|
Post by rikky on Jul 4, 2018 12:44:49 GMT 1
I had libtomcrypt-develop already compiled, but I now also did the sudo apt-get install en plus. to no avail. I can make a start a fresh RaspberryPiOS tomorrow morning, see if that helps.
|
|
|
Post by vovchik on Jul 4, 2018 13:04:06 GMT 1
Dear Rik, Since your libraries seem to be in place, try running my compile of Peter's demo program, compiled for RPI3 in the attachment. It should work, and if it doesn't, it might give us some information about why not... With kind regards, vovchik Attachments:tlsetest.tar.gz (50.8 KB)
|
|
|
Post by rikky on Jul 4, 2018 14:58:35 GMT 1
Works perfectly.
Did you only install libtomcrypt-dev ? or also nettle , gmplib , unbound-anchor andso?
btw, I had this warning compiling gnutls which I seem to be needing, and which I could only compile like: ./configure --with-included-libtasn1 --with-included-unistring --without-p11-kit
configure: WARNING: *** *** The DNSSEC root key file in /etc/unbound/root.key was not found. *** This file is needed for the verification of DNSSEC responses. *** Use the command: unbound-anchor -a "/etc/unbound/root.key" *** to generate or update it. ***
but: unbound-anchor -a "/etc/unbound/root.key" gave =>
[1530704072] libunbound[5123:0] error: unable to open /etc/unbound/root.key for reading: No such file or directory [1530704072] libunbound[5123:0] error: error reading auto-trust-anchor-file: /etc/unbound/root.key [1530704072] libunbound[5123:0] error: validator: error in trustanchors config [1530704072] libunbound[5123:0] error: validator: could not apply configuration settings. [1530704072] libunbound[5123:0] error: module init for module validator failed
|
|
|
Post by vovchik on Jul 4, 2018 15:19:55 GMT 1
Dear Rik,
I only installed libtomcrypt-dev. It pulled in the libtomcrypt binary and one other math package as well. I haven't yet tried gnutls on the RPI3, since it already bombed on me on Mint (where I have versions 26 and 27 and not 28), and I have a feeling that the PI repository version will be old. I see you also had problems compiling it from scratch. Maybe Peter can offer a suggestion. I am glad the the tlse version ran - it means your tomcrypt libs are OK, and the problems must be arising from something else.
With kind regards, vovchik
|
|
|
Post by rikky on Jul 4, 2018 16:17:46 GMT 1
Okee, Then don't bother anymore. This means I've messed too much around with my system, and it is time to start afresh. Tomorrow at the latest. Thanks Rik.
|
|
|
Post by Pjot on Jul 4, 2018 21:51:21 GMT 1
Hi Rik, It definitely looks like a problem with libtomcrypt. Maybe you have two separate installations on your system (one manually compiled, the other from a repo)? Hopefully you can work it out with a fresh install. In the meantime, I got a first version of an SSL context ready. It can be found here. Next to the actual source files of TLSE, it also makes use of the "root.pem" certificates for optional validation (at the TLSE site as well). Sample program: INCLUDE ssl
handle = SSL_CONNECT("linux.slashdot.org:443") PRINT "----> Website: ", SSL_GET$(handle, "/") PRINT "----> Validation: ", SSL_VALIDATION$(handle) PRINT "----> Cipher: ", SSL_CIPHER$(handle) PRINT "----> Certificate: ", SSL_CERTIFICATE$(handle) SSL_CLOSE(handle)
Regards Peter
|
|
|
Post by rikky on Jul 4, 2018 22:21:44 GMT 1
Yes with a fresh system, got it to work immediately. Whatever was the problem, we will never know. The newest version, will be something for tomorrow. Good night, Rik.
|
|
|
Post by vovchik on Jul 4, 2018 23:03:48 GMT 1
Dear Peter, Your new sss.bac works find. I had to restore the POKE (rather than the memset, which caused an error). Uncomming the last lines, I saw it in action. Thanks. @ Rik: Great that it finally worked. With kind regards, vovchik
|
|
|
Post by rikky on Jul 5, 2018 5:13:37 GMT 1
yes, It works, only if I change back to the POKE, with BaCon version 3.8 beta. Rik.
|
|
|
Post by Pjot on Jul 5, 2018 17:37:49 GMT 1
Thanks guys! For the POKE issue, I should have added OPTION NOPARSE TRUE as well to make the memset work. But I have changed the ' ssl.bac' to POKE by default now Best regards Peter
|
|
|
Post by Pjot on Jul 22, 2018 18:17:13 GMT 1
All, Basically, TLS is nothing but an encryption wrapper around a plain text protocol. Therefore, it should with a POP3 server too. I have updated the SSL wrapper with one additional 'SSL_CMD$' function, so a program now can send any request to the SSL tunnel. The below is a POP3 session in a SSL session connecting to a mailserver on port 995 fetching one message. The POP3 protocol is remarkably simple. BR Peter INCLUDE ssl
' Connect to mailserver s1 = SSL_CONNECT("pop3.mail.com:995")
SSL_CMD$(s1, "USER account") resp$ = SSL_CMD$(s1, "PASS secret")
IF INSTR(resp$, "ERR") THEN PRINT "Login to mailserver failed!" END ENDIF
PRINT resp$
' Get amount of messages resp$ = SSL_CMD$(s1, "STAT")
amount = VAL(TOKEN$(resp$, 2))
PRINT "We have ", amount, " messages."
' Get a mail resp$ = SSL_CMD$(s1, "RETR 1") PRINT resp$
' Leaving server PRINT SSL_CMD$(s1, "QUIT")
' Close SSL connection SSL_CLOSE(s1)
|
|
|
Post by vovchik on Jul 22, 2018 22:25:24 GMT 1
Dear Peter,
It compiled fine, and the login to my gmail account went OK - but the test prog did not give me a proper inbox count (0), when I had just sent a message to that account. I am wondering why.
With kind regards, vovchik
|
|
|
Post by rikky on Jul 23, 2018 9:19:28 GMT 1
trying on the Pi Compiling went fine fetching anything on Gmail failed. /home/pi/bin/BaCon/other/ssl/pop3_session Runtime error: statement 'OPEN FOR NETWORK' at line 185 in '../../share/ssl.bac': Unable to open address: Operation now in progress
Rik.
|
|
|
Post by vovchik on Jul 23, 2018 13:38:35 GMT 1
Dear Rik,
I had that problem at first. You have to edit a few lines:
s1 = SSL_CONNECT("pop.gmail.com:995") SSL_CMD$(s1, "your_login_id@gmail.com") resp$ = SSL_CMD$(s1, "your_password")
I hope that helps.
With kind regards, vovchik
|
|
|
Post by rikky on Jul 23, 2018 14:21:59 GMT 1
Okee, Now we have 0 messages. However, if I deliberately change my username, and or my password, the response still is the same: We have 0 messages. Rik.
|
|