[d5404360] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
| 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[d835b55] | 7 | <!ENTITY gnutls-download-http " ">
|
---|
[ac38e9dc] | 8 | <!ENTITY gnutls-download-ftp "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-&gnutls-version;.tar.xz">
|
---|
[295ca00] | 9 | <!ENTITY gnutls-md5sum "a26e6dd8d5ad92016e3f068795b89624">
|
---|
| 10 | <!ENTITY gnutls-size "6.4 MB">
|
---|
| 11 | <!ENTITY gnutls-buildsize "128 MB (144 MB with tests)">
|
---|
| 12 | <!ENTITY gnutls-time "0.8 SBU (4.3 SBU with tests)">
|
---|
[d5404360] | 13 | ]>
|
---|
| 14 |
|
---|
| 15 | <sect1 id="gnutls" xreflabel="GnuTLS-&gnutls-version;">
|
---|
| 16 | <?dbhtml filename="gnutls.html"?>
|
---|
| 17 |
|
---|
| 18 | <sect1info>
|
---|
| 19 | <othername>$LastChangedBy$</othername>
|
---|
| 20 | <date>$Date$</date>
|
---|
| 21 | </sect1info>
|
---|
| 22 |
|
---|
| 23 | <title>GnuTLS-&gnutls-version;</title>
|
---|
| 24 |
|
---|
| 25 | <indexterm zone="gnutls">
|
---|
| 26 | <primary sortas="a-GnuTLS">GnuTLS</primary>
|
---|
| 27 | </indexterm>
|
---|
| 28 |
|
---|
| 29 | <sect2 role="package">
|
---|
| 30 | <title>Introduction to GnuTLS</title>
|
---|
| 31 |
|
---|
[3ee626e] | 32 | <para>
|
---|
| 33 | The <application>GnuTLS</application> package contains libraries and
|
---|
| 34 | userspace tools which provide a secure layer over a reliable transport
|
---|
| 35 | layer. Currently the <application>GnuTLS</application> library implements
|
---|
| 36 | the proposed standards by the IETF's TLS working group. Quoting from the
|
---|
| 37 | TLS protocol specification:
|
---|
| 38 | </para>
|
---|
| 39 |
|
---|
| 40 | <para>
|
---|
| 41 | <quote>The TLS protocol provides communications privacy over the
|
---|
| 42 | Internet. The protocol allows client/server applications to communicate in
|
---|
| 43 | a way that is designed to prevent eavesdropping, tampering, or message
|
---|
| 44 | forgery.</quote>
|
---|
| 45 | </para>
|
---|
| 46 |
|
---|
| 47 | <para>
|
---|
[ac38e9dc] | 48 | <application>GnuTLS</application> provides support for TLS 1.2, TLS 1.1,
|
---|
| 49 | TLS 1.0, and SSL 3.0 protocols, TLS extensions, including server name and max
|
---|
[3ee626e] | 50 | record size. Additionally, the library supports authentication using the
|
---|
| 51 | SRP protocol, X.509 certificates and OpenPGP keys, along with support for
|
---|
| 52 | the TLS Pre-Shared-Keys (PSK) extension, the Inner Application (TLS/IA)
|
---|
| 53 | extension and X.509 and OpenPGP certificate handling.
