summaryrefslogtreecommitdiff
path: root/doc/cha-gtls-examples.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/cha-gtls-examples.texi')
-rw-r--r--doc/cha-gtls-examples.texi238
1 files changed, 132 insertions, 106 deletions
diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi
index a760503822..bb8bca3004 100644
--- a/doc/cha-gtls-examples.texi
+++ b/doc/cha-gtls-examples.texi
@@ -11,6 +11,7 @@ no error checking.
@menu
* Client examples::
* Server examples::
+* More advanced client and servers::
* OCSP example::
* Miscellaneous examples::
@end menu
@@ -23,24 +24,15 @@ clients, using @acronym{GnuTLS}. Note that some of the examples require function
implemented by another example.
@menu
-* Simple client example with X.509 certificate support::
-* Simple client example with SSH-style certificate verification::
-* Simple client example with anonymous authentication::
-* Simple Datagram TLS client example::
-* Obtaining session information::
-* Using a callback to select the certificate to use::
-* Verifying a certificate::
+* Client example with X.509 certificate support::
+* Datagram TLS client example::
* Client using a smart card with TLS::
* Client with Resume capability example::
-* Simple client example with SRP authentication::
-* Legacy client example with X.509 certificate support::
-* Simple client example in C++::
-* Helper functions for TCP connections::
-* Helper functions for UDP connections::
+* Client example with SSH-style certificate verification::
@end menu
-@node Simple client example with X.509 certificate support
-@subsection Simple client example with @acronym{X.509} certificate support
+@node Client example with X.509 certificate support
+@subsection Client example with @acronym{X.509} certificate support
@anchor{ex-verify}
Let's assume now that we want to create a TCP client which
@@ -54,8 +46,47 @@ version. For a reasonably portable version see @ref{Legacy client example with X
@verbatiminclude examples/ex-client-x509.c
-@node Simple client example with SSH-style certificate verification
-@subsection Simple client example with SSH-style certificate verification
+
+@node Datagram TLS client example
+@subsection Datagram @acronym{TLS} client example
+
+This is a client that uses @acronym{UDP} to connect to a
+server. This is the @acronym{DTLS} equivalent to the TLS example
+with X.509 certificates.
+
+@verbatiminclude examples/ex-client-dtls.c
+
+
+@node Client using a smart card with TLS
+@subsection Using a smart card with TLS
+@anchor{ex-pkcs11-client}
+@cindex Smart card example
+
+This example will demonstrate how to load keys and certificates
+from a smart-card or any other @acronym{PKCS} #11 token, and
+use it in a TLS connection. The difference between this and the
+@ref{Client example with X.509 certificate support} is that the
+client keys are provided as PKCS #11 URIs instead of files.
+
+@verbatiminclude examples/ex-cert-select-pkcs11.c
+
+
+@node Client with Resume capability example
+@subsection Client with resume capability example
+@anchor{ex-resume-client}
+
+This is a modification of the simple client example. Here we
+demonstrate the use of session resumption. The client tries to connect
+once using @acronym{TLS}, close the connection and then try to
+establish a new connection using the previously negotiated data.
+
+@verbatiminclude examples/ex-client-resume.c
+
+
+
+
+@node Client example with SSH-style certificate verification
+@subsection Client example with SSH-style certificate verification
This is an alternative verification function that will use the
X.509 certificate authorities for verification, but also assume an
@@ -65,8 +96,58 @@ trusted.
@verbatiminclude examples/ex-verify-ssh.c
-@node Simple client example with anonymous authentication
-@subsection Simple client example with anonymous authentication
+@node Server examples
+@section Server examples
+
+This section contains examples of @acronym{TLS} and @acronym{SSL}
+servers, using @acronym{GnuTLS}.
+
+@menu
+* Echo server with X.509 authentication::
+* DTLS echo server with X.509 authentication::
+@end menu
+
+@node Echo server with X.509 authentication
+@subsection Echo server with @acronym{X.509} authentication
+
+This example is a very simple echo server which supports
+@acronym{X.509} authentication.
+
+@verbatiminclude examples/ex-serv-x509.c
+
+
+@node DTLS echo server with X.509 authentication
+@subsection DTLS echo server with @acronym{X.509} authentication
+
+This example is a very simple echo server using Datagram TLS and
+@acronym{X.509} authentication.
+
+@verbatiminclude examples/ex-serv-dtls.c
+
+
+
+
+@node More advanced client and servers
+@section More advanced client and servers
+
+This section has various, more advanced topics in client and servers.
+
+@menu
+* Client example with anonymous authentication::
+* Using a callback to select the certificate to use::
+* Obtaining session information::
+* Advanced certificate verification example::
+* Client example with SRP authentication::
+* Legacy client example with X.509 certificate support::
+* Client example in C++::
+* Echo server with SRP authentication::
+* Echo server with anonymous authentication::
+* Helper functions for TCP connections::
+* Helper functions for UDP connections::
+@end menu
+
+@node Client example with anonymous authentication
+@subsection Client example with anonymous authentication
The simplest client using TLS is the one that doesn't do any
authentication. This means no external certificates or passwords are
@@ -80,15 +161,16 @@ servers support it.
@verbatiminclude examples/ex-client-anon.c
+@node Using a callback to select the certificate to use
+@subsection Using a callback to select the certificate to use
-@node Simple Datagram TLS client example
-@subsection Simple datagram @acronym{TLS} client example
+There are cases where a client holds several certificate and key
+pairs, and may not want to load all of them in the credentials
+structure. The following example demonstrates the use of the
+certificate selection callback.
