To reply myself: On Sun, 2010-09-12 at 19:36, Milan P. Stanic wrote: > On Sun, 2010-09-12 at 20:13, Nikos Balkanas wrote: > > I don't believe so. The openssl RC5 is licensed under the openssl > > license (similar to kannel's). > > > > http://www.openssl.org/source/license.html > > Licence is for software implementation and it is free but the RC5 > algorithm is patented, AFAIK. I'm not a lawyer and I don't all details > but I think that the RC5 cannot be used in USA (and possible other > countries) without licence from the patent holder (in that case RSA > Data Security). > > A quick look at WTLS specification shows that the RC5 isn't mandatory > but optional.
Just found this "Press Release" http://www.rsa.com/press_release.aspx?id=172 which states that RC5 <cite> algorithm that is specified as "should be supported by all WTLS clients and servers" by the WAP Forum for WTLS environments. </cite> So, I was wrong. But the issue remains. I suspect that any distributor will have Kannel package with WTLS enabled in their repositories. > > Yes it is necessary, as mentioned in a previous mail. Incorrectly I > > said that it is used in key generation. Actually it is one of the 3 > > cipher algorithms used for content according to the wtls spec: > > > > enum bulk_algorithms { > > NULL_bulk, > > RC5_CBC_40, > > RC5_CBC_56, > > RC5_CBC, > > DES_CBC_40, > > DES_CBC, > > TRIPLE_DES_CBC_EDE, > > IDEA_CBC_40, > > IDEA_CBC_56, > > IDEA_CBC > > }; > > > > This implementation supports the RC5 and DES algorithms. Not the IDEA. > > > > Kannel already has wtls with RC5 for all these years, except that it > > doesn't work. > > > > BR, > > Nikos > > > > ----- Original Message ----- From: "Milan P. Stanic" > > <m...@arvanta.net> > > To: <devel@kannel.org> > > Sent: Sunday, September 12, 2010 7:42 PM > > Subject: Re: wtls branch merged > > > > > > >On Sun, 2010-09-12 at 17:35, Nikos Balkanas wrote: > > >>But you don't need an rpm if you build from sources. You have all > > >>the includes and sources that you need. > > >>If you are referring about the binary kannel rpms, these are > > >>seriously outdated. Besides rpms are for the masses, and wtls is for > > >>the few...You should disable wtls when building for the masses. > > > > > >It could be problem for distributors (RH, Debian, Suse, xxxBSD and > > >others) if they cannot distribute Kannel with WTLS enabled because RC5 > > >is patented and distributors don't want to go court. > > > > > >Is the RC5 mandatory for WTLS? > > > > > >>Nikos > > >>. > > >>----- Original Message ----- From: "Rene Kluwen" > > >><rene.klu...@chimit.nl> > > >>To: "'Nikos Balkanas'" <nbalka...@gmail.com>; "'Alexander Malysh'" > > >><amal...@kannel.org> > > >>Cc: "'Kannel Devel'" <devel@kannel.org> > > >>Sent: Sunday, September 12, 2010 5:29 PM > > >>Subject: RE: wtls branch merged > > >> > > >> > > >>>Okay... suppose you can build it in one step. > > >>> > > >>>That still won't solve the rpm dependency. > > >>> > > >>>== Rene > > >>> > > >>>-----Original Message----- > > >>>From: Nikos Balkanas [mailto:nbalka...@gmail.com] > > >>>Sent: Sunday, 12 September, 2010 16:23 > > >>>To: Rene Kluwen; 'Alexander Malysh' > > >>>Cc: 'Kannel Devel' > > >>>Subject: Re: wtls branch merged > > >>> > > >>>Actually it is not that bad. Openssl compiles from sources in one step: > > >>> > > >>>config threads no-krb5 shared enable-rc5 --prefix=/usr/local/64 > > >>> > > >>>Clean, nothing to it. > > >>> > > >>>BR, > > >>>Nikos > > >>>----- Original Message ----- From: "Rene Kluwen" > > >>><rene.klu...@chimit.nl> > > >>>To: "'Nikos Balkanas'" <nbalka...@gmail.com>; "'Alexander Malysh'" > > >>><amal...@kannel.org> > > >>>Cc: "'Kannel Devel'" <devel@kannel.org> > > >>>Sent: Sunday, September 12, 2010 5:12 PM > > >>>Subject: RE: wtls branch merged > > >>> > > >>> > > >>>>Hmmm... too much of a bother. I wonder if anybody still uses wap > > >>>>nowadays. > > >>>> > > >>>>Maybe in combination with mbuni, wap might be convenient. But > > >>even >>then, > > >>>>people won't use wtls. > > >>>> > > >>>>@Alexander: What dependencies does the pre-compiled package need when > > >>>>using > > >>>>this 'feature'? Because otherwise nobody (at least I won't) be able to > > >>>>install it from rpm, because the CentOS packages include > > >>openssl >>without > > >>>>RC5 > > >>>>support. Not sure about other distributions. > > >>>> > > >>>>== Rene > > >>>> > > >>>>-----Original Message----- > > >>>>From: Nikos Balkanas [mailto:nbalka...