|
---|
| 54 | </para>
|
---|
[d5404360] | 55 |
|
---|
[726744f4] | 56 | &lfs78_checked;
|
---|
[214718a] | 57 |
|
---|
[d5404360] | 58 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 59 | <itemizedlist spacing="compact">
|
---|
[546b042] | 60 | <listitem>
|
---|
[3ee626e] | 61 | <para>
|
---|
| 62 | Download (HTTP): <ulink url="&gnutls-download-http;"/>
|
---|
| 63 | </para>
|
---|
[546b042] | 64 | </listitem>
|
---|
[d5404360] | 65 | <listitem>
|
---|
[3ee626e] | 66 | <para>
|
---|
| 67 | Download (FTP): <ulink url="&gnutls-download-ftp;"/>
|
---|
| 68 | </para>
|
---|
[d5404360] | 69 | </listitem>
|
---|
| 70 | <listitem>
|
---|
[3ee626e] | 71 | <para>
|
---|
| 72 | Download MD5 sum: &gnutls-md5sum;
|
---|
| 73 | </para>
|
---|
[d5404360] | 74 | </listitem>
|
---|
| 75 | <listitem>
|
---|
[3ee626e] | 76 | <para>
|
---|
| 77 | Download size: &gnutls-size;
|
---|
| 78 | </para>
|
---|
[d5404360] | 79 | </listitem>
|
---|
| 80 | <listitem>
|
---|
[3ee626e] | 81 | <para>
|
---|
| 82 | Estimated disk space required: &gnutls-buildsize;
|
---|
| 83 | </para>
|
---|
[d5404360] | 84 | </listitem>
|
---|
| 85 | <listitem>
|
---|
[3ee626e] | 86 | <para>
|
---|
| 87 | Estimated build time: &gnutls-time;
|
---|
| 88 | </para>
|
---|
[d5404360] | 89 | </listitem>
|
---|
| 90 | </itemizedlist>
|
---|
| 91 |
|
---|
| 92 | <bridgehead renderas="sect3">GnuTLS Dependencies</bridgehead>
|
---|
| 93 |
|
---|
| 94 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
[3ee626e] | 95 | <para role="required">
|
---|
| 96 | <xref linkend="nettle"/>
|
---|
| 97 | </para>
|
---|
[d5404360] | 98 |
|
---|
[5eaf9af8] | 99 | <bridgehead renderas="sect4">Recommended</bridgehead>
|
---|
| 100 | <para role="recommended">
|
---|
[ae007bae] | 101 | <xref linkend="cacerts"/>,
|
---|
[ac38e9dc] | 102 | <xref linkend="libtasn1"/> and
|
---|
[ae007bae] | 103 | <xref linkend="p11-kit"/>
|
---|
[5eaf9af8] | 104 | </para>
|
---|
| 105 |
|
---|
[d5404360] | 106 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[0c6c35d] | 107 | <para role="optional">
|
---|
[ac38e9dc] | 108 | <xref linkend="doxygen"/>,
|
---|
[0c6c35d] | 109 | <xref linkend="gtk-doc"/>,
|
---|
[c202a254] | 110 | <xref linkend="guile"/>,
|
---|
[546b042] | 111 | <xref linkend="libidn"/>,
|
---|
[ac38e9dc] | 112 | <xref linkend="texlive"/> or <xref linkend="tl-installer"/>,
|
---|
[ffa3d4e] | 113 | <xref linkend="unbound"/> (to build the DANE library),
|
---|
| 114 | <xref linkend="valgrind"/> (used during the test suite),
|
---|
[469bc5d4] | 115 | <ulink url="http://ftp.gnu.org/gnu/autogen/">Autogen</ulink>, and
|
---|
[ffa3d4e] | 116 | <ulink url="http://sourceforge.net/projects/trousers/files/trousers/">Trousers</ulink> (Trusted Platform Module support)
|
---|
[3ee626e] | 117 | </para>
|
---|
[d5404360] | 118 |
|
---|
[d224244f] | 119 | <note><para>
|
---|
[3ee626e] | 120 | Note that if you do not install <xref linkend="libtasn1"/>, an older
|
---|
| 121 | version shipped in the <application>GnuTLS</application> tarball will be
|
---|
| 122 | used instead.
|
---|
[d224244f] | 123 | </para></note>
|
---|
[38b68055] | 124 |
|
---|
[d5404360] | 125 | <para condition="html" role="usernotes">User Notes:
|
---|
[5eaf9af8] | 126 | <ulink url="&blfs-wiki;/gnutls"/>
|
---|
| 127 | </para>
|
---|
[d5404360] | 128 | </sect2>
|
---|
| 129 |
|
---|
| 130 | <sect2 role="installation">
|
---|
| 131 | <title>Installation of GnuTLS</title>
|
---|
| 132 |
|
---|
[3ee626e] | 133 | <para>
|
---|
| 134 | Install <application>GnuTLS</application> by running the
|
---|
| 135 | following commands:
|
---|
| 136 | </para>
|
---|
[d5404360] | 137 |
|
---|
[8770a48] | 138 | <screen><userinput>./configure --prefix=/usr \
|
---|
| 139 | --with-default-trust-store-file=/etc/ssl/ca-bundle.crt &&
|
---|
[d5404360] | 140 | make</userinput></screen>
|
---|
| 141 |
|
---|
[3ee626e] | 142 | <para>
|
---|
[c202a254] | 143 | To test the results, issue: <command>make check</command>.
