headers
Shengwei Li | 7 Feb 23:23
Picon
Favicon
Gravatar

Cross compile issue about gnutls 3.0.12 on ubuntu with MinGW

Hi there,

I am trying to configure gnutls 3.0.12 on ubuntu with the following command:
./configure --without-p11-kit --disable-cxx CC="i586-mingw32msvc-gcc" --build=i586-pc-linux-gnu --host=i686-pc-mingw32msvc
This is to build a gnutls library that I would use on Windows XP for Winsock program.

But I got the error:
===============================================================
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for i686-pc-mingw32msvc-strip... no
checking for strip... strip
configure: WARNING: using cross tools not prefixed with host triplet
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
***
*** Checking for compilation programs...

checking for i686-pc-mingw32msvc-gcc... i586-mingw32msvc-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.exe
checking for suffix of executables... .exe
checking whether we are cross compiling... yes
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether i586-mingw32msvc-gcc accepts -g... yes
checking for i586-mingw32msvc-gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of i586-mingw32msvc-gcc... gcc3
checking dependency style of i586-mingw32msvc-gcc... gcc3
checking for i686-pc-mingw32msvc-g++... no
checking for i686-pc-mingw32msvc-c++... no
checking for i686-pc-mingw32msvc-gpp... no
checking for i686-pc-mingw32msvc-aCC... no
checking for i686-pc-mingw32msvc-CC... no
checking for i686-pc-mingw32msvc-cxx... no
checking for i686-pc-mingw32msvc-cc++... no
checking for i686-pc-mingw32msvc-cl.exe... no
checking for i686-pc-mingw32msvc-FCC... no
checking for i686-pc-mingw32msvc-KCC... no
checking for i686-pc-mingw32msvc-RCC... no
checking for i686-pc-mingw32msvc-xlC_r... no
checking for i686-pc-mingw32msvc-xlC... no
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... gcc3
checking how to run the C preprocessor... i586-mingw32msvc-gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for Minix Amsterdam compiler... no
checking for i686-pc-mingw32msvc-ar... no
checking for ar... ar
checking for i686-pc-mingw32msvc-ranlib... no
checking for ranlib... ranlib
checking build system type... i586-pc-linux-gnu
checking host system type... i686-pc-mingw32msvc
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for _LARGEFILE_SOURCE value needed for large files... unknown
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... unknown
checking for _LARGE_FILES value needed for large files... unknown
checking for i586-mingw32msvc-gcc option to accept ISO C99... -std=gnu99
checking for i586-mingw32msvc-gcc -std=gnu99 option to accept ISO Standard C... (cached) -std=gnu99
checking for inline... inline
checking for ANSI C header files... (cached) yes
checking cpuid.h usability... yes
checking cpuid.h presence... yes
checking for cpuid.h... yes
checking for ld used by GCC... /usr/i586-mingw32msvc/bin/ld
checking if the linker (/usr/i586-mingw32msvc/bin/ld) is GNU ld... yes
checking for shared library run path origin... done
checking whether to use nettle... yes
checking for libnettle... no
configure: error: 
  ***
  *** Libnettle 2.4 was not found.
===============================================================

It seemed to me that /usr/i586-mingw32msvc/bin/ld could not locate nettle 2.4, which I've installed.
I also tried to use " --with-libnettle-prefix=/usr/local" and , but no luck.

Could someone please help on this? Thank you in advance.

BTW, I could compile it with standard gcc coming with the system.

Regards,

Shengwei (William) Li 

_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 0 comments |
headers
Mihir Kulkarni | 6 Feb 03:06
Picon
Gravatar

HELP: Client-Server code for anonymous authentication NOT working

Hello,

I am part of a team at University of California, Irvine who are trying our hand at GNUTLS. We installed the package and all its dependencies. But when trying with the example code given in the documentation, it throws up an error. The details are:
I tried running the server and client with anonymous authentication. The exact error that it gives is:

CLIENT:
mihir <at> GNU-Linux:~/GNUTLS/gnutls-2.8.6/client$ ./a.out 
*** Handshake failed
GNUTLS ERROR: A TLS packet with unexpected length was received.

