wtls branch merged

Nikos Balkanas nbalkanas at gmail.com
Sun Sep 12 19:13:55 CEST 2010


I don't believe so. The openssl RC5 is licensed under the openssl license 
(similar to kannel's).

http://www.openssl.org/source/license.html

Yes it is necessary, as mentioned in a previous mail. Incorrectly I said 
that it is used in key generation. Actually it is one of the 3 cipher 
algorithms used for content according to the wtls spec:

enum bulk_algorithms {
        NULL_bulk,
        RC5_CBC_40,
        RC5_CBC_56,
        RC5_CBC,
        DES_CBC_40,
        DES_CBC,
        TRIPLE_DES_CBC_EDE,
        IDEA_CBC_40,
        IDEA_CBC_56,
        IDEA_CBC
};

This implementation supports the RC5 and DES algorithms. Not the IDEA.

Kannel already has wtls with RC5 for all these years, except that it doesn't 
work.

BR,
Nikos

----- Original Message ----- 
From: "Milan P. Stanic" <mps at arvanta.net>
To: <devel at kannel.org>
Sent: Sunday, September 12, 2010 7:42 PM
Subject: Re: wtls branch merged


> On Sun, 2010-09-12 at 17:35, Nikos Balkanas wrote:
>> But you don't need an rpm if you build from sources. You have all
>> the includes and sources that you need.
>> If you are referring about the binary kannel rpms, these are
>> seriously outdated. Besides rpms are for the masses, and wtls is for
>> the few...You should disable wtls when building for the masses.
>
> It could be problem for distributors (RH, Debian, Suse, xxxBSD and
> others) if they cannot distribute Kannel with WTLS enabled because RC5
> is patented and distributors don't want to go court.
>
> Is the RC5 mandatory for WTLS?
>
>> Nikos
>> .
>> ----- Original Message ----- From: "Rene Kluwen"
>> <rene.kluwen at chimit.nl>
>> To: "'Nikos Balkanas'" <nbalkanas at gmail.com>; "'Alexander Malysh'"
>> <amalysh at kannel.org>
>> Cc: "'Kannel Devel'" <devel at kannel.org>
>> Sent: Sunday, September 12, 2010 5:29 PM
>> Subject: RE: wtls branch merged
>>
>>
>> >Okay... suppose you can build it in one step.
>> >
>> >That still won't solve the rpm dependency.
>> >
>> >== Rene
>> >
>> >-----Original Message-----
>> >From: Nikos Balkanas [mailto:nbalkanas at gmail.com]
>> >Sent: Sunday, 12 September, 2010 16:23
>> >To: Rene Kluwen; 'Alexander Malysh'
>> >Cc: 'Kannel Devel'
>> >Subject: Re: wtls branch merged
>> >
>> >Actually it is not that bad. Openssl compiles from sources in one step:
>> >
>> >config threads no-krb5 shared enable-rc5 --prefix=/usr/local/64
>> >
>> >Clean, nothing to it.
>> >
>> >BR,
>> >Nikos
>> >----- Original Message ----- From: "Rene Kluwen"
>> ><rene.kluwen at chimit.nl>
>> >To: "'Nikos Balkanas'" <nbalkanas at gmail.com>; "'Alexander Malysh'"
>> ><amalysh at kannel.org>
>> >Cc: "'Kannel Devel'" <devel at kannel.org>
>> >Sent: Sunday, September 12, 2010 5:12 PM
>> >Subject: RE: wtls branch merged
>> >
>> >
>> >>Hmmm... too much of a bother. I wonder if anybody still uses wap
>> >>nowadays.
>> >>
>> >>Maybe in combination with mbuni, wap might be convenient. But even 
>> >>then,
>> >>people won't use wtls.
>> >>
>> >>@Alexander: What dependencies does the pre-compiled package need when
>> >>using
>> >>this 'feature'? Because otherwise nobody (at least I won't) be able to
>> >>install it from rpm, because the CentOS packages include openssl 
>> >>without
>> >>RC5
>> >>support. Not sure about other distributions.
>> >>
>> >>== Rene
>> >>
>> >>-----Original Message-----
>> >>From: Nikos Balkanas [mailto:nbalkanas at gmail.com]
>> >>Sent: Sunday, 12 September, 2010 15:58
>> >>To: Rene Kluwen; 'Alexander Malysh'
>> >>Cc: 'Kannel Devel'
>> >>Subject: Re: wtls branch merged
>> >>
>> >>Actually you get these errors because you didn't solve your rc5 issue 
>> >>and
>> >>proceeded nevertheless.
>> >>
>> >>rc5 is needed for cryptography of wtls. Otherwise you won't be able to
>> >>produce the keys. Either install openssl with rc5 enabled or build from
>> >>sources with --enable-rc5. When you get these, your gw-config.h will 