|
---|
[295ca00] | 144 | If a prior version of <application>GnuTLS</application> has been installed, some
|
---|
| 145 | tests may fail. If <filename>/usr/lib/libgnutls.so</filename> is removed,
|
---|
| 146 | all tests sould pass. The installation procedure restores <filename>libgnutls.so</filename>.
|
---|
[3ee626e] | 147 | </para>
|
---|
[d5404360] | 148 |
|
---|
[3ee626e] | 149 | <para>
|
---|
| 150 | Now, as the <systemitem class="username">root</systemitem>
|
---|
| 151 | user:
|
---|
| 152 | </para>
|
---|
[d5404360] | 153 |
|
---|
[73d97caf] | 154 | <screen role="root"><userinput>make install</userinput></screen>
|
---|
[d5404360] | 155 |
|
---|
[3ee626e] | 156 | <para>
|
---|
[ac38e9dc] | 157 | If you did not pass the <option>--enable-gtk-doc</option> parameter to
|
---|
| 158 | the <command>configure</command> script, you can install the API
|
---|
| 159 | documentation to the <filename
|
---|
| 160 | class="directory">/usr/share/gtk-doc/html/gnutls</filename> directory
|
---|
| 161 | using the following command as the
|
---|
[3ee626e] | 162 | <systemitem class="username">root</systemitem> user:
|
---|
| 163 | </para>
|
---|
[2e81579] | 164 |
|
---|
| 165 | <screen role="root"><userinput>make -C doc/reference install-data-local</userinput></screen>
|
---|
| 166 |
|
---|
[d5404360] | 167 | </sect2>
|
---|
| 168 |
|
---|
[d309b21] | 169 | <sect2 role="commands">
|
---|
| 170 | <title>Command Explanations</title>
|
---|
| 171 |
|
---|
[ac38e9dc] | 172 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
---|
| 173 | href="../../xincludes/gtk-doc-rebuild.xml"/>
|
---|
| 174 |
|
---|
[8770a48] | 175 | <para>
|
---|
| 176 | <option>--with-default-trust-store-file=/etc/ssl/ca-bundle.crt</option>:
|
---|
| 177 | This switch tells the configure script where to find the
|
---|
| 178 | <xref linkend="cacerts"/>.
|
---|
| 179 | </para>
|
---|
[295ca00] | 180 |
|
---|
[ae007bae] | 181 | <para>
|
---|
[ac38e9dc] | 182 | <option>--enable-openssl-compatibility</option>: Use this switch if you
|
---|
| 183 | want to build the OpenSSL compatibility library.
|
---|
[ae007bae] | 184 | </para>
|
---|
[b76afa5] | 185 |
|
---|
[ac38e9dc] | 186 | <para>
|
---|
| 187 | <option>--without-p11-kit</option>: Use this switch if you have not
|
---|
| 188 | installed <application>p11-kit</application>.
|
---|
| 189 | </para>
|
---|
[d309b21] | 190 |
|
---|
| 191 | </sect2>
|
---|
| 192 |
|
---|
[d5404360] | 193 | <sect2 role="content">
|
---|
| 194 | <title>Contents</title>
|
---|
| 195 |
|
---|
| 196 | <segmentedlist>
|
---|
| 197 | <segtitle>Installed Programs</segtitle>
|
---|
| 198 | <segtitle>Installed Libraries</segtitle>
|
---|
[32dfb13c] | 199 | <segtitle>Installed Directories</segtitle>
|
---|
[d5404360] | 200 |
|
---|
| 201 | <seglistitem>
|
---|
[3ee626e] | 202 | <seg>
|
---|
[295ca00] | 203 | certtool,
|
---|
| 204 | crywrap,
|
---|
| 205 | danetool,
|
---|
| 206 | gnutls-cli,
|
---|
| 207 | gnutls-cli-debug,
|
---|
| 208 | gnutls-serv,
|
---|
| 209 | ocsptool,
|
---|
| 210 | p11tool,
|
---|
| 211 | psktool,
|
---|
| 212 | and srptool
|
---|
[3ee626e] | 213 | </seg>
|
---|
| 214 | <seg>
|
---|
[295ca00] | 215 | libgnutls.so,
|
---|
| 216 | libgnutls-dane.so,
|
---|
| 217 | libgnutlsxx.so, and
|
---|
[dad0c077] | 218 | guile-gnutls-v-2.so (<application>Guile</application> Module)
|
---|
[3ee626e] | 219 | </seg>
|
---|
| 220 | <seg>
|
---|
[c202a254] | 221 | /usr/include/gnutls,
|
---|
| 222 | /usr/share/gtk-doc/html/gnutls, and
|
---|
[1c345ed] | 223 | /usr/share/guile/site/gnutls
|
---|
[3ee626e] | 224 | </seg>
|
---|
[d5404360] | 225 | </seglistitem>
|
---|
| 226 | </segmentedlist>
|
---|
| 227 |
|
---|
| 228 | <variablelist>
|
---|
| 229 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 230 | <?dbfo list-presentation="list"?>
|
---|
| 231 | <?dbhtml list-presentation="table"?>
|
---|
| 232 |
|
---|
| 233 | <varlistentry id="certtool">
|
---|
| 234 | <term><command>certtool</command></term>
|
---|
| 235 | <listitem>
|
---|
[3ee626e] | 236 | <para>
|
---|
| 237 | is used to generate X.509 certificates, certificate requests,
|
---|
| 238 | and private keys.
