Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Jonathan M. Henson
    @JonathanHenson
    This mobile client is the worst. Anyways do you have details on what’s failing? Also, what are you trying to do? Do you just want to build it into your project?
    TheBear@Austin
    @zebointexas
    I am so glad to have your response?
    Build_Record.rtf
    This file is the build details - I assume it means I built successefully?

    Digests: SHA512:SHA384:SHA1:SHA256:SHA224 Vers: TLSv1.2 ... PASSED
    Digests: SHA512:SHA384:SHA224:SHA1:SHA256 Vers: TLSv1.2 ... PASSED
    Digests: SHA512:SHA384:SHA224:SHA256:SHA1 Vers: TLSv1.2 ... PASSED
    Digests: SHA512:SHA384:SHA256:SHA1:SHA224 Vers: TLSv1.2 ... PASSED
    Digests: SHA512:SHA384:SHA256:SHA224:SHA1 Vers: TLSv1.2 ... PASSED

    Running s2n Client elliptic curve tests:
Expected supported:   ['P-256', 'P-384']
Expected unsupported: ['B-163', 'K-409']

    Testing ciphers using curve list of size: 1

    Curves: P-256 Vers: TLSv1.2 ... PASSED
    Curves: P-256 Vers: TLSv1.2 ... PASSED
    Curves: P-384 Vers: TLSv1.2 ... PASSED
    Curves: P-384 Vers: TLSv1.2 ... PASSED

        Testing ciphers using curve list of size: 2

    Curves: P-256:P-384 Vers: TLSv1.2 ... PASSED
    Curves: P-256:P-384 Vers: TLSv1.2 ... PASSED
    Curves: P-384:P-256 Vers: TLSv1.2 ... PASSED
    Curves: P-384:P-256 Vers: TLSv1.2 ... PASSED

    Run gnutls handshake tests

    ( \
    DYLD_LIBRARY_PATH="../../lib/:../testlib/:/Users/zeboxiong/s2n/test-deps/openssl-1.1.1/lib:$DYLID_LIBRARY_PATH" \
    LD_LIBRARY_PATH="../../lib/:../testlib/:/Users/zeboxiong/s2n/test-deps/openssl-1.1.1/lib:$LD_LIBRARY_PATH" \
    python3 s2n_handshake_test_gnutls.py --libcrypto openssl-1.1.1 127.0.0.1 8888; \
    )

    Running GnuTLS handshake tests with: gnutls-cli 3.5.6

    Testing ciphers using client version: SSLv3

Creating ThreadPool of size: 8
    The Mac Terminal show like this after I run ".travis/s2n_travis_build.sh"