>> >>set
>> >>the
>> >>
>> >>correct directives and compile cleanly.
>> >>
>> >>After compilation, you will have to configure wtls group in your
>> >>kannel.conf
>> >>
>> >>and produce a pair of self-signed RSA keys for that.
>> >>
>> >>BR,
>> >>Nikos
>> >>
>> >>----- Original Message ----- From: "Nikos Balkanas"
>> >><nbalkanas at gmail.com>
>> >>To: "Rene Kluwen" <rene.kluwen at chimit.nl>; "'Alexander Malysh'"
>> >><amalysh at kannel.org>
>> >>Cc: "'Kannel Devel'" <devel at kannel.org>
>> >>Sent: Sunday, September 12, 2010 4:45 PM
>> >>Subject: Re: wtls branch merged
>> >>
>> >>
>> >>>OK. I think you solved the RC5 issue. You need headers (openssl-devel)
>> >>>with rc5 enabled.
>> >>>
>> >>>About the rest:
>> >>>
>> >>>After configure --with-wtls=openssl you should end up with 
>> >>>gw-config.h:
>> >>>
>> >>>/* Defined if we're using OpenSSL WTLS */
>> >>>211: #define HAVE_WTLS_OPENSSL 1
>> >>>
>> >>>If not, enable it manually and rebuild.
>> >>>
>> >>>BR,
>> >>>Nikos
>> >>>----- Original Message ----- From: "Rene Kluwen"
>> >>><rene.kluwen at chimit.nl>
>> >>>To: "'Rene Kluwen'" <rene.kluwen at chimit.nl>; "'Nikos Balkanas'"
>> >>><nbalkanas at gmail.com>; "'Alexander Malysh'" <amalysh at kannel.org>
>> >>>Cc: "'Kannel Devel'" <devel at kannel.org>
>> >>>Sent: Sunday, September 12, 2010 3:38 PM
>> >>>Subject: RE: wtls branch merged
>> >>>
>> >>>
>> >>>>Clearly I am missing something. After ./configure
>> >>>>--with-wtls=openssl, I
>> >>>>get:
>> >>>>(openssl-devel is installed).
>> >>>>
>> >>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:235:
>> >>>>undefined reference
>> >>>>to
>> >>>>`private_key'
>> >>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:236:
>> >>>>undefined reference
>> >>>>to
>> >>>>`private_key'
>> >>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:219:
>> >>>>undefined reference
>> >>>>to
>> >>>>`x509_cert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:220:
>> >>>>undefined reference
>> >>>>to
>> >>>>`x509_cert'
>> >>>>libwap.a(wtls.o): In function `clientHello':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:453: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_choose_ciphersuite'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:472: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_choose_clientkeyid'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:484: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_choose_snmode'
>> >>>>libwap.a(wtls.o): In function `wtls_event_handle':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
>> >>>>undefined
>> >>>>reference to `packet_contains_changecipherspec'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
>> >>>>undefined
>> >>>>reference to `packet_contains_changecipherspec'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:328:
>> >>>>undefined
>> >>>>reference to `is_critical_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:338:
>> >>>>undefined
>> >>>>reference to `is_warning_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:397:
>> >>>>undefined
>> >>>>reference to `packet_is_application_data'
>> >>>>libwap.a(wtls.o): In function `serverHello':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:533: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_get_random'
>> >>>>libwap.a(wtls.o): In function `wtls_event_handle':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:826: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_decrypt_pdu_list'
>> >>>>libwap.a(wtls.o): In function `wtls_event_handle':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:77: 
>> >>>>undefined
>> >>>>reference to `packet_contains_clienthello'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:480:
>> >>>>undefined
>> >>>>reference to `packet_contains_clienthello'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:210:
>> >>>>undefined
>> >>>>reference to `clienthellos_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:231:
>> >>>>undefined
>> >>>>reference to `is_warning_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:240:
>> >>>>undefined
>> >>>>reference to `is_critical_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:281:
>> >>>>undefined
>> >>>>reference to `clienthellos_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:421:
>> >>>>undefined
>> >>>>reference to `is_critical_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:431:
>> >>>>undefined
>> >>>>reference to `is_warning_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>> >>>>undefined
>> >>>>reference to `packet_contains_changecipherspec'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>> >>>>undefined
>> >>>>reference to `packet_contains_changecipherspec'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:528:
>> >>>>undefined
>> >>>>reference to `is_critical_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:538:
>> >>>>undefined
>> >>>>reference to `is_warning_alert'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
>> >>>>undefined
>> >>>>reference to `packet_contains_finished'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
>> >>>>undefined
>> >>>>reference to `packet_contains_userdata'
>> >>>>libwap.a(wtls.o): In function `exchange_keys':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:627: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_decrypt_key'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:638: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_get_rsapublickey'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:654: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_calculate_prf'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_hash'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_calculate_prf'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_hash'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_calculate_prf'
>> >>>>libwap.a(wtls.o): In function `wtls_event_handle':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:132:
>> >>>>undefined
>> >>>>reference to `wtls_get_rsapublickey'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:493:
>> >>>>undefined
>> >>>>reference to `packet_is_application_data'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>> >>>>undefined
>> >>>>reference to `certificates_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:292:
>> >>>>undefined
>> >>>>reference to `clienthellos_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>> >>>>undefined
>> >>>>reference to `packet_contains_finished'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>> >>>>undefined
>> >>>>reference to `packet_contains_userdata'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
>> >>>>undefined
>> >>>>reference to `finishes_are_indentical'
>> >>>>libwap.a(wtls.o): In function `exchange_keys':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:684: undefined 
>> >>>>reference
>> >>>>to
>> >>>>`wtls_decrypt_pdu_list'
>> >>>>libwap.a(wtls.o): In function `wtls_event_handle':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>> >>>>undefined
>> >>>>reference to `clientkeyexchanges_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>> >>>>undefined
>> >>>>reference to `certifcateverifys_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>> >>>>undefined
>> >>>>reference to `changecipherspecs_are_identical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
>> >>>>undefined
>> >>>>reference to `finishes_are_indentical'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
>> >>>>undefined
>> >>>>reference to `packet_contains_finished'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
>> >>>>undefined
>> >>>>reference to `packet_contains_userdata'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>> >>>>undefined
>> >>>>reference to `packet_contains_finished'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>> >>>>undefined
