path: root/doc/tex/gnutls.tex

\documentclass{book}
\usepackage{html}
\usepackage{fancyheadings}
\usepackage{graphicx}

\input{macros}

\begin{document}

\pagenumbering{roman}

\input{cover}

\tableofcontents
\newpage
\pagenumbering{arabic}
\pagestyle{fancy}

\chapter{The Library}
\section{Introduction}
\par
\gnutls is a portable library which implements the \tlsI and 
\sslIII protocols.
\tls stands for 'Transport Layer Security' and is the sucessor of \ssl\footnote{
\ssl or Secure Sockets Layer is a protocol designed by Netscape. \tlsI is based on
\sslIII protocol. \sslII is a very old protocol which is 
not considered secure today. \sslII is not implemented in \gnutls}.
\tlsI\footnote{described in {\it RFC 2246}} is an Internet protocol,
defined by IETF\footnote{IETF or Internet Engineering Task Force 
is a large open international community of network
designers, operators, vendors, and researchers concerned with the evolution of 
the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.}
that provides confidentiality, and authentication layers over a {reliable
transport layer}\footnote{\tls is mostly used over {\emph{TCP/IP}} although this is not restrictive, you may
use it over any reliable transport layer.}. \gnutls implements the
above protocols in reentrant way in order to be used in multiple threads of 
execution (without the need for Critical Sections and locks). See
http://www.gnutls.org/ and http://www.gnu.org/software/gnutls/ for
updated versions of the \gnutls software and this document.

\par
Currently \gnutls implements:
\begin{itemize}
 \item the \tlsI and \sslIII protocols, without any weak algorithms\footnote{
There are ciphersuites in \tlsI that are considered weak. These
ciphersuites are deliberately weak in order to be able to export encryption
software from some countries.}
 \item {\bf X.509} Public Key Infrastructure (with several limitations).
 \item {\bf SRP} for \tls authentication.
 \item \tls {\bf Extension mechanism}
\end{itemize}

\input{ciphersuites}

\input{ciphers}

\input{auth}

\input{resumedb}

\input{translayer}

\input{errors}

\section{Client Examples}
This section contains examples of \tls and \ssl clients, using \gnutls. 

\subsection{Simple Client example with X.509 Authentication}
Let's assume now that we want to create a client which communicates
with servers using the X509 authentication schema. The following client
is a very simple \tls client, it does not support session resuming nor
any other fancy features.
\input{ex2}

\subsection{Getting peer's information}
\par The above example was the simplest form of a client, it didn't even check
the result of the peer's certificate verification function (ie. if we have
an authenticated connection). The following function does check the peer's X509
Certificate, and prints some information about the current state.
\par
This function should be called after a successful
\hyperref{gnutls\_handshake()}{gnutls\_handshake() (see Section }{)}{gnutls_handshake}

\input{ex3}

\input{ex1}

\subsection{Simple Client example with SRP Authentication}
Although {\bf SRP} is not part of the \tls standard, \gnutls implements
{\it David Taylor's}\footnote{Work in progress.} proposal for using the SRP algorithm
within the \tls handshake protocol. The following client
is a very simple SRP-TLS client which connects to a server 
and authenticates using {\it username} and {\it password}.

\input{srp1}

\section{Server Examples}
This section contains examples of \tls and \ssl servers, using \gnutls.

\subsection{Echo Server with X.509 and SRP authentication}
The following example is a server which supports both {\bf SRP} and {\bf X509} authentication.
This server also supports {\it session resuming}.
\input{serv1}

\include{gnutls-api}

\input{asn1.tex}

\input{fdl.tex}

\end{document}