Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1a6I7z-0004ml-7b for pgadmin-hackers@arkaria.postgresql.org; Tue, 08 Dec 2015 13:16:23 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84) (envelope-from ) id 1a6I7y-0005j4-Pk for pgadmin-hackers@arkaria.postgresql.org; Tue, 08 Dec 2015 13:16:22 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84) (envelope-from ) id 1a6I7k-0005Jn-TS for pgadmin-hackers@postgresql.org; Tue, 08 Dec 2015 13:16:08 +0000 Received: from mail-lf0-x235.google.com ([2a00:1450:4010:c07::235]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84) (envelope-from ) id 1a6I7g-0005bx-0q for pgadmin-hackers@postgresql.org; Tue, 08 Dec 2015 13:16:08 +0000 Received: by lfs39 with SMTP id 39so12369979lfs.3 for ; Tue, 08 Dec 2015 05:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=uvSgpfCdD651gKeXW+wK/T7gw/ZAWI6wGT4v2hGU9K8=; b=CDECLx3/vI5gYvadfWVwuumrJDQ01uIih/qtnX6yiWdWJKkin3gM3X4dWlojmW0Thn yKvhhNeidDSlEB+JzW5CjqESgEjKNmsGujtZXv7nOFzoSVElxDtWJ1TRE8un4hdrv5gT o4Cxirti1qvWA0bbyZwFDR+lZaLgXff1naenmJtEgBDzidW72v3Z4RX2yaqQ91dNq1Oe EpuuFTKEgjncAqquCrb+hGwsuYxz33LCqZtdl19SulruOKsw/hvcthzlxJR4Y39JBO5U k8rSw9ssG1zOLQElx3czshzSpQMzP9d2Yjcw05VKJbbCBsZjlN9pImBBquU+s+ZRgpXT MQUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=uvSgpfCdD651gKeXW+wK/T7gw/ZAWI6wGT4v2hGU9K8=; b=OXB+oMUYCX1SR5cHh0vW0pS5oLjoqNKK+kJifSdGQ2AIzyH7x9aUxF6EEjJPvLqc0s Q1wtElqPPQL+mcLAVG6lDl3047M7R5iF5Y9kkMuU+talwQMF6sjReWcmG4GsVbQ05ZeT CYAWFQWA21sT64fUtLTCgvTS4L3frVDj9of8mYX2/2EGVNC+FV2aNFmJrSrWXtq9kRL6 QjREQ0N3PFe8F+p5V/Ea05oymWz7KT8yHEaITS7IYaCp0C29MQfxV2cyjfZ5/KuXhsNa 63opv8Yuq3aPsJHMCKZhhgG29TWrfCPL/OdTPkeV0kH/aA1McWW3YByqEiwjhfipbRgC JyLA== X-Gm-Message-State: ALoCoQlsXhDazJSh53KTRDjg1M0pQkME4fKRwlzn9+/Dl6dPNEcaxPFQ4Fc+sDI07eEFSx6pkgruhbwKjJpZ2T4JarYZBxt8+OzWAmzuoPCs92sFgfvZIV0= X-Received: by 10.25.23.42 with SMTP id n42mr1598634lfi.42.1449580561499; Tue, 08 Dec 2015 05:16:01 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.95.38 with HTTP; Tue, 8 Dec 2015 05:15:41 -0800 (PST) In-Reply-To: References: <48AA5EAC-64A6-466E-9900-E32EDD4187C0@pgadmin.org> From: Ashesh Vashi Date: Tue, 8 Dec 2015 18:45:41 +0530 Message-ID: Subject: Re: [pgadmin-support] SSH tunnel key exchange methods To: Dave Page Cc: Akshay Joshi , Sven , pgAdmin Support , pgadmin-hackers Content-Type: multipart/alternative; boundary=001a114057cc712a17052662c6af X-Pg-Spam-Score: -2.6 (--) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgadmin-hackers Precedence: bulk Sender: pgadmin-hackers-owner@postgresql.org --001a114057cc712a17052662c6af Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Dec 8, 2015 at 6:36 PM, Dave Page wrote: > Yes, I think so. > Thanks. I have committed the code in the master branch, from which we will create a new branch 'REL-1_22_0_PATCHES' for 1.22.x releases. -- Thanks & Regards, Ashesh Vashi > > On Tue, Dec 8, 2015 at 1:05 PM, Ashesh Vashi < > ashesh.vashi@enterprisedb.com> wrote: > >> Dave, >> >> Patch looks good to me. >> But - Should we consider this as a bug fix, and commit it for 1.22.0 >> release? >> >> -- >> >> Thanks & Regards, >> >> Ashesh Vashi >> EnterpriseDB INDIA: Enterprise PostgreSQL Company >> >> >> >> *http://www.linkedin.com/in/asheshvashi* >> >> >> On Wed, Dec 2, 2015 at 6:34 PM, Dave Page wrote: >> >>> >>> >>> On Wed, Dec 2, 2015 at 9:59 AM, Ashesh Vashi < >>> ashesh.vashi@enterprisedb.com> wrote: >>> >>>> >>>> On Wed, Dec 2, 2015 at 3:27 PM, Akshay Joshi < >>>> akshay.joshi@enterprisedb.com> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Dec 2, 2015 at 3:20 PM, Dave Page wrote: >>>>> >>>>>> Hi >>>>>> >>>>>> On Wed, Dec 2, 2015 at 9:19 AM, Akshay Joshi < >>>>>> akshay.joshi@enterprisedb.com> wrote: >>>>>> >>>>>>> Hi Dave >>>>>>> >>>>>>> I have updated the *libssh2* library with the latest available code >>>>>>> on their git repository. The new code used "diffie-hellman-group-ex= change-sha256" algorithm for >>>>>>> key exchange and they also fixed some memory leak. I have verified = it by >>>>>>> putting the breakpoint in the libssh2 code, so when we called " >>>>>>> libssh2_session_init()" it will automatically call "static int >>>>>>> diffie_hellman_sha256(...)" function, but I don't know exactly how >>>>>>> to identify the key exchange method (sha1 or sha256) used by the la= test >>>>>>> libssh2 library. >>>>>>> >>>>>>> I have tested the pgadmin3 after updating the libssh2 library on >>>>>>> CentOS 6.5 (64 bit) and it works fine. I have also modified the >>>>>>> code to add human readable error message returned by the library. A= ttached >>>>>>> is the patch file. Can you please review it and if it looks good ca= n you >>>>>>> please commit the code. >>>>>>> >>>>>> >>>>>> I'm seeing the following build error on OS X 10.7: >>>>>> >>>>>> depbase=3D`echo libssh2/agent.