Simon Josefsson | 1 May 12:14 2009

Re: Encryption using DSA keys

Miroslav Kratochvil <exa.exa <at> gmail.com> writes:

> Thanks for adding the key generation documentation and showing me an
> example, but I still have no luck.
>
> If anyone could generate a CA, then sign DSA key with it, and then
> connect gnutls-cli and gnutls-serv using that key verified by CA...
> would he please post a complete command sentence needed to achieve it?

Hi!  Try again using GnuTLS 2.6.6.  The DSA keys generated with GnuTLS
2.6.x with x < 6 were corrupt, and cause the error you encountered.
Thanks for reporting your problems.

/Simon
Carolin Latze | 1 May 16:56 2009
Picon
Picon

Install Problems

Hi all,

I tried to install GnuTLS, which results in errors when executing make 
check.

libgpg-error 1.7 has been installed with

./configure; make; make install (make check completes successfully)

libgcrypt 1.4.4 has been installed with

./configure --prefix=/usr --with-gpg-error-prefix=/usr/local; make; make 
install (make check completes successfully)

gnutls 2.6.6 has been installed with

./configure --prefix=/usr --disable-srp-authentication   
--disable-openpgp-authentication
make
make install

make check says "11 of 23 tests failed"

most of the errors sound like

server: ready. Listening to port '5556'.
Launched, generating DH parameters...
server: connection from 127.0.0.1, port 58289
./resume: relocation error: 
/usr/local/src/gnutls-2.6.6/lib/.libs/libgnutls.so.26: symbol 
(Continue reading)

Simon Josefsson | 1 May 17:56 2009

Re: Install Problems

Carolin Latze <carolin.latze <at> unifr.ch> writes:

> Hi all,
>
> I tried to install GnuTLS, which results in errors when executing make
> check.
>
> libgpg-error 1.7 has been installed with
>
> ./configure; make; make install (make check completes successfully)
>
> libgcrypt 1.4.4 has been installed with
>
> ./configure --prefix=/usr --with-gpg-error-prefix=/usr/local; make;
> make install (make check completes successfully)
>
> gnutls 2.6.6 has been installed with
>
> ./configure --prefix=/usr --disable-srp-authentication
> --disable-openpgp-authentication

Try adding --with-libgcrypt-prefix=/usr/local.  Otherwise it likely
tries to use libgcrypt from /usr.

> /usr/local/src/gnutls-2.6.6/lib/.libs/libgnutls.so.26: symbol
> gcry_cipher_setkey, version GCRYPT_1.2 not defined in file
> libgcrypt.so.11 with link time reference

Yes, it seems to use one libgcrypt during linking and another one when
running.
(Continue reading)

Carolin Latze | 1 May 18:02 2009
Picon
Picon

Re: Install Problems

Hi Simon,
>   
>> /usr/local/src/gnutls-2.6.6/lib/.libs/libgnutls.so.26: symbol
>> gcry_cipher_setkey, version GCRYPT_1.2 not defined in file
>> libgcrypt.so.11 with link time reference
>>     
>
> Yes, it seems to use one libgcrypt during linking and another one when
> running.
>
> You could also try running "ldconfig" as root to make sure the
> ld.so.cache is uptodate.
>   

Stupid... yes, you were right. I installed libgcrypt to /usr/lib, but 
that was not in ld.so.conf (I thought only /usr/local/lib is missing 
from time to time, not /usr/lib *sigh*)

Thx!

Carolin
Simon Josefsson | 6 May 09:25 2009

Re: Help for Gnutls4win

"Yan, Patrick (NSN - CN/Beijing)" <patrick.yan <at> nsn.com> writes:

> Hi helper-guntls:
>
> I want to added a protocol dissectors in wireshark, this dissectors need Gcrypt. But when I compliing the
code, here is some make error related to Gcrypt. Would you help to check that. 
>
> I used gnutls-2.6.3. 
> OS is windows XP, wireshark source code is last version of wireshark-1.0.7. 
>  
> Checking for required applications:
>         cl: /cygdrive/c/Program Files/Microsoft Visual Studio 9.0/VC/BIN/cl
>         link: /cygdrive/c/Program Files/Microsoft Visual Studio 9.0/VC/BIN/link
>         nmake: /cygdrive/c/Program Files/Microsoft Visual Studio 9.0/VC/BIN/nmake
>         bash: /usr/bin/bash
>         bison: /usr/bin/bison
>         flex: /usr/bin/flex
>         env: /usr/bin/env
>         grep: /usr/bin/grep
>         /usr/bin/find: /usr/bin/find
>         perl: /usr/bin/perl
>         C:\Python26\python.exe: /cygdrive/c/Python26/python.exe
>         sed: /usr/bin/sed
>         unzip: /usr/bin/unzip
>         wget: /usr/bin/wget 
>
> Here is the make error:
>
> packet-chlipx1.c
> C:\wireshark-libs-1.0\gnutls-2.6.3-1\include\gcrypt.h(206) : error C2061: syntax error :
(Continue reading)

Jeff Cai | 6 May 09:46 2009
Picon

Re: Libtasn1 2.1

Simon,

I also found that libtasn1.pc also licensed under GPLv3. It this true?

