axtls-general Mailing List for axTLS Embedded SSL (Page 2)
Brought to you by:
cameronrich
You can subscribe to this list here.
2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2011 |
Jan
(13) |
Feb
(1) |
Mar
|
Apr
(3) |
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2012 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(1) |
May
(4) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2014 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
(4) |
Jul
(4) |
Aug
(2) |
Sep
(3) |
Oct
(1) |
Nov
(4) |
Dec
(1) |
2015 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(2) |
Aug
(8) |
Sep
|
Oct
|
Nov
|
Dec
(3) |
2017 |
Jan
(3) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(2) |
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
|
2019 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Cameron Hamilton-R. <cam...@gm...> - 2016-08-17 11:00:30
|
Just trying to do that now. And trying to remember all the old login details... Cam On 17/08/2016 8:58 PM, Daniel Stenberg wrote: > On Wed, 17 Aug 2016, Cameron Hamilton-Rich wrote: > >> There is a new version of axTLS which now supports TLS 1.2 which is a >> rather significant feature. > > Wohoo, may I suggest that you update that fact on the web page as well? > -- Cameron Hamilton-Rich Email: cam...@gm... |
From: Cameron Hamilton-R. <cam...@gm...> - 2016-08-17 10:49:24
|
Hi everyone, There is a new version of axTLS which now supports TLS 1.2 which is a rather significant feature. It passes all my tests but as usual something out there may break it. Give it a go and let me know if it is a thumbs up or down :-) Cam -- Cameron Hamilton-Rich Email: cam...@gm... |
From: Anthony G. B. <ba...@op...> - 2016-07-07 00:23:06
|
On 7/6/16 6:17 PM, Cameron Hamilton-Rich wrote: > Hi guys, > > Here's a new release of axTLS v1.5.4. Here's a list of changes since > April 30 of last year. Hmmm, I've been a bit slack on the updates. Sorry > about that :-( Okay the new version of axtls has been pushed out in Gentoo. Thanks. -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 |
From: Cameron Hamilton-R. <cam...@gm...> - 2016-07-06 22:17:40
|
Hi guys, Here's a new release of axTLS v1.5.4. Here's a list of changes since April 30 of last year. Hmmm, I've been a bit slack on the updates. Sorry about that :-( ------------------------------------------------------------------------ r258 | cameronrich | 2016-07-06 06:16:05 +1000 (Wed, 06 Jul 2016) | 1 line Removed some printfs in skeleton mode ------------------------------------------------------------------------ r257 | cameronrich | 2016-07-06 06:07:17 +1000 (Wed, 06 Jul 2016) | 1 line Fixed some skeleton mode warnings ------------------------------------------------------------------------ r256 | cameronrich | 2016-07-06 05:57:29 +1000 (Wed, 06 Jul 2016) | 1 line removed endian.h from os_int.h as it is no longer needed and was causing issues with the micropython build ------------------------------------------------------------------------ r255 | cameronrich | 2016-07-06 05:54:05 +1000 (Wed, 06 Jul 2016) | 1 line Now include os_port.h in tls1.h, but removed ax_malloc and friends ------------------------------------------------------------------------ r254 | cameronrich | 2016-07-05 17:07:45 +1000 (Tue, 05 Jul 2016) | 1 line Can handle SSL chains which are out of order (thanks Paul Johnstone) ------------------------------------------------------------------------ r253 | cameronrich | 2016-07-05 16:46:55 +1000 (Tue, 05 Jul 2016) | 1 line Fixed a memset issue and removed some doubled code (thanks Jens Muller) ------------------------------------------------------------------------ r252 | cameronrich | 2016-06-12 20:51:12 +1000 (Sun, 12 Jun 2016) | 1 line Removed RC4 from the list of negotiated ciphers as browsers don't support it anymore ------------------------------------------------------------------------ r251 | olereinhardt | 2015-10-02 01:58:22 +1000 (Fri, 02 Oct 2015) | 2 lines Tag 64-bit constants with "LL" (make e.g. AVR32 gcc happy) ------------------------------------------------------------------------ r250 | cameronrich | 2015-07-28 12:44:52 +1000 (Tue, 28 Jul 2015) | 1 line * Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent. Cheers, Cam -- Cameron Hamilton-Rich Email: cam...@gm... |
From: Ole R. <ole...@em...> - 2016-05-10 15:23:53
|