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;= \ >>>>>> ccache gcc -Qunused-arguments -DHAVE_CONFIG_H -I. -I.. >>>>>> -I../pgadmin/include/libssh2 -I../pgadmin/include >>>>>> -I../pgadmin/include/libssh2 -I/usr/local/pgsql-9.5/include >>>>>> -I/usr/local/pgsql-9.5/include/server -I/usr/local/pgsql-9.5/include >>>>>> -DPG_SSL -DHAVE_CONNINFO_PARSE >>>>>> -I/usr/local/lib/wx/include/mac-unicode-release-static-2.8 >>>>>> -I/usr/local/include/wx-2.8 -D_FILE_OFFSET_BITS=3D64 -D_LARGE_FILES >>>>>> -D__WXMAC__ -DEMBED_XRC -arch i386 -I/usr/include/libxml2 >>>>>> -I/opt/local/include/libxml2 -DHAVE_OPENSSL_CRYPTO -O2 -MT libssh2/= agent.o >>>>>> -MD -MP -MF $depbase.Tpo -c -o libssh2/agent.o libssh2/agent.c &&\ >>>>>> mv -f $depbase.Tpo $depbase.Po >>>>>> In file included from ../pgadmin/include/libssh2/libssh2_priv.h:136, >>>>>> from libssh2/agent.c:41: >>>>>> ../pgadmin/include/libssh2/crypto.h:53: error: expected =E2=80=98)= =E2=80=99 before >>>>>> =E2=80=98*=E2=80=99 token >>>>>> ../pgadmin/include/libssh2/crypto.h:69: error: expected =E2=80=98)= =E2=80=99 before >>>>>> =E2=80=98*=E2=80=99 token >>>>>> ../pgadmin/include/libssh2/crypto.h:73: error: expected =E2=80=98)= =E2=80=99 before >>>>>> =E2=80=98*=E2=80=99 token >>>>>> ../pgadmin/include/libssh2/crypto.h:78: error: expected declaration >>>>>> specifiers or =E2=80=98...=E2=80=99 before =E2=80=98libssh2_rsa_ctx= =E2=80=99 >>>>>> ../pgadmin/include/libssh2/crypto.h:83: error: expected =E2=80=98)= =E2=80=99 before >>>>>> =E2=80=98*=E2=80=99 token >>>>>> ../pgadmin/include/libssh2/crypto.h:115: error: expected =E2=80=98)= =E2=80=99 before >>>>>> =E2=80=98*=E2=80=99 token >>>>>> ../pgadmin/include/libssh2/crypto.h:120: error: expected =E2=80=98)= =E2=80=99 before >>>>>> =E2=80=98*=E2=80=99 token >>>>>> In file included from libssh2/agent.c:41: >>>>>> ../pgadmin/include/libssh2/libssh2_priv.h:240: error: >>>>>> =E2=80=98SHA256_DIGEST_LENGTH=E2=80=99 undeclared here (not in a fun= ction) >>>>>> ../pgadmin/include/libssh2/libssh2_priv.h:245: error: expected >>>>>> specifier-qualifier-list before =E2=80=98_libssh2_bn_ctx=E2=80=99 >>>>>> ../pgadmin/include/libssh2/libssh2_priv.h:267: error: expected >>>>>> specifier-qualifier-list before =E2=80=98_libssh2_bn=E2=80=99 >>>>>> ../pgadmin/include/libssh2/libssh2_priv.h:604: error: >>>>>> =E2=80=98SHA_DIGEST_LENGTH=E2=80=99 undeclared here (not in a functi= on) >>>>>> ../pgadmin/include/libssh2/libssh2_priv.h:899: error: expected >>>>>> specifier-qualifier-list before =E2=80=98_libssh2_cipher_type=E2=80= =99 >>>>>> libssh2/agent.c: In function =E2=80=98agent_connect_unix=E2=80=99: >>>>>> libssh2/agent.c:150: warning: assignment makes pointer from integer >>>>>> without a cast >>>>>> make[3]: *** [libssh2/agent.o] Error 1 >>>>>> make[2]: *** [all] Error 2 >>>>>> make[1]: *** [all-recursive] Error 1 >>>>>> make: *** [all] Error 2 >>>>>> >>>>> >>>>> I have modified the configure.ac.in and added "-DLIBSSH2_OPENSSL" >>>>> to solve the above. You need to run the configure command again. >>>>> >>>> You also needs to rerun the bootstrap script. >>>> >>> >>> OK, it works for me on Windows and OSX. Ashesh, can you give it a >>> review/commit please? >>> >>> Thanks. >>> >>> -- >>> Dave Page >>> Blog: http://pgsnake.blogspot.com >>> Twitter: @pgsnake >>> >>> EnterpriseDB UK: http://www.enterprisedb.com >>> The Enterprise PostgreSQL Company >>> >> >> > > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EnterpriseDB UK: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > --001a114057cc712a17052662c6af Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Tue,= Dec 8, 2015 at 6:36 PM, Dave Page <dpage@pgadmin.org> wrote= :
Yes, I think= so.
Thanks.
I have committed the code= in the master branch, from which we will create a new branch 'REL-1_22= _0_PATCHES' for 1.22.x releases.

