GnuTLS-3.7.0
GnuTLS の概要
The GnuTLS package contains
libraries and userspace tools which provide a secure layer over a
reliable transport layer. Currently the GnuTLS library implements the proposed
standards by the IETF's TLS working group. Quoting from the TLS
protocol specification:
「The TLS protocol provides
communications privacy over the Internet. The protocol allows
client/server applications to communicate in a way that is designed
to prevent eavesdropping, tampering, or message
forgery.」
GnuTLS provides support for TLS
1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols, TLS
extensions, including server name and max record size.
Additionally, the library supports authentication using the SRP
protocol, X.509 certificates and OpenPGP keys, along with support
for the TLS Pre-Shared-Keys (PSK) extension, the Inner Application
(TLS/IA) extension and X.509 and OpenPGP certificate handling.
本パッケージは LFS-10.0 において正しくビルドでき動作することが確認されています。
パッケージ情報
GnuTLS の依存パッケージ
必須
Nettle-3.7
Recommended
make-ca-1.7, libunistring-0.9.10, libtasn1-4.16.0, and p11-kit-0.23.22
任意
Doxygen-1.9.1, GTK-Doc-1.33.1, Guile-3.0.5,
libidn-1.36 または libidn2-2.3.0,
libseccomp-2.5.1, Net-tools-CVS_20101030 (used during
the test suite), texlive-20200406 or install-tl-unx, Unbound-1.13.0
(to build the DANE library), Valgrind-3.16.1 (used during the test suite),
autogen, cmocka and datefudge
(used during the test suite if the DANE library is built), and
Trousers (Trusted
Platform Module support)
ユーザー情報: http://wiki.linuxfromscratch.org/blfs/wiki/gnutls
GnuTLS のインストール
以下のコマンドを実行して GnuTLS をビルドします。
./configure --prefix=/usr \
--docdir=/usr/share/doc/gnutls-3.7.0 \
--disable-guile \
--with-default-trust-store-pkcs11="pkcs11:" &&
make
ビルド結果をテストする場合は make
check を実行します。 If a prior version of GnuTLS (or the same version but without all of
the recommended dependencies) has been installed, some tests may
fail. If /usr/lib/libgnutls.so
and
the target of that symlink are moved or renamed so that they cannot
be found, all tests should pass and the install procedure will
restore libgnutls.so
and the
versioned library it points to.
root
ユーザーになって以下を実行します。
make install
configure スクリプトにて
--enable-gtk-doc
オプションを指定した場合は API
ドキュメントが自動的にインストールされます。 これを指定しない場合であってもドキュメントをインストールしたければ
root
ユーザーになって以下のコマンドを実行します。 ドキュメントは
/usr/share/gtk-doc/html/gnutls
にインストールされます。
make -C doc/reference install-data-local
コマンド説明
--with-default-trust-store-pkcs11="pkcs11:"
:
This switch tells gnutls to use the PKCS #11 trust store as the
default trust. Omit this switch if p11-kit-0.23.22 is not
installed.
--disable-guile
: This
switch disables GUILE support, since GnuTLS does not support
Guile-2.2.x yet.
--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt
:
This switch tells configure where to find the
legacy CA certificate bundle and to use it instead of PKCS #11
module by default. Use this if p11-kit-0.23.22 is not installed.
--enable-gtk-doc
: GTK-Doc をインストール済で API ドキュメントを再構築する場合に指定します。
--enable-openssl-compatibility
: Use
this switch if you wish to build the OpenSSL compatibility library.
--without-p11-kit
: use this switch if
you have not installed p11-kit.
--with-included-unistring
: uses the
bundled version of libunistring, instead of the system one. Use
this switch if you have not installed libunistring-0.9.10.
パッケージ構成
インストールプログラム: certtool, danetool, gnutls-cli, gnutls-cli-debug,
gnutls-serv, ocsptool, p11tool, psktool, srptool
インストールライブラリ: libgnutls.so, libgnutls-dane.so, libgnutlsxx.so,
libgnutls-openssl.so (任意ビルド)
インストールディレクトリ: /usr/include/gnutls, /usr/share/gtk-doc/html/gnutls,
/usr/share/doc/gnutls-3.7.0
概略説明
certtool
|
is used to generate X.509 certificates, certificate
requests, and private keys.
|
danetool
|
is a tool used to generate and check DNS resource records
for the DANE protocol.
|
gnutls-cli
|
is a simple client program to set up a TLS connection to
some other computer.
|
gnutls-cli-debug
|
is a simple client program to set up a TLS connection to
some other computer and produces very verbose progress
results.
|
gnutls-serv
|
is a simple server program that listens to incoming TLS
connections.
|
ocsptool
|
is a program that can parse and print information about
OCSP requests/responses, generate requests and verify
responses.
|
p11tool
|
is a program that allows handling data from PKCS #11
smart cards and security modules.
|
psktool
|
is a simple program that generates random keys for use
with TLS-PSK.
|
srptool
|
is a simple program that emulates the programs in the
Stanford SRP (Secure Remote Password) libraries using
GnuTLS.
|
libgnutls.so
|
contains the core API functions and X.509 certificate API
functions.
|
最終更新日: 2020-12-06 04:29:55 +0900