    However, the next steps, I need to use s2n

    I need to evaluate s2n for my project - to check the s2n's performance

    Do you have any suggestions? I am checking with the example in bin/ directory
    Faraaz Sareshwala
    @fsareshwala
    Hey all, do you know if there is a way to extract the expiry time for a certificate within s2n?
    I looked through the documentation and nothing really stood out to me
    Faraaz Sareshwala
    @fsareshwala
    Looks like https://www.openssl.org/docs/manmaster/man3/X509_set1_notAfter.html would be the pertinent function to use to extract that data
    Doesn't look like s2n makes use of any notAfter functions
    Would this be something we need to add into the codebase to get at? Or is there a better way?
    Faraaz Sareshwala
    @fsareshwala
    I can extract the information directly through openssl calls, just wondering if putting it in s2n is the right way to go so as to not have to code against openssl directly
    Faraaz Sareshwala
    @fsareshwala
    I created awslabs/s2n#1265 to address that
    I have another question for now -- we're seeing a very slow memory leak when using s2n_connection_set_fd of about 24 bytes -- is this a known issue?
    Faraaz Sareshwala
    @fsareshwala
    An image of what we're seeing: https://i.imgur.com/TZoBnTp.png
    Not sure if anyone else has seen this before
    Faraaz Sareshwala
    @fsareshwala
    Ah, looks like we actually figured out the issue -- we're creating an issue on github and submitting a patch
    Hopefully we can get it merged it soon
    purlaksh
    @purlaksh
    E1128 14:02:56.076707 7234 s2n_utilities.cc:39] [OpId:0] [PG:0] [OpCode:0] [Cmd:] Error running s2n_shutdown:[S2N Error Message]: connection is closed [S2N Debug Message]: Error encountered in s2n_recv.c line 64 [errno]: 0
    Any insights on this?
    seyeh
    @seyeh
    Does anyone know how to get amazon s2n working on a MacBook Pro? When I follow the steps in the README, I cannot run the ".travis/s2n_travis_build.sh" command. I get the error: FAILED Grep For Simple Mistakes check. I also get a lot of warnings when I run the ".travis/s2n_install_test_dependencies.sh" command.
    Amanda Gray
    @agray256
    Hi @seyeh Are you trying to build with integration tests or another configuration? I haven't seen any errors running s2n_install_test_dependencies.sh when building with unit tests. The error in get_simple_mistkaes.sh is due to osx shell not parsing "\s" in manual_null_check_regex as expected. You can work around that for now by replacing the \s with . or .*
    seyeh
    @seyeh
    @agray256 Thank you for the help, I'll definitely try it out for fun. I eventually worked around the problem by installing a VM with Ubuntu and SSHing onto the VM on my mac.
    Chris Meyers
    @chrismeyersfsu
    Any tutorials on connecting through s2n to redis?
    dumma
    @dumma
    hi I need help in connecting to aws -EC2 from my putty
    Alistair McLean
    @almclean_tw_twitter
    Hello, I'm writing rust lang bindings for s2n - can someone tell me if there's an official process for adding language bindings ? Very early on just now, i essentially have a wrapper with a couple of tests.
    Ashana Tayal
    @AshanaTayal_twitter
    Hello, checking if there are any plans on adding hot reloading of certs on expiry feature in s2n for long-running services?
    Alex Weibel
    @alexw91
    @almclean_tw_twitter We don't have an official process for adding language bindings. I'll get back to you on this.

    Are any plans on adding hot reloading of certs on expiry feature in s2n for long-running services?

    Currently no, though that's possible to do from the library that's calling s2n. Just create a new s2n_config with the new certificate loaded, and start using that new s2n_config for every new s2n_connection. Then once all the old s2n_connections have finished, you can free the previous s2n_config with the older cert.

