Short: TLS and SSL security package Author: see AUTHORS Uploader: megacz usa com Type: dev/gg Version: 1.6.3 Requires: see notes Architecture: m68k-amigaos gnutls-1.6.3 ------------- --- PLEASE, READ THE AMIGA NOTES BELOW BEFORE DOING ANYTHING. Copyright (C) 2004, 2005 Simon Josefsson Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos See the end for copying conditions. This is the GNU TLS library. More up to date information can be found at http://www.gnu.org/software/gnutls/ and http://www.gnutls.org/ This is a TLS (Transport Layer Security) 1.0 and SSL (Secure Sockets Layer) 3.0 implementation for the GNU project. - The library needs libgcrypt. You can find libgcrypt at ftp://ftp.gnupg.org/pub/gcrypt/alpha/libgcrypt/ - For OpenPGP key support the OpenCDK library is required. You can find libopencdk at: ftp://ftp.gnutls.org/pub/gnutls/opencdk/ - Documentation: view the doc/ directory and the examples in the doc/examples directory. --- NOTES: [*] one test has failed and it was: pkcs1-pad, but i dont think that this has something to do with the library as the test program used the data files and they are perhaps broken(but i might be wrong), here is the output: ; Certificate[0]: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 Verifying against certificate[1]. Verification output: Verified, Expired. Certificate[1]: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 Verification output: Verified, Expired. Certificate[0]: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 Verifying against certificate[1]. Verification output: Not verified, Expired. Certificate[1]: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 Issued by: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 Verification output: Verified, Expired. out1 oks 2 fails 0 out2 oks 1 fails 1 expected 2101 ; PROBABLY data files inconsistency. [*] tests: tlsia, resume, pskself, dhepskself and anonself could not be performed coz of lack of 'fork()' implementation in 'ixemul'('ix_vfork()'/ 'ix_vfork_resume()' pair is not a good idea in this case). i tried my best to use 'pthreads' and i almost succeded but it turned out that 'server()' can not be called in thread(was giving handshake failures caused by interrupts)... ; anyway, handshaking, reading and writing do work properly, so assume that these tests passed, in other words network related proggies should not be having any problems with 'gnutls'(unlike with 'openssl' ...) [*] 'generate_dh_params()' IS INCREDIBLY SLOW AND CPU INTENSIVE, generating this might take some minutes(maybe 5, maybe 10 or even 15+ in the worst case!), on my 68040/33 generation continued ~7 minutes. from 'gnutls.html': ; /* Generate Diffie Hellman parameters - for use with DHE * kx algorithms. These should be discarded and regenerated * once a day, once a week or once a month. Depending on the * security requirements. */ [*] before you start using your program you need to fake the '/dev/random' and '/dev/urandom', just do the following(add the second one(assign...) to your GG environment init or to your startup if it isnt already there): ; makedir gg:dev assign dev: gg:dev prng dev:random prng dev:urandom ; this will generate two 16 kilos long pseudo entropy pools, so the 'libgcrypt' gatherer will be happy. you can regenarate them from time to time, but i have seen(while doing tests) that the hash stuff is quite good and gives almost no repeats with the same seed. ; 'prng' is an ARexx script, you can modify it if you feel that the randomness it deliver is poor. ; if you cant stand such solution please write a 'RANDOM:' and 'URANDOM:' device(s) for our little Miggy - that would be jolly :) [*] this library('libgnutls') and its subdeps rely on 'libgcrypt' which depends on 'libgpg-error', 'libz' is also required in the linking stage! ; - libgnutls + libgcrypt + libgpg-error + libz [*] by default 'certtool' wants 'ncurses'('libncurses.ixlibrary' 5.5), so i built also 'termcap' version. [*] code was generated for 68000, so it will work on any Amiga. [*] please note that this build is NOT affected by the NLS - linuxish locale. --- if you got any suggestions, ideas, found a bug then please email me. megacz@usa.com