diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-09-01 19:49:27 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-09-01 19:49:27 +0000 |
| commit | 401483165735ba64053a40c0bcc176e160cd1743 (patch) | |
| tree | 075757cff64b75583481de46143aa4426f0642a7 | |
| parent | e720f0b73c030fbf35a7b1d0c3e3dd6395849db8 (diff) | |
| download | gnutls-401483165735ba64053a40c0bcc176e160cd1743.tar.gz | |
*** empty log message ***
| -rw-r--r-- | doc/tex/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/tex/programs.tex | 104 |
2 files changed, 105 insertions, 1 deletions
diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index 6ce5f944ea..58851b54c3 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -8,7 +8,7 @@ TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3. funcs.tex examples.tex ex4.tex ../../libextra/gnutls-extra-api.tex \ memory.tex intro.tex openpgp.tex x509.tex howto.tex openssl.tex \ ex-rfc2818.tex appendix.tex x509cert.xml.tex pgpcert.xml.tex \ - serv-export.tex serv-srp.tex + serv-export.tex serv-srp.tex programs.tex gnutls.html: $(TEX_OBJECTS) -latex2html gnutls.tex -no_navigation -split 0 \ diff --git a/doc/tex/programs.tex b/doc/tex/programs.tex new file mode 100644 index 0000000000..f255fefe20 --- /dev/null +++ b/doc/tex/programs.tex @@ -0,0 +1,104 @@ +\chapter{Included programs} + +\section{The ``gnutls-srpcrypt'' program} +\label{srpcrypt} + +The ``gnutls-srpcrypt'' is a very simple program that emulates the programs in the libsrp +found in \htmladdnormallink{http://srp.stanford.edu}{http://srp.stanford.edu}. +It is intended for use in places where you don't expect srp +authentication to be the performed for system users. + +Traditionaly libsrp used two files. One called 'tpasswd' which holds usernames +and verifiers, and 'tpasswd.conf' which holds generators and primes. +\par +How to use srpcrypt: + +\begin{itemize} + + +\item To create tpasswd.conf which holds the g and n values for +SRP protocol (generator and a large prime), run: +\begin{verbatim} +$ gnutls-srpcrypt --create-conf /etc/tpasswd.conf +\end{verbatim} + + +\item This command will create /etc/tpasswd and will add user 'test' (you will also +be prompted for a password). Verifiers are stored by default in the +way libsrp expects (using a modified SHA()). +\begin{verbatim} +$ gnutls-srpcrypt --passwd /etc/tpasswd \ + --passwd-conf /etc/tpasswd.conf -u test +\end{verbatim} + +\item This command will check against a password. If the password matches +the one in /etc/tpasswd you will get an ok. +\begin{verbatim} +$ gnutls-srpcrypt --passwd /etc/tpasswd \ + --passwd-conf /etc/tpasswd.conf --verify -u test +\end{verbatim} + +\end{itemize} + + + +\section{The ``gnutls-cli-debug'' program} + +This program was created to assist in debugging \gnutls{}, but it +might be useful to extract a \tls{} server's capabilities. +It's purpose is to connect onto a \tls{} server, perform +some tests and print the server's capabilities. An example output is: + +\begin{verbatim} +crystal:/cvs/gnutls/src$ ./gnutls-cli-debug localhost -p 5556 +Resolving 'localhost'... +Connecting to '127.0.0.1:5556'... +Checking for TLS 1.0 support... yes +Checking for SSL 3.0 support... yes +Checking for certificate information... +- Certificate type: X.509 + - Certificate info: + # Certificate is valid since: Sat Jul 7 13:18:00 EEST 2001 + # Certificate expires: Sun Jul 7 13:18:00 EEST 2002 + # Certificate fingerprint: 43 ab a2 a7 d3 6a 28 02 60 73 b4 a5 c3 84 0a 3f + # Certificate serial number: 01 + # Certificate version: #3 + # Certificate public key algorithm: RSA + # Modulus: 1024 bits + # CN: localhost + # OU: GNUTLS dev. + # O: GNUTLS + # L: Athina + # S: Attiki + # C: GR + # E: root@localhost + # Certificate Issuer's info: + # CN: GNUTLS TEST CA + # OU: GNUTLS dev. + # O: GNUTLS + # L: Athina + # S: Attiki + # C: GR + # E: gnutls-dev@gnupg.org + +Checking for version rollback bug in RSA PMS... no +Checking for version rollback bug in Client Hello... no +Checking whether we need to disable TLS 1.0... no +Checking whether the server can accept Hello Extensions... yes +Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes +Checking whether the server understands TLS closure alerts... yes +Checking whether the server supports session resumption... yes +Checking for export-grade ciphersuite support... no +Checking for anonymous authentication support... yes +Checking for ephemeral Diffie Hellman support... yes +Checking for AES cipher support... yes +Checking for 3DES cipher support... yes +Checking for ARCFOUR cipher support... yes +Checking for MD5 MAC support... yes +Checking for SHA1 MAC support... yes +Checking for max record size TLS extension... yes +Checking for SRP authentication support (gnutls extension)... no +Checking for OpenPGP authentication support (gnutls extension)... no + +\end{verbatim} + |