Next: , Up: Introduction to GnuTLS   [Contents][Index]

2.1 Downloading and installing

GnuTLS is available for download at: https://www.gnutls.org/download.html

GnuTLS uses a development cycle where even minor version numbers indicate a stable release and a odd minor version number indicate a development release. For example, GnuTLS 1.6.3 denote a stable release since 6 is even, and GnuTLS 1.7.11 denote a development release since 7 is odd.

GnuTLS depends on nettle and gmplib, and you will need to install it before installing GnuTLS. The nettle library is available from https://www.lysator.liu.se/~nisse/nettle/, while gmplib is available from https://www.gmplib.org/. Don’t forget to verify the cryptographic signature after downloading source code packages.

The package is then extracted, configured and built like many other packages that use Autoconf. For detailed information on configuring and building it, refer to the INSTALL file that is part of the distribution archive. Typically you invoke ./configure and then make check install. There are a number of compile-time parameters, as discussed below.

Several parts of GnuTLS require ASN.1 functionality, which is provided by a library called libtasn1. A copy of libtasn1 is included in GnuTLS. If you want to install it separately (e.g., to make it possibly to use libtasn1 in other programs), you can get it from https://www.gnu.org/software/libtasn1/.

The compression library, libz, the PKCS #11 helper library p11-kit, the TPM library trousers, as well as the IDN library libidn1 are optional dependencies. Check the README file in the distribution on how to obtain these libraries.

A few configure options may be relevant, summarized below. They disable or enable particular features, to create a smaller library with only the required features. Note however, that although a smaller library is generated, the included programs are not guaranteed to compile if some of these options are given. 

--disable-srp-authentication
--disable-psk-authentication
--disable-anon-authentication
--disable-dhe
--disable-ecdhe
--disable-openssl-compatibility
--disable-dtls-srtp-support
--disable-alpn-support
--disable-heartbeat-support
--disable-libdane
--without-p11-kit
--without-tpm
--without-zlib

For the complete list, refer to the output from configure --help.

Footnotes

(1)

Needed to use RFC6125 name comparison in internationalized domains.

Next: , Up: Introduction to GnuTLS   [Contents][Index]