-This is a client that uses @acronym{UDP} to connect to a
-server. This is the @acronym{DTLS} equivalent to the TLS example
-with X.509 certificates.
+@verbatiminclude examples/ex-cert-select.c
-@verbatiminclude examples/ex-client-dtls.c
@node Obtaining session information
@subsection Obtaining session information
@@ -101,51 +183,20 @@ if called after a successful @funcref{gnutls_handshake}.
@verbatiminclude examples/ex-session-info.c
-@node Using a callback to select the certificate to use
-@subsection Using a callback to select the certificate to use
-
-There are cases where a client holds several certificate and key
-pairs, and may not want to load all of them in the credentials
-structure. The following example demonstrates the use of the
-certificate selection callback.
-@verbatiminclude examples/ex-cert-select.c
-@node Verifying a certificate
-@subsection Verifying a certificate
+@node Advanced certificate verification example
+@subsection Advanced certificate verification
@anchor{ex-verify2}
An example is listed below which uses the high level verification
-functions to verify a given certificate list.
+functions to verify a given certificate chain against a set of CAs
+and CRLs.
@verbatiminclude examples/ex-verify.c
-@node Client using a smart card with TLS
-@subsection Using a smart card with TLS
-@anchor{ex-pkcs11-client}
-@cindex Smart card example
-
-This example will demonstrate how to load keys and certificates
-from a smart-card or any other @acronym{PKCS} #11 token, and
-use it in a TLS connection.
-
-@verbatiminclude examples/ex-cert-select-pkcs11.c
-
-
-@node Client with Resume capability example
-@subsection Client with resume capability example
-@anchor{ex-resume-client}
-
-This is a modification of the simple client example. Here we
-demonstrate the use of session resumption. The client tries to connect
-once using @acronym{TLS}, close the connection and then try to
-establish a new connection using the previously negotiated data.
-
-@verbatiminclude examples/ex-client-resume.c
-
-
-@node Simple client example with SRP authentication
-@subsection Simple client example with @acronym{SRP} authentication
+@node Client example with SRP authentication
+@subsection Client example with @acronym{SRP} authentication
The following client is a very simple @acronym{SRP} @acronym{TLS}
client which connects to a server and authenticates using a
@@ -160,56 +211,19 @@ itself using a certificate, and in that case it has to be verified.
@anchor{ex-verify-legacy}
For applications that need to maintain compatibility with the GnuTLS 3.1.x
-library, this client example is identical to @ref{Simple client example with X.509 certificate support}
+library, this client example is identical to @ref{Client example with X.509 certificate support}
but utilizes APIs that were available in GnuTLS 3.1.4.
@verbatiminclude examples/ex-client-x509-3.1.c
-
-@node Simple client example in C++
-@subsection Simple client example using the C++ API
+@node Client example in C++
+@subsection Client example using the C++ API
The following client is a simple example of a client client utilizing
the GnuTLS C++ API.
@verbatiminclude examples/ex-cxx.cpp
-@node Helper functions for TCP connections
-@subsection Helper functions for TCP connections
-
-Those helper function abstract away TCP connection handling from the
-other examples. It is required to build some examples.
-
-@verbatiminclude examples/tcp.c
-
-@node Helper functions for UDP connections
-@subsection Helper functions for UDP connections
-
-The UDP helper functions abstract away UDP connection handling from the
-other examples. It is required to build the examples using UDP.
-
-@verbatiminclude examples/udp.c
-
-@node Server examples
-@section Server examples
-
-This section contains examples of @acronym{TLS} and @acronym{SSL}
-servers, using @acronym{GnuTLS}.
-
-@menu
-* Echo server with X.509 authentication::
-* Echo server with SRP authentication::
-* Echo server with anonymous authentication::
-* DTLS echo server with X.509 authentication::
-@end menu
-
-@node Echo server with X.509 authentication
-@subsection Echo server with @acronym{X.509} authentication
-
-This example is a very simple echo server which supports
-@acronym{X.509} authentication.
-
-@verbatiminclude examples/ex-serv-x509.c
@node Echo server with SRP authentication
@subsection Echo server with @acronym{SRP} authentication
@@ -220,6 +234,7 @@ server. Here it is separate for simplicity.
@verbatiminclude examples/ex-serv-srp.c
+
@node Echo server with anonymous authentication
@subsection Echo server with anonymous authentication
@@ -228,13 +243,24 @@ used to serve the example client for anonymous authentication.
@verbatiminclude examples/ex-serv-anon.c
-@node DTLS echo server with X.509 authentication
-@subsection DTLS echo server with @acronym{X.509} authentication
-This example is a very simple echo server using Datagram TLS and
-@acronym{X.509} authentication.
-@verbatiminclude examples/ex-serv-dtls.c
+@node Helper functions for TCP connections
+@subsection Helper functions for TCP connections
+
+Those helper function abstract away TCP connection handling from the
+other examples. It is required to build some examples.
+
+@verbatiminclude examples/tcp.c
+
+@node Helper functions for UDP connections
+@subsection Helper functions for UDP connections
+
+The UDP helper functions abstract away UDP connection handling from the
+other examples. It is required to build the examples using UDP.
+
+@verbatiminclude examples/udp.c
+
@node OCSP example
View Lorry Controller Status