MIME-Version: 1.0
In-Reply-To: 
 <CAG7mmoxxh4mJx1sOH6ueHwj3CMHuPwMZ8CAw4Oz=TseutJn+Yw@mail.gmail.com>
References: <loom.20151127T101921-647@post.gmane.org>
 <CA+OCxozWb1AMK_mOOZo_QF1w5i=4bx=MoO=Q2UavPihZ54aWJA@mail.gmail.com>
 <CANxoLDdJT6KXXTZ860DdopC8Txb6Pd2yX3NvZudb_HhwYxrU+w@mail.gmail.com>
 <CANxoLDfRohWSnXsFxBv+bPFugUaDPBYXpTeQDcbPQy7j=_cW2g@mail.gmail.com>
 <48AA5EAC-64A6-466E-9900-E32EDD4187C0@pgadmin.org>
 <CANxoLDdJRxU2itw=8GS98k7_+Pd1O6POs4DGauXkxWZC89P9aQ@mail.gmail.com>
 <CA+OCxozDWJFWRNQ-d8FY7AeVUoodbnYOzBPpjvAuBkyswJW0Vg@mail.gmail.com>
 <CANxoLDeju=EoHhrqav=Evm2O8y_hJpyP4Uo90nWy2CHc9g1fXQ@mail.gmail.com>
 <CAG7mmoxxh4mJx1sOH6ueHwj3CMHuPwMZ8CAw4Oz=TseutJn+Yw@mail.gmail.com>
Date: Wed, 2 Dec 2015 13:04:09 +0000
Message-ID: 
 <CA+OCxoyLPx9TWDbYyE7hsjp5ESFNKVH2dUzuqq8p89sOg=+Jrw@mail.gmail.com>
Subject: Re: SSH tunnel key exchange methods
From: Dave Page <dpage@pgadmin.org>
To: Ashesh Vashi <ashesh.vashi@enterprisedb.com>
Cc: Akshay Joshi <akshay.joshi@enterprisedb.com>,
 Sven <svoop_6cedifwf9e@delirium.ch>,
 pgAdmin Support <pgadmin-support@postgresql.org>,
 pgadmin-hackers <pgadmin-hackers@postgresql.org>
Content-Type: multipart/alternative; boundary=001a11405dfef00a9d0525e9e8f7
Precedence: bulk
Sender: pgadmin-support-owner@postgresql.org

--001a11405dfef00a9d0525e9e8f7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Wed, Dec 2, 2015 at 9:59 AM, Ashesh Vashi <ashesh.vashi@enterprisedb.com=
>
wrote:

>
> On Wed, Dec 2, 2015 at 3:27 PM, Akshay Joshi <
> akshay.joshi@enterprisedb.com> wrote:
>
>>
>>
>> On Wed, Dec 2, 2015 at 3:20 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>>> Hi
>>>
>>> On Wed, Dec 2, 2015 at 9:19 AM, Akshay Joshi <
>>> akshay.joshi@enterprisedb.com> wrote:
>>>
>>>> Hi Dave
>>>>
>>>> I have updated the *libssh2* library with the latest available code on
>>>> their git repository. The new code used "diffie-hellman-group-exchange=
-sha256" algorithm for
>>>> key exchange and they also fixed some memory leak. I have verified it =
by
>>>> putting the breakpoint in the libssh2 code, so when we called "
>>>> libssh2_session_init()" it will automatically call "static int diffie_
>>>> hellman_sha256(...)" function, but I don't know exactly how to
>>>> identify the key exchange method (sha1 or sha256) used by the latest
>>>> libssh2 library.
>>>>
>>>> I have tested the pgadmin3 after updating the libssh2 library on CentO=
S
>>>> 6.5 (64 bit) and it works fine. I have also modified the code to add
>>>> human readable error message returned by the library. Attached is the
>>>> patch file. Can you please review it and if it looks good can you plea=
se
>>>> commit the code.
>>>>
>>>
>>> I'm seeing the following build error on OS X 10.7:
>>>
>>> depbase=3D`echo libssh2/agent.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
>>> ccache gcc -Qunused-arguments -DHAVE_CONFIG_H -I. -I..
>>> -I../pgadmin/include/libssh2  -I../pgadmin/include
>>> -I../pgadmin/include/libssh2   -I/usr/local/pgsql-9.5/include
>>> -I/usr/local/pgsql-9.5/include/server -I/usr/local/pgsql-9.5/include
>>> -DPG_SSL -DHAVE_CONNINFO_PARSE
>>> -I/usr/local/lib/wx/include/mac-unicode-release-static-2.8
>>> -I/usr/local/include/wx-2.8 -D_FILE_OFFSET_BITS=3D64 -D_LARGE_FILES
>>> -D__WXMAC__ -DEMBED_XRC -arch i386 -I/usr/include/libxml2
>>> -I/opt/local/include/libxml2 -DHAVE_OPENSSL_CRYPTO  -O2 -MT libssh2/age=
nt.o
>>> -MD -MP -MF $depbase.Tpo -c -o libssh2/agent.o libssh2/agent.c &&\
>>> mv -f $depbase.Tpo $depbase.Po
>>> In file included from ../pgadmin/include/libssh2/libssh2_priv.h:136,
>>>                  from libssh2/agent.c:41:
>>> ../pgadmin/include/libssh2/crypto.h:53: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99
>>> token
>>> ../pgadmin/include/libssh2/crypto.h:69: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99
>>> token
>>> ../pgadmin/include/libssh2/crypto.h:73: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99
>>> token
>>> ../pgadmin/include/libssh2/crypto.h:78: error: expected declaration
>>> specifiers or =E2=80=98...=E2=80=99 before =E2=80=98libssh2_rsa_ctx=E2=
=80=99
>>> ../pgadmin/include/libssh2/crypto.h:83: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99
>>> token
>>> ../pgadmin/include/libssh2/crypto.h:115: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99
>>> token
>>> ../pgadmin/include/libssh2/crypto.h:120: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99
>>> token
>>> In file included from libssh2/agent.c:41:
>>> ../pgadmin/include/libssh2/libssh2_priv.h:240: error:
>>> =E2=80=98SHA256_DIGEST_LENGTH=E2=80=99 undeclared here (not in a functi=
on)
>>> ../pgadmin/include/libssh2/libssh2_priv.h:245: error: expected
>>> specifier-qualifier-list before =E2=80=98_libssh2_bn_ctx=E2=80=99
>>> ../pgadmin/include/libssh2/libssh2_priv.h:267: error: expected
>>> specifier-qualifier-list before =E2=80=98_libssh2_bn=E2=80=99
>>> ../pgadmin/include/libssh2/libssh2_priv.h:604: error:
>>> =E2=80=98SHA_DIGEST_LENGTH=E2=80=99 undeclared here (not in a function)
>>> ../pgadmin/include/libssh2/libssh2_priv.h:899: error: expected
>>> specifier-qualifier-list before =E2=80=98_libssh2_cipher_type=E2=80=99
>>> libssh2/agent.c: In function =E2=80=98agent_connect_unix=E2=80=99:
>>> libssh2/agent.c:150: warning: assignment makes pointer from integer
>>> without a cast
>>> make[3]: *** [libssh2/agent.o] Error 1
>>> make[2]: *** [all] Error 2
>>> make[1]: *** [all-recursive] Error 1
>>> make: *** [all] Error 2
>>>
>>
>>     I have modified the configure.ac.in and added "-DLIBSSH2_OPENSSL" to
>> solve the above. You need to run the configure command again.
>>
> You also needs to rerun the bootstrap script.
>

OK, it works for me on Windows and OSX. Ashesh, can you give it a
review/commit please?

Thanks.

