Introduction to GnuTLS
The GnuTLS package contains
libraries and userspace tools which provide a secure layer over a
reliable transport layer. Currently the GnuTLS library implements the proposed
standards by the IETF's TLS working group. Quoting from the TLS
“The TLS protocol provides communications
privacy over the Internet. The protocol allows client/server
applications to communicate in a way that is designed to prevent
eavesdropping, tampering, or message forgery.”
GnuTLS provides support for TLS
1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols, TLS extensions,
including server name and max record size. Additionally, the
library supports authentication using the SRP protocol, X.509
certificates and OpenPGP keys, along with support for the TLS
Pre-Shared-Keys (PSK) extension, the Inner Application (TLS/IA)
extension and X.509 and OpenPGP certificate handling.
This package is known to build and work properly using an LFS-7.9
This package is known to build properly using the gcc-6 compiler.
Certificates, libtasn1-4.8 and p11-kit-0.23.2
texlive-20150521 or install-tl-unx, Unbound-1.5.8
(to build the DANE library), Valgrind-3.11.0 (used during the test suite),
(used during the test suite), and Trousers
(Trusted Platform Module support)
Note that if you do not install libtasn1-4.8,
an older version shipped in the GnuTLS tarball will be used instead.
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/gnutls
Installation of GnuTLS
Install GnuTLS by running the
sed -e 's/gnutls_global/global/' \
-e 's/gnutls_errors/errors/' \
-i extra/openssl_compat.c &&
./configure --prefix=/usr \
To test the results, issue: make
check. If a prior version of GnuTLS (or the same version but without all
the recommended dependencies) has been installed, some tests may
the target of that symlink are moved or renamed so that they cannot
be found, all tests should pass and the install procedure will
libgnutls.so and the
versioned library it points to.
Now, as the
If you did not pass the
--enable-gtk-doc parameter to the configure script, you can install
the API documentation to the
/usr/share/gtk-doc/html/gnutls directory using
the following command as the
make -C doc/reference install-data-local
sed -e ...
extra/openssl_compat.c: This sed fixes the OpenSSL
This switch tells configure where to find the CA
--enable-gtk-doc: Use this parameter if
GTK-Doc is installed and you wish
to rebuild and install the API documentation.
this switch if you wish to build the OpenSSL compatibility library.
--without-p11-kit: use this switch if
you have not installed p11-kit.