GNU Transport Layer Security Library
GNU Transport Layer Security Library is a library which implements a secure layer over a reliable transport layer such as TCP/IP. It implements the TLS 1.1 and SSL 3.0 protocols, accompanied with authentication methods such as X.509, OpenPGP, and SRP.
| Tags | Security Cryptography Software Development Libraries |
|---|---|
| Licenses | GPL LGPL |
| Operating Systems | Unix POSIX |
| Implementation | C |
Recent releases
- 28 May 2009 10:52
Changes: New APIs were added for handling extensions in Certificate Requests and CRLs, for setting credentials from a PKCS#12 object stored in memory, and for verifying a hash against a certificate. The linker version script now lists all exported APIs explicitly, and no longer exports the majority of internal _gnutls* functions. There were many other fixes and improvements.
- 30 Sep 2008 18:14
Changes: This release fixes minor crashes and a small memory leak. The included libtasn1 library has been updated to version 1.5.
- 04 Sep 2007 06:39
Changes: This is a major stable release. External RSA/DSA signing for TLS client authentication is supported. Signing X.509 certificates using RSA with SHA-256/384/512 is supported. There is experimental support for TLS 1.2. X.509 Proxy Certificates (RFC 3820), Supplemental handshakes messages (RFC 4680), TLS authorization extension (draft-housley-tls-authz-extns-07), and the X.509 "otherName" Subject Altnerative Names (for XMPP) are supported. Guile bindings for GnuTLS were added. Several new APIs were added. Build improvements were made for Windows, Mac OS X, uClinux, etc.
- 04 Sep 2007 06:39
Changes: New API functions were added to extract DER encoded X.509 Subject/Issuer DN. The PKCS8 parser now returns better error codes. A memory leak for sessions with client authentication via certificates was fixed. Building of a "tlsia" self test was fixed.
- 19 Apr 2007 10:36
Changes: X.509 RSA signing has been fixed to use NULL instead of absent parameters, which solves failure in some external programs (e.g. GnuPG 2.x) when verifying GnuTLS-generated RSA X.509 certificates. The PKIX ASN.1 syntax tree was regenerated to fix a mistake made in the last release.
- All comments
Recent commentsRe: License
> An SSL/TLS library under the GPL. Yuck!
> What's the
> purpose of this except of having a GNU
> label in front of
> a SSL library?
>
> OpenSSL can do the same, while having a
> much more
> reasonable license.
>
good point. i say the same about linux, what a
stupid project, let's just all use windows because it
works the way we all expect it to.
pfft...
Re: License
TAKE THAT :P
(to the original poster) Honestly do you have to be that partial to OpenSSL. GPL is about keeping your mind open. OpenSSL has to get some merrit for being one of the first open source SSL implementations, however stuff doesn't get better unless it is challenged. And if OpenSSL gets shot down by GNUTLS because of its speed and reliability, it'll be for a reason. I'm not saying it will, but it could happen.
>
> % OpenSSL can do the same, while having
> % a much more
> % reasonable license.
> %
>
>
> resonability is in the eye of the
> beholder; dismissing
> something based on your own preferences
> is a bit
> silly. some people would prefer a GPL'd
>
> implementation.
>
> beyond that, OpenSSL is getting rather
> huge and
> slow (or so my crypto budies tell me)
> and a rewrite
> resulting in a smaller, faster library
> could be exactly
> what the doctor ordered for many
> projects.
>
> then again, perhaps those involved in
> the project
> simply wanted to write a TLS library for
> their own
> satisfaction and education.
>
>
Re: License
Its questionable wether GPL'ed binaries can link to openssl. The issue is mentioned in the openssl FAQ, however its not as clear cut as they make out.
openssl is not Free to developers who use the GPL, gnutls is.
Re: License
> OpenSSL can do the same, while having
> a much more
> reasonable license.
>
resonability is in the eye of the beholder; dismissing
something based on your own preferences is a bit
silly. some people would prefer a GPL'd
implementation.
beyond that, OpenSSL is getting rather huge and
slow (or so my crypto budies tell me) and a rewrite
resulting in a smaller, faster library could be exactly
what the doctor ordered for many projects.
then again, perhaps those involved in the project
simply wanted to write a TLS library for their own
satisfaction and education.
Re: License
> What's the purpose of this
> except of having a GNU
> label in front of a SSL library?
Good question...
Maybe someone will be more likely to invest time in contributing to something that will stay free and open rather than something that can/could be used in closed world with private modification distribute as binary.
Check for GPL in http://www.openssl.org/support/faq.html
and you see the begining of an issue with openssl.
Does anybody know GPL program that use OpenSSL
and do they have a GPL exception stated?