Re: GnuTLS issue (Mandos Server/Client)
On Thu, 2014-04-03 at 11:14 -0600, Nathanael D. Noblet wrote: > > Does it really use TLS with openpgp certificates? If yes, I doubt you > > could make 2.8.5 interoperate with gnutls 3.1.20. GnuTLS was modified in > > 3.1.x to adhere with RFC6091 which was incompatible the previous attempt > > to have openpgp keys to TLS. > Hello, > Yes it uses TLS and opengpg certificates. So gnutls 3.1.20 can't use > both new and old methods I presume? Unfortunately not. regards, Nikos -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: GnuTLS issue (Mandos Server/Client)
On Thu, 2014-04-03 at 16:05 +0200, Nikos Mavrogiannopoulos wrote: > On Wed, 2014-04-02 at 10:50 -0600, Nathanael D. Noblet wrote: > > CentOS 6 = gnutls 2.8.5 > > F20 = gnutls 3.1.20 > > The server is a python app and sets the priority string as follows: > > priority=SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP > > this is fed to some gnutls function somewhere in the stack. > > Does it really use TLS with openpgp certificates? If yes, I doubt you > could make 2.8.5 interoperate with gnutls 3.1.20. GnuTLS was modified in > 3.1.x to adhere with RFC6091 which was incompatible the previous attempt > to have openpgp keys to TLS. Hello, Yes it uses TLS and opengpg certificates. So gnutls 3.1.20 can't use both new and old methods I presume? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: GnuTLS issue (Mandos Server/Client)
On Wed, 2014-04-02 at 10:50 -0600, Nathanael D. Noblet wrote: > CentOS 6 = gnutls 2.8.5 > F20 = gnutls 3.1.20 > The server is a python app and sets the priority string as follows: > priority=SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP > this is fed to some gnutls function somewhere in the stack. Does it really use TLS with openpgp certificates? If yes, I doubt you could make 2.8.5 interoperate with gnutls 3.1.20. GnuTLS was modified in 3.1.x to adhere with RFC6091 which was incompatible the previous attempt to have openpgp keys to TLS. regards, Nikos -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: GnuTLS issue (Mandos Server/Client)
On Wed, 2014-04-02 at 11:53 -0600, Nathanael D. Noblet wrote: > On Wed, 2014-04-02 at 10:15 -0700, Adam Williamson wrote: > > Well, have you tried the 'obvious' - building the newer gnutls on CentOS > > 6 (or the older on Fedora 20) and building mandos against that, to see > > if the issue is in gnutls or somewhere else in the 'base system'? That'd > > narrow it down at least. > > Hmm that does seem obvious in hindsight. However no I haven't tried > that. I figured I'd end up with a huge mess trying to recompile > something like that between distros with such huge time periods all the > related packages that depend on them. For example the python bindings > etc... I'll look into doing it however. well, I was figuring you could build it separately from the system copy and then only link mandos (not anything else) against the 'special' copy. ought to be possible one way or another, i'd guess. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: GnuTLS issue (Mandos Server/Client)
On Wed, 2014-04-02 at 10:15 -0700, Adam Williamson wrote: > Well, have you tried the 'obvious' - building the newer gnutls on CentOS > 6 (or the older on Fedora 20) and building mandos against that, to see > if the issue is in gnutls or somewhere else in the 'base system'? That'd > narrow it down at least. Hmm that does seem obvious in hindsight. However no I haven't tried that. I figured I'd end up with a huge mess trying to recompile something like that between distros with such huge time periods all the related packages that depend on them. For example the python bindings etc... I'll look into doing it however. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: GnuTLS issue (Mandos Server/Client)
On Wed, 2014-04-02 at 10:50 -0600, Nathanael D. Noblet wrote: > Hello, > > I'm working on getting a package (mandos) included in Fedora/EPEL. > Currently its heavily focused on debian based distros so I'm not ready > for a review. However I have it working in a few situations but have > some issues in others. I'm hoping someone here may be able to shed light > on what may be going on. So that I can finish adding the bits needed to > be fully functional and then included. > > So the whole thing works only if servers and clients are on the same > OS version. Different errors are thrown for different combinations. > > Client OS Server OS Error > F20CentOS 6 TLS packet with unexpected length was received > CentOS 6 F20 The TLS connection was non-properly terminated > CentOS 6 CentOS 6 No error > F20F20 No error > > CentOS gnutls versions > CentOS 6 = gnutls 2.8.5 > F20 = gnutls 3.1.20 > > The server is a python app and sets the priority string as follows: > priority=SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP > this is fed to some gnutls function somewhere in the stack. > > I'm at a complete loss as to why it doesn't work. Pointers or docs or > anything else that can help me figure out why an app can talk to itself > as long as the same base OS is used would be GREATLY appreciated.. Well, have you tried the 'obvious' - building the newer gnutls on CentOS 6 (or the older on Fedora 20) and building mandos against that, to see if the issue is in gnutls or somewhere else in the 'base system'? That'd narrow it down at least. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
GnuTLS issue (Mandos Server/Client)
Hello, I'm working on getting a package (mandos) included in Fedora/EPEL. Currently its heavily focused on debian based distros so I'm not ready for a review. However I have it working in a few situations but have some issues in others. I'm hoping someone here may be able to shed light on what may be going on. So that I can finish adding the bits needed to be fully functional and then included. So the whole thing works only if servers and clients are on the same OS version. Different errors are thrown for different combinations. Client OS Server OSError F20CentOS 6 TLS packet with unexpected length was received CentOS 6 F20 The TLS connection was non-properly terminated CentOS 6 CentOS 6 No error F20F20 No error CentOS gnutls versions CentOS 6 = gnutls 2.8.5 F20 = gnutls 3.1.20 The server is a python app and sets the priority string as follows: priority=SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP this is fed to some gnutls function somewhere in the stack. I'm at a complete loss as to why it doesn't work. Pointers or docs or anything else that can help me figure out why an app can talk to itself as long as the same base OS is used would be GREATLY appreciated.. Thanks, -- Nathanael -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
