enigmail-Version: 0.94.0.0 Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Feb 2007 17:07:46 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig699572C49A9B3A92F41FDBED Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Simon Josefsson wrote: [...] > Many programs refuse to work if the server doesn't have a X.509 > certificate, so yes, I'm afraid you'll have to add that to your > server, or modify a lot of clients. It's all working now, thanks. Although I will admit that setting all the = code up was not pretty --- the documentation's very hazy on what the various functions return if something goes wrong (such as not being able to read = the keyfiles), and I've found that in order to make it fall back on anonymous= authentication if the keys don't work I have to call gnutls_kx_set_priori= ty(), which surprises me as the documentation swears blind that it's ignored on= servers. Incidentally, my various early blundering attempts managed to get a numbe= r of things wrong, which caused gnutls-cli to fall over good and hard. Is this= important? --=20 =E2=94=8C=E2=94=80=E2=94=80 =EF=BD=84=EF=BD=87=EF=BC=A0=EF=BD=83=EF=BD=8F= =EF=BD=97=EF=BD=8C=EF=BD=81=EF=BD=92=EF=BD=8B=EF=BC=8E=EF=BD=83=EF=BD=8F=EF= =BD=8D =E2=94=80=E2=94=80=E2=94=80 http://www.cowlark.com =E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80 =E2=94=82 "I have always wished for my computer to be as easy to use as m= y =E2=94=82 telephone; my wish has come true because I can no longer figure= out how to =E2=94=82 use my telephone." --- Bjarne Stroustrup --------------enig699572C49A9B3A92F41FDBED Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzfvtf9E0noFvlzgRAoW4AKDQs6SlhByLLhOUSa7YzGhlrBH6oACbBfQ9 6ZDAIZDDFUlDgQNMA9XzZnM= =XIGv -----END PGP SIGNATURE----- --------------enig699572C49A9B3A92F41FDBED-- From MAILER-DAEMON Mon Feb 12 04:04:40 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGX72-0003lC-Bs for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 04:04:40 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGX70-0003l1-Bz for help-gnutls@gnu.org; Mon, 12 Feb 2007 04:04:38 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGX6x-0003j9-KJ for help-gnutls@gnu.org; Mon, 12 Feb 2007 04:04:37 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGX6x-0003is-5R for help-gnutls@gnu.org; Mon, 12 Feb 2007 04:04:35 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGX6w-0007rZ-HS for help-gnutls@gnu.org; Mon, 12 Feb 2007 04:04:34 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1C93Evt011043 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 10:03:15 +0100 From: Simon Josefsson To: David Given References: <87zm7qbhkz.fsf@latte.josefsson.org> <87lkj99m08.fsf@latte.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:dg@cowlark.com::Hi9eRbEaDtcnYQ6A:8QUF X-Hashcash: 1:22:070212:help-gnutls@gnu.org::eyPRni7skWg7OjL/:GbYv Date: Mon, 12 Feb 2007 10:03:14 +0100 In-Reply-To: (David Given's message of "Sat\, 10 Feb 2007 17\:07\:54 +0000") Message-ID: <87zm7j3fzh.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 09:04:38 -0000 David Given writes: > Simon Josefsson wrote: > [...] >> Many programs refuse to work if the server doesn't have a X.509 >> certificate, so yes, I'm afraid you'll have to add that to your >> server, or modify a lot of clients. > > It's all working now, thanks. Although I will admit that setting all the code > up was not pretty --- the documentation's very hazy on what the various > functions return if something goes wrong (such as not being able to read the > keyfiles) This kind of feedback is very important, could you please describe in more detail what documentation lead you wrong, and what mistakes you did? The documentation isn't perfect, but in order to know where to spend time improving it, it is useful to know where the weakest parts are. > and I've found that in order to make it fall back on anonymous > authentication if the keys don't work I have to call > gnutls_kx_set_priority(), which surprises me as the documentation > swears blind that it's ignored on servers. Hm, the documentation for that function says: * Note that the priority is set on the client. The server does * not use the algorithm's priority except for disabling * algorithms that were not specified. I suspect that is what happened. Did you call gnutls_set_default_priority() first, and thought it would be sufficient to get ANON to work? It isn't, if you want ANON to work, you must call gnutls_kx_set_priority(). The default cipher suite list doesn't include ANON, so the server will disable that KX unless you manually added it. Hm. I'd agree that you don't really get the full picture from that docstring... I have had similar problems recently -- SRP/PSK isn't used unless you set them early in gnutls_kx_set_priority. It would be better if SRP/PSK was the first default KX's, and they disabled themselves unless there were SRP/PSK credentials available. I think that would better match the preferred logic by most applications. Few programs will prefer ANON cipher suites if it set a valid and working SRP/PSK credential. I think the current logic is both sub-optimal and under-documented. It would be better if gnutls_set_default_priority() enabled more ciphers by default (e.g., PSK/SRP and maybe ANON), and that other parts of GnuTLS disable them if there aren't credentials available. In any case, the documentation should make it clear that you need to tinker with gnutls_*_set_priority to enable certain functionality. > Incidentally, my various early blundering attempts managed to get a number of > things wrong, which caused gnutls-cli to fall over good and hard. Is this > important? Yes, anything that fails hard is a serious bug. Please let me know! /Simon From MAILER-DAEMON Mon Feb 12 05:27:11 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGYOt-0000IB-NI for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 05:27:11 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGYOs-0000I6-HK for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:27:10 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGYOr-0000Hu-RX for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:27:10 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGYOr-0000Hr-PB for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:27:09 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGYOr-00056r-C3 for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:27:09 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 15E40D54D5 for ; Mon, 12 Feb 2007 10:27:03 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 6629-LDsONM; Mon, 12 Feb 2007 10:27:02 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 3B12CD54BF; Mon, 12 Feb 2007 10:26:58 +0000 (GMT) Received: from corniola.csp.it (corniola.csp.it [194.116.9.26]) by csa.csp.it (IMP) with HTTP for ; Mon, 12 Feb 2007 11:26:58 +0100 Message-ID: <1171276018.45d040f22852e@csa.csp.it> Date: Mon, 12 Feb 2007 11:26:58 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <87zm7qbhkz.fsf@latte.josefsson.org> <87lkj99m08.fsf@latte.josefsson.org> <87zm7j3fzh.fsf@latte.josefsson.org> In-Reply-To: <87zm7j3fzh.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.26 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.71; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] gnutls open pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 10:27:10 -0000 Hi all, can someone tell me where I can find one client with pgp autentication to= test "Echo Server with OpenPGP authentication"? (example pag 68 of manual). This example: 1. Prepare the TLS connection; 2. It's in waiting to accept the OpenPGP certyificate. Isn't it? It is necessary the client application that: 1. Connect on server using TLS connection; 2. Provide one certificate OpenPGP. Is correct this scenario? Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Mon Feb 12 05:30:55 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGYSV-0004O4-3b for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 05:30:55 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGYST-0004MA-Ef for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:30:53 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGYSQ-0004Jq-Qe for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:30:53 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGYSQ-0004Jd-95 for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:30:50 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGYSP-0005yq-Pd for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:30:50 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1CAUV8b029766 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 11:30:36 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:dellanna@csp.it::5SU3XZqhPQWm5Yj/:c9A X-Hashcash: 1:22:070212:help-gnutls@gnu.org::PPQjcwqukMgX2zWX:GKPE Date: Mon, 12 Feb 2007 11:30:31 +0100 In-Reply-To: <1171033572.45cc8de40fbc5@csa.csp.it> (dellanna@csp.it's message of "Fri\, 9 Feb 2007 16\:06\:12 +0100") Message-ID: <87abzj3by0.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 10:30:53 -0000 dellanna@csp.it writes: > Scrive Simon Josefsson : > >> Btw, for better OpenPGP support, you will need the latest development >> branch. Get it from: >> >> ftp://ftp.gnutls.org/pub/gnutls/devel >> >> /Simon >> >> > > I installed the new version of gnutls, but the problem that it was returned is > the same. > Any advise? Are you sure you are using the new gnutls-cli and not the old? Try this: $ gnutls-cli --version gnutls-cli (GnuTLS) 1.7.6 $ gnutls-cli --port 5556 test.gnutls.org Resolving 'test.gnutls.org'... Connecting to '217.13.230.178:5556'... - Successfully sent 0 certificate(s) to server. - Certificate type: OpenPGP # The hostname in the key matches 'test.gnutls.org'. # Key was created at: Tue Feb 6 16:27:20 CET 2007 # Key expires: Never # PGP Key version: 4 # PGP Key public key algorithm: DSA (1024 bits) # PGP Key fingerprint: 59:6B:97:17:CB:98:9A:14:25:FE:AD:1C:AE:5F:AD:3E:5D:1D:14:D8 # NAME: test.gnutls.org - Peer's key is valid - Could not find a signer of the peer's key - Version: TLS 1.2 - Key Exchange: DHE DSS - Cipher: AES 256 CBC - MAC: SHA - Compression: LZO - Handshake was completed - Simple Client Mode: > P.S. What means "Simple Client Mode"? It means that what you type into the client on stdin is sent to the server, and what is received from the server is printed on stdout. /Simon From MAILER-DAEMON Mon Feb 12 05:45:41 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGYgn-0003c9-Am for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 05:45:41 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGYgl-0003c4-ML for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:45:39 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGYgi-0003bs-UW for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:45:38 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGYgi-0003bp-HS for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:45:36 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGYgh-0001ZB-Um for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:45:36 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 3083CD54A3; Mon, 12 Feb 2007 10:45:35 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 7451-wK79dO; Mon, 12 Feb 2007 10:45:35 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 4EC79D54B5; Mon, 12 Feb 2007 10:45:30 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Mon, 12 Feb 2007 11:45:30 +0100 Message-ID: <1171277130.45d0454a3d194@csa.csp.it> Date: Mon, 12 Feb 2007 11:45:30 +0100 From: dellanna@csp.it To: Simon Josefsson References: <1170431003.45c35c1b29a34@csa.csp.it> <87tzxzg4yz.fsf@latte.josefsson.org> <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> In-Reply-To: <87abzj3by0.