SERVER:
mihir <at> GNU-Linux:~/GNUTLS/gnutls-2.8.6/server$ ./a.out 
Server ready. Listening to port '5556'.

- connection from 127.0.0.1, port 48108
*** Handshake has failed (A TLS packet with unexpected length was received.)

What is figured out so far is that the server goes into an infinite loop on line 120 for the statements:
       do
        {
           ret = gnutls_handshake (session);
           printf("Do...\n");
         }
       while (gnutls_error_is_fatal (ret) == 0);


Can someone please tell me what might be going wrong?
Thank you for your help.

regards,
Mihir Kulkarni
Graduate Student
University of California, Irvine
_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 3 comments |
headers
Nick Khamis | 31 Jan 23:40
Picon
Gravatar

Libnettle 2.4 was not found

Hello Everyone,

I am using the latest version of Debian. With lib nettle 2.4 installed:

ls /usr/lib/
libnettle.a
libnettle.so
libnettle.so.4
libnettle.so.4.3

When compiling GNU tls, I am getting the libnettle 2.4 not found.

I tried:

 ./configure --prefix=/usr
 ./configure --prefix=/usr --with-libnettle-prefix=/usr

And got the same error

Thanks in Advance,

Nicholas.
Permalink | Reply | 2 comments |
headers
Simon Josefsson | 20 Jan 14:36
Favicon
Gravatar

GnuTLS 3.0.12

This release adds OCSP functionality to GnuTLS, and some other fixes.

* Version 3.0.12 (released 2012-01-20)

** libgnutls: Added OCSP support.
There is a new header file gnutls/ocsp.h and a set of new functions
under the gnutls_ocsp namespace.  Currently the functionality provided
is to parse and extract information from OCSP requests/responses, to
generate OCSP requests and to verify OCSP responses.  See the manual
for more information.  Run ./configure with --disable-ocsp to build
GnuTLS without OCSP support.

This work was sponsored by Smoothwall <http://smoothwall.net/>.

** ocsptool: Added new command line tool.
The tool can parse OCSP request/responses, generate OCSP requests and
verify OCSP responses.  See the manual for more information.

** certtool: --outder option now works for private
and public keys as well.

** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
to warn when no or insufficient priorities were set.

** libgnutls: Corrected an alignment issue in ECDH
key generation which prevented some keys from being
correctly aligned in rare circumstances.

** libgnutls: Corrected memory leaks in DH parameter
generation and ecc_projective_check_point().

** libgnutls: Added gnutls_x509_dn_oid_name() to 
return a descriptive name of a DN OID.

** API and ABI modifications:
gnutls_pubkey_encrypt_data: Added
gnutls_x509_dn_oid_name: Added
gnutls_session_resumption_requested: Added
gnutls/ocsp.h: Added new header file.
gnutls_ocsp_print_formats_t: Added new type.
gnutls_ocsp_resp_status_t: Added new type.
gnutls_ocsp_cert_status_t: Added new type.
gnutls_x509_crl_reason_t: Added new type.
gnutls_ocsp_req_add_cert: Added.
gnutls_ocsp_req_add_cert_id: Added.
gnutls_ocsp_req_deinit: Added.
gnutls_ocsp_req_export: Added.
gnutls_ocsp_req_get_cert_id: Added.
gnutls_ocsp_req_get_extension: Added.
gnutls_ocsp_req_get_nonce: Added.
gnutls_ocsp_req_get_version: Added.
gnutls_ocsp_req_import: Added.
gnutls_ocsp_req_init: Added.
gnutls_ocsp_req_print: Added.
gnutls_ocsp_req_randomize_nonce: Added.
gnutls_ocsp_req_set_extension: Added.
gnutls_ocsp_req_set_nonce: Added.
gnutls_ocsp_resp_deinit: Added.
gnutls_ocsp_resp_export: Added.
gnutls_ocsp_resp_get_certs: Added.
gnutls_ocsp_resp_get_extension: Added.
gnutls_ocsp_resp_get_nonce: Added.
gnutls_ocsp_resp_get_produced: Added.
gnutls_ocsp_resp_get_responder: Added.
gnutls_ocsp_resp_get_response: Added.
gnutls_ocsp_resp_get_signature: Added.
gnutls_ocsp_resp_get_signature_algorithm: Added.
gnutls_ocsp_resp_get_single: Added.
gnutls_ocsp_resp_get_status: Added.
gnutls_ocsp_resp_get_version: Added.
gnutls_ocsp_resp_import: Added.
gnutls_ocsp_resp_init: Added.
gnutls_ocsp_resp_print: Added.
gnutls_ocsp_resp_verify: Added.

Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
From <ftp://ftp.gnu.org/gnu/gnutls/≥.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.12.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.12.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.12.tar.xz

Here are OpenPGP detached signatures signed using key 0xB565716F:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.12.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.12.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.12.tar.xz.sig

pub   1280R/B565716F 2002-05-05 [expires: 2013-05-10]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <simon <at> josefsson.org>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2013-05-10]

Happy hacking,
Simon

_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 4 comments |
headers
Richard Moore | 15 Jan 11:23
Picon
Favicon

Further experiments with using GnuTLS in Qt

Hi,

Following on from my previous mail about using the certificate parts
of GnuTLS with Qt, I've just written a fairly detailed blog post about
the results of writing the code needed to use the actual SSL/TLS parts
too. It's at http://blogs.kde.org/node/4523 if anyone wants to take a
look.

Cheers

Rich.
Permalink | Reply | 0 comments |
headers
Jason Cooper | 13 Jan 21:44
Picon
Gravatar

Error when using an encrypted private key

I'm using Linux Mint 12, which comes with GnuTLS 2.10.5. I'm working on configuring Git with https. On Linux Mint, Git is using GnuTLS under the hood, so I'm hoping this is the right place to get help.

Basically, what I'm seeing is that my requests never get to the server when I use an encrypted private key. I started using gnutls-cli to debug and this is what I'm seeing:

$ gnutls-cli -V --x509certfile usercert.pem --x509keyfile userkey.pem titan.cloud.company.com
Processed 1 client certificates...
*** Error loading key file: ASN1 parser: Error in TAG.

If I use an unencrypted private key, then the connection is successfully made:

$ gnutls-cli -V --x509certfile usercert.pem --x509keyfile userkey2.pem titan.cloud.company.com
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Connecting to '192.169.2.1:443'...
....

What I'm really wondering is can I use encrypted keys with GnuTLS 2.10.5? If so, any hints on what else could be the problem? I'd really prefer to not have my private key stored in the clear.

Thanks for the help,
Jason
_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 3 comments |
headers
snigdhamukherjee | 13 Jan 09:40
Picon

configure cannot find -lhogweed


Hi all,
I was using gnutls 2.10 and decided to upgrade to 3.0.11 for its DTLS features.
But gnutls 3.0.11 fails to configure on my RHEL 6.0.

I have installed nettle 2.4 as follows

./configure --prefix=/usr --disable-openssl --enable-shared

The nettle shared objects are present in /usr/lib as
libnettle.a
libnettle.so -> libnettle.so.4.3
libnettle.so.4 -> libnettle.so.4.3
libnettle.so.4.3

The config.log for gnutls gave the following error
configure:8244: checking whether to use nettle
configure:8247: result: yes
configure:8742: checking for libnettle
configure:8764: gcc -std=gnu99 -o conftest -g -O2   conftest.c  /usr/local/lib/libnettle.so -lhogweed -lgmp -Wl,-rpath -Wl,/usr/local/lib >&5
/usr/bin/ld: cannot find -lhogweed
collect2: ld returned 1 exit status
configure:8764: $? = 1

I checked the system, there is no hogweed.so or hogweed.a. Then I checked nettle manual,
It says "Nettle actually consists of two libraries, ‘libnettle’ and ‘libhogweed’. The ‘libhogweed’
library contains those functions of Nettle that uses bignum operations, and depends on
the GMP library."

