blob: 3c294776fd948d71b7c323dff99c9a77d86b6d03 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
\chapter{How to use GNUTLS\index{Example programs} in applications}
\label{examples}
\section{Client examples}
This section contains examples of \tls{} and \ssl{} clients, using \gnutls{}.
Note that these examples contain little or no error checking.
\subsection{Simple client example with X.509 certificate support}
Let's assume now that we want to create a client which communicates
with servers using the X.509 authentication schema. The following client
is a very simple \tls{} client, it does not support session resuming nor
any other fancy features.
\input{ex2}
\subsection{Getting peer's information}
\par The above example was the simplest form of a client, it didn't even check
the result of the peer's certificate verification function. The lack of
this check may result to an unauthenticated connection.
The following function does check the peer's
X.509 certificate, and prints some information about the current session.
\par
This function should be called after a successful
\printfunc{gnutls_handshake}{gnutls\_handshake}
\input{ex3}
\subsection{Verifying peer's hostname in a certificate}
\par HTTPS clients have to verify not only the peer's certificate,
but also the hostname in this certificate. That is to know that
they actually connected to the right site.
RFC2818 specifies some hostname checking algorithm, and this --a simple form--
is implemented in the following example.
\par
This function should be called right after a successful
\printfunc{gnutls_certificate_verify_peers}{gnutls\_certificate\_verify\_peers}
\input{ex-rfc2818}
\subsection{Client with Resume capability example}
\label{resume-example}
This is a modification of the simple client above. Here we added support
for session resumption.
\input{ex4}
\subsection{Client with Resume capability example II}
\label{resume-example2}
This is also a client with resume capability, but also demonstrates
the use of session IDs.
\input{ex1}
\subsection{Simple client example with SRP authentication}
Although {\bf SRP} is not part of the \tls{} standard, \gnutls{} implements
{\it David Taylor's} proposal\footnote{This is work in progress.} for using the SRP algorithm
within the \tls{} handshake protocol. The following client
is a very simple SRP-TLS client which connects to a server
and authenticates using {\it username} and {\it password}.
\input{srp1}
\section{Server examples}
This section contains examples of \tls{} and \ssl{} servers, using \gnutls{}.
\subsection{Echo Server with X.509 authentication}
This example is a server which supports {\bf X.509} authentication.
\input{serv1}
\subsection{Echo Server with X.509 authentication II}
The following example is a server which supports {\bf X.509} authentication.
This server also supports export-grade cipher suites and session resuming.
\input{serv-export}
\subsection{Echo Server with SRP authentication}
This is a server which supports {\bf SRP} authentication.
\input{serv-srp}
\input{openssl}
|
