[Help-gnutls] Re: gnutls with pgp
Simon Josefsson
simon at josefsson.org
Wed Feb 7 17:10:21 CET 2007
dellanna at csp.it writes:
> I want to build the following scenario (with gnutls)
> One archtecture client-server (in lan)... when client open the connection with
> server, it be used TLS with autentication PGP-based.
> It is possible to start from ex-serv-anon and ex-client1. isn't it?
> There is some reference on this mechanism? (this is gnutls mechanism)
Yes, you should be able to start from those two examples and make that
work. For testing, you should even be able to create that
configuration using the command line tools gnutls-cli and gnutls-serv.
That may be simpler to start with.
I'm not sure what you mean by a reference, but the manual should
contain the necessary documentation. You'll need to modify the code
to suite your needs, of course. Don't forget to look at src/cli.c and
src/serv.c (the source code to gnutls-cli and gnutls-serv) for more
hints, they are slightly more capable than the example code.
/Simon
> Simone.
>
> Scrive Simon Josefsson <simon at josefsson.org>:
>
>> dellanna at csp.it writes:
>>
>> > Yes,
>> > with cc -o ex-client1 ex-client1.c tcp.c -lgnutls it was generated the
>> output "
>> > ex-client1", but if I run ./ex-client1 the application return "Connect
>> error".
>> > I work on LAN and there is the server machine in waiting on port 5556. The
>> > client machine should to connect on server machine with TLS.
>> > The client application is complete?
>>
>> The client connects to "localhost:5556". Do you have a server running
>> there? The error you get indicate that there is no server.
>>
>> Remember, you will want to modify the client in order to do anything
>> useful, so I recommend to start reading its source code to understand
>> what it does.
>>
>> /Simon
>>
>> > Simone.
>> >
>> > Scrive Simon Josefsson <simon at josefsson.org>:
>> >
>> >> dellanna at csp.it writes:
>> >>
>> >> > Ok,
>> >> > now, if I run cc -ex-serv-anon ex-serv-anon.c -I/usr/lib/ -L /usr/lib/
>> >> -lgnutls
>> >> > (for server with anonymous authentication) it work correctly...the
>> output
>> >> is the
>> >> > following:
>> >> >
>> >> > Server ready. Listening to port '5556'
>> >> >
>> >> > But if I run cc -ex-client1 ex-client1.c -I/usr/lib/ -L /usr/lib/
>> -lgnutls
>> >> on
>> >> > client machine (for client anonymous) it return the following error:
>> >>
>> >> Try:
>> >>
>> >> cc -o ex-client1 ex-client1.c -lgnutls
>> >>
>> >> instead.
>> >>
>> >> > _______________________________________________________________
>> >> > /usr/bin/ld: warning: cannot find entry symbol x-client1; defaulting to
>> >> > 0000000008048908
>> >> > /tmp/ccbQ8aPE.o: In function `main':ex-client1.c:(.text+0x97): undefined
>> >> > reference to `tcp_connect'
>> >> > :ex-client1.c:(.text+0x1fd): undefined reference to `tcp_close'
>> >> > collect2: ld returned 1 exit status
>> >> > _______________________________________________________________
>> >> >
>> >> > What is the problem for you?
>> >>
>> >> The tcp_* functions are needed. Download this file as tcp.c:
>> >>
>> >>
>> >
>>
> http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/*checkout*/gnutls/doc/examples/tcp.c?root=GNU+TLS+Library&content-type=text%2Fplain
>> >>
>> >> and build it too, e.g.:
>> >>
>> >> cc -o ex-client1 ex-client1.c tcp.c -lgnutls
>> >>
>> >> I have added that file as another section in the manual.
>> >>
>> >> /Simon
>> >>
>> >> > Simone.
>> >> >
>> >> > Scrive Simon Josefsson <simon at josefsson.org>:
>> >> >
>> >> >> dellanna at csp.it writes:
>> >> >>
>> >> >> > Hi,
>> >> >> > I installed gnutls with Synaptic Package Manager ( in ubuntu 6.06)
>> and I
>> >> >> don't
>> >> >> > know what is gnutls library directory...
>> >> >>
>> >> >> Then it is installed in the default path, /usr/lib. You don't have to
>> >> >> specify the -I or -L parameters at all. Just add "-lgnutls" when
>> >> >> building it.