But I downloaded nettle 2.4  from http://www.lysator.liu.se/~nisse/nettle/ and it contains bignum.c, etcetera but no hogweed.

How do I compile gnutls???

Snigdha Mukherjee


Please send mail to <at> bel.co.in only
Confidentiality Notice
The information contained in this electronic message and any attachments to this
message are intended for the exclusive use of the addressee(s) and may contain
confidential or privileged information. If you are not the intended recipient,
please notify the sender at Bharat Electronics or support <at> bel.co.in
immediately and destroy all copies of this message and any attachments. 
_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 1 comment |
headers
Ali Khalfan | 9 Jan 05:25
Picon
Gravatar

porting gnutls to mozilla


I was wondering ever since the paper that describes the attack on
pre-tls 1.2
(http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf
) whether it is possible to use gnutls on mozilla software instead of
libnss.  Has anyone ever attempted doing something similar?  I am
assuming it is theoretically possible to import gnutls libraries in the
mozilla source and re-compile.

I would like to know if anyone has attempted such a thing.

--Ali
Permalink | Reply | 1 comment |
headers
Richard Moore | 8 Jan 23:00
Picon
Favicon

Experiments with GnuTLS and Qt

I've been evaluating using GnuTLS with Qt this weekend. There's a
basic tool that prints out cert info and converts from some Qt data
types like QDateTime etc. at
http://xmelegance.org/devel/cert-prototype.tar.bz2 I'm just posting it
here in case it happens to be useful to anyone. Issues I've
encountered are documented in the NOTES file.

Cheers

Rich.
Permalink | Reply | 4 comments |
headers
Nikos Mavrogiannopoulos | 4 Jan 19:26

gnutls 3.0.10

Hello,
 I've just released gnutls 3.0.10. This release adds support 
for random-art images which display a drawing representing the 
public key's fingerprint, fixes several open issues for ms-windows 
support, and other fixes.

* Version 3.0.10 (released 2012-01-04)

** gnutls-cli/serv: Set don't fragment bit in DTLS sessions
in Linux as well as in BSD.

** gnutls-cli: Fixed reading from windows terminals.

** libgnutls: When GNUTLS_OPENPGP_FMT_BASE64 is specified
the stream is assumed to be base64 encoded (previously
the encoding was auto-detected). This avoids a decoding
issue in windows systems.

** libgnutls: Corrected ciphersuite GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384

** libgnutls: Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384
and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384.

** libgnutls: Added function gnutls_random_art() to convert
fingerprints to images (currently ascii-art).

** libgnutls: Corrected bug in DSA private key parsing, which
prevented the verification of the key.

** API and ABI modifications:
gnutls_random_art: Added

Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
From <ftp://ftp.gnu.org/gnu/gnutls/≥.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.10.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.10.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.10.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.10.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.10.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.10.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos
Permalink | Reply | 0 comments |
headers
Nikos Mavrogiannopoulos | 4 Jan 00:04

Fwd: FSF fundraising drive

---------- Forwarded message ----------
From: Karl Berry <karl <at> freefriends.org>
Date: Wed, Jan 4, 2012 at 12:02 AM
Subject: FSF fundraising drive
To: gnu-prog <at> gnu.org

The FSF is nearing the end of its current fundraising drive and all
support is welcome, as always.  Of course, the more members and/or
donations, the more support for GNU infrastructure and free software
campaigns.

The direct url to join is http://www.fsf.org/join, or donate at
https://my.fsf.org/donate.

If you think it's appropriate, please forward this to your project
mailing list and/or specific friends you think would be interested.  Or
if you'd like to join yourself, please go for it :).  If you're already
a member, and in any case for your contributions to GNU, thanks very
much.

Happy hacking to all,
Karl

_______________________________________________
Help-gnutls mailing list
Help-gnutls <at> gnu.org
https://lists.gnu.org/mailman/listinfo/help-gnutls
Permalink | Reply | 0 comments |

Gmane