Hi Mario, to help you debugging, some more detailes informations would be great. Which version of axTLS are you using, and which version of cURL? Could you provide a complete testcase (set of your sources and your demo application?) best regards, Ole Reinhardt Am 09.05.2016 um 17:54 schrieb Mario Rütti: > Hi all > > I was able to build cURL with axTLS . At least https post and get are > working fine. > At the moment I try to send emails using cURL and a tlsv1.1 mail server. > But it doesn't work. The protocol upgrade to tls and key exchange deems > fine but then it blocks. Anyone any idea? > > Best regards > Mario > > > > Von meinem Samsung Gerät gesendet. > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > > > > _______________________________________________ > axtls-general mailing list > axt...@li... > https://lists.sourceforge.net/lists/listinfo/axtls-general > -- Embedded-IT Alter Weg 3 57223 Kreuztal http://www.embedded-it.de Tel.: +49-177-7420433 |
From: Mario R. <mr...@gm...> - 2016-05-09 15:54:09
|
Hi all I was able to build cURL with axTLS . At least https post and get are working fine.At the moment I try to send emails using cURL and a tlsv1.1 mail server. But it doesn't work. The protocol upgrade to tls and key exchange deems fine but then it blocks. Anyone any idea? Best regards Mario Von meinem Samsung Gerät gesendet. |
From: Cameron R. <cam...@gm...> - 2015-07-03 19:27:25
|
<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hi Hieu,<br> <br> RNG_Initialize() was moved in tls1.c as it was causing issues. ssl_ctx_new() now does the initialization and this is called once for each new context.<br> <br> This was done 3 years ago and nobody has complained yet. But are you using a lot of SSL_CTX contexts?<br> <br> Cam<br> <br> <div class="moz-cite-prefix">On 3/07/2015 3:20 PM, Hieu Trung Le wrote:<br> </div> <blockquote cite="mid:9F5...@gc..." type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> Hi, <div class=""><br class=""> </div> <div class="">I run into trouble and found that it probably caused by the static rng_ref_count is removed on this changeset <a moz-do-not-send="true" href="http://sourceforge.net/p/axtls/code/226/tree//trunk/crypto/crypto_misc.c?diff=511c3f4934309d74f9522c0d:225" class="">http://sourceforge.net/p/axtls/code/226/tree//trunk/crypto/crypto_misc.c?diff=511c3f4934309d74f9522c0d:225</a></div> <div class=""><br class=""> </div> <div class="">I'd like to understand why do we do that?</div> <div class=""><br class=""> </div> <div class="">Thanks,</div> <div class="">-Hieu</div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. <a class="moz-txt-link-freetext" href="https://www.gigenetcloud.com/">https://www.gigenetcloud.com/</a></pre> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ axtls-general mailing list <a class="moz-txt-link-abbreviated" href="mailto:axt...@li...">axt...@li...</a> <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/axtls-general">https://lists.sourceforge.net/lists/listinfo/axtls-general</a> </pre> </blockquote> <br> </body> </html> |
From: Hieu T. Le <hi...@gc...> - 2015-07-03 05:31:59
|
Hi, I run into trouble and found that it probably caused by the static rng_ref_count is removed on this changeset http://sourceforge.net/p/axtls/code/226/tree//trunk/crypto/crypto_misc.c?diff=511c3f4934309d74f9522c0d:225 <http://sourceforge.net/p/axtls/code/226/tree//trunk/crypto/crypto_misc.c?diff=511c3f4934309d74f9522c0d:225> I'd like to understand why do we do that? Thanks, -Hieu |
From: Isaac D. <ib...@gm...> - 2015-06-26 04:07:53
|
Hello, I've been interested in axTLS for a while, but hadn't looked at the code until this week. Here are a couple patches that may or may not be desired; if they look like a nice idea but need rework, I'd be willing to do it. Patch #1 should be less controversial / risky; it adds a "-crlf" option to axssl s_client, which will convert *nix-style '\n' line endings to "\r\n" (as is done in telnet). Whenever \r\n is read, it is a no-op (which will cover most use on Windows); it may make sense to disable this on Win32. The inspiration was an analogous feature in OpenSSL. Patch #2 allows compile-time disabling of RC4-based protocols (in a way, the reverse of "skeleton mode"). It adds CONFIG_SSL_PROT_AES, essentially "high" protection mode minus the RC4 fallbacks. This conforms to RFC7465, which forbids use of RC4-based protocols. This does not disable the RC4 crypto code; that would conflict with the fallback PRNG and with PKCS support, at a minimum. While the results of patch #2 seem to work for me (most tests seem to pass and the resulting axssl can connect to gmail), I may well be overlooking something important - I have not touched any crypto code before. Test results attached. Thanks, Isaac Dunham |
From: Paul S. <pm...@gm...> - 2015-06-11 15:20:21
