summaryrefslogtreecommitdiff
path: root/README
blob: b6ffa947db8d553e0271cb7eb6263eda494b0dee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
GNU TLS README -- Important introductory notes.
Copyright (C) 2004, 2005 Simon Josefsson
Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos
See the end for copying conditions.

This is the GNU TLS library. More up to date information can be found
at http://www.gnu.org/software/gnutls/ and http://www.gnutls.org/

This is a TLS (Transport Layer Security) 1.0 and SSL (Secure Sockets Layer) 3.0
implementation for the GNU project. 

- The library needs libgcrypt. You can find libgcrypt at
 ftp://ftp.gnupg.org/pub/gcrypt/alpha/libgcrypt/

 Note that by compiling libgcrypt with CPU optimizations gnutls' speed
 will increase.

- For OpenPGP key support the OpenCDK library is required. You can find
 libopencdk at:
 ftp://ftp.gnutls.org/pub/gnutls/opencdk/

- Documentation:
 view the doc/ directory and the examples in the doc/examples directory.


****************************
COMPILATION ISSUES:

Nothing special here. In case you are compiling for embedded systems
you should check the configure options (that is run: 'configure --help'),
and disable unneeded features of gnutls.

Experimental:

If you specify --with-builtin-crypto, you will use gnulib instead of
libgcrypt for (some) crypto routines.

Currently the generic crypto interface only support secret key
ciphering, hashing and gathering of random data.  Supporting
RSA/DSA/DH/SEXP/MPI in the generic crypto interface is pending.

If --with-builtin-crypto is specified, random data will be read from
system device files (e.g., /dev/random) directly.  The files used are
printed when running configure, you can override them using
--enable-random-device, --enable-pseudo-random-device, and
--enable-nonce-device.  Please let us know if the defaults for some
systems are wrong.

The goal here is to make GnuTLS build standalone, in case Libgcrypt is
not available, but also to allow easy use of other crypto libraries or
crypto hardware.

****************************
LICENSE ISSUES:

Since the 0.4.2 version the gnutls library is covered under the GNU 
Lesser GPL. Previously released versions were licensed under the GNU GPL.

We changed the license for most of GNUTLS because other free libraries
already exist that do the same jobs and have lax licenses.  We want
GNUTLS to be usable in all the same places as those other libraries.
We kept some parts of GNUTLS under the GPL because they are unique,
and with the GPL they provide free software projects (which deserve
our help) an advantage over non-free projects (which do not deserve
our help, since they refuse to share with us).  For more explanation,
see http://www.gnu.org/philosophy/why-not-lgpl.html.

The GNU Lesser GPL license applies to the main gnutls library, while the
gnutls-extra library is under the GPL. The gnutls-extra library contains
the code for the "OpenPGP key" support and the OpenSSL compatibility layer. 
The gnutls library is located in the lib/ directory, while the gnutls-extra 
library is at libextra/.


****************************
BUGS:

Currently gnuTLS needs testing. By notifying the developers
about a possible bug you may help a lot, since testing is really
important and expensive. If you think you found a bug,
report it to bug-gnutls@gnu.org together with the needed information,
in order for developers to reproduce it. 

----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.