Bug 1006702 - Enable SRP Authentication
Enable SRP Authentication
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: gnutls (Show other bugs)
26
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nikos Mavrogiannopoulos
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-11 03:07 EDT by Fabian Deutsch
Modified: 2017-05-15 02:19 EDT (History)
5 users (show)

See Also:
Fixed In Version: gnutls-3.5.12-2.fc26 gnutls-3.5.12-2.fc25
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-14 16:20:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fabian Deutsch 2013-09-11 03:07:27 EDT
Description of problem:
Currentl ySRP authentication is disabled (--disable-srp-authentication), please enable it.

Or is there a reason why it's explicitly disabled?


Version-Release number of selected component (if applicable):
gnutls-3.1.11-1

How reproducible:
always
Comment 1 Tomas Mraz 2013-09-11 03:12:54 EDT
It is blocked by legal.
Comment 2 Fabian Deutsch 2013-09-11 03:18:33 EDT
Ah okay.
Is this decision maybe old and could be revisited?
Comment 3 Tomas Mraz 2013-09-11 03:24:57 EDT
You can try to contact Fedora legal.
Comment 4 Ben Slusky 2013-12-23 11:58:44 EST
Mr. Deutsch's message on the Fedora legal mailing list <URL:https://lists.fedoraproject.org/pipermail/legal/2013-September/002238.html> was not answered, and I see that this bug is still open.

Since Fedora legal don't seem to want to talk about this, here are some links to when productive discussion about the legal status of SRP actually happened:
<URL:http://www.mail-archive.com/openssl-dev@openssl.org/msg28936.html>
Relatively recent discussion about including SRP in OpenSSL.
<URL:http://www.pdl.cmu.edu/mailinglists/ips/mail/msg09292.html>
Older discussion about SRP and iSCSI.
Comment 5 Fedora Admin XMLRPC Client 2014-08-25 10:36:28 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Fedora End Of Life 2015-01-09 14:47:49 EST
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 7 Orion Poplawski 2015-07-14 11:33:33 EDT
Also I'll note that while the srp .c code is stripped from gnutls, the header declarations are still present.  This leads to errors at link/load time rather than compile time which is confusing.
Comment 8 Fedora Update System 2017-05-11 12:59:30 EDT
gnutls-3.5.12-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4c915ec1b
Comment 9 Fedora Update System 2017-05-11 13:00:22 EDT
gnutls-3.5.12-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff5606494b
Comment 10 Yaakov Selkowitz 2017-05-11 13:30:06 EDT
(In reply to Orion Poplawski from comment #7)
> Also I'll note that while the srp .c code is stripped from gnutls, the
> header declarations are still present.  This leads to errors at link/load
> time rather than compile time which is confusing.

Because it is a configurable feature, software wanting to use it need to configure-test its presence (as it seems curl does).

More importantly, however, the references to the SRP functions in the included Guile bindings are still present, leading to undefined symbol errors when loaded.  I fixed this on Cygwin (where all symbols must be resolved at link-time) with the following patch:

https://github.com/cygwinports/gnutls/blob/master/3.5.11-hobbled.patch
Comment 11 Nikos Mavrogiannopoulos 2017-05-12 03:28:19 EDT
Note that in the upcoming update (3.5.12), srp will be enabled.
Comment 12 Fedora Update System 2017-05-12 09:41:10 EDT
gnutls-3.5.12-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4c915ec1b
Comment 14 Fedora Update System 2017-05-12 21:11:53 EDT
gnutls-3.5.12-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff5606494b
Comment 15 Fedora Update System 2017-05-14 16:20:41 EDT
gnutls-3.5.12-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2017-05-15 00:41:28 EDT
gnutls-3.5.12-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.