|
Hello, I (and some other people) would like to use axTLS in deeply embedded environments, where every byte is precious. Thus, we need to have ability to control each and every feature individually, to strike a balance between ROM/RAM space available and features desired. Preset-style configuration options like: CONFIG_SSL_FULL_MODE CONFIG_SSL_SKELETON_MODE CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_PROT_LOW CONFIG_SSL_PROT_MEDIUM CONFIG_SSL_PROT_HIGH as used by axTLS currently doesn't really help with that. Here're usecases which are hard to cover with such config: 1. I want a client support, not server or server+client. 2. I want minimal ("skeleton") code but with RC4 disabled and AES enabled. 3. I want minimal ("skeleton") code, but with diagnostic messages enabled (which are otherwise part of "FULL" set), to debug why something doesn't work. ... (many more) So, instead of the "high-level" "presets" like above what we really need is each feature configured individually, to allow for exact combination user wants. Of course, that means many, really many configuration options, so keeping presets like above is definitely helpful too. I would like to query if the maintainer does approve of this problem and ready for changes described above, to assess how much effort is worth to put into that. Example of changes proposed would be these patches from Angus Gratton's tree: https://github.com/SuperHouse/axtls/commit/1b4bcf4f2bef2cde7241829b37bf68dcdc7b8f77 https://github.com/SuperHouse/axtls/commit/4393d2d4ea1eaff60c049ad8538d28c1b72527da https://github.com/SuperHouse/axtls/commit/0cc27a2b73326d91eb4c3da679d5e746349362b9 (I have many more such changes in my tree, which are mostly in the form of "#if 0" so far). Thanks, Paul mailto:pm...@gm... |
From: Chris G. <ch...@se...> - 2015-02-24 03:49:26
|
Hi Cam, I apologize for the delay in getting back to you. It had been long enough since my previous email that I didn't have a clear recollection of the details of the problem and its reproduction. I think the key is my previous statement that > This issue > was *masked by***an earlier failure to supply > TLS_EMPTY_RENEGOTIATION_INFO_SCSV So the sequence of events was I applied the patch to disable renegotiation per RFC 5746 THEN the problem appears. When I take the latest version from sourceforge (1.5.1) and build it on my system, I am able to handshake OK with microsoft.com:443. When I apply the patch I am unable to handshake with microsoft.com, though yahoo.com and google.com work fine. I am using gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) Here is an abridged version of my config.h file (all empty strings removed): #define HAVE_DOT_CONFIG 1 #define CONFIG_PLATFORM_LINUX 1 #define PREFIX "/usr/local" #define CONFIG_DEBUG 1 #define CONFIG_SSL_FULL_MODE 1 #define CONFIG_SSL_PROT_MEDIUM 1 #define CONFIG_SSL_HAS_PEM 1 #define CONFIG_SSL_EXPIRY_TIME 24 #define CONFIG_X509_MAX_CA_CERTS 175 #define CONFIG_SSL_MAX_CERTS 3 #define CONFIG_USE_DEV_URANDOM 1 #define CONFIG_OPENSSL_COMPATIBLE 1 #define CONFIG_SSL_TEST 1 #define CONFIG_HTTP_PORT #define CONFIG_HTTP_HTTPS_PORT #define CONFIG_HTTP_SESSION_CACHE_SIZE #define CONFIG_HTTP_TIMEOUT #define CONFIG_SAMPLES 1 #define CONFIG_C_SAMPLES 1 #define CONFIG_BIGINT_BARRETT 1 #define CONFIG_BIGINT_CRT 1 #define MUL_KARATSUBA_THRESH #define SQU_KARATSUBA_THRESH #define CONFIG_BIGINT_SLIDING_WINDOW 1 #define CONFIG_BIGINT_SQUARE 1 #define CONFIG_INTEGER_32BIT 1 Chris Ghormley / Set-Point Control On 12/3/2014 02:13, Cameron Rich wrote: > Hi Chris, > > I'm trying to test a reference Microsoft site that you've mentioned > below and I get the following: > > /./axssl s_client -connect microsoft.com:443 > ... > CONNECTED > Common Name: microsoft.com > -----BEGIN SSL SESSION PARAMETERS----- > 78380000fc68f8dae85ea5abee3cd1de84db0167b3c68326d30987deff4e6255 > -----END SSL SESSION PARAMETERS----- > CIPHER is AES128-SHA > / > And it works for me without your fix. Should it? I was hoping to test > that it actually worked with fix added. > > Cam > > On 20/06/2014 3:51 PM, Chris Ghormley wrote: >> I have been testing with a new server lately. It took me a while to >> figure out that axTLS >> is not working at all with Microsoft IIS. I haven't tried to narrow it >> down, but suffice >> it to say that axssl does not successfully handshake with >> microsoft.com:443. This issue >> was masked by an earlier failure to supply >> TLS_EMPTY_RENEGOTIATION_INFO_SCSV (fixed by >> https://github.com/dsheets/axtls/commit/2dae24f54fb3cd986c862b08d5e7a1641af19715). >> >> This should be very easy to reproduce: >> >> axssl s_client -connect microsoft.com:443 >> >> In the packet captures I have performed, only IIS puts the Server Hello, >> Certificate, and >> Server Hello Done in the same packet. Apache and lighttpd split these out. >> >> I have isolated the problem to the way the certificate is encoded. The >> ASN.1 type doesn't >> match in asn1_skip_obj() and the connection is aborted with an alert >> "bad certificate". >> >> Has anyone else run across this? Unfortunately I don't yet know these >> structures well >> enough to guess how to resolve the issue. >> > |
