On Sat, Oct 16, 2021 at 07:47:10AM +0000,
Turritopsis Dohrnii Teo En Ming <[email protected]> wrote
a message of 191 lines which said:
> Subject: How do I use the GnuTLS Transport Layer Security Secure
> Communications Library on Linux and Windows desktops?
I assume you already installed it ("Linux", as you know, is not an
operating system, just a kernel, so the installation of the package
will depend on your specific operating system; on Debian, 'apt install
libgnutls28-dev' will do the job).
To now use the library, the documentation is here:
https://gnutls.org/manual/html_node/How-to-use-GnuTLS-in-applications.html#How-to-use-GnuTLS-in-applications
I attach a very simple C program to connect to a TLS server, to help
you start. I compiled it on Debian with 'cc -I/usr/include/p11-kit-1
-Wall -Wextra -o test test.c -lgnutls'.
[I cannot help for MS Windows, I don't know it enough.]
#define MAXHOSTNAME 256
#define MAXPORTNAME 128
/* Default port */
#define PORT "https"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>
#include <gnutls/gnutls.h>
/* https://gnutls.org/manual/gnutls.html */
int
main(argc, argv)
int argc;
char **argv;
{
gnutls_session_t *session = malloc(sizeof(gnutls_session_t));
int tls_result;
int last_alert;
int result;
char *hostname = malloc(MAXHOSTNAME);
char *portname = malloc(MAXPORTNAME);
int sockfd;
struct addrinfo hints, *res;
gnutls_certificate_credentials_t xcred;
if (argc <= 1 || argc >= 4) {
fprintf(stderr, "Usage: %s server-name [server-port]\n", argv[0]);
exit(1);
}
strcpy(hostname, argv[1]);
if (argc == 3) {
strcpy(portname, argv[2]);
} else {
strcpy(portname, PORT);
}
tls_result = gnutls_certificate_allocate_credentials(&xcred);
if (tls_result != GNUTLS_E_SUCCESS) {
fprintf(stderr, "Cannot allocate credentials: %s\n",
gnutls_strerror(tls_result));
exit(1);
}
tls_result = gnutls_certificate_set_x509_system_trust(xcred);
if (tls_result < 0) {
fprintf(stderr, "Cannot load credentials: %s\n",
gnutls_strerror(tls_result));
exit(1);
} else {
fprintf(stdout, "%d root certificates\n", tls_result);
}
tls_result = gnutls_init(session, GNUTLS_CLIENT);
if (tls_result != GNUTLS_E_SUCCESS) {
fprintf(stderr, "Cannot create a new TLS session: %s\n",
gnutls_strerror(tls_result));
exit(1);
}
tls_result = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, xcred); /* Mandatory
* or
* "no
* cipher
* suites
* found"
*/
if (tls_result != GNUTLS_E_SUCCESS) {
fprintf(stderr, "Cannot set credentials: %s\n", gnutls_strerror(tls_result));
exit(1);
}
tls_result = gnutls_set_default_priority(*session);
if (tls_result != GNUTLS_E_SUCCESS) {
fprintf(stderr, "Cannot set priorities: %s\n", gnutls_strerror(tls_result));
exit(1);
}
/* gnutls_session_set_verify_cert(*session, hostname, 0); */
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC; /* v4 or v6, I don't care */
hints.ai_socktype = SOCK_STREAM;
result = getaddrinfo(hostname, portname, &hints, &res);
if (result != 0) {
fprintf(stderr,
"Cannot resolve name '%s : %s' (wrong name or wrong port): %d\n",
hostname, portname, result);
exit(1);
}
sockfd = socket(res->ai_family, res->ai_socktype, 0);
if (sockfd == -1) {
fprintf(stderr, "Cannot create socket\n");
exit(1);
}
result = connect(sockfd, res->ai_addr, res->ai_addrlen);
if (result != 0) {
fprintf(stderr, "Cannot connect to %s: %d\n", hostname, errno);
exit(1);
}
gnutls_transport_set_int(*session, sockfd);
tls_result = gnutls_handshake(*session);
if (tls_result != GNUTLS_E_SUCCESS) {
fprintf(stderr, "Cannot start the TLS session to %s: ", hostname);
if (tls_result == GNUTLS_E_FATAL_ALERT_RECEIVED) {
last_alert = gnutls_alert_get(*session);
fprintf(stderr, "Received alert '%d': %s.\n", last_alert,
gnutls_alert_get_name(last_alert));
} else {
fprintf(stderr, "%s\n", gnutls_strerror(tls_result));
}
exit(1);
}
fprintf
(stderr, "TLS connection using \"%s %s\"\n",
gnutls_protocol_get_name(gnutls_protocol_get_version(*session)),
gnutls_cipher_get_name(gnutls_cipher_get(*session)));
}
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help