[Modules] PATCH: mod_gnutls README

Fri Oct 3 16:55:31 EDT 2008

Awesome, thank you Nikos.

I have another patch for the README - it does not make any changes to
the text, it just changes the formatting to make it (I think) more
readable: http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200810030/patch

If you agree that it is an improvement, I would be happy for you to
apply it : )

Thanks to your fix, I can now run Apache with my OpenPGP httpd.conf:
http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200810030/httpd.conf

Now, the issue I am about to describe is with neon, not mod_gnutls, and
maybe not even GnuTLS. So I am happy to take this discussion to another
list, as you think best.

I want to connect to mod_gnutls with OpenPGP, with the neon client
library: http://www.webdav.org/neon/

I tried compiling neon with GnuTLS, and compiling Subversion with neon.
When I connect to Apache running mod_gnutls and the above httpd.conf, I
get a segfault in neon, ne_gnutls.c, line 1181:

gnutls_x509_crt_deinit(cert->subject);

I gather this is because "cert" is NULL?

(gdb) p cert
$1 = (ne_ssl_certificate *) 0x0
(gdb) 

Here is a screenlog of building neon and Subversion from source, and
running Subversion with gdb to produce a backtrace:
http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200810030/screenlog

Do you have any advice on getting the neon client library to work with
mod_gnutls?

On Wed, 2008-10-01 at 23:03 +0300, Nikos Mavrogiannopoulos wrote:
> I have commited your patch plus a fix for your issue in the svn repository.
> 
> regards,
> Nikos
> 
> On Tue, Sep 30, 2008 at 8:53 PM, Jack Bates <ms419 at freezone.co.uk> wrote:
> > On Mon, 2008-09-29 at 10:44 +0300, Nikos Mavrogiannopoulos wrote:
> >> Jack Bates wrote:
> >> > - but when I start Apache, it complains:
> >> >
> >> > ket% /usr/sbin/apache2 -f httpd.conf
> >> > Syntax error on line 16 of httpd.conf-gpg:
> >> > GnuTLS: Failed to Import PGP Private Key '/home/jablko/trash/key.asc':
> >> > (-59) GnuTLS internal error.
> >> > ket%
> >>
> >> Hello,
> >>  gnutls and mod_gnutls cannot read encrypted openpgp keys. That is your
> >> gpg key must not be protected with a passphrase.
> >
> > Doh - thank you Nikos : )
> >
> > I created a key without a passphrase and got a bit further. I also found
> > some documentation in the GnuTLS manual on creating OpenPGP server
> > credentials:
> > http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html#Invoking-gnutls_002dserv
> >
> > I created this patch for the mod_gnutls README, to add instructions for
> > creating OpenPGP server credentials:
> > http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200809300/patch
> >
> > Would you consider applying it?
> >
> > Unfortunately, I am still stuck. As per the instructions in the GnuTLS
> > manual, I created a gpg key using my server name. I tried "localhost"
> > and added "ServerName localhost" to my httpd.conf. However, when I try
> > to start Apache, the error log complains:
> >
> > [Tue Sep 30 10:33:37 2008] [emerg] [GnuTLS] - Host 'localhost:0' is
> > missing a Certificate File!
> >
> > I also tried creating a gpg key using "localhost:0" - with the same
> > result.
> >
> > Here is my httpd.conf:
> > http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200809300/httpd.conf
> >
> > - and a screenlog of how I generated the OpenPGP server credentials:
> > http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200809300/screenlog
> >
> > _______________________________________________
> > Modules mailing list
> > Modules at lists.outoforder.cc
> > http://lists.outoforder.cc/mailman/listinfo/modules
> >
> >
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.outoforder.cc/pipermail/modules/attachments/20081003/3ad4500f/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1920 bytes
Desc: not available
Url : http://lists.outoforder.cc/pipermail/modules/attachments/20081003/3ad4500f/attachment-0001.bin 