From: Ole R. <ole...@em...> - 2014-11-19 17:08:11
|
Hi Cameron, Am 19.11.2014 12:03, schrieb Cameron Rich: > There's a new release of axTLS v1.5.1 with the following changes: Great, thanks! That's cool. As you added SHA256, are you planning to add TLS 1.2 support? I just thought to spend some time over the christmas holidays to evaluate how much effort would be needed to add TLS 1.2 to axTLS. Best regards, Ole -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Anthony G. B. <ba...@op...> - 2014-11-01 01:34:20
|
On 10/31/14 07:50, Cameron Rich wrote: > Hi guys, > > There's a new release of axTLS out, version 1.5.0. Here are the release notes: > > * Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt) > * Fix handling of return values ofSOCKET_READin process_sslv23_client_hello() > (thanks Ole Reinhardt) > * added generalized time for certificates > * added printf changes from Fabian Frank to stop warnings/errors > * Moved setting encryption flags to after handshake completion (thanks Eric Hu) > > Enjoy, > > Cam > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > axtls-general mailing list > axt...@li... > https://lists.sourceforge.net/lists/listinfo/axtls-general > Its now available in Gentoo. Thanks. -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 |
From: Ole R. <ole...@em...> - 2014-09-24 10:43:14
|
Hi all, Cameron recently added me as a maintainer to this project. Thanks for that! I just started adding my own patches and now would like to bring all your pending patches and fixes together. So if you have any patches, fixes or known bugs, please let me know. I'd like to collect and review them and apply them to the code if feasible. Best regards, Ole Reinhardt -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Ole R. <ole...@em...> - 2014-09-15 10:23:35
|
Hi Cameron, Am 14.09.2014 03:57, schrieb Cameron Rich: > I've got off my backside and added you as a maintainer now :-) Great, thank you very much! I will add my patches ASAP. We then should perhaps discuss which issues are still known and need fixing and should also try to bring all interested people together, so that we can collect and review all patches, that are currently floating around (at least I know of the gentoo maintainer and a github fork). Best regards, Ole -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Cameron R. <cam...@gm...> - 2014-09-14 02:27:27
|
Hi Ole, I've got off my backside and added you as a maintainer now :-) Cam On 21/08/2014 1:41 AM, Ole Reinhardt wrote: > Hi Cameron, > > Sorry for the very late answer. I went on holidays right after writing > my last message to the list :) > > Am 29.07.2014 00:18, schrieb Cameron Rich: >> Yes and no... This project started 7 years ago and I've lost count of >> the hundreds/thousands of hours spent on it. >> >> But life has got complicated (wife, two kids, head developer of the >> region etc) and time has been sucked out of me. > Yes, I know this kind of problem. And I face the same problems by > myself. Anyhow I would like to support the project with my (little) > sparetime if possible. > >> Every time I sit down to work on it, something comes up. >> >> So... would you be prepared to be a co-developer and do releases? What's >> your name on sourceforge? > Yes I'd be glad to help out, whereever I can. > > I have to admid, that my knowledge about SSL/TLS is still far away from > beeing "very good", but I think I start getting a quite good overview. > > I'm one of the main developers of the Ethernut Project > (http://sourceforge.net/projects/ethernut/?source=directory) and we > started to integrate a slightly modified version of axTLS as standard > TLS stack to Nut/OS. > > My sourceforge name is "olereinhardt" > >> The things I need to do: >> >> *a buffer overrun patch (from you) >> * the biggie - RFC5746 support (done properly). >> * any general queries. > Yes, I started reading the mailinglist two month ago. So I'm not in the > focus on any previous discussion. Perhaps we could discuss any open > problems / patches and I'd be happy to help fixing these things and > enhancing the stack further. > > Best regards, > > Ole > |
