From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 2446B7EEE0 for ; Tue, 17 Mar 2015 11:28:37 +0100 (CET) Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of info@gerd-stolpmann.de) identity=pra; client-ip=212.227.17.13; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="info@gerd-stolpmann.de"; x-conformance=sidf_compatible Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of info@gerd-stolpmann.de) identity=mailfrom; client-ip=212.227.17.13; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="info@gerd-stolpmann.de"; x-conformance=sidf_compatible Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@mout.kundenserver.de) identity=helo; client-ip=212.227.17.13; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="info@gerd-stolpmann.de"; x-sender="postmaster@mout.kundenserver.de"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CfAAB+AQhVnA0R49Rbgxs9WsVoCoV1AoE1TAEBAQEBAREBAQEBAQYNCQkULoQQAQQBVSQFCwtGVwYTCYgeDAmuGyFvDZlsAQEBAQEBAQMBAQEBAQEcixeCYYFqJgeCLQxBgTMFhhCIJIJUAYMhhX2GegONHYQSbgGCQgEBAQ X-IPAS-Result: A0CfAAB+AQhVnA0R49Rbgxs9WsVoCoV1AoE1TAEBAQEBAREBAQEBAQYNCQkULoQQAQQBVSQFCwtGVwYTCYgeDAmuGyFvDZlsAQEBAQEBAQMBAQEBAQEcixeCYYFqJgeCLQxBgTMFhhCIJIJUAYMhhX2GegONHYQSbgGCQgEBAQ X-IronPort-AV: E=Sophos;i="5.11,415,1422918000"; d="asc'?scan'208";a="126347259" Received: from mout.kundenserver.de ([212.227.17.13]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Mar 2015 11:28:07 +0100 Received: from office1.lan.sumadev.de ([178.4.18.94]) by mrelayeu.kundenserver.de (mreue102) with ESMTPSA (Nemesis) id 0MMF1Z-1YbQ9w3A8T-0082kW; Tue, 17 Mar 2015 11:28:05 +0100 Received: from [192.168.65.10] (unknown [192.168.65.10]) by office1.lan.sumadev.de (Postfix) with ESMTPSA id 85A90DC05D; Tue, 17 Mar 2015 11:28:04 +0100 (CET) Message-ID: <1426588076.6160.5.camel@e130.lan.sumadev.de> From: Gerd Stolpmann To: Sebastien Ferre Cc: caml-list@inria.fr Date: Tue, 17 Mar 2015 11:27:56 +0100 In-Reply-To: <5507ED6E.3020308@irisa.fr> References: <5507ED6E.3020308@irisa.fr> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-/oSbNzHyLYX7yqChF4uD" X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 X-Provags-ID: V03:K0:miOCEa2AJQZ8PmBL9hjn2uhDHT/a+EhrXVPDLZhkKOxyM+Y1uWZ Zg6mu6imU7/VAOgAktBb843RflfzkA6BCtQaDxGGntwsSwR0gE4qNlL8g0PFevDoPx4lPuM uiR0625rRXxRp0+BkGi6H/fdTqwe89ElTG0Zw30Cz8/ATPqWrYJ7byuX9RKSDxFJob+E65P JR8y1Rl7p1of9bGwiiB/Q== X-UI-Out-Filterresults: notjunk:1; Subject: Re: [Caml-list] ocamlnet and missing SRP functions in gnutls --=-/oSbNzHyLYX7yqChF4uD Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable Am Dienstag, den 17.03.2015, 10:01 +0100 schrieb Sebastien Ferre: > Hi, >=20 > when trying to use gnutls for TLS-secured > connections with ocamlnet, I encounter a > problem with SRP functions. >=20 > When linking with package nettls-gnutls of > ocamlnet, I get the following linking errors > (excerpt here, full log at the end). >=20 > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `abs_gnutls_srp_client_credentials_t_finalize': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:1841:=20 > undefined reference to `gnutls_srp_free_client_credentials' > [...] >=20 > All undefined functions start with 'gnutls_srp_'. After > some web search, I found that those functions are excluded > in some Linux distributions (mine is a Fedora) because of > patent issues. I was unaware of this. > Are those functions really necessary for TLS connections ? For TLS connections secured by X.509 keys these are not needed. (TLS is a wide area, and there are more cryptographic options than what you typically find in e.g. web browsers. SRP is one of these options.) > If not, is there a patch of the package 'nettls-gnutls' that > avoids them ? If yes, is there a workaround ? Has anybody else > encounter the same problem. In the svn repo of ocamlnet I just marked the srp functions as optional (https://godirepo.camlcity.org/svn/lib-ocamlnet2/trunk/). I don't know whether this is sufficient or not, as I have no system for testing. Gerd >=20 > My global objective is to provide a secure authentication > for a Web application. >=20 > Thanks, > --- > S=E9bastien Ferr=E9 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `abs_gnutls_srp_client_credentials_t_finalize': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:1841:=20 > undefined reference to `gnutls_srp_free_client_credentials' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `abs_gnutls_srp_server_credentials_t_finalize': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:1770:=20 > undefined reference to `gnutls_srp_free_server_credentials' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_allocate_client_credentials': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5431:=20 > undefined reference to `gnutls_srp_allocate_client_credentials' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_set_client_credentials': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5446:=20 > undefined reference to `gnutls_srp_set_client_credentials' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_allocate_server_credentials': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5456:=20 > undefined reference to `gnutls_srp_allocate_server_credentials' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_set_server_credentials_file': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5471:=20 > undefined reference to `gnutls_srp_set_server_credentials_file' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_server_get_username': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5482:=20 > undefined reference to `gnutls_srp_server_get_username' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_set_prime_bits': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5493:=20 > undefined reference to `gnutls_srp_set_prime_bits' > /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnu= tls_bindings_stubs.o):=20 > In function `net_gnutls_srp_verifier': > /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gn= utls_bindings_stubs.c:5512:=20 > undefined reference to `gnutls_srp_verifier' > collect2: error: ld returned 1 exit status > File "caml_startup", line 1: > Error: Error during linking >=20 >=20 --=20 ------------------------------------------------------------ Gerd Stolpmann, Darmstadt, Germany gerd@gerd-stolpmann.de My OCaml site: http://www.camlcity.org Contact details: http://www.camlcity.org/contact.html Company homepage: http://www.gerd-stolpmann.de ------------------------------------------------------------ --=-/oSbNzHyLYX7yqChF4uD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJVCAGsAAoJEAaM4b9ZLB5TIeIIAJ0FhbydyP1MyFXBE7x7Y/ME fU3tf2H0dxPzCtiwUBnuUWkpXwZ+7gawLD+7MVwb9L9DZfPI6z/4kUy0tjLiEeEk 9PBYeAtEA5c1MVu4O8C47bLZLxR9LXl0Bx+FJI2QgYdjAsplKHcHmXVQtX+//qBN 9cWOS1UtD6tik6Yo5VDQRu2bGmxF2WIWcbbUf7gOEHffYxMgvTN+cH6qRFRnfTFG BRtu1TigXvNRT3mpa7aIowAOkgR8pLvBcWGgz+sdzFnK5pcoLLFA6CsfEjzw/Euk 2fWDZAiIB0K1oaC3CjX8oq1YgMp8QQ+vHKrEk0ea4H4N3eKxEC5txyIVVosLGTs= =rlLM -----END PGP SIGNATURE----- --=-/oSbNzHyLYX7yqChF4uD--