From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 4F4CF7EEE0 for ; Tue, 17 Mar 2015 18:20:11 +0100 (CET) X-IronPort-AV: E=Sophos;i="5.11,417,1422918000"; d="scan'208";a="126434346" Received: from alnitak.irisa.fr ([131.254.16.128]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES128-SHA; 17 Mar 2015 18:20:01 +0100 Message-ID: <55086241.1080007@irisa.fr> Date: Tue, 17 Mar 2015 18:20:01 +0100 From: Sebastien Ferre Organization: IRISA User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Gerd Stolpmann , caml-list@inria.fr References: <5507ED6E.3020308@irisa.fr> <1426588076.6160.5.camel@e130.lan.sumadev.de> In-Reply-To: <1426588076.6160.5.camel@e130.lan.sumadev.de> Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 8bit X-Validation-by: sebastien.ferre@irisa.fr Subject: Re: [Caml-list] ocamlnet and missing SRP functions in gnutls On 03/17/2015 11:27 AM, Gerd Stolpmann wrote: > Am Dienstag, den 17.03.2015, 10:01 +0100 schrieb Sebastien Ferre: >> Hi, >> >> when trying to use gnutls for TLS-secured >> connections with ocamlnet, I encounter a >> problem with SRP functions. >> >> When linking with package nettls-gnutls of >> ocamlnet, I get the following linking errors >> (excerpt here, full log at the end). >> >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `abs_gnutls_srp_client_credentials_t_finalize': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841: >> undefined reference to `gnutls_srp_free_client_credentials' >> [...] >> >> All undefined functions start with 'gnutls_srp_'. After >> some web search, I found that those functions are excluded >> in some Linux distributions (mine is a Fedora) because of >> patent issues. > > I was unaware of this. > >> Are those functions really necessary for TLS connections ? > > For TLS connections secured by X.509 keys these are not needed. (TLS is > a wide area, and there are more cryptographic options than what you > typically find in e.g. web browsers. SRP is one of these options.) Good that those features are not necessary. >> If not, is there a patch of the package 'nettls-gnutls' that >> avoids them ? If yes, is there a workaround ? Has anybody else >> encounter the same problem. > > In the svn repo of ocamlnet I just marked the srp functions as optional > (https://godirepo.camlcity.org/svn/lib-ocamlnet2/trunk/). I don't know > whether this is sufficient or not, as I have no system for testing. According to my test, this makes no difference. What I did: - uninstall ocamlnet through opam - install your svn version at the same place. Should I add more options for the link phase ? I looked at the symbol table of libnettls_gnutls.a, and it shows all SRP functions as undefined (U). Sébastien >> ============================================================== >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `abs_gnutls_srp_client_credentials_t_finalize': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1841: >> undefined reference to `gnutls_srp_free_client_credentials' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `abs_gnutls_srp_server_credentials_t_finalize': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:1770: >> undefined reference to `gnutls_srp_free_server_credentials' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_allocate_client_credentials': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5431: >> undefined reference to `gnutls_srp_allocate_client_credentials' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_set_client_credentials': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5446: >> undefined reference to `gnutls_srp_set_client_credentials' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_allocate_server_credentials': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5456: >> undefined reference to `gnutls_srp_allocate_server_credentials' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_set_server_credentials_file': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5471: >> undefined reference to `gnutls_srp_set_server_credentials_file' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_server_get_username': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5482: >> undefined reference to `gnutls_srp_server_get_username' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_set_prime_bits': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5493: >> undefined reference to `gnutls_srp_set_prime_bits' >> /local/ferre/.opam/system/lib/nettls-gnutls/libnettls-gnutls.a(nettls_gnutls_bindings_stubs.o): >> In function `net_gnutls_srp_verifier': >> /home/ferre/.opam/system/build/ocamlnet.4.0.2/src/nettls-gnutls/nettls_gnutls_bindings_stubs.c:5512: >> undefined reference to `gnutls_srp_verifier' >> collect2: error: ld returned 1 exit status >> File "caml_startup", line 1: >> Error: Error during linking >> >> >