Next: , Previous: Preface, Up: Top


2 The Library

In brief GnuTLS can be described as a library which offers an API to access secure communication protocols. These protocols provide privacy over insecure lines, and were designed to prevent eavesdropping, tampering, or message forgery.

Technically GnuTLS is a portable ANSI C based library which implements the TLS 1.1 and SSL 3.0 protocols (See Introduction to TLS, for a more detailed description of the protocols), accompanied with the required framework for authentication and public key infrastructure. The library is available under the GNU Lesser GPL license1. Important features of the GnuTLS library include:

Additionally GnuTLS provides a limited emulation API for the widely used OpenSSL2 library, to ease integration with existing applications.

GnuTLS consists of three independent parts, namely the “TLS protocol part”, the “Certificate part”, and the “Crypto backend” part. The `TLS protocol part' is the actual protocol implementation, and is entirely implemented within the GnuTLS library. The `Certificate part' consists of the certificate parsing, and verification functions which is partially implemented in the GnuTLS library. The Libtasn13, a library which offers ASN.1 parsing capabilities, is used for the X.509 certificate parsing functions, and Opencdk4 is used for the OpenPGP key support in GnuTLS. The “Crypto backend” is provided by the Libgcrypt5 library.

In order to ease integration in embedded systems, parts of the GnuTLS library can be disabled at compile time. That way a small library, with the required features, can be generated.


Footnotes

[1] A copy of the license is included in the distribution

[2] http://www.openssl.org/

[3] ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/libtasn1/

[4] ftp://ftp.gnupg.org/gcrypt/alpha/gnutls/opencdk/

[5] ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/