>> >>>>reference to `packet_contains_userdata'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
>> >>>>undefined
>> >>>>reference to `finishes_are_indentical'
>> >>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_dump':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1156: undefined
>> >>>>reference
>> >>>>to `pduName'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1159: undefined
>> >>>>reference
>> >>>>to `hsName'
>> >>>>libwap.a(wtls_pdu.o): In function `wtls_payload_dump':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1128: undefined
>> >>>>reference
>> >>>>to `pduName'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1134: undefined
>> >>>>reference
>> >>>>to `alertName'
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1131: undefined
>> >>>>reference
>> >>>>to `hsName'
>> >>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_pack':
>> >>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1106: undefined
>> >>>>reference
>> >>>>to `wtls_encrypt'
>> >>>>collect2: ld returned 1 exit status
>> >>>>
>> >>>>
>> >>>>-----Original Message-----
>> >>>>From: devel-bounces at kannel.org [mailto:devel-bounces at kannel.org] On
>> >>>>Behalf
>> >>>>Of Rene Kluwen
>> >>>>Sent: Sunday, 12 September, 2010 14:35
>> >>>>To: 'Nikos Balkanas'; 'Alexander Malysh'
>> >>>>Cc: 'Kannel Devel'
>> >>>>Subject: RE: wtls branch merged
>> >>>>
>> >>>>I get:
>> >>>>
>> >>>>Configuring WTLS support ...
>> >>>>checking for WTLS library... openssl
>> >>>>checking for RSA_new in -lcrypto... yes
>> >>>>checking openssl/objects.h usability... yes
>> >>>>checking openssl/objects.h presence... yes
>> >>>>checking for openssl/objects.h... yes
>> >>>>checking openssl/rc5.h usability... no
>> >>>>checking openssl/rc5.h presence... no
>> >>>>checking for openssl/rc5.h... no
>> >>>>configure: WARNING: OpenSSL installation seems to lack RC5 algorithm!
>> >>>>
>> >>>>Is this bad?
>> >>>>
>> >>>>== Rene
>> >>>>
>> >>>>
>> >>>>-----Original Message-----
>> >>>>From: devel-bounces at kannel.org [mailto:devel-bounces at kannel.org] On
>> >>>>Behalf
>> >>>>Of Nikos Balkanas
>> >>>>Sent: Sunday, 12 September, 2010 13:16
>> >>>>To: Alexander Malysh
>> >>>>Cc: Kannel Devel
>> >>>>Subject: Re: wtls branch merged
>> >>>>
>> >>>>Hi,
>> >>>>
>> >>>>Reporting from Solaris 10.5 amd64, 64bit compilation.
>> >>>>Configured --with-wtls=openssl
>> >>>>
>> >>>>1) Compilation: Clean. A couple of unrelated warnings fixed. 
>> >>>>Attaching
>> >>>>patch.
>> >>>>
>> >>>>2) Emulators used:
>> >>>>
>> >>>>a) Openwave SDK 6.2.2 wap: no problems (connection tested)
>> >>>>b) Nokia NMBS 4.0: no problems (connection & connectionless tested)
>> >>>>
>> >>>>Sites tested, following through links:
>> >>>>
>> >>>>http://wap.google.com
>> >>>>http://wap.yahoo.com
>> >>>>http://m.facebook
>> >>>>
>> >>>>Only facebook had a warning with nokia's emulator (b) about 
>> >>>>unsupported
>> >>>>content. This was not observed with Openwave (a) and in any case it 
>> >>>>is
>> >>>>related to wap, not wtls. The same happens in plain wtp 
>> >>>>communication.
>> >>>>
>> >>>>Overall a succesful merge.
>> >>>>
>> >>>>Thanks,
>> >>>>Nikos
>> >>>>----- Original Message -----
>> >>>>From: "Alexander Malysh" <amalysh at kannel.org>
>> >>>>To: "Kannel Devel" <devel at kannel.org>
>> >>>>Cc: "Nikos Balkanas" <nbalkanas at gmail.com>
>> >>>>Sent: Sunday, September 12, 2010 1:04 PM
>> >>>>Subject: wtls branch merged
>> >>>>
>> >>>>
>> >>>>>Hi together,
>> >>>>>
>> >>>>>just merged and commited wtls branch into trunk.
>> >>>>>Please check it and let me know if something went wrong.
>> >>>>>
>> >>>>>Thanks,
>> >>>>>Alexander Malysh
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>
>> >>
>> >>
>> >>
>> >
>> >
>> >
>>
>>
>
> -- 
> Kind regards,  Milan
> --------------------------------------------------
> Arvanta, IT Security        http://www.arvanta.net
> Please do not send me e-mail containing HTML code.
> 




More information about the devel mailing list