|
---|
| 239 | </para>
|
---|
[d5404360] | 240 | <indexterm zone="gnutls certtool">
|
---|
| 241 | <primary sortas="b-certtool">certtool</primary>
|
---|
| 242 | </indexterm>
|
---|
| 243 | </listitem>
|
---|
| 244 | </varlistentry>
|
---|
| 245 |
|
---|
[a5c54e0] | 246 | <varlistentry id="crywrap">
|
---|
| 247 | <term><command>crywrap</command></term>
|
---|
| 248 | <listitem>
|
---|
| 249 | <para>
|
---|
[14ea7e8] | 250 | is a simple wrapper that waits for TLS/SSL connections,
|
---|
[2fd089ac] | 251 | and proxies them to an unencrypted location. Only installed if
|
---|
[afa551a] | 252 | <xref linkend="libidn"/> is present.
|
---|
[a5c54e0] | 253 | </para>
|
---|
| 254 | <indexterm zone="gnutls crywrap">
|
---|
| 255 | <primary sortas="b-crywrap">crywrap</primary>
|
---|
| 256 | </indexterm>
|
---|
| 257 | </listitem>
|
---|
| 258 | </varlistentry>
|
---|
| 259 |
|
---|
[4c39aff] | 260 | <varlistentry id="danetool">
|
---|
| 261 | <term><command>danetool</command></term>
|
---|
| 262 | <listitem>
|
---|
| 263 | <para>
|
---|
| 264 | is a tool used to generate and check DNS resource records
|
---|
| 265 | for the DANE protocol.
|
---|
| 266 | </para>
|
---|
| 267 | <indexterm zone="gnutls danetool">
|
---|
| 268 | <primary sortas="b-danetool">danetool</primary>
|
---|
| 269 | </indexterm>
|
---|
| 270 | </listitem>
|
---|
| 271 | </varlistentry>
|
---|
| 272 |
|
---|
[d5404360] | 273 | <varlistentry id="gnutls-cli">
|
---|
| 274 | <term><command>gnutls-cli</command></term>
|
---|
| 275 | <listitem>
|
---|
[3ee626e] | 276 | <para>
|
---|
| 277 | is a simple client program to set up a TLS connection to some
|
---|
| 278 | other computer.
|
---|
| 279 | </para>
|
---|
[d5404360] | 280 | <indexterm zone="gnutls gnutls-cli">
|
---|
| 281 | <primary sortas="b-gnutls-cli">gnutls-cli</primary>
|
---|
| 282 | </indexterm>
|
---|
| 283 | </listitem>
|
---|
| 284 | </varlistentry>
|
---|
| 285 |
|
---|
| 286 | <varlistentry id="gnutls-cli-debug">
|
---|
| 287 | <term><command>gnutls-cli-debug</command></term>
|
---|
| 288 | <listitem>
|
---|
[3ee626e] | 289 | <para>
|
---|
| 290 | is a simple client program to set up a TLS connection to some
|
---|
| 291 | other computer and produces very verbose progress results.
|
---|
| 292 | </para>
|
---|
[d5404360] | 293 | <indexterm zone="gnutls gnutls-cli-debug">
|
---|
| 294 | <primary sortas="b-gnutls-cli-debug">gnutls-cli-debug</primary>
|
---|
| 295 | </indexterm>
|
---|
| 296 | </listitem>
|
---|
| 297 | </varlistentry>
|
---|
| 298 |
|
---|
| 299 | <varlistentry id="gnutls-serv">
|
---|
| 300 | <term><command>gnutls-serv</command></term>
|
---|
| 301 | <listitem>
|
---|
[3ee626e] | 302 | <para>
|
---|
| 303 | is a simple server program that listens to incoming TLS
|
---|
| 304 | connections.