@gmail.com] > > >>>>Sent: Sunday, 12 September, 2010 15:58 > > >>>>To: Rene Kluwen; 'Alexander Malysh' > > >>>>Cc: 'Kannel Devel' > > >>>>Subject: Re: wtls branch merged > > >>>> > > >>>>Actually you get these errors because you didn't solve your > > >>rc5 issue >>and > > >>>>proceeded nevertheless. > > >>>> > > >>>>rc5 is needed for cryptography of wtls. Otherwise you won't be able to > > >>>>produce the keys. Either install openssl with rc5 enabled or build from > > >>>>sources with --enable-rc5. When you get these, your > > >>gw-config.h will >>set > > >>>>the > > >>>> > > >>>>correct directives and compile cleanly. > > >>>> > > >>>>After compilation, you will have to configure wtls group in your > > >>>>kannel.conf > > >>>> > > >>>>and produce a pair of self-signed RSA keys for that. > > >>>> > > >>>>BR, > > >>>>Nikos > > >>>> > > >>>>----- Original Message ----- From: "Nikos Balkanas" > > >>>><nbalka...@gmail.com> > > >>>>To: "Rene Kluwen" <rene.klu...@chimit.nl>; "'Alexander Malysh'" > > >>>><amal...@kannel.org> > > >>>>Cc: "'Kannel Devel'" <devel@kannel.org> > > >>>>Sent: Sunday, September 12, 2010 4:45 PM > > >>>>Subject: Re: wtls branch merged > > >>>> > > >>>> > > >>>>>OK. I think you solved the RC5 issue. You need headers (openssl-devel) > > >>>>>with rc5 enabled. > > >>>>> > > >>>>>About the rest: > > >>>>> > > >>>>>After configure --with-wtls=openssl you should end up with > > >>>>>gw-config.h: > > >>>>> > > >>>>>/* Defined if we're using OpenSSL WTLS */ > > >>>>>211: #define HAVE_WTLS_OPENSSL 1 > > >>>>> > > >>>>>If not, enable it manually and rebuild. > > >>>>> > > >>>>>BR, > > >>>>>Nikos > > >>>>>----- Original Message ----- From: "Rene Kluwen" > > >>>>><rene.klu...@chimit.nl> > > >>>>>To: "'Rene Kluwen'" <rene.klu...@chimit.nl>; "'Nikos Balkanas'" > > >>>>><nbalka...@gmail.com>; "'Alexander Malysh'" <amal...@kannel.org> > > >>>>>Cc: "'Kannel Devel'" <devel@kannel.org> > > >>>>>Sent: Sunday, September 12, 2010 3:38 PM > > >>>>>Subject: RE: wtls branch merged > > >>>>> > > >>>>> > > >>>>>>Clearly I am missing something. After ./configure > > >>>>>>--with-wtls=openssl, I > > >>>>>>get: > > >>>>>>(openssl-devel is installed). > > >>>>>> > > >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:235: > > >>>>>>undefined reference > > >>>>>>to > > >>>>>>`private_key' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:236: > > >>>>>>undefined reference > > >>>>>>to > > >>>>>>`private_key' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:219: > > >>>>>>undefined reference > > >>>>>>to > > >>>>>>`x509_cert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:220: > > >>>>>>undefined reference > > >>>>>>to > > >>>>>>`x509_cert' > > >>>>>>libwap.a(wtls.o): In function `clientHello': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:453: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_choose_ciphersuite' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:472: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_choose_clientkeyid' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:484: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_choose_snmode' > > >>>>>>libwap.a(wtls.o): In function `wtls_event_handle': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_changecipherspec' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_changecipherspec' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:328: > > >>>>>>undefined > > >>>>>>reference to `is_critical_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:338: > > >>>>>>undefined > > >>>>>>reference to `is_warning_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:397: > > >>>>>>undefined > > >>>>>>reference to `packet_is_application_data' > > >>>>>>libwap.a(wtls.o): In function `serverHello': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:533: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_get_random' > > >>>>>>libwap.a(wtls.o): In function `wtls_event_handle': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:826: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_decrypt_pdu_list' > > >>>>>>libwap.a(wtls.o): In function `wtls_event_handle': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:77: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_clienthello' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:480: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_clienthello' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:210: > > >>>>>>undefined > > >>>>>>reference to `clienthellos_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:231: > > >>>>>>undefined > > >>>>>>reference to `is_warning_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:240: > > >>>>>>undefined > > >>>>>>reference to `is_critical_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:281: > > >>>>>>undefined > > >>>>>>reference to `clienthellos_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:421: > > >>>>>>undefined > > >>>>>>reference to `is_critical_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:431: > > >>>>>>undefined > > >>>>>>reference to `is_warning_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_changecipherspec' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_changecipherspec' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:528: > > >>>>>>undefined > > >>>>>>reference to `is_critical_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:538: > > >>>>>>undefined > > >>>>>>reference to `is_warning_alert' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_finished' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_userdata' > > >>>>>>libwap.a(wtls.o): In function `exchange_keys': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:627: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_decrypt_key' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:638: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_get_rsapublickey' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:654: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_calculate_prf' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_hash' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_calculate_prf' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_hash' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_calculate_prf' > > >>>>>>libwap.a(wtls.o): In function `wtls_event_handle': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:132: > > >>>>>>undefined > > >>>>>>reference to `wtls_get_rsapublickey' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:493: > > >>>>>>undefined > > >>>>>>reference to `packet_is_application_data' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406: > > >>>>>>undefined > > >>>>>>reference to `certificates_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:292: > > >>>>>>undefined > > >>>>>>reference to `clienthellos_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_finished' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_userdata' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502: > > >>>>>>undefined > > >>>>>>reference to `finishes_are_indentical' > > >>>>>>libwap.a(wtls.o): In function `exchange_keys': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:684: > > >>undefined >>>>reference > > >>>>>>to > > >>>>>>`wtls_decrypt_pdu_list' > > >>>>>>libwap.a(wtls.o): In function `wtls_event_handle': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406: > > >>>>>>undefined > > >>>>>>reference to `clientkeyexchanges_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406: > > >>>>>>undefined > > >>>>>>reference to `certifcateverifys_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406: > > >>>>>>undefined > > >>>>>>reference to `changecipherspecs_are_identical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406: > > >>>>>>undefined > > >>>>>>reference to `finishes_are_indentical' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_finished' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_userdata' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_finished' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514: > > >>>>>>undefined > > >>>>>>reference to `packet_contains_userdata' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514: > > >>>>>>undefined > > >>>>>>reference to `finishes_are_indentical' > > >>>>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_dump': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1156: undefined > > >>>>>>reference > > >>>>>>to `pduName' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1159: undefined > > >>>>>>reference > > >>>>>>to `hsName' > > >>>>>>libwap.a(wtls_pdu.o): In function `wtls_payload_dump': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1128: undefined > > >>>>>>reference > > >>>>>>to `pduName' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1134: undefined > > >>>>>>reference > > >>>>>>to `alertName' > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1131: undefined > > >>>>>>reference > > >>>>>>to `hsName' > > >>>>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_pack': > > >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1106: undefined > > >>>>>>reference > > >>>>>>to `wtls_encrypt' > > >>>>>>collect2: ld returned 1 exit status > > >>>>>> > > >>>>>> > > >>>>>>-----Original Message----- > > >>>>>>From: devel-boun...@kannel.org [mailto:devel-boun...@kannel.org] On > > >>>>>>Behalf > > >>>>>>Of Rene Kluwen > > >>>>>>Sent: Sunday, 12 September, 2010 14:35 > > >>>>>>To: 'Nikos Balkanas'; 'Alexander Malysh' > > >>>>>>Cc: 'Kannel Devel' > > >>>>>>Subject: RE: wtls branch merged > > >>>>>> > > >>>>>>I get: > > >>>>>> > > >>>>>>Configuring WTLS support ... > > >>>>>>checking for WTLS library... openssl > > >>>>>>checking for RSA_new in -lcrypto... yes > > >>>>>>checking openssl/objects.h usability... yes > > >>>>>>checking openssl/objects.h presence... yes > > >>>>>>checking for openssl/objects.h... yes > > >>>>>>checking openssl/rc5.h usability... no > > >>>>>>checking openssl/rc5.h presence... no > > >>>>>>checking for openssl/rc5.h... no > > >>>>>>configure: WARNING: OpenSSL installation seems to lack RC5 algorithm! > > >>>>>> > > >>>>>>Is this bad? > > >>>>>> > > >>>>>>== Rene > > >>>>>> > > >>>>>> > > >>>>>>-----Original Message----- > > >>>>>>From: devel-boun...@kannel.org [mailto:devel-boun...@kannel.org] On > > >>>>>>Behalf > > >>>>>>Of Nikos Balkanas > > >>>>>>Sent: Sunday, 12 September, 2010 13:16 > > >>>>>>To: Alexander Malysh > > >>>>>>Cc: Kannel Devel > > >>>>>>Subject: Re: wtls branch merged > > >>>>>> > > >>>>>>Hi, > > >>>>>> > > >>>>>>Reporting from Solaris 10.5 amd64, 64bit compilation. > > >>>>>>Configured --with-wtls=openssl > > >>>>>> > > >>>>>>1) Compilation: Clean. A couple of unrelated warnings fixed. > > >>>>>>Attaching > > >>>>>>patch. > > >>>>>> > > >>>>>>2) Emulators used: > > >>>>>> > > >>>>>>a) Openwave SDK 6.2.2 wap: no problems (connection tested) > > >>>>>>b) Nokia NMBS 4.0: no problems (connection & connectionless tested) > > >>>>>> > > >>>>>>Sites tested, following through links: > > >>>>>> > > >>>>>>http://wap.google.com > > >>>>>>http://wap.yahoo.com > > >>>>>>http://m.facebook > > >>>>>> > > >>>>>>Only facebook had a warning with nokia's emulator (b) about > > >>>>>>unsupported > > >>>>>>content. This was not observed with Openwave (a) and in any > > >>case it >>>>is > > >>>>>>related to wap, not wtls. The same happens in plain wtp > > >>>>>>communication. > > >>>>>> > > >>>>>>Overall a succesful merge. > > >>>>>> > > >>>>>>Thanks, > > >>>>>>Nikos > > >>>>>>----- Original Message ----- > > >>>>>>From: "Alexander Malysh" <amal...@kannel.org> > > >>>>>>To: "Kannel Devel" <devel@kannel.org> > > >>>>>>Cc: "Nikos Balkanas" <nbalka...@gmail.com> > > >>>>>>Sent: Sunday, September 12, 2010 1:04 PM > > >>>>>>Subject: wtls branch merged > > >>>>>> > > >>>>>> > > >>>>>>>Hi together, > > >>>>>>> > > >>>>>>>just merged and commited wtls branch into trunk. > > >>>>>>>Please check it and let me know if something went wrong. > > >>>>>>> > > >>>>>>>Thanks, > > >>>>>>>Alexander Malysh > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>> > > >>>> > > >>>> > > >>>> > > >>> > > >>> > > >>> > > >> > > >> > > > > > >-- > > >Kind regards, Milan > > >-------------------------------------------------- > > >Arvanta, IT Security http://www.arvanta.net > > >Please do not send me e-mail containing HTML code. > > > > > > > -- > Kind regards, Milan > -------------------------------------------------- > Arvanta, IT Security http://www.arvanta.net > Please do not send me e-mail containing HTML code. > -- Kind regards, Milan -------------------------------------------------- Arvanta, IT Security http://www.arvanta.net Please do not send me e-mail containing HTML code.