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.71; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 10:45:40 -0000 Yes, I'm using 1.7.5 version because if I run gnutls-cli --version the output = is: gnutls-cli (GnuTLS) 1.7.5. But if I run gnutls-cli --port 5556 test.gnutls.org it return the follow= ing error: global_init_extra: The GnuTLS library version does not match the GnuTLS-e= xtra library version. Resolving 'test.gnutls.org'... Connecting to '217.13.230.178:5556'... *** Fatal error: The initialization of GnuTLS-extra has failed. *** Handshake has failed GNUTLS ERROR: The initialization of GnuTLS-extra has failed. The problem is GnuTLS-extra? Simone. Scrive Simon Josefsson : > Are you sure you are using the new gnutls-cli and not the old? Try > this: > > $ gnutls-cli --version > gnutls-cli (GnuTLS) 1.7.6 > $ gnutls-cli --port 5556 test.gnutls.org > Resolving 'test.gnutls.org'... > Connecting to '217.13.230.178:5556'... > - Successfully sent 0 certificate(s) to server. > - Certificate type: OpenPGP > # The hostname in the key matches 'test.gnutls.org'. > # Key was created at: Tue Feb 6 16:27:20 CET 2007 > # Key expires: Never > # PGP Key version: 4 > # PGP Key public key algorithm: DSA (1024 bits) > # PGP Key fingerprint: > 59:6B:97:17:CB:98:9A:14:25:FE:AD:1C:AE:5F:AD:3E:5D:1D:14:D8 > # NAME: test.gnutls.org > > - Peer's key is valid > - Could not find a signer of the peer's key > - Version: TLS 1.2 > - Key Exchange: DHE DSS > - Cipher: AES 256 CBC > - MAC: SHA > - Compression: LZO > - Handshake was completed > > - Simple Client Mode: > > > P.S. What means "Simple Client Mode"? > > It means that what you type into the client on stdin is sent to the > server, and what is received from the server is printed on stdout. > > /Simon > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Mon Feb 12 05:49:35 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGYkZ-0005pj-3l for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 05:49:35 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGYkY-0005nW-4O for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:49:34 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGYkW-0005l8-9i for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:49:33 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGYkW-0005kl-3o for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:49:32 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGYkV-0002Pm-43 for help-gnutls@gnu.org; Mon, 12 Feb 2007 05:49:31 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1CAnJm2001255 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 11:49:19 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:help-gnutls@gnu.org::THwgGLoJFW4bAOVc:2UPa X-Hashcash: 1:22:070212:dellanna@csp.it::e2sV5AMgHLyiT4sD:EFE/ Date: Mon, 12 Feb 2007 11:49:19 +0100 In-Reply-To: <1171277130.45d0454a3d194@csa.csp.it> (dellanna@csp.it's message of "Mon\, 12 Feb 2007 11\:45\:30 +0100") Message-ID: <87lkj3irbk.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 10:49:34 -0000 dellanna@csp.it writes: > Yes, > I'm using 1.7.5 version because if I run gnutls-cli --version the output is: > gnutls-cli (GnuTLS) 1.7.5. > But if I run gnutls-cli --port 5556 test.gnutls.org it return the following > error: > > global_init_extra: The GnuTLS library version does not match the GnuTLS-extra > library version. > Resolving 'test.gnutls.org'... > Connecting to '217.13.230.178:5556'... > *** Fatal error: The initialization of GnuTLS-extra has failed. > *** Handshake has failed > GNUTLS ERROR: The initialization of GnuTLS-extra has failed. > > The problem is GnuTLS-extra? Yes, it seems your installation is broken. Did you type 'make install' in the top-level GnuTLS build directory? Do you have libgnutls.so* and libgnutls-extra.so* in $prefix/lib? What does 'ldd $prefix/bin/gnutls-cli' output? /Simon From MAILER-DAEMON Mon Feb 12 06:15:38 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGZ9l-0000ME-UV for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 06:15:38 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGZ9j-0000Kt-G3 for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:15:35 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGZ9h-0000JU-Sd for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:15:35 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGZ9g-0000JG-QK for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:15:33 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGZ9g-0006Gz-Ci for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:15:32 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id A876CD5499; Mon, 12 Feb 2007 11:15:31 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 8504-USYZTK; Mon, 12 Feb 2007 11:15:31 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id BFD4FD54E2; Mon, 12 Feb 2007 11:15:26 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Mon, 12 Feb 2007 12:15:26 +0100 Message-ID: <1171278926.45d04c4ea5c55@csa.csp.it> Date: Mon, 12 Feb 2007 12:15:26 +0100 From: dellanna@csp.it To: Simon Josefsson References: <1170841081.45c99df937538@csa.csp.it> <87ps8mb82b.fsf@latte.josefsson.org> <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> In-Reply-To: <87lkj3irbk.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.71; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 11:15:36 -0000 Scrive Simon Josefsson : > Yes, it seems your installation is broken. Did you type 'make > install' in the top-level GnuTLS build directory? Yes, I type: 1. ./configure 2. make 3. make install >Do you have libgnutls.so* and libgnutls-extra.so* in $prefix/lib? No, there isn't. >What does 'ldd $prefix/bin/gnutls-cli' output? There isn't bin folder in gnutls directory. > /Simon > > Simone ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Mon Feb 12 06:29:03 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGZMl-0007NQ-S0 for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 06:29:03 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGZMk-0007ND-GE for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:29:02 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGZMj-0007Mn-Pp for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:29:02 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGZMj-0007MW-LZ for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:29:01 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGZMg-00089V-Bk for help-gnutls@gnu.org; Mon, 12 Feb 2007 06:28:58 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1CBRenO009602 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 12:27:41 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:dellanna@csp.it::SuDZAppwbsVTbPAf:1JsS X-Hashcash: 1:22:070212:help-gnutls@gnu.org::vpFs7vAN219Tj7Vv:XyFg Date: Mon, 12 Feb 2007 12:27:40 +0100 In-Reply-To: <1171278926.45d04c4ea5c55@csa.csp.it> (dellanna@csp.it's message of "Mon\, 12 Feb 2007 12\:15\:26 +0100") Message-ID: <87ejovipjn.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 11:29:02 -0000 dellanna@csp.it writes: > Scrive Simon Josefsson : > >> Yes, it seems your installation is broken. Did you type 'make >> install' in the top-level GnuTLS build directory? > > Yes, I type: > 1. ./configure > 2. make > 3. make install Ok, good. No error messages? >>Do you have libgnutls.so* and libgnutls-extra.so* in $prefix/lib? > > No, there isn't. > >>What does 'ldd $prefix/bin/gnutls-cli' output? > > There isn't bin folder in gnutls directory. $prefix means where you installed GnuTLS. If you don't specify --prefix, it will be /usr/local. So look in that directory for the libraries. /Simon From MAILER-DAEMON Mon Feb 12 07:18:44 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGa8q-0002fg-A0 for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 07:18:44 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGa8o-0002fb-N0 for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:18:42 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGa8n-0002fM-0R for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:18:41 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGa8m-0002fJ-Q0 for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:18:40 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGa8m-0000c2-G3 for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:18:40 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 32E1ED5497; Mon, 12 Feb 2007 12:18:39 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 10097-CEiZe5; Mon, 12 Feb 2007 12:18:39 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 5D4EDD54B0; Mon, 12 Feb 2007 12:18:34 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Mon, 12 Feb 2007 13:18:34 +0100 Message-ID: <1171282714.45d05b1a4b713@csa.csp.it> Date: Mon, 12 Feb 2007 13:18:34 +0100 From: dellanna@csp.it To: Simon Josefsson References: <1170855697.45c9d7118c6d4@csa.csp.it> <877iuuawq2.fsf@latte.josefsson.org> <1170860360.45c9e94832994@csa.csp.it> <873b5iatbw.fsf@latte.josefsson.org> <1170864162.45c9f822ee08e@csa.csp.it> <87tzxy9ceq.fsf@latte.josefsson.org> <1170928227.45caf26307302@csa.csp.it> <874ppwaeva.fsf@latte.josefsson.org> <1170946974.45cb3b9ea8b72@csa.csp.it> <87r6t08j62.fsf@latte.josefsson.org> <1171028659.45cc7ab380d42@csa.csp.it> <87odo34f0p.fsf@latte.josefsson.org> <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> In-Reply-To: <87ejovipjn.