Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On 2016-11-02 "brian m. carlson" wrote: > libunbound2 1.5.10-1, which links against nettle instead of openssl, has > been uploaded to unstable. It should now be possible for gnutls to > depend on libunbound2 if necessary. [...] Thanks for the heads-up. cu Andreas

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

libunbound2 1.5.10-1, which links against nettle instead of openssl, has been uploaded to unstable. It should now be possible for gnutls to depend on libunbound2 if necessary. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc |

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Tue, 24 Mar 2015 23:11:51 +0100 Cyril Brulebois wrote: > > > 3. Yet another way might be to teach unbound to support GnuTLS in > > > addition to OpenSSL and NSS, so that one can build a GnuTLS variant > > > instead of an NSS one. > > option 3 would require probably

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Tue, 2015-11-17 at 14:40 +0100, Luca Bruno wrote: > > I really don't know. You can pretend somebody jumped on me asking > > whether I was part of Debian and mentioned this issue that has been > > tagged wontfix. That wouldn't be very far from what happened. ;) > > > > I can add nettlifying

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Tue 2015-11-17 08:40:58 -0500, Luca Bruno wrote: > I went ahead and coded the "nettlify libunbound" part, which is basically > option 3 proposed above. > I run this through upstream and they merged it today: > https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=594 Thank you, Luca. This is

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Hello people, Daniel Kahn Gillmor d...@fifthhorseman.net (2015-03-24): On Tue 2015-03-24 16:01:20 -0500, Cyril Brulebois wrote: (Background: This issue has just been pointed out to me after a GNUnet conference. At least one developer there is interested in seeing a fix reach the archive.)

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Tue, 2015-03-24 at 18:52 -0400, Robert Edmonds wrote: 4. Design and implement a D-Bus interface for securely retrieving DNSSEC-validated records that have been validated *on the system*. Patch daemons (Unbound, BIND, et al) to answer to this interface. Patch clients (libdane,

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Hi, Nikos: Nikos Mavrogiannopoulos wrote: The D-BUS interface is not really necessary because DNS provides already this functionality. What we need is a convention for applications in the system to discover the local trusted (for dnssec) nameservers. What do you mean by local? A

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Hey, Robert pointed out this bug to me, so let me have some comments: 1. getdns is better suited as a general API to use in third part applications. Although right now it links with libunbound, so it suffers from same licensing problems as pure libunbound, but the API is more general, so there

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Wed, 2015-03-25 at 14:00 -0400, Robert Edmonds wrote: The D-BUS interface is not really necessary because DNS provides already this functionality. What we need is a convention for applications in the system to discover the local trusted (for dnssec) nameservers. What do you mean by

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Nikos Mavrogiannopoulos wrote: On Wed, 2015-03-25 at 14:00 -0400, Robert Edmonds wrote: The D-BUS interface is not really necessary because DNS provides already this functionality. What we need is a convention for applications in the system to discover the local trusted (for dnssec)

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Wed, 2015-03-25 at 18:19 -0400, Robert Edmonds wrote: How does a server on a different VM count as local, even if running on the same chassis? (Also, you do exclude across a physical LAN/WLAN/etc. from your definition of local, right? Just making sure.) You could run multiple validating

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Hi, Cyril Brulebois wrote: James Cloos cl...@jhcloos.com (2013-12-29): AM == Andreas Metzler ametz...@bebt.de writes: AM libdane requires and links against libunbound. libunbound OTOH AM is linked against OpenSSL's libssl on Debian[1]. A possible way forward is to configure

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Hi, Daniel Kahn Gillmor d...@fifthhorseman.net (2015-03-24): On Tue 2015-03-24 16:01:20 -0500, Cyril Brulebois wrote: (Background: This issue has just been pointed out to me after a GNUnet conference. At least one developer there is interested in seeing a fix reach the archive.) 1.

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

On Tue 2015-03-24 16:01:20 -0500, Cyril Brulebois wrote: (Background: This issue has just been pointed out to me after a GNUnet conference. At least one developer there is interested in seeing a fix reach the archive.) 1. Not having looked too much at unbound yet, it seems to indeed

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Hi, James Cloos cl...@jhcloos.com (2013-12-29): AM == Andreas Metzler ametz...@bebt.de writes: AM libdane requires and links against libunbound. libunbound OTOH AM is linked against OpenSSL's libssl on Debian[1]. A possible way forward is to configure unbound --with-nss, which should

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

help On 28 Dec 2013, at 13:45, Andreas Metzler ametz...@bebt.de wrote: tags 733295 wontfix thanks On 2013-12-28 Marius Gavrilescu mar...@ieval.ro wrote: Package: gnutls-bin Version: 3.2.8.1-2 Severity: wishlist GnuTLS is currently built without DANE support. [10:49:17] 0

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

AM == Andreas Metzler ametz...@bebt.de writes: AM libdane requires and links against libunbound. libunbound OTOH AM is linked against OpenSSL's libssl on Debian[1]. A possible way forward is to configure unbound --with-nss, which should provide license compatibility for all libunbound users.

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Package: gnutls-bin Version: 3.2.8.1-2 Severity: wishlist GnuTLS is currently built without DANE support. [10:49:17] 0 marius@mgvx:~$ danetool --check=www.nic.cz This functionality was disabled (GnuTLS was not compiled with support for DANE). -- System Information: Debian Release:

Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

tags 733295 wontfix thanks On 2013-12-28 Marius Gavrilescu mar...@ieval.ro wrote: Package: gnutls-bin Version: 3.2.8.1-2 Severity: wishlist GnuTLS is currently built without DANE support. [10:49:17] 0 marius@mgvx:~$ danetool --check=www.nic.cz This functionality was disabled (GnuTLS