Page MenuHome GnuPG

ntbtlsProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Thu, Jun 16

werner triaged T6029: ntbtls: Require TLS 1.2 or later + AEAD by default as Normal priority.
Thu, Jun 16, 6:37 PM · ntbtls

Tue, Jun 14

werner added a comment to T6029: ntbtls: Require TLS 1.2 or later + AEAD by default.

ntbtls support only 1.2. We can't disable cipher suites for interop reasons. It is not the client's job trying to force a server 's admin to offer only decent ciphersuites.

Tue, Jun 14, 8:04 AM · ntbtls

Mon, Jun 13

DemiMarie created T6029: ntbtls: Require TLS 1.2 or later + AEAD by default.
Mon, Jun 13, 11:21 PM · ntbtls

May 23 2022

werner closed T6001: Drop compression support in ntbtls as Invalid.

ntbltls does not implement compression:

May 23 2022, 10:54 PM · ntbtls
DemiMarie created T6001: Drop compression support in ntbtls.
May 23 2022, 5:52 PM · ntbtls

Apr 14 2022

werner closed T5235: Delays in dirmngr http connections on Windows as Resolved.

We have not seen this problem anymore in recent versions. Thus closing.

Apr 14 2022, 3:02 PM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)

Feb 28 2022

gniibe added a comment to T5861: ntbtls: AEAD GCM nonce.

In TLS 1.2, it refers RFC5116. In RFC5116, it says:

Feb 28 2022, 11:34 AM · ntbtls
gniibe lowered the priority of T5861: ntbtls: AEAD GCM nonce from Unbreak Now! to Normal.
Feb 28 2022, 11:21 AM · ntbtls
gniibe added a comment to T5861: ntbtls: AEAD GCM nonce.

My reading was wrong; Indeed we use memcpy from out_ctr. But it increments in network byte order.
So, for AES-GCM, it works well.

Feb 28 2022, 11:21 AM · ntbtls
gniibe triaged T5861: ntbtls: AEAD GCM nonce as Unbreak Now! priority.
Feb 28 2022, 2:20 AM · ntbtls

Nov 23 2021

werner lowered the priority of T5235: Delays in dirmngr http connections on Windows from Normal to Low.
Nov 23 2021, 9:14 AM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)
werner added a project to T5235: Delays in dirmngr http connections on Windows: can't replicate.

Might be a TOR Thing?

Nov 23 2021, 9:14 AM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)

Nov 10 2021

gniibe added a project to T5610: macOS 11 or newer support: Update libtool: gpgme.

Also applied to gpgme.

Nov 10 2021, 3:07 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Since there is no problem with libgpg-error 1.43, I applied it to other libraries: npth, libassuan, libksba, and ntbtls.

Nov 10 2021, 3:04 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Nov 3 2021

werner closed T5610: macOS 11 or newer support: Update libtool as Resolved.
Nov 3 2021, 3:16 PM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Sep 27 2021

aconchillo added a comment to T5610: macOS 11 or newer support: Update libtool.

These are great news. Thank you!

Sep 27 2021, 6:35 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Pushed the change to libgpg-error and libgcrypt (1.9 and master).
Let us see if there are any problem(s) for that, I will apply it to other libraries when it will be found no problem.

Sep 27 2021, 4:16 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe renamed T5610: macOS 11 or newer support: Update libtool from Update libtool to macOS 11 or newer support: Update libtool.
Sep 27 2021, 3:31 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Thank you for the information.
For the record, I put the link to the email submitted:
https://lists.gnu.org/archive/html/libtool-patches/2020-06/msg00001.html

Sep 27 2021, 3:30 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Sep 22 2021

aconchillo added a comment to T5610: macOS 11 or newer support: Update libtool.

Oh, you are right, it's not upstream. It's actually applied to Homebrew (https://brew.sh/) libtool formula which is where I originally got libtool.m4, see:

Sep 22 2021, 9:06 PM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

I see your point. I'd like to locate/identify where the change comes from.
I think that what you refer by "new libtool.m4" is actually macOS local change (I mean, not from libtool upstream, AFAIK).
Could you please point out the source of the change?

Sep 22 2021, 2:01 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Sep 21 2021

aconchillo added a comment to T5610: macOS 11 or newer support: Update libtool.

That would work, however we might hit this issue with a new macOS release. Would it make more sense to update to what the new libtool.m4 is doing? Linker flags are the same, it only changes the way they detect macOS versions:

Sep 21 2021, 8:33 PM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
werner added a comment to T5610: macOS 11 or newer support: Update libtool.

That does indeed not look like something which could introduce a regression.

Sep 21 2021, 11:43 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

I misunderstood as if we need to update libtool from upstream.

Sep 21 2021, 9:16 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
werner triaged T5610: macOS 11 or newer support: Update libtool as Low priority.

macOS has low priority for us and I do not want to risk any regression.

Sep 21 2021, 8:42 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

About merging our local changes.

Sep 21 2021, 8:11 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

We have our own changes for ltmain.sh and libtool.m4.