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.73; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 12:18:42 -0000 Scrive Simon Josefsson : > dellanna@csp.it writes: > > > Scrive Simon Josefsson : > > > >> Yes, it seems your installation is broken. Did you type 'make > >> install' in the top-level GnuTLS build directory? > > > > Yes, I type: > > 1. ./configure > > 2. make > > 3. make install > > Ok, good. No error messages? No, there isn't message error. > >>Do you have libgnutls.so* and libgnutls-extra.so* in $prefix/lib? Ok, in usr/local/lib/ I have libgnutls.so libgnutls.so.13 libgnutls.so.13.4.3 libgnutls-extra.a libgnutls-extra.la libgnutls-extra.so libgnutls-extra.so.13 libgnutls-extra.so.13.4.3 > >>What does 'ldd $prefix/bin/gnutls-cli' output? It return the following output: linux-gate.so.1 =3D> (0xffffe000) libgnutls.so.13 =3D> /usr/local/lib/libgnutls.so.13 (0xb7ef6000) libgnutls-extra.so.13 =3D> /usr/local/lib/libgnutls-extra.so.13 (0xb7ee2000) libopencdk.so.8 =3D> /usr/lib/libopencdk.so.8 (0xb7eb3000) libgcrypt.so.11 =3D> /usr/lib/libgcrypt.so.11 (0xb7e67000) libgpg-error.so.0 =3D> /usr/lib/libgpg-error.so.0 (0xb7e63000) libz.so.1 =3D> /usr/lib/libz.so.1 (0xb7e4f000) libc.so.6 =3D> /lib/tls/i686/cmov/libc.so.6 (0xb7d20000) libnsl.so.1 =3D> /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0a000) libgnutls.so.12 =3D> /usr/lib/libgnutls.so.12 (0xb7ca1000) /lib/ld-linux.so.2 (0xb7f8d000) libtasn1.so.2 =3D> /usr/lib/libtasn1.so.2 (0xb7c91000) > /Simon > > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Mon Feb 12 07:54:57 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGaht-0003PR-Ez for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 07:54:57 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGahs-0003O5-HG for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:54:56 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGahr-0003MU-6R for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:54:56 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGahq-0003ML-Vm for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:54:55 -0500 Received: from smurf.noris.de ([192.109.102.42]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGahq-0005oY-EW for help-gnutls@gnu.org; Mon, 12 Feb 2007 07:54:54 -0500 Received: from kiste.smurf.noris.de ([192.109.102.35] ident=mail) by smurf.noris.de with smtp (Exim 4.60) (envelope-from ) id 1HGah4-0004jG-I8; Mon, 12 Feb 2007 13:54:07 +0100 Received: (nullmailer pid 32624 invoked by uid 501); Mon, 12 Feb 2007 12:54:05 -0000 Date: Mon, 12 Feb 2007 13:54:05 +0100 To: dellanna@csp.it Subject: Re: [Help-gnutls] Re: ex-serv-pgp Message-ID: <20070212125405.GA26115@kiste.smurf.noris.de> References: <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1171282714.45d05b1a4b713@csa.csp.it> User-Agent: Mutt/1.5.12-2006-07-14 From: Matthias Urlichs X-Smurf-Spam-Score: -2.6 (--) X-Smurf-Whitelist: +relay_from_hosts X-detected-kernel: Genre and OS details not recognized. Cc: Simon Josefsson , help-gnutls@gnu.org X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 12:54:56 -0000 Hi, dellanna@csp.it: > > >>What does 'ldd $prefix/bin/gnutls-cli' output? For the record: Please use "ldd -r". it resolves all symbols and thus is able to find more problems than a plan "ldd". > linux-gate.so.1 => (0xffffe000) > libgnutls.so.13 => /usr/local/lib/libgnutls.so.13 (0xb7ef6000) > libgnutls-extra.so.13 => /usr/local/lib/libgnutls-extra.so.13 > (0xb7ee2000) > libgnutls.so.12 => /usr/lib/libgnutls.so.12 (0xb7ca1000) Ugh. That may be a problem. I don't know if your Linux distribution uses versioned symbols for their libgnutls (Debian does). To find out, do $ objdump -p /usr/lib/libgnutls.so.12 $ objdump -p /usr/local/lib/libgnutls.so.13 and look for the section that says "Version definitions". If either one (or, worse, both) is not versioned, that's your problem. Otherwise (i.e. if they're both versioned), make sure that you didn't compile against your local gnutls installation but linked against the public one (or vice versa). -- Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de - - There was an old voyeur named Zeke, Who liked to hide in the closet and peek, Then jump out with loud cries of "Aha!" and "Surprise!" And point out your flaws in technique. From MAILER-DAEMON Mon Feb 12 08:36:15 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGbLr-0005wa-JG for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 08:36:15 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGbLp-0005uG-OV for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:36:13 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGbLo-0005tc-DO for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:36:12 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGbLo-0005tZ-8k for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:36:12 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGbLn-0005nW-Kw for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:36:11 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 6CF6AD549B; Mon, 12 Feb 2007 13:36:10 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 12551-UFgBwu; Mon, 12 Feb 2007 13:36:10 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 1F2CED54E1; Mon, 12 Feb 2007 13:36:04 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Mon, 12 Feb 2007 14:36:04 +0100 Message-ID: <1171287364.45d06d440a54a@csa.csp.it> Date: Mon, 12 Feb 2007 14:36:04 +0100 From: dellanna@csp.it To: Matthias Urlichs Subject: Re: [Help-gnutls] Re: ex-serv-pgp References: <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> In-Reply-To: <20070212125405.GA26115@kiste.smurf.noris.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.73; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: Simon Josefsson , help-gnutls@gnu.org X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 13:36:14 -0000 Hi, Scrive Matthias Urlichs : > Hi, > For the record: Please use "ldd -r". it resolves all symbols and thus > is able to find more problems than a plan "ldd". With ldd-r it return the same output: linux-gate.so.1 =3D> (0xffffe000) libgnutls.so.13 =3D> /usr/local/lib/libgnutls.so.13 (0xb7f0e000) libgnutls-extra.so.13 =3D> /usr/local/lib/libgnutls-extra.so.13 (0xb7efa000) libopencdk.so.8 =3D> /usr/lib/libopencdk.so.8 (0xb7ecb000) libgcrypt.so.11 =3D> /usr/lib/libgcrypt.so.11 (0xb7e7f000) libgpg-error.so.0 =3D> /usr/lib/libgpg-error.so.0 (0xb7e7b000) libz.so.1 =3D> /usr/lib/libz.so.1 (0xb7e67000) libc.so.6 =3D> /lib/tls/i686/cmov/libc.so.6 (0xb7d38000) libnsl.so.1 =3D> /lib/tls/i686/cmov/libnsl.so.1 (0xb7d22000) libgnutls.so.12 =3D> /usr/lib/libgnutls.so.12 (0xb7cb9000) /lib/ld-linux.so.2 (0xb7fa5000) libtasn1.so.2 =3D> /usr/lib/libtasn1.so.2 (0xb7ca9000) > > linux-gate.so.1 =3D> (0xffffe000) > > libgnutls.so.13 =3D> /usr/local/lib/libgnutls.so.13 (0xb7ef60= 00) > > libgnutls-extra.so.13 =3D> /usr/local/lib/libgnutls-extra.so.= 13 > > (0xb7ee2000) > > libgnutls.so.12 =3D> /usr/lib/libgnutls.so.12 (0xb7ca1000) > > Ugh. That may be a problem. > > I don't know if your Linux distribution uses versioned symbols for thei= r > libgnutls (Debian does). To find out, do > > $ objdump -p /usr/lib/libgnutls.so.12 > $ objdump -p /usr/local/lib/libgnutls.so.13 > > and look for the section that says "Version definitions". I use Ubuntu 6.06 and if I run objdump -p /usr/lib/libgnutls.so.12 it re= turn the following output in section "Version definitions" : Version definitions: 1 0x01 0x0ebdb882 libgnutls.so.12 2 0x00 0x091de682 GNUTLS_1_2 And if I run objdump -p /usr/local/lib/libgnutls.so.13 I see in the same section: Version definitions: 1 0x01 0x0ebdb883 libgnutls.so.13 2 0x00 0x091de683 GNUTLS_1_3 This seems correct... What is your version of gnutls-cli? Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Mon Feb 12 08:54:28 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGbdU-0006QH-00 for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 08:54:28 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGbdS-0006QC-NT for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:54:26 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGbdR-0006Q0-RI for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:54:26 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGbdR-0006Px-ML for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:54:25 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGbdQ-0000ds-US for help-gnutls@gnu.org; Mon, 12 Feb 2007 08:54:25 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1CDsBb0013965 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 14:54:16 +0100 X-Hashcash: 1:22:070212:help-gnutls@gnu.org::Zjjbt0zOK5+yGi8p:4KUn From: Simon Josefsson To: Matthias Wimmer References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> <87d54l9kjb.fsf@latte.josefsson.org> <878xf99h0k.fsf@latte.josefsson.org> <45CF89DA.7070804@tthias.eu> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:m@tthias.eu::nTQIFx6wEGLetkyq:7l/W Date: Mon, 12 Feb 2007 14:54:11 +0100 In-Reply-To: <45CF89DA.7070804@tthias.eu> (Matthias Wimmer's message of "Sun\, 11 Feb 2007 22\:25\:46 +0100") Message-ID: <87zm7jh470.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: Verifying subjectAltNames X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 13:54:26 -0000 Matthias Wimmer writes: > A okay, I did not read this paragraph at the first time. I think it > should be stripped as it is also stripped when non-otherName values > are returned. I agree, and I have changed this. Data for known otherName OID's should now be decoded. In the future, it won't be possible to decode all data, I think, since they may be structured, but we'll handle that problem when it comes to it. This data happened to be non-structured. 'certtool -i' on the jabber.org XMPP certificate will now say: Subject Alternative Name (not critical): XMPP Address: jabber.org DNSname: jabber.org DNSname: *.jabber.org Which seems quite nice. The relevant code is in lib/x509/output.c: err = gnutls_x509_crt_get_subject_alt_name (cert, san_idx, buffer, &size, NULL); if (err < 0) ... switch (err) { ... case GNUTLS_SAN_OTHERNAME: ... err = gnutls_x509_crt_get_subject_alt_othername_oid (cert, san_idx, oid, &oidsize); if (err < 0) ... if (err == GNUTLS_SAN_OTHERNAME_XMPP) addf (str, "\t\t\tXMPP Address: %.*s\n", size, buffer); else { addf (str, "\t\t\totherName OID: %.