path: root/doc/tex/examples.tex

\chapter{How to use GNUTLS\index{Example programs} in applications}

\input{preparation}

\label{examples}
\section{Client examples}
This section contains examples of \tls{} and \ssl{} clients, using \gnutls{}. 
Note that these examples contain little or no error checking.

\subsection{Simple client example with X.509 certificate support}
Let's assume now that we want to create a client which communicates
with servers that use X.509 or OpenPGP certificate authentication. The following client
is a very simple \tls{} client, it does not support session resuming nor
any other fancy features.
\input{ex-client2}

\subsection{Verifying peer's certificate}
\par A TLS connection is not secure just after the handshake has finished.
It must be considered secure, after the peer's identity has been
verified. That is, you usually have to verify not only the peer's 
certificate, but also the hostname in the certificate, expiration dates etc. 
After this step you should treat the connection as being a secure one.

\par
The following function is an example on how to verify a certificate.

\input{ex-rfc2818}

\subsection{Using a callback to select the certificate to use}
There are cases where a client holds several certificate and key pairs,
and may want to choose the appropriate to send in the current session.
The following example demonstrates the use of the certificate selection callback
to assist in this purpose.
\par

\input{ex-cert-select}


\subsection{Client with Resume capability example}
\label{resume-example}
This is a modification of the simple client above. Here we added support 
for session resumption.
\input{ex-client-resume}

\subsection{Client with Resume capability example II}
\label{resume-example2}
This is also a client with resume capability, but also demonstrates
the use of session IDs.
\input{ex-client1}

\subsection{Simple client example with SRP authentication}
The following client
is a very simple SRP-TLS client which connects to a server 
and authenticates using {\it username} and {\it password}.

\input{ex-client-srp}

\section{Server examples}
This section contains examples of \tls{} and \ssl{} servers, using \gnutls{}.

\subsection{Echo Server with X.509 authentication}
This example is a server which supports {\bf X.509} authentication.
\input{ex-serv1}

\subsection{Echo Server with X.509 authentication II}
The following example is a server which supports {\bf X.509} authentication.
This server also supports export-grade cipher suites and session resuming.
\input{ex-serv-export}

\subsection{Echo Server with OpenPGP\index{OpenPGP!Server} authentication}
The following example is a server which supports {\bf OpenPGP} key authentication.
\input{ex-serv-pgp}

\subsection{A callback which\index{OpenPGP!Key retrieval} retrieves OpenPGP keys}
The following example is a callback function which retrieves {\bf OpenPGP} keys from
a public key server.
\input{ex-pgp-keyserver}

\subsection{Echo Server with SRP authentication}
This is a server which supports {\bf SRP} authentication.
\input{ex-serv-srp}

\subsection{Checking for an alert}
This is a function that checks if an alert has been received
in the current session.
\input{ex-alert}

% CERTIFICATE STUFF

\section{Certificate API examples}
This section contains examples that make use of the \gnutls{} certificate API.


\subsection{Parsing peer's certificate, and obtaining session information}
The following function reads the peer's certificate,
and prints some information about the certificate and the current session.
\par
This function should be called after a successful
\printfunc{gnutls_handshake}{gnutls\_handshake}

\input{ex-info}

\subsection{Generating a certificate request}
The following example is about generating a certificate request, and
a private key. A certificate request can be later be processed by a CA,
which should return a signed certificate.

\input{ex-crq}

\input{openssl}