* [Caml-list] ocamlnet and missing SRP functions in gnutls
@ 2015-03-17 9:01 Sebastien Ferre
2015-03-17 10:27 ` Gerd Stolpmann
0 siblings, 1 reply; 3+ messages in thread
From: Sebastien Ferre @ 2015-03-17 9:01 UTC (permalink / raw)
To: caml-list
Hi,
when trying to use gnutls for TLS-secured
connections with ocamlnet, I encounter a
problem with SRP functions.
When linking with package nettls-gnutls of
ocamlnet, I get the following linking errors
(excerpt here, full log at the end).
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `abs_gnutls_srp_client_credentials_t_finalize':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
undefined reference to `gnutls_srp_free_client_credentials'
[...]
All undefined functions start with 'gnutls_srp_'. After
some web search, I found that those functions are excluded
in some Linux distributions (mine is a Fedora) because of
patent issues.
Are those functions really necessary for TLS connections ?
If not, is there a patch of the package 'nettls-gnutls' that
avoids them ? If yes, is there a workaround ? Has anybody else
encounter the same problem.
My global objective is to provide a secure authentication
for a Web application.
Thanks,
---
Sébastien Ferré
==============================================================
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `abs_gnutls_srp_client_credentials_t_finalize':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
undefined reference to `gnutls_srp_free_client_credentials'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `abs_gnutls_srp_server_credentials_t_finalize':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1770:
undefined reference to `gnutls_srp_free_server_credentials'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_allocate_client_credentials':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5431:
undefined reference to `gnutls_srp_allocate_client_credentials'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_set_client_credentials':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5446:
undefined reference to `gnutls_srp_set_client_credentials'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_allocate_server_credentials':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5456:
undefined reference to `gnutls_srp_allocate_server_credentials'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_set_server_credentials_file':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5471:
undefined reference to `gnutls_srp_set_server_credentials_file'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_server_get_username':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5482:
undefined reference to `gnutls_srp_server_get_username'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_set_prime_bits':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5493:
undefined reference to `gnutls_srp_set_prime_bits'
/local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
In function `net_gnutls_srp_verifier':
/home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5512:
undefined reference to `gnutls_srp_verifier'
collect2: error: ld returned 1 exit status
File "caml_startup", line 1:
Error: Error during linking
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Caml-list] ocamlnet and missing SRP functions in gnutls
2015-03-17 9:01 [Caml-list] ocamlnet and missing SRP functions in gnutls Sebastien Ferre
@ 2015-03-17 10:27 ` Gerd Stolpmann
2015-03-17 17:20 ` Sebastien Ferre
0 siblings, 1 reply; 3+ messages in thread
From: Gerd Stolpmann @ 2015-03-17 10:27 UTC (permalink / raw)
To: Sebastien Ferre; +Cc: caml-list
[-- Attachment #1: Type: text/plain, Size: 5157 bytes --]
Am Dienstag, den 17.03.2015, 10:01 +0100 schrieb Sebastien Ferre:
> Hi,
>
> when trying to use gnutls for TLS-secured
> connections with ocamlnet, I encounter a
> problem with SRP functions.
>
> When linking with package nettls-gnutls of
> ocamlnet, I get the following linking errors
> (excerpt here, full log at the end).
>
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `abs_gnutls_srp_client_credentials_t_finalize':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
> undefined reference to `gnutls_srp_free_client_credentials'
> [...]
>
> All undefined functions start with 'gnutls_srp_'. After
> some web search, I found that those functions are excluded
> in some Linux distributions (mine is a Fedora) because of
> patent issues.
I was unaware of this.
> Are those functions really necessary for TLS connections ?
For TLS connections secured by X.509 keys these are not needed. (TLS is
a wide area, and there are more cryptographic options than what you
typically find in e.g. web browsers. SRP is one of these options.)
> If not, is there a patch of the package 'nettls-gnutls' that
> avoids them ? If yes, is there a workaround ? Has anybody else
> encounter the same problem.
In the svn repo of ocamlnet I just marked the srp functions as optional
(https://godirepo.camlcity.org/svn/lib-ocamlnet2/trunk/). I don't know
whether this is sufficient or not, as I have no system for testing.
Gerd
>
> My global objective is to provide a secure authentication
> for a Web application.