*s\n", oidsize, oid); addf (str, "\t\t\totherName DER: "); hexprint (str, buffer, size); addf (str, "\n\t\t\totherName ASCII: "); asciiprint (str, buffer, size); addf (str, "\n"); } /Simon From MAILER-DAEMON Mon Feb 12 09:07:07 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGbpj-0001qf-2L for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 09:07:07 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGbph-0001qa-Ne for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:07:05 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGbpe-0001qO-6O for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:07:04 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGbpe-0001qL-1Z for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:07:02 -0500 Received: from aare.amessage.eu ([212.112.238.55]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGbpd-0002nn-LP for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:07:01 -0500 Received: from [IPv6:2001:6f8:134f:0:213:ceff:fe01:3e4e] (quaoar.amessage.eu [2001:6f8:134f:0:213:ceff:fe01:3e4e]) (AUTH: CRAM-MD5 m@tthias.eu, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by aare.amessage.eu with esmtp; Mon, 12 Feb 2007 15:06:22 +0100 id 0900245E.45D0745F.000051C2 Message-ID: <45D0745E.9010203@tthias.eu> Date: Mon, 12 Feb 2007 15:06:22 +0100 From: Matthias Wimmer User-Agent: Thunderbird 1.5.0.9 (X11/20070103) MIME-Version: 1.0 To: Simon Josefsson References: <45B958D7.6000007@tthias.eu> <87y7npdcmm.fsf@latte.josefsson.org> <45BA6C88.2080201@tthias.eu> <87ps8xbo8o.fsf@latte.josefsson.org> <45BE5ABF.6020005@tthias.eu> <45CA4468.6020704@tthias.eu> <87hctx9l8n.fsf@latte.josefsson.org> <87d54l9kjb.fsf@latte.josefsson.org> <878xf99h0k.fsf@latte.josefsson.org> <45CF89DA.7070804@tthias.eu> <87zm7jh470.fsf@latte.josefsson.org> In-Reply-To: <87zm7jh470.fsf@latte.josefsson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-kernel: Linux 2.6 (newer, 3) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: Verifying subjectAltNames X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 14:07:05 -0000 Simon Josefsson schrieb: > Matthias Wimmer writes: > > >> A okay, I did not read this paragraph at the first time. I think it >> should be stripped as it is also stripped when non-otherName values >> are returned. >> > > I agree, and I have changed this. Data for known otherName OID's > should now be decoded. In the future, it won't be possible to decode > all data, I think, since they may be structured, but we'll handle that > problem when it comes to it. This data happened to be non-structured. > > 'certtool -i' on the jabber.org XMPP certificate will now say: > > Subject Alternative Name (not critical): > XMPP Address: jabber.org > DNSname: jabber.org > DNSname: *.jabber.org > Yes that's better and looks okay now. :-) Matthias From MAILER-DAEMON Mon Feb 12 09:32:26 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGcEE-0008UC-9V for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 09:32:26 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGcEC-0008Qz-I5 for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:32:24 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGcEC-0008Pr-1E for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:32:24 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGcEB-0008PX-Oz for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:32:23 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGcEB-00085G-4w for help-gnutls@gnu.org; Mon, 12 Feb 2007 09:32:23 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1CEW1OT023500 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 15:32:04 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:help-gnutls@gnu.org::dkxgO8kfZxOXSM3t:1wAm X-Hashcash: 1:22:070212:dellanna@csp.it::l4MuLJSnqxnU+LX5:FyXc X-Hashcash: 1:22:070212:smurf@smurf.noris.de::uhAWtdH+bLEkwswG:Jy/W Date: Mon, 12 Feb 2007 15:32:00 +0100 In-Reply-To: <1171287364.45d06d440a54a@csa.csp.it> (dellanna@csp.it's message of "Mon\, 12 Feb 2007 14\:36\:04 +0100") Message-ID: <87bqjzv44f.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 14:32:25 -0000 dellanna@csp.it writes: > libgnutls.so.13 => /usr/local/lib/libgnutls.so.13 (0xb7f0e000) > libgnutls-extra.so.13 => /usr/local/lib/libgnutls-extra.so.13 ... > libgnutls.so.12 => /usr/lib/libgnutls.so.12 (0xb7cb9000) Linking to both libgnutls is likely what is causing you problems. I don't understand how this could have happened, though. I have a /usr/lib/libgnutls.so.12 on my system, but it isn't pulled into newly built GnuTLS binaries. Anyone has any ideas how this could happen? You can debug this further by looking exactly at which commands are used to link the binaries, there could be some bug there... /Simon From MAILER-DAEMON Mon Feb 12 10:08:53 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGcnV-0001Oj-Al for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 10:08:53 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGcnT-0001Ms-ST for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:08:51 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGcnR-0001HR-5y for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:08:50 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGcnR-0001HH-3Q for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:08:49 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGcnQ-0006ii-Gv for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:08:48 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1CF8c0M030530 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Feb 2007 16:08:39 +0100 X-Hashcash: 1:22:070212:help-gnutls@gnu.org::uzLnNgr3PXRGMCVy:6WPx From: Simon Josefsson To: dellanna@csp.it References: <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <1171292727.45d0823741981@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070212:dellanna@csp.it::KI9HxscJXG+hiK8z:8KLN Date: Mon, 12 Feb 2007 16:08:38 +0100 In-Reply-To: <1171292727.45d0823741981@csa.csp.it> (dellanna@csp.it's message of "Mon\, 12 Feb 2007 16\:05\:27 +0100") Message-ID: <873b5bv2fd.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 15:08:52 -0000 dellanna@csp.it writes: > I tried to download the gnutls 1.6 version, but it has some problem in the > installation time. > In this version if I run ./configure is OK, but when I run make it return "no > targets specified and no makefile found. Stop." > Why? The procedure of installation isn't the same of 1.7 version? Yes, the procedures are the same. GnuTLS 1.6.x and 1.7.x are quite similar, although for OpenPGP support, you'll want 1.7.x. I think that either your gnutls archive was corrupt, or ./configure failed to create the Makefile. Did ./configure exit with an error message? /Simon > Simone. > > > > Scrive Simon Josefsson : > >> dellanna@csp.it writes: >> >> > libgnutls.so.13 => /usr/local/lib/libgnutls.so.13 (0xb7f0e000) >> > libgnutls-extra.so.13 => /usr/local/lib/libgnutls-extra.so.13 >> .. >> > libgnutls.so.12 => /usr/lib/libgnutls.so.12 (0xb7cb9000) >> >> Linking to both libgnutls is likely what is causing you problems. I >> don't understand how this could have happened, though. I have a >> /usr/lib/libgnutls.so.12 on my system, but it isn't pulled into newly >> built GnuTLS binaries. Anyone has any ideas how this could happen? >> >> You can debug this further by looking exactly at which commands are >> used to link the binaries, there could be some bug there... >> >> /Simon >> >> > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Mon Feb 12 10:14:02 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGcsU-0003Lc-QS for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 10:14:02 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGcsU-0003LW-3J for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:14:02 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGcsO-0003L5-Oh for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:14:00 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGcsO-0003Kx-Dp for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:13:56 -0500 Received: from smurf.noris.de ([192.109.102.42]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGcsN-0007oM-SZ for help-gnutls@gnu.org; Mon, 12 Feb 2007 10:13:56 -0500 Received: from kiste.smurf.noris.de ([192.109.102.35] ident=mail) by smurf.noris.de with smtp (Exim 4.60) (envelope-from ) id 1HGcrV-0006aW-QB; Mon, 12 Feb 2007 16:13:03 +0100 Received: (nullmailer pid 947 invoked by uid 501); Mon, 12 Feb 2007 15:12:58 -0000 Date: Mon, 12 Feb 2007 16:12:58 +0100 To: Simon Josefsson Message-ID: <20070212151258.GB26115@kiste.smurf.noris.de> References: <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87bqjzv44f.fsf@latte.josefsson.org> User-Agent: Mutt/1.5.12-2006-07-14 From: Matthias Urlichs X-Smurf-Spam-Score: -2.6 (--) X-Smurf-Whitelist: +relay_from_hosts X-detected-kernel: Genre and OS details not recognized. Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 15:14:02 -0000 Hi, Simon Josefsson: > Linking to both libgnutls is likely what is causing you problems. Not if they're both versioned. (That's why I asked.) -- Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de - - A lady whose name is Tirelli Has tits made of dynamite jelli. If you take on this dare, You must fondle with care. (The detonator's south of her belli.) From MAILER-DAEMON Mon Feb 12 17:06:26 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGjJa-0007dw-Lc for mharc-help-gnutls@gnu.org; Mon, 12 Feb 2007 17:06:26 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGjJZ-0007dj-JH for help-gnutls@gnu.org; Mon, 12 Feb 2007 17:06:25 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGjJY-0007d5-NF for help-gnutls@gnu.org; Mon, 12 Feb 2007 17:06:24 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGjJY-0007d2-HX for help-gnutls@gnu.org; Mon, 12 Feb 2007 17:06:24 -0500 Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HGjJX-0004Y5-Sf for help-gnutls@gnu.org; Mon, 12 Feb 2007 17:06:24 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HGjJT-0004wb-8b for help-gnutls@gnu.org; Mon, 12 Feb 2007 23:06:19 +0100 Received: from tiar.cowlark.co.uk ([81.187.191.218]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 12 Feb 2007 23:06:19 +0100 Received: from dg by tiar.cowlark.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 12 Feb 2007 23:06:19 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: help-gnutls@gnu.org From: David Given Date: Mon, 12 Feb 2007 22:08:51 +0000 Lines: 93 Message-ID: References: <87zm7qbhkz.fsf@latte.josefsson.org> <87lkj99m08.fsf@latte.josefsson.org> <87zm7j3fzh.fsf@latte.josefsson.