www.cendio.com
Bug 3863 - switch to libnettle for GnuTLS
: switch to libnettle for GnuTLS
Status: CLOSED FIXED
: ThinLinc
Build system
: 3.1.2
: PC All
: P2 Enhancement
: 4.0.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2011-07-04 11:46 by
Modified: 2012-11-28 12:16 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2011-07-04 11:46:25
We're currently using the libgcrypt backend for GnuTLS. Unfortunately that
portion of GnuTLS seems unmaintained and buggy. They've even completely
disabled it on GnuTLS trunk.

The backend that everyone else is using is the libnettle one. Unfortunately
that one is GPL (not LGPL), so we'll have to open up any code using GnuTLS at
that point.

On the upside, nettle is a lot faster than libgcrypt.
------- Comment #1 From cendio 2012-03-29 08:17:25 -------
Either they've changed to licence, or I was confused. libnettle is LGPL, so we
should be able to just switch.
------- Comment #2 From cendio 2012-06-21 10:30:47 -------
Cenbuild updated in r25367, r25368 and r25369.

tlstunnel updated in r25370.
------- Comment #3 From cendio 2012-06-21 10:43:00 -------
License updated in r25371 and r25372.

Link kit updated in r25373.
------- Comment #4 From cendio 2012-10-18 14:07:02 -------
tlwebadm doesn't work on Solaris for whatever reason, guessing this has
something to do with it.

bash-3.00# tail -f tlwebadm.log
2012-10-18 13:52:14 ERROR tlwebadm[7762]: connect: No such file or directory
2012-10-18 13:52:14 INFO tlwebadm[7764]: Connection from 10.47.3.162, port
48271
2012-10-18 13:52:14 ERROR tlwebadm[7764]: connect: No such file or directory
2012-10-18 13:52:16 INFO tlwebadm[7765]: Connection from 10.47.3.162, port
48272
2012-10-18 13:52:16 INFO tlwebadm[7766]: Connection from 10.47.3.162, port
48273
2012-10-18 13:52:17 ERROR tlwebadm[7766]: connect: No such file or directory
2012-10-18 13:52:17 ERROR tlwebadm[7765]: connect: No such file or directory
2012-10-18 13:52:17 INFO tlwebadm[7767]: Connection from 10.47.3.162, port
48274
2012-10-18 13:52:18 ERROR tlwebadm[7767]: connect: No such file or directory
2012-10-18 13:52:18 ERROR tlwebadm[7754]: TLS handshake has failed (The TLS
connection was non-properly terminated.)
2012-10-18 13:57:06 INFO tlwebadm[8094]: Connection from 10.47.3.162, port
48408
2012-10-18 13:57:06 INFO tlwebadm[8095]: Connection from 10.47.3.162, port
48409
2012-10-18 13:57:07 ERROR tlwebadm[8095]: connect: No such file or directory
2012-10-18 13:57:07 ERROR tlwebadm[8094]: connect: No such file or directory
2012-10-18 13:57:07 INFO tlwebadm[8096]: Connection from 10.47.3.162, port
48410
2012-10-18 13:57:08 ERROR tlwebadm[8096]: connect: No such file or directory
2012-10-18 13:58:01 INFO tlwebadm[8117]: Connection from 10.47.3.162, port
48427
2012-10-18 13:58:01 INFO tlwebadm[8117]: TLS handshake failed, redirecting to
https://10.48.2.5:1010
2012-10-18 13:58:01 INFO tlwebadm[8118]: Connection from 10.47.3.162, port
48428
2012-10-18 13:58:01 ERROR tlwebadm[8118]: connect: No such file or directory
2012-10-18 13:58:11 INFO tlwebadm[8123]: Connection from 10.47.3.162, port
48429
2012-10-18 13:58:11 INFO tlwebadm[8124]: Connection from 10.47.3.162, port
48430
2012-10-18 13:58:12 ERROR tlwebadm[8123]: connect: No such file or directory
2012-10-18 13:58:12 ERROR tlwebadm[8124]: connect: No such file or directory
------- Comment #5 From cendio 2012-10-18 14:25:00 -------
The error in comment #4 was caused by a tlstunnel process left behind when the
tlwebadm processed somehow stopped, so disregard that. I'll see if I can
reproduce it on another bug instead and write this off as a fluke.
------- Comment #6 From cendio 2012-10-18 14:39:01 -------
Once I got the above issue sorted out, https worked just fine. It's not fast by
any measure, but that could just be Sunray being Sunray.