Short: TLS and SSL security package
Author: see AUTHORS
Uploader: megacz usa com
Type: dev/gg
Version: 1.6.3
Requires: see notes
Architecture: m68k-amigaos
gnutls-1.6.3
-------------
---
PLEASE, READ THE AMIGA NOTES BELOW BEFORE DOING ANYTHING.
Copyright (C) 2004, 2005 Simon Josefsson
Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos
See the end for copying conditions.
This is the GNU TLS library. More up to date information can be found
at http://www.gnu.org/software/gnutls/ and http://www.gnutls.org/
This is a TLS (Transport Layer Security) 1.0 and SSL (Secure Sockets Layer) 3.0
implementation for the GNU project.
- The library needs libgcrypt. You can find libgcrypt at
ftp://ftp.gnupg.org/pub/gcrypt/alpha/libgcrypt/
- For OpenPGP key support the OpenCDK library is required. You can find
libopencdk at:
ftp://ftp.gnutls.org/pub/gnutls/opencdk/
- Documentation:
view the doc/ directory and the examples in the doc/examples directory.
---
NOTES:
[*]
one test has failed and it was: pkcs1-pad, but i dont think that
this has something to do with the library as the test program used
the data files and they are perhaps broken(but i might be wrong),
here is the output:
;
Certificate[0]: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp
Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
Verifying against certificate[1].
Verification output: Verified, Expired.
Certificate[1]: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
Verification output: Verified, Expired.
Certificate[0]: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp
Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
Verifying against certificate[1].
Verification output: Not verified, Expired.
Certificate[1]: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4
Verification output: Verified, Expired.
out1 oks 2 fails 0 out2 oks 1 fails 1
expected 2101
;
PROBABLY data files inconsistency.
[*]
tests: tlsia, resume, pskself, dhepskself and anonself could not be
performed coz of lack of 'fork()' implementation in 'ixemul'('ix_vfork()'/
'ix_vfork_resume()' pair is not a good idea in this case). i tried my best
to use 'pthreads' and i almost succeded but it turned out that 'server()' can
not be called in thread(was giving handshake failures caused by interrupts)...
;
anyway, handshaking, reading and writing do work properly, so assume that these
tests passed, in other words network related proggies should not be having
any problems with 'gnutls'(unlike with 'openssl' ...)
[*]
'generate_dh_params()' IS INCREDIBLY SLOW AND CPU INTENSIVE, generating this
might take some minutes(maybe 5, maybe 10 or even 15+ in the worst case!),
on my 68040/33 generation continued ~7 minutes. from 'gnutls.html':
;
/* Generate Diffie Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* once a day, once a week or once a month. Depending on the
* security requirements.
*/
[*]
before you start using your program you need to fake the '/dev/random' and
'/dev/urandom', just do the following(add the second one(assign...) to your
GG environment init or to your startup if it isnt already there):
;
makedir gg:dev
assign dev: gg:dev
prng dev:random
prng dev:urandom
;
this will generate two 16 kilos long pseudo entropy pools, so the 'libgcrypt'
gatherer will be happy. you can regenarate them from time to time, but i have
seen(while doing tests) that the hash stuff is quite good and gives almost
no repeats with the same seed.
;
'prng' is an ARexx script, you can modify it if you feel that the randomness
it deliver is poor.
;
if you cant stand such solution please write a 'RANDOM:' and 'URANDOM:' device(s)
for our little Miggy - that would be jolly :)
[*]
this library('libgnutls') and its subdeps rely on 'libgcrypt' which depends
on 'libgpg-error', 'libz' is also required in the linking stage!
;
- libgnutls
+ libgcrypt
+ libgpg-error
+ libz
[*]
by default 'certtool' wants 'ncurses'('libncurses.ixlibrary' 5.5), so i built
also 'termcap' version.
[*]
code was generated for 68000, so it will work on any Amiga.
[*]
please note that this build is NOT affected by the NLS - linuxish locale.
---
if you got any suggestions, ideas, found a bug then please email me.
megacz@usa.com