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigF85D4A33DBEEA8AEB4F247B6" X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: tiar.cowlark.co.uk User-Agent: Thunderbird 1.5.0.9 (X11/20061206) In-Reply-To: <87zm7j3fzh.fsf@latte.josefsson.org> X-Enigmail-Version: 0.94.0.0 Sender: news X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] Re: SMTP TLS & Thunderbird X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 22:06:25 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF85D4A33DBEEA8AEB4F247B6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Simon Josefsson wrote: [...] > This kind of feedback is very important, could you please describe in > more detail what documentation lead you wrong, and what mistakes you > did? The documentation isn't perfect, but in order to know where to > spend time improving it, it is useful to know where the weakest parts > are. Well, the main issue with gnutls_certificate_set_x509_key_file() is that = the documentation doesn't describe what error codes get returned if the key f= iles couldn't be opened, or even that the return value is an error code at all= : I eventually figured it out by calling the function with a bogus filename a= nd inspecting the result (-64). The function index is very hard to use, too. That function is described i= n 'Core functions' instead of 'X.509 certificate functions', which is where= I would expect it to be. You may want to consider having a unified index in= stead of (or as well as) dividing it into multiple pages. [...] > * Note that the priority is set on the client. The server does > * not use the algorithm's priority except for disabling > * algorithms that were not specified. [...] > The default cipher suite list > doesn't include ANON, so the server will disable that KX unless you > manually added it. [...] > Hm. I'd agree that you don't really get the full picture from that > docstring... Yes, the docs strongly imply that all algorithms are enabled by default (= which makes sense). [...] >> Incidentally, my various early blundering attempts managed to get a nu= mber of >> things wrong, which caused gnutls-cli to fall over good and hard. Is t= his >> important? >=20 > Yes, anything that fails hard is a serious bug. Please let me know! The simplest thing I did to make it go wrong was to accidentally pass an anonymous credentials structure to credentials_set() with CRD_CERTIFICATE= =2E That caused both ends to segfault. Unfortunately I don't have the logs an= y more, but gnutls-cli did produce a number of assertion failures before it= died. --=20 =E2=94=8C=E2=94=80=E2=94=80 =EF=BD=84=EF=BD=87=EF=BC=A0=EF=BD=83=EF=BD=8F= =EF=BD=97=EF=BD=8C=EF=BD=81=EF=BD=92=EF=BD=8B=EF=BC=8E=EF=BD=83=EF=BD=8F=EF= =BD=8D =E2=94=80=E2=94=80=E2=94=80 http://www.cowlark.com =E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80 =E2=94=82 "I have always wished for my computer to be as easy to use as m= y =E2=94=82 telephone; my wish has come true because I can no longer figure= out how to =E2=94=82 use my telephone." --- Bjarne Stroustrup --------------enigF85D4A33DBEEA8AEB4F247B6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF0OVzf9E0noFvlzgRArMMAJ0cd+Bi/VMhutIFuIcUG0l0nzFDDwCffp4W QTyMgIx7//1lpGxbpsr6tF8= =OOLK -----END PGP SIGNATURE----- --------------enigF85D4A33DBEEA8AEB4F247B6-- From MAILER-DAEMON Tue Feb 13 04:28:17 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGtxQ-0003hJ-Vz for mharc-help-gnutls@gnu.org; Tue, 13 Feb 2007 04:28:17 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGtxP-0003gJ-1r for help-gnutls@gnu.org; Tue, 13 Feb 2007 04:28:15 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGtxN-0003fe-V6 for help-gnutls@gnu.org; Tue, 13 Feb 2007 04:28:14 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGtxN-0003fJ-R4 for help-gnutls@gnu.org; Tue, 13 Feb 2007 04:28:13 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGtxN-0006vq-CQ for help-gnutls@gnu.org; Tue, 13 Feb 2007 04:28:13 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id A2F82D54B0; Tue, 13 Feb 2007 09:28:11 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 33482-3tYioN; Tue, 13 Feb 2007 09:28:11 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id EA317D54BB; Tue, 13 Feb 2007 09:28:09 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Tue, 13 Feb 2007 10:28:09 +0100 Message-ID: <1171358889.45d184a9d7ad6@csa.csp.it> Date: Tue, 13 Feb 2007 10:28:09 +0100 From: dellanna@csp.it To: Simon Josefsson References: <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <1171292727.45d0823741981@csa.csp.it> <873b5bv2fd.fsf@latte.josefsson.org> In-Reply-To: <873b5bv2fd.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.78; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: help-gnutls@gnu.org Subject: [Help-gnutls] some experience X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 09:28:15 -0000 Hi, Scrive Simon Josefsson : > Yes, the procedures are the same. GnuTLS 1.6.x and 1.7.x are quite > similar, although for OpenPGP support, you'll want 1.7.x. 1.7.0 support OpenPGP? In this version if I run gnutls-cli --port 5556 test.gnutls.org it return= : global_init_extra: The GnuTLS library version does not match the GnuTLS-e= xtra library version. Resolving 'test.gnutls.org'... Connecting to '217.13.230.178:5556'... - Successfully sent 0 certificate(s) to server. - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate matches 'test.gnutls.org'. # valid since: Tue Feb 6 14:02:11 CET 2007 # expires at: Wed Feb 6 14:02:11 CET 2008 # fingerprint: CB:4A:00:E0:65:A5:C3:9D:E0:5D:AB:CF:3A:2C:82:74 # Subject's DN: O=3DGnuTLS test server,CN=3Dtest.gnutls.org # Issuer's DN: CN=3DGnuTLS test CA - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS 1.1 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: DEFLATE - Handshake was completed - Simple Client Mode: Is correct this output? > I think that either your gnutls archive was corrupt, or ./configure > failed to create the Makefile. Did ./configure exit with an error > message? Yes, I resolved this problem for versions 1.6.0 and 1.7.0. But the proble= m remains for 1.7.5 version. There isn't error message. > /Simon ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Tue Feb 13 05:52:09 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HGvGb-0006Jg-AZ for mharc-help-gnutls@gnu.org; Tue, 13 Feb 2007 05:52:09 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HGvGZ-0006JN-7B for help-gnutls@gnu.org; Tue, 13 Feb 2007 05:52:07 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HGvGW-0006JB-6D for help-gnutls@gnu.org; Tue, 13 Feb 2007 05:52:06 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HGvGW-0006J8-2n for help-gnutls@gnu.org; Tue, 13 Feb 2007 05:52:04 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HGvGV-0005sz-J2 for help-gnutls@gnu.org; Tue, 13 Feb 2007 05:52:03 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 1840CD54A6; Tue, 13 Feb 2007 10:52:01 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 36640-iv1eaI; Tue, 13 Feb 2007 10:52:00 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 2C038D5492; Tue, 13 Feb 2007 10:51:59 +0000 (GMT) Received: from 194.116.9.92 ([194.116.9.92]) by csa.csp.it (IMP) with HTTP for ; Tue, 13 Feb 2007 11:51:59 +0100 Message-ID: <1171363919.45d1984f18456@csa.csp.it> Date: Tue, 13 Feb 2007 11:51:59 +0100 From: dellanna@csp.it To: Matthias Urlichs References: <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <20070212151258.GB26115@kiste.smurf.noris.de> In-Reply-To: <20070212151258.GB26115@kiste.smurf.noris.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.92 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.36; VDF: 6.37.1.80; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Cc: Simon Josefsson , help-gnutls@gnu.org Subject: [Help-gnutls] again ex-serv-pgp X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 10:52:07 -0000 Hi, excuse me, but the example "ex-serv-pgp" is correct? I tried to install gnutls-cli 1.7.6 version in windows machine... this op= eration was completed successfully. 1. I run ex-serv-pgp on ubuntu machine. The application work correctly be= cause it return : Echo Server ready. Listening to port '5556'. 2. When I run on windows machine (on the same LAN) gnutls-cli --port 5556 hostname_OF_Linux_Machine it return the following output: Resolving "hostname" Connecting to '194.116.9.92:5556' ***Fatal error: A TLS packet with unexpected length was received. Handshake has failed GNUTLS ERROR: A TLS packet with unexpected lenght was received. 3. On server side (Linux Machine with ex-serv-pgp running) the output is: -connection from 194.116.9.26, port 2638 *** Handshake has failed (Could not negotiate a supported cipher suite.) What is the problem? I think I blunder something with gnutls-cli (on clie= nt side). Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Tue Feb 13 11:14:11 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HH0IF-0001jz-4y for mharc-help-gnutls@gnu.org; Tue, 13 Feb 2007 11:14:11 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HH0ID-0001ji-Bn for help-gnutls@gnu.org; Tue, 13 Feb 2007 11:14:09 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HH0IA-0001jW-Vw for help-gnutls@gnu.org; Tue, 13 Feb 2007 11:14:08 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HH0IA-0001jT-QA for help-gnutls@gnu.org; Tue, 13 Feb 2007 11:14:06 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HH0IA-0004BU-Bk for help-gnutls@gnu.org; Tue, 13 Feb 2007 11:14:06 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1DGDsqN005169 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 13 Feb 2007 17:13:55 +0100 X-Hashcash: 1:22:070213:help-gnutls@gnu.org::0cyd9dZDOVJs0/0C:eBwB From: Simon Josefsson To: help-gnutls@gnu.org OpenPGP: id=B565716F; url=http://josefsson.org/key.txt Date: Tue, 13 Feb 2007 17:13:54 +0100 Message-ID: <87bqjyf325.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Subject: [Help-gnutls] NIST X.509 self tests X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 16:14:09 -0000 I spent today to run the GnuTLS X.509 certificate chain validator on NIST's self tests, and thought I'd share some of the findings. First, it should be noted that all of these tests where done using 'certtool --verify-chain' which is not the same verifier that is used by GnuTLS when you verify server certificates in TLS. We should probably merge these verifiers eventually. I expect that large parts of the verifiers are similar. I started with the old tests from . They are installed in CVS into tests/x509paths. Running './chain' in that directory should test all chains. We do fail some of the self tests, here are my notes: Chain 13-14,65: We probably should not fail fatally, although this is not a real problem. Chain 15-18: We should succeed, the reason we don't is that we use memcmp for DN comparisons. Chain 19: I don't understand why this test should fail? The chain seems fine to me. Chain 28-29: We fail to check keyCertSign (non-)critical key usage in intermediate certificates. XXX Chain 31-32: The CRL is issued by a issuer without CRLSign (non-)critical keyCertSign. We don't check the CRL, so this is not a real problem. Chain 54-63: We don't check path length constraints properly. XXX I then started with NIST's current self tests, . They are installed in CVS into tests/nist-pkits/. You can run ./pkits in that directory to run the simple tests, which just check the parser for all files. The script "pkits_test" will build NIST's tool to generate HTML for tests. It will start a Glade interface, and you should type e.g. 