Context Navigation

source: postlfs/security/gnutls.xml@ c5b59ac

Visit:

12.0 12.1 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since c5b59ac was 09a464a, checked in by Douglas R. Reno <renodr@…>, 16 months ago
Lots of tags and a typo fix in Nettle
Property mode set to `100644`
File size: 12.7 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY gnutls-download-http "&gnupg-http;/gnutls/v3.8/gnutls-&gnutls-version;.tar.xz">
8	<!ENTITY gnutls-download-ftp "&gnupg-ftp;/gnutls/v3.8/gnutls-&gnutls-version;.tar.xz">
9	<!ENTITY gnutls-download-ftp " ">
10	<!ENTITY gnutls-md5sum "20a662caf20112b6b9ad1f4a64db3a97">
11	<!ENTITY gnutls-size "6.1 MB">
12	<!ENTITY gnutls-buildsize "165 MB (add 113 MB for tests)">
13	<!ENTITY gnutls-time "0.8 SBU (add 2.3 SBU for tests; both using parallelism=4)">
14	]>
15
16	<sect1 id="gnutls" xreflabel="GnuTLS-&gnutls-version;">
17	<?dbhtml filename="gnutls.html"?>
18
19
20	<title>GnuTLS-&gnutls-version;</title>
21
22	<indexterm zone="gnutls">
23	<primary sortas="a-GnuTLS">GnuTLS</primary>
24	</indexterm>
25
26	<sect2 role="package">
27	<title>Introduction to GnuTLS</title>
28
29	<para>
30	The <application>GnuTLS</application> package contains libraries and
31	userspace tools which provide a secure layer over a reliable transport
32	layer. Currently the <application>GnuTLS</application> library implements
33	the proposed standards by the IETF's TLS working group. Quoting from the
34	<ulink url="https://datatracker.ietf.org/doc/rfc8446/">
35	TLS 1.3 protocol specification
36	</ulink>:
37	</para>
38
39	<para>
40	<quote>
41	TLS allows client/server applications to communicate over the Internet
42	in a way that is designed to prevent eavesdropping, tampering, and
43	message forgery.
44	</quote>
45	</para>
46
47	<para>
48	<application>GnuTLS</application> provides support for TLS 1.3, TLS 1.2,
49	TLS 1.1, TLS 1.0, and (optionally) SSL 3.0 protocols. It also supports
50	TLS extensions, including server name and max record size. Additionally,
51	the library supports authentication using the SRP protocol, X.509
52	certificates, and OpenPGP keys, along with support for the TLS
53	Pre-Shared-Keys (PSK) extension, the Inner Application (TLS/IA)
54	extension, and X.509 and OpenPGP certificate handling.
55	</para>
56
57	&lfs113_checked;
58
59	<bridgehead renderas="sect3">Package Information</bridgehead>
60	<itemizedlist spacing="compact">
61	<listitem>
62	<para>
63	Download (HTTP): <ulink url="&gnutls-download-http;"/>
64	</para>
65	</listitem>
66	<listitem>
67	<para>
68	Download (FTP): <ulink url="&gnutls-download-ftp;"/>
69	</para>
70	</listitem>
71	<listitem>
72	<para>
73	Download MD5 sum: &gnutls-md5sum;
74	</para>
75	</listitem>
76	<listitem>
77	<para>
78	Download size: &gnutls-size;
79	</para>
80	</listitem>
81	<listitem>
82	<para>
83	Estimated disk space required: &gnutls-buildsize;
84	</para>
85	</listitem>
86	<listitem>
87	<para>
88	Estimated build time: &gnutls-time;
89	</para>
90	</listitem>
91	</itemizedlist>
92
93	<bridgehead renderas="sect3">GnuTLS Dependencies</bridgehead>
94
95	<bridgehead renderas="sect4">Required</bridgehead>
96	<para role="required">
97	<xref linkend="nettle"/>
98	</para>
99
100	<bridgehead renderas="sect4">Recommended</bridgehead>
101	<para role="recommended">
102	<xref linkend="make-ca"/>,
103	<xref linkend="libunistring"/>,
104	<xref linkend="libtasn1"/>, and
105	<xref linkend="p11-kit"/>
106	</para>
107
108	<bridgehead renderas="sect4">Optional</bridgehead>
109	<para role="optional">
110	<xref linkend="brotli"/>,
111	<xref linkend="doxygen"/>,
112	<xref linkend="gtk-doc"/>,
113	<xref linkend="libidn"/> or
114	<xref linkend="libidn2"/>,
115	<xref linkend="libseccomp"/>,
116	<xref linkend="net-tools"/> (used during the test suite),
117	<xref linkend="texlive"/> or <xref linkend="tl-installer"/>,
118	<xref linkend="unbound"/> (to build the DANE library),
119	<xref linkend="valgrind"/> (used during the test suite),
120	<ulink url="&gnu-http;/autogen/">autogen</ulink>,
121	<ulink url="https://cmocka.org/">cmocka</ulink> and
122	<ulink url="https://ftp.debian.org/debian/pool/main/d/datefudge/">datefudge</ulink> (used during the test suite if the DANE library is built), and
123	<ulink url="&sourceforge-dl;/trousers/">Trousers</ulink> (Trusted Platform Module support)
124	</para>
125
126	<note><para>
127	<!-- Note that if you do not install <xref linkend="libtasn1"/>, an older
128	3.8.0 includes minitasn1 4.19 which is currnet at the moment. ken -->
129	Note that if you do not install <xref linkend="libtasn1"/>, a
130	version shipped in the <application>GnuTLS</application> tarball will be
131	used instead.