|
---|
| 305 | </para>
|
---|
[d5404360] | 306 | <indexterm zone="gnutls gnutls-serv">
|
---|
| 307 | <primary sortas="b-gnutls-serv">gnutls-serv</primary>
|
---|
| 308 | </indexterm>
|
---|
| 309 | </listitem>
|
---|
| 310 | </varlistentry>
|
---|
| 311 |
|
---|
[546b042] | 312 | <varlistentry id="ocsptool">
|
---|
| 313 | <term><command>ocsptool</command></term>
|
---|
| 314 | <listitem>
|
---|
[3ee626e] | 315 | <para>
|
---|
[0d7900a] | 316 | is a program that can parse and print information about OCSP
|
---|
[3ee626e] | 317 | requests/responses, generate requests and verify responses.
|
---|
| 318 | </para>
|
---|
[546b042] | 319 | <indexterm zone="gnutls ocsptool">
|
---|
| 320 | <primary sortas="b-ocsptool">ocsptool</primary>
|
---|
| 321 | </indexterm>
|
---|
| 322 | </listitem>
|
---|
| 323 | </varlistentry>
|
---|
| 324 |
|
---|
| 325 | <varlistentry id="p11tool">
|
---|
| 326 | <term><command>p11tool</command></term>
|
---|
| 327 | <listitem>
|
---|
[3ee626e] | 328 | <para>
|
---|
| 329 | is a program that allows handling data from PKCS #11 smart cards
|
---|
| 330 | and security modules.
|
---|
| 331 | </para>
|
---|
[546b042] | 332 | <indexterm zone="gnutls p11tool">
|
---|
| 333 | <primary sortas="b-p11tool">p11tool</primary>
|
---|
| 334 | </indexterm>
|
---|
| 335 | </listitem>
|
---|
| 336 | </varlistentry>
|
---|
| 337 |
|
---|
[d5404360] | 338 | <varlistentry id="psktool">
|
---|
| 339 | <term><command>psktool</command></term>
|
---|
| 340 | <listitem>
|
---|
[3ee626e] | 341 | <para>
|
---|
| 342 | is a simple program that generates random keys for use with TLS-PSK.
|
---|
| 343 | </para>
|
---|
[d5404360] | 344 | <indexterm zone="gnutls psktool">
|
---|
| 345 | <primary sortas="b-psktool">psktool</primary>
|
---|
| 346 | </indexterm>
|
---|
| 347 | </listitem>
|
---|
| 348 | </varlistentry>
|
---|
| 349 |
|
---|
| 350 | <varlistentry id="srptool">
|
---|
| 351 | <term><command>srptool</command></term>
|
---|
| 352 | <listitem>
|
---|
[3ee626e] | 353 | <para>
|
---|
| 354 | is a simple program that emulates the programs in the Stanford
|
---|
| 355 | SRP (Secure Remote Password) libraries using GnuTLS.
|
---|
| 356 | </para>
|
---|
[d5404360] | 357 | <indexterm zone="gnutls srptool">
|
---|
| 358 | <primary sortas="b-srptool">srptool</primary>
|
---|
| 359 | </indexterm>
|
---|
| 360 | </listitem>
|
---|
| 361 | </varlistentry>
|
---|
| 362 |
|
---|
| 363 | <varlistentry id="libgnutls">
|
---|
[73d97caf] | 364 | <term><filename class="libraryfile">libgnutls.so</filename></term>
|
---|
[d5404360] | 365 | <listitem>
|
---|
[3ee626e] | 366 | <para>
|
---|
| 367 | contains the core API functions and X.509 certificate API functions.
|
---|
| 368 | </para>
|
---|
[d5404360] | 369 | <indexterm zone="gnutls libgnutls">
|
---|
[5eaf9af8] | 370 | <primary sortas="c-libgnutls">libgnutls.so</primary>
|
---|
[d5404360] | 371 | </indexterm>
|
---|
| 372 | </listitem>
|
---|
| 373 | </varlistentry>
|
---|
| 374 |
|
---|
| 375 | </variablelist>
|
---|
| 376 |
|
---|
| 377 | </sect2>
|
---|
| 378 |
|
---|
| 379 | </sect1>
|
---|