    Ashana Tayal
    @AshanaTayal_twitter
    @alexw91 Hello, is there any doc providing details around benchmarking/performance of s2n library. Any performance numbers for reference and what to expect from s2n would be good to have. I am mainly interested in memory increase involved in the s2n session. We are seeing ~54kb from s2n_realloc and ~21kb from crypto_malloc per session when a testing server with OpenSSL s_client.
    huoyingyangjie
    @huoyingyangjie
    ../../lib/libs2n.so(s2n_calculate_stacktrace+0x81) [0x7f3615716681]
    ../../lib/libs2n.so(s2n_read_full_record+0x12d) [0x7f36156e28ed]
    ../../lib/libs2n.so(s2n_recv_close_notify+0x31) [0x7f36156e2ea1]
    ../../lib/libs2n.so(s2n_shutdown+0x91) [0x7f36156e45d1]
    ./s2n_self_talk_test() [0x401771]
    /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f3614ea9505]
    ./s2n_self_talk_test() [0x403be3]
    FAILED test 21488343
    shutdown_rc == 0 || (errno == EAGAIN && blocked) is not true (s2n_self_talk_test.c line 192)
    Error Message: 'connection is closed'
    Debug String: 'Error encountered in s2n_recv.c line 66'
    System Error: Success (0)
    Ashana Tayal
    @AshanaTayal_twitter
    Hello, is there any doc providing details around benchmarking/performance of s2n library. Any performance numbers for reference and what to expect from s2n would be good to have. I am mainly interested in memory increase involved in the s2n session. We are seeing ~54kb from s2n_realloc and ~21kb from crypto_malloc per session when a testing server with OpenSSL s_client.
    zhencai1
    @zhencai1
    Do you know s2n support DTLS 1.3 version?
    Alex Weibel
    @alexw91
    s2n does not currently support DTLS for any versions
    Gregor Larson
    @gregorlarson
    Probably a FAQ, but......
    I was surprised to read https://github.com/awslabs/s2n/blob/master/docs/USAGE-GUIDE.md#s2n_mode
    Indicates that only S2N_SERVER is supported, no client support at this time. Is that out-of-date? I notice that bin/s2nc has been using S2N_CLIENT for more than 3 years.
    I am working on an arm32 embedded Linux device that need to talk to servers (including AWS S3) and was wondering if s2n would be suitable. I do require TLS. Would S2N work for that scenario? Thanks.
    Duong Nguyen
    @snoop007mtl_gitlab
    I checkout v0.10.0, I followed README. Running "codebuild/bin/s2n_install_test_dependencies.sh" failed with following errors:
    ar: u' modifier ignored sinceD' is the default (see U') /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_192r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_384r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_224r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_256r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_521r1'
    collect2: error: ld returned 1 exit status
    make[4]: [Makefile:1869: srptool] Error 1
    make[4]:     Waiting for unfinished jobs....
    gcc: warning: switch '-Wchkp' is no longer supported
    gcc: warning: switch '-Wchkp' is no longer supported
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_192r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_384r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_224r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_256r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_521r1' collect2: error: ld returned 1 exit status make[4]: *** [Makefile:1857: ocsptool] Error 1 gcc: warning: switch '-Wchkp' is no longer supported /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_192r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_384r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_224r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_256r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_521r1'
    collect2: error: ld returned 1 exit status
    make[4]: [Makefile:1865: psktool] Error 1
    ar: u' modifier ignored sinceD' is the default (see U') /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_192r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_384r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_224r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_256r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_521r1'
    collect2: error: ld returned 1 exit status
    make[4]:     [Makefile:1849: gnutls-cli-debug] Error 1
    ar: u' modifier ignored sinceD' is the default (see U') gcc: warning: switch '-Wchkp' is no longer supported /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_192r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_384r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_224r1'
    /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to nettle_secp_256r1' /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference tonettle_secp_521r1'
    collect2: error: ld returned 1 exit status
    make[4]: [Makefile:1853: gnutls-serv] Error 1
    make[3]:     [Makefile:1957: all-recursive] Error 1
    make[2]: [Makefile:1699: all] Error 2
    make[1]:     [Makefile:1432: all-recursive] Error 1
    make: * [Makefile:1360: all] Error 2
    Duong Nguyen
    @snoop007mtl_gitlab
    I tried to make but it failed:
    FAILED test 24221
    !(((s2n_map_add(map, &key, &val))) == (-1)) is not true (s2n_map_test.c line 76)
    Error Message: 'error calling mlock (Did you run prlimit?)'
    Debug String: 'Error encountered in s2n_mem.c line 99'
    System Error: Cannot allocate memory (12)
    make[2]: [Makefile:51: s2n_map_test] Error 1
    make[2]: Leaving directory '/home/dnguye5/s2n/tests/unit'
    make[1]:     [Makefile:25: all] Error 2
    make[1]: Leaving directory '/home/dnguye5/s2n/tests'
    make: * [Makefile:31: all] Error 2
    Alex Weibel
    @alexw91
    You need to run prlimit in order to allow s2n to mlock memory, try running sudo -E prlimit--pid "$$" --memlock=unlimited:unlimited and trying again
    Duong Nguyen
    @snoop007mtl_gitlab
    @alexw91 Thx, it works.
    Duong Nguyen
    @snoop007mtl_gitlab
    I am trying to have a simple server up and running. In https://github.com/awslabs/s2n/tree/main/bin, it looks like s2nd is the server and s2nc is the client?
    liuhong785738008
    @liuhong785738008
    I am trying to port s2n to OpenWRT. Can it work?
    Alex Weibel
    @alexw91
    I don't have experience with OpenWRT, but in theory it should be able to work. One problem is that s2n exposes a much smaller API surface than OpenSSL so not every OpenSSL API has an equivalent s2n one.
    liuhong785738008
    @liuhong785738008
    Thank you very much.
    jcgomezv
    @jcgomezv
    Hi there: has any one developed a s2n wrapper for boost asio sockets? like the standard one for open ssl?
    Alex Weibel
    @alexw91
    Not that I'm aware of. The only C++ wrapper code around s2n that I'm aware of is the C++ AWS Common Runtime (CRT): https://github.com/awslabs/aws-crt-cpp
    jcgomezv
    @jcgomezv
    Thanks Alex, I think adding s2n stream support in asio is key to pushing s2n adoption for projects which use boost asio library, I will see if I can get some traction on that