--=20
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

--001a11405dfef00a9d0525e9e8f7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Wed, Dec 2, 2015 at 9:59 AM, Ashesh Vashi <span dir=3D"ltr">&lt;<a h=
ref=3D"mailto:ashesh.vashi@enterprisedb.com" target=3D"_blank">ashesh.vashi=
@enterprisedb.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><=
div dir=3D"ltr"><br><div class=3D"gmail_extra"><div><div class=3D"h5">On We=
d, Dec 2, 2015 at 3:27 PM, Akshay Joshi <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:akshay.joshi@enterprisedb.com" target=3D"_blank">akshay.joshi@enterpri=
sedb.com</a>&gt;</span> wrote:<br></div></div><div class=3D"gmail_quote"><d=
iv><div class=3D"h5"><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div=
 dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
<div><div>On Wed, Dec 2, 2015 at 3:20 PM, Dave Page <span dir=3D"ltr">&lt;<=
a href=3D"mailto:dpage@pgadmin.org" target=3D"_blank">dpage@pgadmin.org</a>=
&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px=
 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><di=
v dir=3D"ltr">Hi<div class=3D"gmail_extra"><br><div class=3D"gmail_quote"><=
span>On Wed, Dec 2, 2015 at 9:19 AM, Akshay Joshi <span dir=3D"ltr">&lt;<a =
href=3D"mailto:akshay.joshi@enterprisedb.com" target=3D"_blank">akshay.josh=
i@enterprisedb.com</a>&gt;</span> wrote:<br></span><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex"><div dir=3D"ltr">Hi Dave=C2=A0<div><br></div><spa=
n><div>I have updated the <b>libssh2</b> library with the latest available =
code on their git repository. The new code used=C2=A0<span style=3D"font-si=
ze:12.8px">&quot;</span><span style=3D"font-size:12.8px"><span>diffie</span=
></span><span style=3D"font-size:12.8px">-</span><span style=3D"font-size:1=
2.8px"><span>hellman</span></span><span style=3D"font-size:12.8px">-group-<=
/span><span style=3D"font-size:12.8px">exchange-sha256&quot;=C2=A0algorithm=
=C2=A0for key=C2=A0exchange and they also fixed some memory leak. I have ve=
rified it by putting the <span>breakpoint</span> in the libssh2 code, so wh=
en we called &quot;</span>libssh2_session_<span>init</span><span>()</span><=
span style=3D"font-size:12.8px">&quot; it will automatically call &quot;</s=
pan><span>static</span> <span>int</span> <span>diffie</span>_<span>hellman<=
/span>_sha256(...)<span style=3D"font-size:12.8px">&quot; function, b</span=
><span style=3D"font-size:12.8px"><span>ut</span> I don&#39;t know exactly =
how to identify the key exchange method (sha1 or sha256) used by the latest=
 libssh2 library.</span></div><div><span style=3D"font-size:12.8px"><br></s=
pan></div><div><span style=3D"font-size:12.8px">I have tested the pgadmin3 =
after updating the libssh2 library on <span>CentOS</span> 6.5 (64 bit) and =
it works fine. I have also modified the code to add human=C2=A0readable err=
or=C2=A0message returned by the library.=C2=A0</span><span style=3D"font-si=
ze:12.8px">Attached is the patch file. Can you please review it and if it l=
ooks good can you please commit the code.</span></div></span></div></blockq=
uote><div><br></div><div>I&#39;m seeing the following build error on OS X 1=
0.7:</div><div><br></div><div><div>depbase=3D`echo libssh2/agent.o | sed &#=
39;s|[^/]*$|.deps/&amp;|;s|\.o$||&#39;`;\</div><div><span style=3D"white-sp=
ace:pre-wrap">	</span>ccache gcc -Qunused-arguments -DHAVE_CONFIG_H -I. -I.=
. -I../pgadmin/include/libssh2 =C2=A0-I../pgadmin/include -I../pgadmin/incl=
ude/libssh2 =C2=A0 -I/usr/local/pgsql-9.5/include -I/usr/local/pgsql-9.5/in=
clude/server -I/usr/local/pgsql-9.5/include -DPG_SSL -DHAVE_CONNINFO_PARSE =