132	</para></note>
133
134	<para condition="html" role="usernotes">User Notes:
135	<ulink url="&blfs-wiki;/gnutls"/>
136	</para>
137	</sect2>
138
139	<sect2 role="installation">
140	<title>Installation of GnuTLS</title>
141
142	<para>
143	Install <application>GnuTLS</application> by running the
144	following commands:
145	</para>
146
147	<screen><userinput>./configure --prefix=/usr \
148	--docdir=/usr/share/doc/gnutls-&gnutls-version; \
149	--with-default-trust-store-pkcs11="pkcs11:" &&
150	make</userinput></screen>
151	<!-- - -disable-rpath \
152	Old gnutls versions (around 3.5) had a problem with rpath, because
153	libraries in the build tree were linked with rpath pointing to the
154	system libraries, so that tests failed. Present versions don't have
155	this problem, and do exactly what is expected without using the
156	disable-rpath option: rpath pointing to the build tree when libraries
157	are first linked, but rpath removed when libraries are relinked at
158	install time. -->
159
160	<para>
161	To test the results, issue: <command>make check</command>.
162	</para>
163
164	<para>
165	Now, as the <systemitem class="username">root</systemitem>
166	user:
167	</para>
168
169	<screen role="root"><userinput>make install</userinput></screen>
170
171	</sect2>
172
173	<sect2 role="commands">
174	<title>Command Explanations</title>
175
176	<para>
177	<parameter>--with-default-trust-store-pkcs11="pkcs11:"</parameter>: This
178	switch tells gnutls to use the PKCS #11 trust store as the default trust.
179	Omit this switch if <xref linkend="p11-kit"/> is not installed.
180	</para>
181	<!-- see above
182	<para>
183	<parameter>- -disable-rpath</parameter>: This switch prevents building
184	GnuTLS utilities and tests with hardcoded runtime library search path.
185	Hardcoded rpath is unneeded for BLFS, and it causes test failures if
186	an old version of GnuTLS is installed.
187	</para>
188	-->
189	<para>
190	<option>--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt</option>:
191	This switch tells <command>configure</command> where to find the
192	legacy CA certificate bundle and to use it instead of PKCS #11 module
193	by default. Use this if <xref linkend="p11-kit"/> is not installed.
194	</para>
195
196	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
197	href="../../xincludes/gtk-doc-rebuild.xml"/>
198
199	<para>
200	<option>--enable-openssl-compatibility</option>:
201	Use this switch if you wish to build the OpenSSL compatibility library.
202	</para>
203
204	<para>
205	<option>--without-p11-kit</option>: use this switch if you have not
206	installed <application>p11-kit</application>.
207	</para>
208
209	<para>
210	<option>--with-included-unistring</option>: uses the bundled version of
211	libunistring, instead of the system one. Use this switch if you have not
212	installed <xref linkend="libunistring"/>.