>> >> >>
>> >> >> > If I download gnutls from ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/
>> >> >> > what is the packet I need to use gnutls in my applications?
>> >> >> > In manual there aren't instructions releted to configuration of my
>> >> >> environment.
>> >> >> > Can you help me, please?
>> >> >>
>> >> >> See the file INSTALL, but if GnuTLS comes with your distribution, you
>> >> >> don't need to build it yourself.
>> >> >>
>> >> >> /Simon
>> >> >>
>> >> >> > Simone.
>> >> >> >
>> >> >> > Scrive Simon Josefsson <simon at josefsson.org>:
>> >> >> >
>> >> >> >> dellanna at csp.it writes:
>> >> >> >>
>> >> >> >> > Ok,
>> >> >> >> > but if I try to compiler the example on manual "Echo Server with
>> >> >> anonymous
>> >> >> >> > authentication" with command gcc, it return something like:
>> >> >> >> > "server.c:(.text+0x2e): undefined reference to
>> >> >> >> `gnutls_set_default_priority'"
>> >> >> >> > this function is in the package <gnutls/gnutls.h>.
>> >> >> >> > In this example I write #include <gnutls/gnutls.h> . There is
>> >> something
>> >> >> to
>> >> >> >> > configure before gnutls work correctly?
>> >> >> >>
>> >> >> >> Did you forget to link the program with the gnutls library? You'll
>> >> >> >> need to compile it using something like this:
>> >> >> >>
>> >> >> >> cc -o foo foo.c -I/path/to/gnutls/include -L/path/to/gnutls/lib
>> >> -lgnutls
>> >> >> >>
>> >> >> >> Alternatively, if you built GnuTLS yourself, invoke 'make' in the
>> >> >> >> doc/examples/ directory. The examples are built when you build
>> >> >> >> GnuTLS.
>> >> >> >>
>> >> >> >> /Simon
>> >> >> >>
>> >> >> >> > Simone.
>> >> >> >> >
>> >> >> >> > Scrive Simon Josefsson <simon at josefsson.org>:
>> >> >> >> >
>> >> >> >> >> dellanna at csp.it writes:
>> >> >> >> >>
>> >> >> >> >> > Hi all,
>> >> >> >> >> > I should implement autenthication inside of web application
>> with
>> >> >> gnutls.
>> >> >> >> >> > I should use OpenPGP inside TLS connection (I do not use
>> >> certificate
>> >> >> >> >> X.509).
>> >> >> >> >> > It is possible in GnuTLS, but can someone indicate me any
>> >> reference
>> >> >> >> guide
>> >> >> >> >> (with
>> >> >> >> >> > example server-client)?
>> >> >> >> >>
>> >> >> >> >> Hi! Yes, that should be possible. There are example code for a
>> >> >> >> >> server in the GnuTLS manual:
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >
>> >>
>> >
>>
> http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html
>> >> >> >> >>
>> >> >> >> >> There are no explicit examples for OpenPGP clients, but modifying
>> >> the
>> >> >> >> >> standard X.509 example:
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >
>> >>
>> >
>>
> http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html
>> >> >> >> >>
>> >> >> >> >> using the hints from:
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >
>> >>
>> >
>>
> http://www.gnu.org/software/gnutls/manual/html_node/Certificate-authentication.html
>> >> >> >> >>
>> >> >> >> >> should not be impossible.
>> >> >> >> >>
>> >> >> >> >> Note that this part of GnuTLS is not widely used, so it isn't
>> >> unlikely
>> >> >> >> >> that you run into problems. Let us know how it works for you!
>> >> >> >> >>
>> >> >> >> >> /Simon
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > ----------------------------------------------------------------
>> >> >> >> > This message was sent using IMP, the Internet Messaging Program.
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > ----------------------------------------------------------------
>> >> >> > This message was sent using IMP, the Internet Messaging Program.
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > ----------------------------------------------------------------
>> >> > This message was sent using IMP, the Internet Messaging Program.
>> >>
>> >>
>> >
>> >
>> >
>> >
>> > ----------------------------------------------------------------
>> > This message was sent using IMP, the Internet Messaging Program.
>>
>>
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
More information about the Gnutls-help
mailing list