'foo.html' and then 'Generate tables'. Since GnuTLS supports DSA, you should typically click on 'DSA signature verification' too. The interface invokes the script "gnutls_test_entry" which verifies certificates chains, after building them using the script "build-chain". Since building NIST's tool require some non-standard stuff, I made one run and stored the output in CVS too. You can access it from: http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/tests/nist-pkits/gnutls-nist-tests.html?root=GNU+TLS+Library We again fail some tests, notably are the same as in the NIST's old test suite, i.e. the keyCertSign and pathLenConstraint related ones. One new set of failures are due to lack of support for policies. Some failures are date-related, and I'm not sure they are important. I don't have resources to make GnuTLS pass these self tests, so this is a request for volunteers that want to work on improving the X.509 validator. If anyone knows of other X.509 self tests, that would be useful. /Simon From MAILER-DAEMON Wed Feb 14 08:52:37 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HHKYn-0008JC-5J for mharc-help-gnutls@gnu.org; Wed, 14 Feb 2007 08:52:37 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HHKYm-0008In-6n for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:52:36 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HHKYk-0008Ib-H5 for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:52:34 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HHKYk-0008IY-An for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:52:34 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HHKYj-00083y-Qa for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:52:34 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id D3C49D5494 for ; Wed, 14 Feb 2007 13:52:30 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 70971-lk7NYU; Wed, 14 Feb 2007 13:52:30 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id E08A7D549B; Wed, 14 Feb 2007 13:52:28 +0000 (GMT) Received: from corniola.csp.it (corniola.csp.it [194.116.9.26]) by csa.csp.it (IMP) with HTTP for ; Wed, 14 Feb 2007 14:52:28 +0100 Message-ID: <1171461148.45d3141cd1b7f@csa.csp.it> Date: Wed, 14 Feb 2007 14:52:28 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <20070212151258.GB26115@kiste.smurf.noris.de> <1171363919.45d1984f18456@csa.csp.it> In-Reply-To: <1171363919.45d1984f18456@csa.csp.it> MIME-Version: 1.0 Content-Type: text/plain User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.26 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.37; VDF: 6.37.1.88; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] TLS X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 13:52:36 -0000 Hi all, I don't know if my email was delivered correctly and I rewrite my problem= . I tried to install gnutls-cli 1.7.6 version in windows machine... this op= eration was completed successfully. But 1. I run ex-serv-pgp on ubuntu machine. The application work correctly be= cause it return: Echo Server ready. Listening to port '5556'. 2. When I run on windows machine (on the same LAN) gnutls-cli --port 5556 hostname_OF_Linux_Machine it return the following output: Resolving "hostname" Connecting to '194.116.9.92:5556' ***Fatal error: A TLS packet with unexpected length was received. Handshake has failed GNUTLS ERROR: A TLS packet with unexpected lenght was received. 3. On server side (Linux Machine with ex-serv-pgp running) the output is: -connection from 194.116.9.26, port 2638 *** Handshake has failed (Could not negotiate a supported cipher suite.) 4. If I run on windows machine gnutls-cli-debug --port 5556 hostname_OF_Linux_Machine it return the following output: Resolving "hostname" Connecting to '194.116.9.92:5556' Checking for TLS 1.1 support ...no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.0 support ...no Checking for SSL 3.0 support ...no Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 Can someone help me? This error occurs in all example used in manual gnutls. This is very strange because examples using TLS, isn't it? Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 14 08:57:46 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HHKdl-0000j3-OK for mharc-help-gnutls@gnu.org; Wed, 14 Feb 2007 08:57:45 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HHKdj-0000i0-Fh for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:57:43 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HHKdh-0000hC-QN for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:57:43 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HHKdh-0000h9-ME for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:57:41 -0500 Received: from antares.csp.it ([194.116.4.64] helo=smtp-gw.csp.it) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HHKdh-0000Rv-6a for help-gnutls@gnu.org; Wed, 14 Feb 2007 08:57:41 -0500 Received: from localhost.csp.it (localhost.csp.it [127.0.0.1]) by smtp-gw.csp.it (Postfix) with ESMTP id 6A29CD54AA for ; Wed, 14 Feb 2007 13:57:40 +0000 (GMT) Received: from 127.0.0.1 (localhost.csp.it [127.0.0.1]) by localhost.csp.it (AvMailGate-2.1.0-19) id 71467-LeHxM1; Wed, 14 Feb 2007 13:57:40 +0000 Received: by smtp-gw.csp.it (Postfix, from userid 80) id 49F1ED549D; Wed, 14 Feb 2007 13:57:38 +0000 (GMT) Received: from corniola.csp.it (corniola.csp.it [194.116.9.26]) by csa.csp.it (IMP) with HTTP for ; Wed, 14 Feb 2007 14:57:38 +0100 Message-ID: <1171461458.45d315523a88b@csa.csp.it> Date: Wed, 14 Feb 2007 14:57:38 +0100 From: dellanna@csp.it To: help-gnutls@gnu.org References: <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <20070212151258.GB26115@kiste.smurf.noris.de> <1171363919.45d1984f18456@csa.csp.it> <1171461148.45d3141cd1b7f@csa.csp.it> In-Reply-To: <1171461148.45d3141cd1b7f@csa.csp.it> MIME-Version: 1.0 Content-Type: text/plain User-Agent: Internet Messaging Program (IMP) 3.2.6 X-Originating-IP: 194.116.9.26 X-AntiVirus: checked by AntiVir MailGate (version: 2.1.0-19; AVE: 7.3.1.37; VDF: 6.37.1.88; host: antares.csp.it) Content-Transfer-Encoding: quoted-printable X-detected-kernel: FreeBSD 4.6-4.9 Subject: [Help-gnutls] TLS X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 13:57:43 -0000 Hi all, I don't know if my email was delivered correctly and I rewrite my problem= . I tried to install gnutls-cli 1.7.6 version in windows machine... this op= eration was completed successfully. But 1. I run ex-serv-pgp on ubuntu machine. The application work correctly be= cause it return: Echo Server ready. Listening to port '5556'. 2. When I run on windows machine (on the same LAN) gnutls-cli --port 5556 hostname_OF_Linux_Machine it return the following output: Resolving "hostname" Connecting to '194.116.9.92:5556' ***Fatal error: A TLS packet with unexpected length was received. Handshake has failed GNUTLS ERROR: A TLS packet with unexpected lenght was received. 3. On server side (Linux Machine with ex-serv-pgp running) the output is: -connection from 194.116.9.26, port 2638 *** Handshake has failed (Could not negotiate a supported cipher suite.) 4. If I run on windows machine gnutls-cli-debug --port 5556 hostname_OF_Linux_Machine it return the following output: Resolving "hostname" Connecting to '194.116.9.92:5556' Checking for TLS 1.1 support ...no Checking fallback from TLS 1.1 to... failed Checking for TLS 1.0 support ...no Checking for SSL 3.0 support ...no Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 Can someone help me? This error occurs in all example used in manual gnutls. This is very strange because examples using TLS, isn't it? Simone. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MAILER-DAEMON Wed Feb 14 10:15:55 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HHLrP-0000xc-G8 for mharc-help-gnutls@gnu.org; Wed, 14 Feb 2007 10:15:55 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HHLrO-0000x9-Af for help-gnutls@gnu.org; Wed, 14 Feb 2007 10:15:54 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HHLrM-0000wK-JE for help-gnutls@gnu.org; Wed, 14 Feb 2007 10:15:53 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HHLrM-0000wE-FM for help-gnutls@gnu.org; Wed, 14 Feb 2007 10:15:52 -0500 Received: from igate.tek.com ([192.65.41.20]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HHLrL-0006dO-TP for help-gnutls@gnu.org; Wed, 14 Feb 2007 10:15:52 -0500 Received: from tektronix.tek.com (tektronix.tek.com [128.181.6.43]) by igate.tek.com (8.13.6+Sun/8.12.10) with ESMTP id l1EFFphQ007426 for ; Wed, 14 Feb 2007 07:15:51 -0800 (PST) Received: from us-bv-m20.global.tektronix.net (us-bv-m20.bv.tek.com [128.181.2.146]) by tektronix.tek.com (8.13.6+Sun/8.12.10) with SMTP id l1EFFjv0005872 for ; Wed, 14 Feb 2007 07:15:50 -0800 (PST) Received: from eu-berl-m51.global.tektronix.net ([192.158.179.18]) by us-bv-m20.global.tektronix.net with Microsoft SMTPSVC(6.0.3790.1830); Wed, 14 Feb 2007 07:15:44 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7504A.FECAFCD7" Date: Wed, 14 Feb 2007 16:15:42 +0100 Message-ID: <5893BF2B56D1D34A8D6FEFE23DDDDB0B0218E9BE@eu-berl-m51.global.tektronix.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Memory leak Thread-Index: AcdQSv5HuhborTuqS1GqH/bpBaz97w== From: To: X-OriginalArrivalTime: 14 Feb 2007 15:15:44.0528 (UTC) FILETIME=[FF5AA100:01C7504A] X-detected-kernel: Solaris 9 Subject: [Help-gnutls] Memory leak X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 15:15:54 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C7504A.FECAFCD7 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi =20 we've encountered memory problems with GNUTLS and I wonder if someone else has experienced similar trouble. =20 =20 We wrapped GNUTLS 1.4.4 it in a 'memory manager'. That means we force GNUTLS to use our memory functions.=20 What we find is that not all memory blocks that are allocated by GNUTLS are freed. We are loosing approx. 65 byte on client and 200 on server side per handshake. =20 The following is the sequence in which we call the gnutls_functions:=20 gnutls_global_set_mem_functions (alloc, alloc, NULL, realloc, free)=20 gnutls_global_init gnutls_init gnutls_handshake gnutls_deinit gnutls_global_deinit =20 We don't use any functionality to store (resume) session. So GNUTLS is supposed to free all memory allocated during a handshake in gnutls_deinit, isn't it? Well, in our case it doesn't. With every handshake more and more memory gets lost. Is there a mistake in our handling of the library or is there a problem in the GNUTLS implementation?=20 =20 =20 Thanks for your answers. =20 Regards=20 Markus ------_=_NextPart_001_01C7504A.FECAFCD7 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi

 

we've encountered memory = problems=20 with GNUTLS and I wonder if someone else has experienced = similar trouble.

 

 

We  wrapped GNUTLS 1.4.4 it in a = 'memory=20 manager'. That means we force GNUTLS to use our memory functions.=20

What we find is that not = all memory=20 blocks that are allocated by GNUTLS are freed. We are loosing approx. 65 byte on = client=20 and 200 on server side per handshake.

 

The following is the = sequence in=20 which we call the gnutls_functions: 

gnutls_global_set_mem_functions=20 (alloc, alloc, NULL, realloc, free)

gnutls_global_init

gnutls_init

gnutls_handshake

gnutls_deinit

gnutls_global_deinit

 

We don't=20 use any functionality to store (resume) session. So GNUTLS is supposed = to free=20 all memory allocated during a handshake in gnutls_deinit, isn't=20 it?

Well, in=20 our case it doesn't. With every handshake more and more memory gets = lost. Is=20 there a mistake in our handling of the library or is there a problem in = the=20 GNUTLS implementation?

           &nbs= p;            = ;            =

           &nbs= p;            = ;            =             &= nbsp;           =20

Thanks for your = answers.

 

Regards=20

Markus

------_=_NextPart_001_01C7504A.FECAFCD7-- From MAILER-DAEMON Wed Feb 21 05:23:21 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HJod7-0006UX-5D for mharc-help-gnutls@gnu.org; Wed, 21 Feb 2007 05:23:21 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HJod5-0006US-NM for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:23:19 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HJod4-0006U1-VT for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:23:19 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HJod4-0006Tq-QQ for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:23:18 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HJod3-0005mp-WD for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:23:18 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1LAMlIP021780 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 21 Feb 2007 11:22:48 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1171029813.45cc7f358ea00@csa.csp.it> <87k5yr4dvh.fsf@latte.josefsson.org> <87fy9f4dqc.fsf@latte.josefsson.org> <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <1171292727.45d0823741981@csa.csp.it> <873b5bv2fd.fsf@latte.josefsson.org> <1171358889.45d184a9d7ad6@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070221:help-gnutls@gnu.org::rJNxcANchYKx6kE+:JSK5 X-Hashcash: 1:22:070221:dellanna@csp.it::U2WEX155hg49dWqi:cKtL Date: Wed, 21 Feb 2007 11:22:48 +0100 In-Reply-To: <1171358889.45d184a9d7ad6@csa.csp.it> (dellanna@csp.it's message of "Tue\, 13 Feb 2007 10\:28\:09 +0100") Message-ID: <87bqjnolmv.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: some experience X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 10:23:20 -0000 dellanna@csp.it writes: > Hi, > > Scrive Simon Josefsson : > >> Yes, the procedures are the same. GnuTLS 1.6.x and 1.7.x are quite >> similar, although for OpenPGP support, you'll want 1.7.x. > > 1.7.0 support OpenPGP? Yes. > In this version if I run gnutls-cli --port 5556 test.gnutls.org it return: > > global_init_extra: The GnuTLS library version does not match the GnuTLS-extra > library version. This indicate there was a problem when GnuTLS was installed -- it is using the wrong libgnutls-extra library. That has to be solved first. > Is correct this output? Nope. The server should send its OpenPGP server key instead of the X.509 certificate, if you are using a correctly installed recent GnuTLS version. >> I think that either your gnutls archive was corrupt, or ./configure >> failed to create the Makefile. Did ./configure exit with an error >> message? > > Yes, I resolved this problem for versions 1.6.0 and 1.7.0. But the problem > remains for 1.7.5 version. > There isn't error message. Can you reproduce this with a clean build of GnuTLS 1.7.6? It seems for some reason, your different GnuTLS installations seems to confuse each other. /Simon From MAILER-DAEMON Wed Feb 21 05:35:01 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HJooP-000359-4F for mharc-help-gnutls@gnu.org; Wed, 21 Feb 2007 05:35:01 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HJooN-00034l-Oz for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:34:59 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HJooN-00034Z-B7 for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:34:59 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HJooN-00034Q-4s for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:34:59 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HJooM-0007DS-La for help-gnutls@gnu.org; Wed, 21 Feb 2007 05:34:59 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1LAYkHL023168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 21 Feb 2007 11:34:47 +0100 From: Simon Josefsson To: dellanna@csp.it References: <1171033572.45cc8de40fbc5@csa.csp.it> <87abzj3by0.fsf@latte.josefsson.org> <1171277130.45d0454a3d194@csa.csp.it> <87lkj3irbk.fsf@latte.josefsson.org> <1171278926.45d04c4ea5c55@csa.csp.it> <87ejovipjn.fsf@latte.josefsson.org> <1171282714.45d05b1a4b713@csa.csp.it> <20070212125405.GA26115@kiste.smurf.noris.de> <1171287364.45d06d440a54a@csa.csp.it> <87bqjzv44f.fsf@latte.josefsson.org> <20070212151258.GB26115@kiste.smurf.noris.de> <1171363919.45d1984f18456@csa.csp.it> <1171461148.45d3141cd1b7f@csa.csp.it> <1171461458.45d315523a88b@csa.csp.it> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070221:dellanna@csp.it::OVDRMGNIxYONh1yt:2I0k X-Hashcash: 1:22:070221:help-gnutls@gnu.org::F7TqxByNMXppQIy/:4MOl Date: Wed, 21 Feb 2007 11:34:47 +0100 In-Reply-To: <1171461458.45d315523a88b@csa.csp.it> (dellanna@csp.it's message of "Wed\, 14 Feb 2007 14\:57\:38 +0100") Message-ID: <874ppfol2w.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: TLS X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 10:34:59 -0000 dellanna@csp.it writes: > Hi all, > I don't know if my email was delivered correctly and I rewrite my problem. > I tried to install gnutls-cli 1.7.6 version in windows machine... this operation > was completed successfully. > But > 1. I run ex-serv-pgp on ubuntu machine. The application work correctly because > it return: > > Echo Server ready. Listening to port '5556'. Did you read the source of the example? You need to have a OpenPGP private key and public key in the appropriate files. Otherwise, the server will have no credentials, and clients won't be able to talk to it. > 2. When I run on windows machine (on the same LAN) gnutls-cli --port 5556 > hostname_OF_Linux_Machine it return the following output: > Resolving "hostname" > Connecting to '194.116.9.92:5556' > ***Fatal error: A TLS packet with unexpected length was received. > Handshake has failed > GNUTLS ERROR: A TLS packet with unexpected lenght was received. > > 3. On server side (Linux Machine with ex-serv-pgp running) the output is: > > -connection from 194.116.9.26, port 2638 > *** Handshake has failed (Could not negotiate a supported cipher suite.) This seems to be consistent with missing credentials. > 4. If I run on windows machine gnutls-cli-debug --port 5556 > hostname_OF_Linux_Machine it return the following output: > Resolving "hostname" > Connecting to '194.116.9.92:5556' > Checking for TLS 1.1 support ...no > Checking fallback from TLS 1.1 to... failed > Checking for TLS 1.0 support ...no > Checking for SSL 3.0 support ...no > Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1 > Can someone help me? > > This error occurs in all example used in manual gnutls. > This is very strange because examples using TLS, isn't it? Yes, but if gnutls-cli-debug fails to handshake with the server, it will report that the server doesn't support TLS at all. This happens when the server doesn't have any credentials and doesn't support anonymous key exchanges. I agree that the output of gnutls-cli-debug is confusing here. I have added a TODO item: - Make gnutls-cli-debug exit with better error messages if the handshake fails, rather than saying that the server doesn't support TLS. /Simon From MAILER-DAEMON Thu Feb 22 01:52:32 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HK7oe-0000Ml-O3 for mharc-help-gnutls@gnu.org; Thu, 22 Feb 2007 01:52:32 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HK7oc-0000MU-EJ for help-gnutls@gnu.org; Thu, 22 Feb 2007 01:52:30 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HK7oZ-0000MI-UO for help-gnutls@gnu.org; Thu, 22 Feb 2007 01:52:29 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HK7oZ-0000MF-PD for help-gnutls@gnu.org; Thu, 22 Feb 2007 01:52:27 -0500 Received: from wx-out-0506.google.com ([66.249.82.233]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HK7oZ-0007LO-EY for help-gnutls@gnu.org; Thu, 22 Feb 2007 01:52:27 -0500 Received: by wx-out-0506.google.com with SMTP id s17so80183wxc for ; Wed, 21 Feb 2007 22:52:26 -0800 (PST) Received: by 10.90.103.2 with SMTP id a2mr94883agc.1172127146153; Wed, 21 Feb 2007 22:52:26 -0800 (PST) Received: by 10.90.26.13 with HTTP; Wed, 21 Feb 2007 22:52:26 -0800 (PST) Message-ID: Date: Wed, 21 Feb 2007 22:52:26 -0800 From: "kyle cronan" To: help-gnutls@gnu.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-detected-kernel: Linux 2.4-2.6 (Google crawlbot) Subject: [Help-gnutls] client hello refused X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2007 06:52:31 -0000 Hello, My question is about how to debug the situation where the TLS server closes the connection right after the client hello message is sent (gnutls 1.4.5). I didn't have much luck searching the list archives for hello! Looking at what's in an SSL/TLS hello, perhaps cipher_suites, compression_methods and client_version are candidates for causing trouble? I believe I tried all the different client versions using --protocols, and I see from gnutls_handshake.c that the extensions are only sent if we're using a TLS version, not SSL3. So it shouldn't be a protocol extension that's causing the problem either. That just leaves ciphers and compression methods. But wouldn't I get an error like "could not negotiate a supported cipher suite"? Have servers been known to just close the connection without giving a handshake failure? Unfortunately the server software is some unknown black box type stuff. It does work with openssl s_client though (0.9.7a), even when I select various single ciphers with the -cipher option. Thanks, Kyle Cronan From MAILER-DAEMON Thu Feb 22 02:23:26 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HK8IY-0003IG-7I for mharc-help-gnutls@gnu.org; Thu, 22 Feb 2007 02:23:26 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HK8IV-0003Hx-TA for help-gnutls@gnu.org; Thu, 22 Feb 2007 02:23:24 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HK8IT-0003Hl-BJ for help-gnutls@gnu.org; Thu, 22 Feb 2007 02:23:22 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HK8IT-0003Hi-2H for help-gnutls@gnu.org; Thu, 22 Feb 2007 02:23:21 -0500 Received: from wx-out-0506.google.com ([66.249.82.239]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HK8IS-0002rM-Py for help-gnutls@gnu.org; Thu, 22 Feb 2007 02:23:20 -0500 Received: by wx-out-0506.google.com with SMTP id s17so86023wxc for ; Wed, 21 Feb 2007 23:23:20 -0800 (PST) Received: by 10.90.93.6 with SMTP id q6mr114998agb.1172129000045; Wed, 21 Feb 2007 23:23:20 -0800 (PST) Received: by 10.90.26.13 with HTTP; Wed, 21 Feb 2007 23:23:20 -0800 (PST) Message-ID: Date: Wed, 21 Feb 2007 23:23:20 -0800 From: "kyle cronan" To: help-gnutls@gnu.