GnuTLS is available for download at: https://www.gnutls.org/download.html
GnuTLS uses a development cycle where even minor version numbers indicate a stable release and a odd minor version number indicate a development release. For example, GnuTLS 1.6.3 denote a stable release since 6 is even, and GnuTLS 1.7.11 denote a development release since 7 is odd.
GnuTLS depends on nettle
and gmplib
, and you will need to install it
before installing GnuTLS. The nettle
library is available from
https://www.lysator.liu.se/~nisse/nettle/, while gmplib
is available
from https://www.gmplib.org/.
Don’t forget to verify the cryptographic signature after downloading
source code packages.
The package is then extracted, configured and built like many other
packages that use Autoconf. For detailed information on configuring
and building it, refer to the INSTALL file that is part of the
distribution archive. Typically you invoke ./configure
and
then make check install
. There are a number of compile-time
parameters, as discussed below.
Several parts of GnuTLS require ASN.1 functionality, which is provided by a library called libtasn1. A copy of libtasn1 is included in GnuTLS. If you want to install it separately (e.g., to make it possibly to use libtasn1 in other programs), you can get it from https://www.gnu.org/software/libtasn1/.
The compression library, libz
, the PKCS #11 helper library p11-kit
,
the TPM library trousers
, as well as the IDN library libidn
1 are
optional dependencies. Check the README file in the distribution on how
to obtain these libraries.
A few configure
options may be relevant, summarized below.
They disable or enable particular features,
to create a smaller library with only the required features.
Note however, that although a smaller library is generated, the
included programs are not guaranteed to compile if some of these
options are given.
--disable-srp-authentication --disable-psk-authentication --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-openssl-compatibility --disable-dtls-srtp-support --disable-alpn-support --disable-heartbeat-support --disable-libdane --without-p11-kit --without-tpm --without-zlib
For the complete list, refer to the output from configure --help
.