--
Thanks & R= egards,

Ashesh Vashi

On Tue, Dec 8, 2015 at 1:05 PM, Ash= esh Vashi <ashesh.vashi@enterprisedb.com> wrote:=
Dave,

Patch looks good to me.
But - Should we c= onsider this as a bug fix, and commit it for 1.22.0 release?

--

Thanks & = Regards,

Ashesh Vashi
EnterpriseDB INDIA= : Enterpri= se PostgreSQL Company

<= br>

<= a href=3D"http://www.linkedin.com/in/asheshvashi" target=3D"_blank">http= ://www.linkedin.com/in/asheshvashi


On Wed, Dec 2, 2015 at 6:34= PM, Dave Page <dpage@pgadmin.org> wrote:


On Wed, Dec 2, 2015 at 9:5= 9 AM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

On Wed, Dec 2, 2015 at 3:27 P= M, Akshay Joshi <akshay.joshi@enterprisedb.com> = wrote:


On Wed, Dec 2, 2015 at 3:20= PM, Dave Page <dpage@pgadmin.org> wrote:
Hi

On Wed, Dec 2, 2015 at 9:19 AM, = Akshay Joshi <akshay.joshi@enterprisedb.com> wro= te:
Hi Dave=C2=A0

I have updated the libssh2<= /b> library with the latest available code on their git repository. The new= code used=C2=A0"diffie-hellman<= span style=3D"font-size:12.8px">-group-exchange-sha256"=C2=A0algorithm=C2=A0for key=C2=A0exchange and the= y also fixed some memory leak. I have verified it by putting the brea= kpoint in the libssh2 code, so when we called "libssh2_s= ession_init()&qu= ot; it will automatically call "static int diffie_hellman_sha256(...)" function, b<= span>ut I don't know exactly how to identify the key exchange me= thod (sha1 or sha256) used by the latest libssh2 library.
=
I have tested the pgadmin3 after updating the libssh2 library = on CentOS 6.5 (64 bit) and it works fine. I have also modified= the code to add human=C2=A0readable error=C2=A0message returned by the lib= rary.=C2=A0Attached is the patch fi= le. Can you please review it and if it looks good can you please commit the= code.

