IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Those have been deprecated with GnuTLS 1.0.20 in 2004. I think it is
safe to use them now ;)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The variable error_pos is used only with enabled ENABLE_GNUTLS
There are warnings if compiled witout gnutls
../source4/lib/tls/tls_tstream.c: In function ‘_tstream_tls_connect_send’:
../source4/lib/tls/tls_tstream.c:1053:14:
warning: unused variable ‘error_pos’ [-Wunused-variable]
const char *error_pos;
^~~~~~~~~
../source4/lib/tls/tls_tstream.c: In function ‘_tstream_tls_accept_send’:
../source4/lib/tls/tls_tstream.c:1333:14:
warning: unused variable ‘error_pos’ [-Wunused-variable]
const char *error_pos;
^~~~~~~~~
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 21 00:01:09 CEST 2016 on sn-devel-144
1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 3 03:47:48 CEST 2015 on sn-devel-104
This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
We do not provide parameters to configure these, and OpenPGP for TLS (RFC 6091) is not used in AD
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. Use
gnutls_priority_set_direct instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8780
Signed-off-by: Björn Jacke <bj@sernet.de>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Apr 29 22:29:02 CEST 2015 on sn-devel-104
This reverts commit 05c1fe5055.
This was discussed here:
https://bugzilla.samba.org/show_bug.cgi?id=10392#c11
This generated warnings like:
invalid permissions on file
'/memdisk/metze/W/b138235/samba/bin/ab/promoted_dc/private/tls/key.pem': has
0600 should be 0400'.
I think we need a better way. Maybe file_check_permissions()
should get allow_perms and deny_perms. And we would call it
with allow_perms = 0400 and deny_perms = 0177. And bits in none
of them are ignored.
For now we revert this and wait for a better fix.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 28 12:37:17 CET 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10392
Signed-off-by: Michael Brown <michael@netdirect.ca>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 31 01:27:03 CET 2014 on sn-devel-104
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104
These are system-specific.
Reviewed-by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Feb 18 00:43:58 CET 2012 on sn-devel-104
This function call together with the lowat feature has been removed in release
3.0 as described in this mailing list post:
http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html.
Since we do not make any use of lowat (esprimed by each function call)
we are free to simply omit it on v3.0 and later.
This addresses bug #8537.
Reviewed by: abartlet + metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104
Maybe that fixes the remaining issues with some gnutls versions.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 18 17:26:08 CET 2011 on sn-devel-104
Some versions of gnutls doesn't handle EAGAIN correctly,
so we better allow sending buffers without a low size limitation,
the limit is now UINT16_MAX (0xFFFF) and we allocate the buffer
with talloc each time.
metze
The problem is that with certain version of gnutls are not working
properly if the server is sending in different packet things like (at
least)
* Certificate
* Server Key exchange
* Client certificate
Somehow it really expect this to be done in one packet as some
structures used _gnutls_send_handshake are reinitialized at every
packet exchange and intermediate steps didn't expect it
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This works arround bugs in gnutls_handshake(),
which diesn't handle EAGAIN correctly, when they use the
push function.
Thanks to Marcel.Ritter@rrze.uni-erlangen.de and
Matthieu Patou <mat@samba.org> for the debugging work
on bug #7218.
metze