From: Anthony G. B. <ba...@op...> - 2014-08-20 19:45:10
|
On 08/20/14 11:41, Ole Reinhardt wrote: > Hi Cameron, > > Sorry for the very late answer. I went on holidays right after writing > my last message to the list :) > > Am 29.07.2014 00:18, schrieb Cameron Rich: >> Yes and no... This project started 7 years ago and I've lost count of >> the hundreds/thousands of hours spent on it. >> >> But life has got complicated (wife, two kids, head developer of the >> region etc) and time has been sucked out of me. > > Yes, I know this kind of problem. And I face the same problems by > myself. Anyhow I would like to support the project with my (little) > sparetime if possible. If its any incentive axtls is being pushed out in gentoo. I've been maintaining it there and bug wrangling etc. > >> Every time I sit down to work on it, something comes up. >> >> So... would you be prepared to be a co-developer and do releases? What's >> your name on sourceforge? > > Yes I'd be glad to help out, whereever I can. > > I have to admid, that my knowledge about SSL/TLS is still far away from > beeing "very good", but I think I start getting a quite good overview. > > I'm one of the main developers of the Ethernut Project > (http://sourceforge.net/projects/ethernut/?source=directory) and we > started to integrate a slightly modified version of axTLS as standard > TLS stack to Nut/OS. > > My sourceforge name is "olereinhardt" > >> The things I need to do: >> >> *a buffer overrun patch (from you) >> * the biggie - RFC5746 support (done properly). >> * any general queries. > > Yes, I started reading the mailinglist two month ago. So I'm not in the > focus on any previous discussion. Perhaps we could discuss any open > problems / patches and I'd be happy to help fixing these things and > enhancing the stack further. > > Best regards, > > Ole > I can help maintain by producing patches for bugs we hit in gentoo. So far nothing major but I'm no crypto expert. Just a plain old c guy. -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 |
From: Ole R. <ole...@em...> - 2014-08-20 15:42:09
|
Hi Cameron, Sorry for the very late answer. I went on holidays right after writing my last message to the list :) Am 29.07.2014 00:18, schrieb Cameron Rich: > Yes and no... This project started 7 years ago and I've lost count of > the hundreds/thousands of hours spent on it. > > But life has got complicated (wife, two kids, head developer of the > region etc) and time has been sucked out of me. Yes, I know this kind of problem. And I face the same problems by myself. Anyhow I would like to support the project with my (little) sparetime if possible. > Every time I sit down to work on it, something comes up. > > So... would you be prepared to be a co-developer and do releases? What's > your name on sourceforge? Yes I'd be glad to help out, whereever I can. I have to admid, that my knowledge about SSL/TLS is still far away from beeing "very good", but I think I start getting a quite good overview. I'm one of the main developers of the Ethernut Project (http://sourceforge.net/projects/ethernut/?source=directory) and we started to integrate a slightly modified version of axTLS as standard TLS stack to Nut/OS. My sourceforge name is "olereinhardt" > The things I need to do: > > *a buffer overrun patch (from you) > * the biggie - RFC5746 support (done properly). > * any general queries. Yes, I started reading the mailinglist two month ago. So I'm not in the focus on any previous discussion. Perhaps we could discuss any open problems / patches and I'd be happy to help fixing these things and enhancing the stack further. Best regards, Ole -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Shiro K. <sh...@la...> - 2014-07-29 07:24:26
|