>
> Thanks,
> ---
> Sébastien Ferré
>
> ==============================================================
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `abs_gnutls_srp_client_credentials_t_finalize':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
> undefined reference to `gnutls_srp_free_client_credentials'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `abs_gnutls_srp_server_credentials_t_finalize':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1770:
> undefined reference to `gnutls_srp_free_server_credentials'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_allocate_client_credentials':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5431:
> undefined reference to `gnutls_srp_allocate_client_credentials'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_set_client_credentials':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5446:
> undefined reference to `gnutls_srp_set_client_credentials'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_allocate_server_credentials':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5456:
> undefined reference to `gnutls_srp_allocate_server_credentials'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_set_server_credentials_file':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5471:
> undefined reference to `gnutls_srp_set_server_credentials_file'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_server_get_username':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5482:
> undefined reference to `gnutls_srp_server_get_username'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_set_prime_bits':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5493:
> undefined reference to `gnutls_srp_set_prime_bits'
> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
> In function `net_gnutls_srp_verifier':
> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5512:
> undefined reference to `gnutls_srp_verifier'
> collect2: error: ld returned 1 exit status
> File "caml_startup", line 1:
> Error: Error during linking
>
>
--
------------------------------------------------------------
Gerd Stolpmann, Darmstadt, Germany gerd@gerd-stolpmann.de
My OCaml site: http://www.camlcity.org
Contact details: http://www.camlcity.org/contact.html
Company homepage: http://www.gerd-stolpmann.de
------------------------------------------------------------
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Caml-list] ocamlnet and missing SRP functions in gnutls
2015-03-17 10:27 ` Gerd Stolpmann
@ 2015-03-17 17:20 ` Sebastien Ferre
0 siblings, 0 replies; 3+ messages in thread
From: Sebastien Ferre @ 2015-03-17 17:20 UTC (permalink / raw)
To: Gerd Stolpmann, caml-list
On 03/17/2015 11:27 AM, Gerd Stolpmann wrote:
> Am Dienstag, den 17.03.2015, 10:01 +0100 schrieb Sebastien Ferre:
>> Hi,
>>
>> when trying to use gnutls for TLS-secured
>> connections with ocamlnet, I encounter a
>> problem with SRP functions.
>>
>> When linking with package nettls-gnutls of
>> ocamlnet, I get the following linking errors
>> (excerpt here, full log at the end).
>>
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `abs_gnutls_srp_client_credentials_t_finalize':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
>> undefined reference to `gnutls_srp_free_client_credentials'
>> [...]
>>
>> All undefined functions start with 'gnutls_srp_'. After
>> some web search, I found that those functions are excluded
>> in some Linux distributions (mine is a Fedora) because of
>> patent issues.
>
> I was unaware of this.
>
>> Are those functions really necessary for TLS connections ?
>
> For TLS connections secured by X.509 keys these are not needed. (TLS is
> a wide area, and there are more cryptographic options than what you
> typically find in e.g. web browsers. SRP is one of these options.)
Good that those features are not necessary.
>> If not, is there a patch of the package 'nettls-gnutls' that
>> avoids them ? If yes, is there a workaround ? Has anybody else
>> encounter the same problem.
>
> In the svn repo of ocamlnet I just marked the srp functions as optional
> (https://godirepo.camlcity.org/svn/lib-ocamlnet2/trunk/). I don't know
> whether this is sufficient or not, as I have no system for testing.
According to my test, this makes no difference.
What I did:
- uninstall ocamlnet through opam
- install your svn version at the same place.
Should I add more options for the link phase ?
I looked at the symbol table of libnettls_gnutls.a,
and it shows all SRP functions as undefined (U).
Sébastien
>> ==============================================================
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `abs_gnutls_srp_client_credentials_t_finalize':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841:
>> undefined reference to `gnutls_srp_free_client_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `abs_gnutls_srp_server_credentials_t_finalize':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1770:
>> undefined reference to `gnutls_srp_free_server_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_allocate_client_credentials':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5431:
>> undefined reference to `gnutls_srp_allocate_client_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_set_client_credentials':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5446:
>> undefined reference to `gnutls_srp_set_client_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_allocate_server_credentials':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5456:
>> undefined reference to `gnutls_srp_allocate_server_credentials'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_set_server_credentials_file':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5471:
>> undefined reference to `gnutls_srp_set_server_credentials_file'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_server_get_username':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5482:
>> undefined reference to `gnutls_srp_server_get_username'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_set_prime_bits':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5493:
>> undefined reference to `gnutls_srp_set_prime_bits'
>> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o):
>> In function `net_gnutls_srp_verifier':
>> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5512:
>> undefined reference to `gnutls_srp_verifier'
>> collect2: error: ld returned 1 exit status
>> File "caml_startup", line 1:
>> Error: Error during linking
>>
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-17 17:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-17 9:01 [Caml-list] ocamlnet and missing SRP functions in gnutls Sebastien Ferre
2015-03-17 10:27 ` Gerd Stolpmann
2015-03-17 17:20 ` Sebastien Ferre
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).