I'm se= eing the following build error on OS X 10.7:

= depbase=3D`echo libssh2/agent.o | sed 's|[^/]*$|.deps/&|;s|\.o$||&#= 39;`;\
ccache gcc -Q= unused-arguments -DHAVE_CONFIG_H -I. -I.. -I../pgadmin/include/libssh2 =C2= =A0-I../pgadmin/include -I../pgadmin/include/libssh2 =C2=A0 -I/usr/local/pg= sql-9.5/include -I/usr/local/pgsql-9.5/include/server -I/usr/local/pgsql-9.= 5/include -DPG_SSL -DHAVE_CONNINFO_PARSE -I/usr/local/lib/wx/include/mac-un= icode-release-static-2.8 -I/usr/local/include/wx-2.8 -D_FILE_OFFSET_BITS=3D= 64 -D_LARGE_FILES -D__WXMAC__ -DEMBED_XRC -arch i386 -I/usr/include/libxml2= -I/opt/local/include/libxml2 -DHAVE_OPENSSL_CRYPTO =C2=A0-O2 -MT libssh2/a= gent.o -MD -MP -MF $depbase.Tpo -c -o libssh2/agent.o libssh2/agent.c &= &\
mv -f $depbas= e.Tpo $depbase.Po
In file included from ../pgadmin/include/libssh= 2/libssh2_priv.h:136,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0from libssh2/agent.c:41:
../pgadmin/include/l= ibssh2/crypto.h:53: error: expected =E2=80=98)=E2=80=99 before =E2=80=98*= =E2=80=99 token
../pgadmin/include/libssh2/crypto.h:69: error: ex= pected =E2=80=98)=E2=80=99 before =E2=80=98*=E2=80=99 token
../pg= admin/include/libssh2/crypto.h:73: error: expected =E2=80=98)=E2=80=99 befo= re =E2=80=98*=E2=80=99 token
../pgadmin/include/libssh2/crypto.h:= 78: error: expected declaration specifiers or =E2=80=98...=E2=80=99 before = =E2=80=98libssh2_rsa_ctx=E2=80=99
../pgadmin/include/libssh2/cryp= to.h:83: error: expected =E2=80=98)=E2=80=99 before =E2=80=98*=E2=80=99 tok= en
../pgadmin/include/libssh2/crypto.h:115: error: expected =E2= =80=98)=E2=80=99 before =E2=80=98*=E2=80=99 token
../pgadmin/incl= ude/libssh2/crypto.h:120: error: expected =E2=80=98)=E2=80=99 before =E2=80= =98*=E2=80=99 token
In file included from libssh2/agent.c:41:
../pgadmin/include/libssh2/libssh2_priv.h:240: error: =E2=80=98SHA25= 6_DIGEST_LENGTH=E2=80=99 undeclared here (not in a function)
../p= gadmin/include/libssh2/libssh2_priv.h:245: error: expected specifier-qualif= ier-list before =E2=80=98_libssh2_bn_ctx=E2=80=99
../pgadmin/incl= ude/libssh2/libssh2_priv.h:267: error: expected specifier-qualifier-list be= fore =E2=80=98_libssh2_bn=E2=80=99
../pgadmin/include/libssh2/lib= ssh2_priv.h:604: error: =E2=80=98SHA_DIGEST_LENGTH=E2=80=99 undeclared here= (not in a function)
../pgadmin/include/libssh2/libssh2_priv.h:89= 9: error: expected specifier-qualifier-list before =E2=80=98_libssh2_cipher= _type=E2=80=99
libssh2/agent.c: In function =E2=80=98agent_connec= t_unix=E2=80=99:
libssh2/agent.c:150: warning: assignment makes p= ointer from integer without a cast
make[3]: *** [libssh2/agent.o]= Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-r= ecursive] Error 1
make: *** [all] Error 2
=

=C2=A0 =C2=A0 I have mod= ified the configure.ac= .in and added "-DLIBSSH2_OPENSSL" to solve the above. You nee= d to run the configure command again.=C2=A0
You also needs to rerun the bootstrap script.

OK, it works f= or me on Windows and OSX. Ashesh, can you give it a review/commit please?

Thanks.=C2=A0

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

Enterp= riseDB UK: http:/= /www.enterprisedb.com
The Enterprise PostgreSQL Company




--
Dave Pa= ge
Blog: http:= //pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterpris= edb.com
The Enterprise PostgreSQL Company

--001a114057cc712a17052662c6af--