A library of LGPL v2 lives with a .pc file with GPL v3? 

Jeff

On Fri, 2009-04-17 at 01:22 +0200, Simon Josefsson wrote:
> Libtasn1 is a standalone library written in C for manipulating ASN.1
> objects including DER/BER encoding and DER/BER decoding.  Libtasn1 is
> used by GnuTLS to manipulate X.509 objects and by Shishi to handle
> Kerberos V5 packets.
> 
> Version 2.1 (released 2009-04-17)
> - Fix compilation failure on platforms that can't generate empty archives,
>   e.g., Mac OS X.  Reported by David Reiser <dbreiser <at> gmail.com>.
> 
> Commercial support contracts for Libtasn1 are available, and they help
> finance continued maintenance.  Simon Josefsson Datakonsult AB, a
> Stockholm based privately held company, is currently funding Libtasn1
> maintenance.  We are always looking for interesting development
> projects.  See http://josefsson.org/ for more details.
> 
> If you need help to use Libtasn1, or want to help others, you are
> invited to join the help-gnutls mailing list, see:
> <http://lists.gnu.org/mailman/listinfo/help-gnutls>.
> 
> Homepage:
>   http://josefsson.org/libtasn1/
(Continue reading)

Simon Josefsson | 6 May 09:55 2009

Re: Help for Gnutls4win

"Yan, Patrick (NSN - CN/Beijing)" <patrick.yan <at> nsn.com> writes:

> Hi Simon,
>
> Thanks. That problem is resolved.
>
> But still need your help for the following errors. What's type for
> pid_t, is long? 

It doesn't exist on Windows, I think.  Try setting it to long and see if
it works.

Btw, rather than building it on Windows natively, you may try to use a
GnuTLS DLL built using mingw instead: http://josefsson.org/gnutls4win/
It includes DLLs for libgcrypt and libgpg-error as well.

/Simon

> Gcrypt.h: 
> line 217:ssize_t (*waitpid) (pid_t pid, int *status, int options);
>
>
> C:\wireshark-libs-1.0\gnutls-2.6.3-1\include\gcrypt.h(217) : error
> C2146: syntax error : missing ')' before identifier 'pid'
> C:\wireshark-libs-1.0\gnutls-2.6.3-1\include\gcrypt.h(217) : error
> C2146: syntax error : missing ';' before identifier 'pid'
> C:\wireshark-libs-1.0\gnutls-2.6.3-1\include\gcrypt.h(217) : error
> C2061: syntax error : identifier 'pid'
> C:\wireshark-libs-1.0\gnutls-2.6.3-1\include\gcrypt.h(217) : error
> C2059: syntax error : ')'
(Continue reading)

Simon Josefsson | 6 May 09:56 2009

Re: Libtasn1 2.1

Jeff Cai <Jeff.Cai <at> Sun.COM> writes:

> Simon,
>
> I also found that libtasn1.pc also licensed under GPLv3. It this true?
>
> A library of LGPL v2 lives with a .pc file with GPL v3? 

Hi.  I've re-licensed it to LGPLv2.1+, see:

http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=009b6c20ffc0164189691b47ad5f172518b97169

/Simon
Jeff Cai | 6 May 10:21 2009
Picon

Re: Libtasn1 2.1

Thanks for your quick response.

Do you think that Makefile.am under lib also needs to be licensed to
LGPL?

Jeff

On Wed, 2009-05-06 at 09:56 +0200, Simon Josefsson wrote:
> Jeff Cai <Jeff.Cai <at> Sun.COM> writes:
> 
> > Simon,
> >
> > I also found that libtasn1.pc also licensed under GPLv3. It this true?
> >
> > A library of LGPL v2 lives with a .pc file with GPL v3? 
> 
> Hi.  I've re-licensed it to LGPLv2.1+, see:
> 
> http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=009b6c20ffc0164189691b47ad5f172518b97169
> 
> /Simon
Simon Josefsson | 6 May 10:31 2009

Re: Libtasn1 2.1

Jeff Cai <Jeff.Cai <at> Sun.COM> writes:

> Thanks for your quick response.
>
> Do you think that Makefile.am under lib also needs to be licensed to
> LGPL?

I don't think so, since it is not something that is include in the
installed software.  The GPLv3 Makefile.am is needed to build libtasn1,
but so is other GPLv3 tools (e.g., bison) so I don't see the difference.

/Simon

Gmane