I'm using axtls for my project (Gauche, a Scheme scripting engine). I don't know much about ssl/tls so I can't contribute, but I hope this will be maintained. From: Ole Reinhardt <ole...@em...> Subject: [axtls-general] Is this project actively maintained? Date: Mon, 28 Jul 2014 17:30:43 +0200 > Hi all, > > As I did not yet get any answer to one of my mails on this list, I just > would like to know, if this project is still maintained and how many > users / developers are currently on this list? > > I know there is an unofficial github clone of this project. I would like > to bring this project further and I'm interested in active development. > > I'm looking forward for any reactions :-) > > Bye, > > Ole > > > -- > kernel concepts GmbH Tel: +49-271-771091-14 > Sieghuetter Hauptweg 48 Mob: +49-177-7420433 > D-57072 Siegen > http://www.embedded-it.de > http://www.kernelconcepts.de > > ------------------------------------------------------------------------------ > Infragistics Professional > Build stunning WinForms apps today! > Reboot your WinForms applications with our WinForms controls. > Build a bridge from your legacy apps to the future. > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk > _______________________________________________ > axtls-general mailing list > axt...@li... > https://lists.sourceforge.net/lists/listinfo/axtls-general |
From: Cameron R. <cam...@gm...> - 2014-07-28 22:47:45
|
Hi Ole, Yes and no... This project started 7 years ago and I've lost count of the hundreds/thousands of hours spent on it. But life has got complicated (wife, two kids, head developer of the region etc) and time has been sucked out of me. Every time I sit down to work on it, something comes up. So... would you be prepared to be a co-developer and do releases? What's your name on sourceforge? The things I need to do: *a buffer overrun patch (from you) * the biggie - RFC5746 support (done properly). * any general queries. Cam On 29/07/2014 1:30 AM, Ole Reinhardt wrote: > Hi all, > > As I did not yet get any answer to one of my mails on this list, I just > would like to know, if this project is still maintained and how many > users / developers are currently on this list? > > I know there is an unofficial github clone of this project. I would like > to bring this project further and I'm interested in active development. > > I'm looking forward for any reactions :-) > > Bye, > > Ole > > |
From: Ole R. <ole...@em...> - 2014-07-28 15:31:04
|
Hi all, As I did not yet get any answer to one of my mails on this list, I just would like to know, if this project is still maintained and how many users / developers are currently on this list? I know there is an unofficial github clone of this project. I would like to bring this project further and I'm interested in active development. I'm looking forward for any reactions :-) Bye, Ole -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Ole R. <ole...@em...> - 2014-07-21 16:47:19
|
Hi, I found another bug in tls1.c, which may access memory outside of the allocated array bounds. Please find the patch attached. Best regards, Ole Reinhardt -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Ole R. <ole...@em...> - 2014-06-30 21:33:44
|
Hi, I just found a potential bug in ssl/tls1_svr.c In this function several bytes are read from the socket. But instead of checking the return value of SOCKET_READ() for an error, "bytes_needed" had been checked for a negative value. Please find a patch attached, which shoudl fix this bug. Best regards, Ole Reinhardt -- kernel concepts GmbH Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Mob: +49-177-7420433 D-57072 Siegen http://www.embedded-it.de http://www.kernelconcepts.de |
From: Chris G. <ch...@se...> - 2014-06-20 05:52:10
|
I have been testing with a new server lately. It took me a while to figure out that axTLS is not working at all with Microsoft IIS. I haven't tried to narrow it down, but suffice it to say that axssl does not successfully handshake with microsoft.com:443. This issue was masked by an earlier failure to supply TLS_EMPTY_RENEGOTIATION_INFO_SCSV (fixed by https://github.com/dsheets/axtls/commit/2dae24f54fb3cd986c862b08d5e7a1641af19715). This should be very easy to reproduce: axssl s_client -connect microsoft.com:443 In the packet captures I have performed, only IIS puts the Server Hello, Certificate, and Server Hello Done in the same packet. Apache and lighttpd split these out. I have isolated the problem to the way the certificate is encoded. The ASN.1 type doesn't match in asn1_skip_obj() and the connection is aborted with an alert "bad certificate". Has anyone else run across this? Unfortunately I don't yet know these structures well enough to guess how to resolve the issue. -- Chris Ghormley / Set-Point Control |
From: Chris G. <ch...@se...> - 2014-06-18 01:38:52
|
Per RFC5746, clients must either list a dummy cipher "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" with a code point of 0x00ff, or include a TLS extension, "renegotiation_info". This patch adds the dummy cipher to the list. --- ssl/ssl.h | 2 ++ ssl/tls1.c | 6 +++--- ssl/tls1.h | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) |