Re: [Caml-list] ocamlnet and missing SRP functions in gnutls

[Sebastien Ferre <Sebastien.Ferre@irisa.fr>]

On 03/17/2015 11:27 AM, Gerd Stolpmann wrote:
> Am Dienstag, den 17.03.2015, 10:01 +0100 schrieb Sebastien Ferre:
>> Hi,
>>
>> when trying to use gnutls for TLS-secured
>> connections with ocamlnet, I encounter a
>> problem with SRP functions.
>>
>> When linking with package nettls-gnutls of
>> ocamlnet, I get the following linking errors
>> (excerpt here, full log at the end).
>>
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `abs_gnutls_srp_client_credentials_t_finalize':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
>> undefined reference to `gnutls_srp_free_client_credentials'
>> [...]
>>
>> All undefined functions start with 'gnutls_srp_'. After
>> some web search, I found that those functions are excluded
>> in some Linux distributions (mine is a Fedora) because of
>> patent issues.
>
> I was unaware of this.
>
>> Are those functions really necessary for TLS connections ?
>
> For TLS connections secured by X.509 keys these are not needed. (TLS is
> a wide area, and there are more cryptographic options than what you
> typically find in e.g. web browsers. SRP is one of these options.)

Good that those features are not necessary.

>> If not, is there a patch of the package 'nettls-gnutls' that
>> avoids them ? If yes, is there a workaround ? Has anybody else
>> encounter the same problem.
>
> In the svn repo of ocamlnet I just marked the srp functions as optional
> (https://godirepo.camlcity.org/svn/lib-ocamlnet2/trunk/). I don't know
> whether this is sufficient or not, as I have no system for testing.

According to my test, this makes no difference.
What I did:
- uninstall ocamlnet through opam
- install your svn version at the same place.
Should I add more options for the link phase ?

I looked at the symbol table of libnettls_gnutls.a,
and it shows all SRP functions as undefined (U).

Sébastien

>> ==============================================================
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `abs_gnutls_srp_client_credentials_t_finalize':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
>> undefined reference to `gnutls_srp_free_client_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `abs_gnutls_srp_server_credentials_t_finalize':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1770:
>> undefined reference to `gnutls_srp_free_server_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_allocate_client_credentials':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5431:
>> undefined reference to `gnutls_srp_allocate_client_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_set_client_credentials':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5446:
>> undefined reference to `gnutls_srp_set_client_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_allocate_server_credentials':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5456:
>> undefined reference to `gnutls_srp_allocate_server_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_set_server_credentials_file':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5471:
>> undefined reference to `gnutls_srp_set_server_credentials_file'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_server_get_username':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5482:
>> undefined reference to `gnutls_srp_server_get_username'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_set_prime_bits':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5493:
>> undefined reference to `gnutls_srp_set_prime_bits'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_verifier':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5512:
>> undefined reference to `gnutls_srp_verifier'
>> collect2: error: ld returned 1 exit status
>> File "caml_startup", line 1:
>> Error: Error during linking
>>
>>
>