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-detected-kernel: Linux 2.4-2.6 (Google crawlbot) Subject: [Help-gnutls] Re: client hello refused X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2007 07:23:24 -0000 It works with --comp NULL. I hadn't tried that one by itself, since I didn't think the server would punish me just for offering. Hopefully someone will find this helpful some day! Kyle On 2/21/07, kyle cronan wrote: > Hello, > > My question is about how to debug the situation where the TLS server > closes the connection right after the client hello message is sent > (gnutls 1.4.5). I didn't have much luck searching the list archives > for hello! > > Looking at what's in an SSL/TLS hello, perhaps cipher_suites, > compression_methods and client_version are candidates for causing > trouble? I believe I tried all the different client versions using > --protocols, and I see from gnutls_handshake.c that the extensions are > only sent if we're using a TLS version, not SSL3. So it shouldn't be > a protocol extension that's causing the problem either. That just > leaves ciphers and compression methods. But wouldn't I get an error > like "could not negotiate a supported cipher suite"? Have servers > been known to just close the connection without giving a handshake > failure? > > Unfortunately the server software is some unknown black box type > stuff. It does work with openssl s_client though (0.9.7a), even when > I select various single ciphers with the -cipher option. > > Thanks, > Kyle Cronan > > From MAILER-DAEMON Thu Feb 22 03:21:18 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HK9CX-000775-WC for mharc-help-gnutls@gnu.org; Thu, 22 Feb 2007 03:21:18 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HK9CW-00076o-4k for help-gnutls@gnu.org; Thu, 22 Feb 2007 03:21:16 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HK9CV-00076c-6n for help-gnutls@gnu.org; Thu, 22 Feb 2007 03:21:15 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HK9CV-00076Z-0o for help-gnutls@gnu.org; Thu, 22 Feb 2007 03:21:15 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HK9CU-0003Ij-HN for help-gnutls@gnu.org; Thu, 22 Feb 2007 03:21:14 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1M8L6k4022810 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 22 Feb 2007 09:21:06 +0100 From: Simon Josefsson To: "kyle cronan" References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070222:kyle@pbx.org::D0IqDVfG5r970cGd:44bD X-Hashcash: 1:22:070222:help-gnutls@gnu.org::JBAiPZx89qoyM6sg:4GRp Date: Thu, 22 Feb 2007 09:21:07 +0100 In-Reply-To: (kyle cronan's message of "Wed\, 21 Feb 2007 23\:23\:20 -0800") Message-ID: <87odnmli18.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: client hello refused X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2007 08:21:16 -0000 Thanks for the report. Unfortunately, servers are known to close connections or do strange things when they get unsupported extensions. For reference, could you try with '--comp DEFLATE'? GnuTLS supports a non-standard compression mechanism LZO. However, the DEFLATE mechanism is standardized. /Simon "kyle cronan" writes: > It works with --comp NULL. I hadn't tried that one by itself, since I > didn't think the server would punish me just for offering. Hopefully > someone will find this helpful some day! > > Kyle > > On 2/21/07, kyle cronan wrote: >> Hello, >> >> My question is about how to debug the situation where the TLS server >> closes the connection right after the client hello message is sent >> (gnutls 1.4.5). I didn't have much luck searching the list archives >> for hello! >> >> Looking at what's in an SSL/TLS hello, perhaps cipher_suites, >> compression_methods and client_version are candidates for causing >> trouble? I believe I tried all the different client versions using >> --protocols, and I see from gnutls_handshake.c that the extensions are >> only sent if we're using a TLS version, not SSL3. So it shouldn't be >> a protocol extension that's causing the problem either. That just >> leaves ciphers and compression methods. But wouldn't I get an error >> like "could not negotiate a supported cipher suite"? Have servers >> been known to just close the connection without giving a handshake >> failure? >> >> Unfortunately the server software is some unknown black box type >> stuff. It does work with openssl s_client though (0.9.7a), even when >> I select various single ciphers with the -cipher option. >> >> Thanks, >> Kyle Cronan >> >> From MAILER-DAEMON Thu Feb 22 19:50:45 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HKOe5-0000vb-CB for mharc-help-gnutls@gnu.org; Thu, 22 Feb 2007 19:50:45 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HKOe4-0000vI-71 for help-gnutls@gnu.org; Thu, 22 Feb 2007 19:50:44 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HKOe1-0000v6-Nd for help-gnutls@gnu.org; Thu, 22 Feb 2007 19:50:42 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKOe1-0000v3-I8 for help-gnutls@gnu.org; Thu, 22 Feb 2007 19:50:41 -0500 Received: from wx-out-0506.google.com ([66.249.82.229]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HKOe1-0007wh-73 for help-gnutls@gnu.org; Thu, 22 Feb 2007 19:50:41 -0500 Received: by wx-out-0506.google.com with SMTP id s17so341107wxc for ; Thu, 22 Feb 2007 16:50:40 -0800 (PST) Received: by 10.90.35.15 with SMTP id i15mr1286531agi.1172191840236; Thu, 22 Feb 2007 16:50:40 -0800 (PST) Received: by 10.90.26.13 with HTTP; Thu, 22 Feb 2007 16:50:40 -0800 (PST) Message-ID: Date: Thu, 22 Feb 2007 16:50:40 -0800 From: "kyle cronan" To: "Simon Josefsson" In-Reply-To: <87odnmli18.fsf@latte.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <87odnmli18.fsf@latte.josefsson.org> X-detected-kernel: Linux 2.4-2.6 (Google crawlbot) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: client hello refused X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2007 00:50:44 -0000 Nope, it only works with --comp NULL. Even --comp NULL DEFLATE doesn't work. Perhaps because the server is SSL3 only. Kyle On 2/22/07, Simon Josefsson wrote: > Thanks for the report. Unfortunately, servers are known to close > connections or do strange things when they get unsupported extensions. > > For reference, could you try with '--comp DEFLATE'? GnuTLS supports a > non-standard compression mechanism LZO. However, the DEFLATE > mechanism is standardized. > > /Simon > > "kyle cronan" writes: > > > It works with --comp NULL. I hadn't tried that one by itself, since I > > didn't think the server would punish me just for offering. Hopefully > > someone will find this helpful some day! > > > > Kyle > > > > On 2/21/07, kyle cronan wrote: > >> Hello, > >> > >> My question is about how to debug the situation where the TLS server > >> closes the connection right after the client hello message is sent > >> (gnutls 1.4.5). I didn't have much luck searching the list archives > >> for hello! > >> > >> Looking at what's in an SSL/TLS hello, perhaps cipher_suites, > >> compression_methods and client_version are candidates for causing > >> trouble? I believe I tried all the different client versions using > >> --protocols, and I see from gnutls_handshake.c that the extensions are > >> only sent if we're using a TLS version, not SSL3. So it shouldn't be > >> a protocol extension that's causing the problem either. That just > >> leaves ciphers and compression methods. But wouldn't I get an error > >> like "could not negotiate a supported cipher suite"? Have servers > >> been known to just close the connection without giving a handshake > >> failure? > >> > >> Unfortunately the server software is some unknown black box type > >> stuff. It does work with openssl s_client though (0.9.7a), even when > >> I select various single ciphers with the -cipher option. > >> > >> Thanks, > >> Kyle Cronan > >> > >> > From MAILER-DAEMON Fri Feb 23 01:46:22 2007 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HKUCE-0005bu-Fu for mharc-help-gnutls@gnu.org; Fri, 23 Feb 2007 01:46:22 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HKUCD-0005bW-0Q for help-gnutls@gnu.org; Fri, 23 Feb 2007 01:46:21 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HKUCA-0005bK-26 for help-gnutls@gnu.org; Fri, 23 Feb 2007 01:46:20 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKUC9-0005bH-V8 for help-gnutls@gnu.org; Fri, 23 Feb 2007 01:46:18 -0500 Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HKUC9-0007i1-Dv for help-gnutls@gnu.org; Fri, 23 Feb 2007 01:46:17 -0500 Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l1N6k7O1012159 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Feb 2007 07:46:07 +0100 From: Simon Josefsson To: "kyle cronan" References: <87odnmli18.fsf@latte.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:070223:kyle@pbx.org::mJBnces2GmvzwiKJ:AZ/u X-Hashcash: 1:22:070223:help-gnutls@gnu.org::Gi8f6LQu2eHYgsdN:DwgN Date: Fri, 23 Feb 2007 07:46:08 +0100 In-Reply-To: (kyle cronan's message of "Thu\, 22 Feb 2007 16\:50\:40 -0800") Message-ID: <87ejohid73.fsf@latte.josefsson.org> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com X-Virus-Status: Clean X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4) Cc: help-gnutls@gnu.org Subject: [Help-gnutls] Re: client hello refused X-BeenThere: help-gnutls@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Help list for gnutls programmers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2007 06:46:21 -0000 "kyle cronan" writes: > Nope, it only works with --comp NULL. Even --comp NULL DEFLATE > doesn't work. Perhaps because the server is SSL3 only. Compression is supported by SSLv3, but servers were buggy back then too. /Simon