Sep 21 2021, 7:19 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

And update from automake 1.16:

Sep 21 2021, 7:02 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

It's better to update the set of files from libtool:

build-aux/ltmain.sh
m4/libtool.m4
m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
Sep 21 2021, 6:58 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Our libtool was 2.4.2 + Debian patches + our local changes.
Debian patches are:
https://salsa.debian.org/mckinstry/libtool/-/blob/debian/master/debian/patches/link_all_deplibs.patch
https://salsa.debian.org/mckinstry/libtool/-/blob/debian/master/debian/patches/netbsdelf.patch

Sep 21 2021, 6:57 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe created T5610: macOS 11 or newer support: Update libtool.
Sep 21 2021, 6:33 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Aug 13 2021

werner changed the edit policy for ntbtls.
Aug 13 2021, 11:11 PM

Mar 29 2021

werner closed T5368: warning: variable 'zlen' is uninitialized as Invalid.

Please look at the code:

Mar 29 2021, 8:30 AM · ntbtls, Bug Report

Mar 28 2021

JW created T5368: warning: variable 'zlen' is uninitialized.
Mar 28 2021, 8:24 PM · ntbtls, Bug Report

Jan 11 2021

werner created T5235: Delays in dirmngr http connections on Windows.
Jan 11 2021, 8:52 PM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)

Aug 28 2020

werner added a comment to T4838: add configure check for zlib to ntbtls.

I think we should make zlib a mandatory dependency.

Aug 28 2020, 7:54 AM · ntbtls, Bug Report
gniibe added a comment to T4838: add configure check for zlib to ntbtls.

Actually, configure already has the check.
If it's really needed to build without zlib, you can use this patch:

From 76920ac034490e4860ad6abe9891e3b1c0813363 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 28 Aug 2020 11:02:13 +0900
Subject: [PATCH] Until compression is implemented, build with no ZLIB can be
 done.
Aug 28 2020, 4:08 AM · ntbtls, Bug Report
gniibe closed T3207: FASTWIPE_T undefined as Resolved.
Aug 28 2020, 3:01 AM · Testing, ntbtls, Bug Report

Aug 27 2020

werner closed T4597: Support GCM modes for ntbtls. as Resolved.

0.2.0 was just released with support for GCM. Tested against openpgpkeys.pm.me

Aug 27 2020, 9:34 AM · Testing, Feature Request, ntbtls

Jun 3 2020

werner closed T4962: ntbTLS configure dependencies as Resolved.

Thanks. I bumped it up to be in sync with GnuPG 2.2. It also does not make sense to require a Libgcrypt which has reached end-of-life; Thus we now need 1.8.

Jun 3 2020, 10:45 AM · ntbtls, Bug Report

Jun 1 2020

Angel added a project to T4962: ntbTLS configure dependencies: ntbtls.
Jun 1 2020, 3:10 AM · ntbtls, Bug Report

Apr 10 2020

werner added a comment to T4913: ntbtls: TLS handshake error.

I think I fixed a memory leak on error but no other changes for old code except that the array to old the args now takes void* and not gcry_mpi_t - which does not make a difference.

Apr 10 2020, 12:23 PM · ntbtls
gniibe closed T4913: ntbtls: TLS handshake error as Invalid.

It was a problem of libgcrypt master.
As of today's libgcrypt rC60c179b59e53: sexp: Extend gcry_sexp_extract_param with new format specifiers., it works fine.

Apr 10 2020, 8:08 AM · ntbtls
gniibe added a comment to T4913: ntbtls: TLS handshake error.

It seems it's a falure of ECDH.
I ran a server by s_server and saw following error:

$ openssl s_server -key key.pem -cert cert.pem -accept 44330 -www
Using default temp DH parameters
ACCEPT
140203176436992:error:10067064:elliptic curve routines:ec_GFp_simple_oct2point:buffer too small:../crypto/ec/ecp_oct.c:280:
140203176436992:error:1419C010:SSL routines:tls_process_cke_ecdhe:EC lib:../ssl/statem/statem_srvr.c:3245:
Apr 10 2020, 7:47 AM · ntbtls
gniibe added a comment to T4913: ntbtls: TLS handshake error.

Because it also fails in 0.1.2 (with no GCM support), it seems that it's not GCM thing.

Apr 10 2020, 7:11 AM · ntbtls
gniibe created T4913: ntbtls: TLS handshake error.
Apr 10 2020, 7:10 AM · ntbtls

Mar 12 2020

gniibe added a project to T3207: FASTWIPE_T undefined: Testing.
Mar 12 2020, 6:34 AM · Testing, ntbtls, Bug Report
gniibe changed the status of T4597: Support GCM modes for ntbtls. from Open to Testing.
Mar 12 2020, 6:33 AM · Testing, Feature Request, ntbtls

Feb 6 2020

werner renamed T4838: add configure check for zlib to ntbtls from "make" with "ntbtls-0.1.2" failed to add configure check for zlib to ntbtls.
Feb 6 2020, 9:21 PM · ntbtls, Bug Report
werner triaged T4838: add configure check for zlib to ntbtls as Normal priority.

Install the zlib development package, its name is often "zlib1g-dev". The source requires the header because we plan to eventually support compression.

Feb 6 2020, 9:21 PM · ntbtls, Bug Report