-I/usr/local/lib/wx/include/mac-unicode-release-static-2.8 -I/usr/local/inc=
lude/wx-2.8 -D_FILE_OFFSET_BITS=3D64 -D_LARGE_FILES -D__WXMAC__ -DEMBED_XRC=
 -arch i386 -I/usr/include/libxml2 -I/opt/local/include/libxml2 -DHAVE_OPEN=
SSL_CRYPTO =C2=A0-O2 -MT libssh2/agent.o -MD -MP -MF $depbase.Tpo -c -o lib=
ssh2/agent.o libssh2/agent.c &amp;&amp;\</div><div><span style=3D"white-spa=
ce:pre-wrap">	</span>mv -f $depbase.Tpo $depbase.Po</div><div>In file inclu=
ded from ../pgadmin/include/libssh2/libssh2_priv.h:136,</div><div>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0from libssh2/agent.c=
:41:</div><div>../pgadmin/include/libssh2/crypto.h:53: error: expected =E2=
=80=98)=E2=80=99 before =E2=80=98*=E2=80=99 token</div><div>../pgadmin/incl=
ude/libssh2/crypto.h:69: error: expected =E2=80=98)=E2=80=99 before =E2=80=
=98*=E2=80=99 token</div><div>../pgadmin/include/libssh2/crypto.h:73: error=
: expected =E2=80=98)=E2=80=99 before =E2=80=98*=E2=80=99 token</div><div>.=
./pgadmin/include/libssh2/crypto.h:78: error: expected declaration specifie=
rs or =E2=80=98...=E2=80=99 before =E2=80=98libssh2_rsa_ctx=E2=80=99</div><=
div>../pgadmin/include/libssh2/crypto.h:83: error: expected =E2=80=98)=E2=
=80=99 before =E2=80=98*=E2=80=99 token</div><div>../pgadmin/include/libssh=
2/crypto.h:115: error: expected =E2=80=98)=E2=80=99 before =E2=80=98*=E2=80=
=99 token</div><div>../pgadmin/include/libssh2/crypto.h:120: error: expecte=
d =E2=80=98)=E2=80=99 before =E2=80=98*=E2=80=99 token</div><div>In file in=
cluded from libssh2/agent.c:41:</div><div>../pgadmin/include/libssh2/libssh=
2_priv.h:240: error: =E2=80=98SHA256_DIGEST_LENGTH=E2=80=99 undeclared here=
 (not in a function)</div><div>../pgadmin/include/libssh2/libssh2_priv.h:24=
5: error: expected specifier-qualifier-list before =E2=80=98_libssh2_bn_ctx=
=E2=80=99</div><div>../pgadmin/include/libssh2/libssh2_priv.h:267: error: e=
xpected specifier-qualifier-list before =E2=80=98_libssh2_bn=E2=80=99</div>=
<div>../pgadmin/include/libssh2/libssh2_priv.h:604: error: =E2=80=98SHA_DIG=
EST_LENGTH=E2=80=99 undeclared here (not in a function)</div><div>../pgadmi=
n/include/libssh2/libssh2_priv.h:899: error: expected specifier-qualifier-l=
ist before =E2=80=98_libssh2_cipher_type=E2=80=99</div><div>libssh2/agent.c=
: In function =E2=80=98agent_connect_unix=E2=80=99:</div><div>libssh2/agent=
.c:150: warning: assignment makes pointer from integer without a cast</div>=
<div>make[3]: *** [libssh2/agent.o] Error 1</div><div>make[2]: *** [all] Er=
ror 2</div><div>make[1]: *** [all-recursive] Error 1</div><div>make: *** [a=
ll] Error 2</div></div></div></div></div></blockquote><div><br></div></div>=
</div><div>=C2=A0 =C2=A0 I have modified the <a href=3D"http://configure.ac=
.in" target=3D"_blank">configure.ac.in</a> and added &quot;-DLIBSSH2_OPENSS=
L&quot; to solve the above. You need to run the configure command again.=C2=
=A0</div></div></div></div></blockquote></div></div><div>You also needs to =
rerun the bootstrap script.</div></div></div></div></blockquote><div><br></=
div><div>OK, it works for me on Windows and OSX. Ashesh, can you give it a =
review/commit please?</div><div><br></div><div>Thanks.=C2=A0</div></div><di=
v><br></div>-- <br><div class=3D"gmail_signature">Dave Page<br>Blog: <a hre=
f=3D"http://pgsnake.blogspot.com" target=3D"_blank">http://pgsnake.blogspot=
.com</a><br>Twitter: @pgsnake<br><br>EnterpriseDB UK: <a href=3D"http://www=
.enterprisedb.com" target=3D"_blank">http://www.enterprisedb.com</a><br>The=
 Enterprise PostgreSQL Company<br></div>
</div></div>

--001a11405dfef00a9d0525e9e8f7--