1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
\documentclass{book}
\usepackage{html}
\usepackage{fancyheadings}
\usepackage{graphicx}
\input{macros}
\begin{document}
\pagenumbering{roman}
\input{cover}
\tableofcontents
\newpage
\pagenumbering{arabic}
\pagestyle{fancy}
\chapter{The Library}
\section{Introduction}
\par
\gnutls{} is a portable library which implements the \tlsI{} and
\sslIII{} protocols.
\tls{} stands for 'Transport Layer Security' and is the sucessor of \ssl{},
the Secure Sockets Layer protocol designed by Netscape.
\tlsI{}\footnote{described in {\it RFC 2246}} is an Internet protocol,
defined by {IETF}\footnote{IETF or Internet Engineering Task Force
is a large open international community of network
designers, operators, vendors, and researchers concerned with the evolution of
the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.},
that provides confidentiality, and authentication layers over any
transport layer.
\par
\gnutls{} implements the above
protocols in a reentrant way. This allows multiple threads of
execution, without the need for Critical Sections and locks. See
\htmladdnormallink{http://www.gnutls.org/}{http://www.gnutls.org/}
and \htmladdnormallink{http://www.gnu.org/software/gnutls/}{http://www.gnu.org/software/gnutls/}
for updated versions of the \gnutls{} software and this document.
\par
Currently \gnutls{} implements:
\begin{itemize}
\item the \tlsI{} and \sslIII{} protocols, without any weak algorithms\footnote{
There are ciphersuites in \tlsI{} that are considered weak. These
ciphersuites are deliberately weak in order to be able to export encryption
software from some countries.}
\item {\bf X.509} Public Key Infrastructure (with several limitations).
\item {\bf SRP} for \tls{} authentication.
\item \tls{} {\bf Extension mechanism}
\end{itemize}
\input{ciphersuites}
\input{ciphers}
\input{auth}
\input{resumedb}
\input{translayer}
\input{errors}
\section{Client Examples}
This section contains examples of \tls{} and \ssl{} clients, using \gnutls{}.
\subsection{Simple Client example with X.509 Authentication}
Let's assume now that we want to create a client which communicates
with servers using the X509 authentication schema. The following client
is a very simple \tls{} client, it does not support session resuming nor
any other fancy features.
\input{ex2}
\subsection{Getting peer's information}
\par The above example was the simplest form of a client, it didn't even check
the result of the peer's certificate verification function (ie. if we have
an authenticated connection). The following function does check the peer's X509
Certificate, and prints some information about the current state.
\par
This function should be called after a successful
\hyperref{gnutls\_handshake()}{gnutls\_handshake() (see Section }{)}{gnutls_handshake}
\input{ex3}
\input{ex1}
\subsection{Simple Client example with SRP Authentication}
Although {\bf SRP} is not part of the \tls{} standard, \gnutls{} implements
{\it David Taylor's} proposal\footnote{This is work in progress.} for using the SRP algorithm
within the \tls{} handshake protocol. The following client
is a very simple SRP-TLS client which connects to a server
and authenticates using {\it username} and {\it password}.
\input{srp1}
\section{Server Examples}
This section contains examples of \tls{} and \ssl{} servers, using \gnutls{}.
\subsection{Echo Server with X.509 and SRP authentication}
The following example is a server which supports both {\bf SRP} and {\bf X509} authentication.
This server also supports {\it session resuming}.
\input{serv1}
\include{gnutls-api}
\input{asn1.tex}
\input{fdl.tex}
\end{document}
|