213	</para>
214
215	</sect2>
216
217	<sect2 role="content">
218	<title>Contents</title>
219
220	<segmentedlist>
221	<segtitle>Installed Programs</segtitle>
222	<segtitle>Installed Libraries</segtitle>
223	<segtitle>Installed Directories</segtitle>
224
225	<seglistitem>
226	<seg>
227	certtool, danetool, gnutls-cli, gnutls-cli-debug,
228	gnutls-serv, ocsptool, p11tool, psktool, and srptool
229	</seg>
230	<seg>
231	libgnutls.so, libgnutls-dane.so, libgnutlsxx.so,
232	libgnutls-openssl.so (optional), and
233	/usr/lib/guile/3.0/extensions/guile-gnutls-v-2.so
234	</seg>
235	<seg>
236	/usr/include/gnutls,
237	/usr/lib/guile/3.0/site-ccache/gnutls,
238	/usr/share/guile/site/3.0/gnutls, and
239	/usr/share/doc/gnutls-&gnutls-version;
240	</seg>
241	</seglistitem>
242	</segmentedlist>
243
244	<variablelist>
245	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
246	<?dbfo list-presentation="list"?>
247	<?dbhtml list-presentation="table"?>
248
249	<varlistentry id="certtool">
250	<term><command>certtool</command></term>
251	<listitem>
252	<para>
253	is used to generate X.509 certificates, certificate requests,
254	and private keys
255	</para>
256	<indexterm zone="gnutls certtool">
257	<primary sortas="b-certtool">certtool</primary>
258	</indexterm>
259	</listitem>
260	</varlistentry>
261
262	<varlistentry id="danetool">
263	<term><command>danetool</command></term>
264	<listitem>
265	<para>
266	is a tool used to generate and check DNS resource records
267	for the DANE protocol
268	</para>
269	<indexterm zone="gnutls danetool">
270	<primary sortas="b-danetool">danetool</primary>
271	</indexterm>
272	</listitem>
273	</varlistentry>
274
275	<varlistentry id="gnutls-cli">
276	<term><command>gnutls-cli</command></term>
277	<listitem>
278	<para>
279	is a simple client program to set up a TLS connection to some
280	other computer
281	</para>
282	<indexterm zone="gnutls gnutls-cli">
283	<primary sortas="b-gnutls-cli">gnutls-cli</primary>
284	</indexterm>
285	</listitem>
286	</varlistentry>
287
288	<varlistentry id="gnutls-cli-debug">
289	<term><command>gnutls-cli-debug</command></term>
290	<listitem>
291	<para>
292	is a simple client program to set up a TLS connection to some
293	other computer and produces very verbose progress results
294	</para>
295	<indexterm zone="gnutls gnutls-cli-debug">
296	<primary sortas="b-gnutls-cli-debug">gnutls-cli-debug</primary>
297	</indexterm>
298	</listitem>
299	</varlistentry>
300
301	<varlistentry id="gnutls-serv">
302	<term><command>gnutls-serv</command></term>
303	<listitem>
304	<para>
305	is a simple server program that listens to incoming TLS
306	connections
307	</para>
308	<indexterm zone="gnutls gnutls-serv">
309	<primary sortas="b-gnutls-serv">gnutls-serv</primary>
310	</indexterm>
311	</listitem>
312	</varlistentry>
313
314	<varlistentry id="ocsptool">
315	<term><command>ocsptool</command></term>
316	<listitem>
317	<para>
318	is a program that can parse and print information about OCSP
319	requests/responses, generate requests and verify responses
320	</para>
321	<indexterm zone="gnutls ocsptool">
322	<primary sortas="b-ocsptool">ocsptool</primary>
323	</indexterm>
324	</listitem>
325	</varlistentry>
326
327	<varlistentry id="p11tool">
328	<term><command>p11tool</command></term>
329	<listitem>
330	<para>
331	is a program that allows handling data from PKCS #11 smart cards
332	and security modules
333	</para>
334	<indexterm zone="gnutls p11tool">
335	<primary sortas="b-p11tool">p11tool</primary>
336	</indexterm>
337	</listitem>
338	</varlistentry>
339
340	<varlistentry id="psktool">
341	<term><command>psktool</command></term>
342	<listitem>
343	<para>
344	is a simple program that generates random keys for use with TLS-PSK
345	</para>
346	<indexterm zone="gnutls psktool">
347	<primary sortas="b-psktool">psktool</primary>
348	</indexterm>
349	</listitem>
350	</varlistentry>
351
352	<varlistentry id="srptool">
353	<term><command>srptool</command></term>
354	<listitem>
355	<para>
356	is a simple program that emulates the programs in the Stanford
357	SRP (Secure Remote Password) libraries using GnuTLS
358	</para>
359	<indexterm zone="gnutls srptool">
360	<primary sortas="b-srptool">srptool</primary>
361	</indexterm>
362	</listitem>
363	</varlistentry>
364
365	<varlistentry id="libgnutls">
366	<term><filename class="libraryfile">libgnutls.so</filename></term>
367	<listitem>
368	<para>
369	contains the core API functions and X.509 certificate API functions
370	</para>
371	<indexterm zone="gnutls libgnutls">
372	<primary sortas="c-libgnutls">libgnutls.so</primary>
373	</indexterm>
374	</listitem>
375	</varlistentry>
376
377	</variablelist>
378
379	</sect2>
380
381	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: