We are pleased to present a customized version of GnuTLS 1.2.8 that adds an implementation of the TLS Inner Application (TLS/IA) protocol.
The TLS/IA protocol was designed to be used in the EAP-TTLSv1 protocol, to perform user authentication of Wireless LAN network nodes using IEEE 802.1x. The TLS/IA and TTLSv1 protocols were published through the IETF and descriptions can be found at: http://josefsson.org/tlsia/draft-funk-tls-inner-application-extension-01.txt http://josefsson.org/tlsia/draft-ietf-pppext-eap-ttls-05.txt The goal is to merge this TLS/IA branch with the main development branch (1.3.x) and then to investigate how EAP-TTLSv1 can be implemented. We invite suggestions and comments on these matters. This work was done by Simon Josefsson Datakonsult in close co-operation with Emile van Bergen of E-advies, under commission for Lumiad. Lumiad is a Dutch based privately held company. Lumiad is specialized in wireless applications and wireless security solutions. Lumiad supports open source projects, from which large parts will be used in Lumiad products. Lumiad was happy to sponsor this specific TLS/IA module. We see this module as a first step for the correct implementation of the EAP-TTLSV1 standard in open source products. http://www.lumiad.nl/ E-advies is a privately held company based in the Netherlands that designs and develops software and solutions, and provides consultancy in telecommunications and storage. Its flagship product is OpenRADIUS, an industrial strength RADIUS server that offers complete freedom in policy definition, and is available under the GNU General Public License. Simon Josefsson Datakonsult, a Stockholm based privately held company that specialize in development and standardization of security and internationalization technologies, is currently funding GnuTLS maintenance. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. The NEWS entries for this release are: - GnuTLS now support TLS Inner application (TLS/IA) as per draft-funk-tls-inner-application-extension-01. This functionality is added to libgnutls-extra, so it is licensed under the GPL. - API and ABI modifications: gnutls_ia_handshake: New function, to perform TLS/IA handshake. gnutls_ia_handshake_p: New function, a predicate to decide whether to TLS/IA handshake. gnutls_ia_free_client_credentials, gnutls_ia_allocate_client_credentials, gnutls_ia_free_server_credentials, gnutls_ia_allocate_server_credentials: New functions to allocate a TLS/IA credential. gnutls_ia_set_client_avp_function, gnutls_ia_set_server_avp_function, gnutls_ia_set_client_avp_ptr, gnutls_ia_get_client_avp_ptr, gnutls_ia_set_server_avp_ptr, gnutls_ia_get_server_avp_ptr: New functions to handle the AVP callback. gnutls_ia_require_inner_phase: New functions, to toggle TLS/IA application phases. gnutls_ia_permute_inner_secret: New function to mix session keys with inner secret. gnutls_ia_endphase_send, gnutls_ia_send, gnutls_ia_recv: Low-level API. gnutls_ia_generate_challenge, gnutls_ia_extract_inner_secret: New functions that can be used after successful TLS/IA negotiation. gnutls_ia_mode_t: Enum type with TLS/IA modes. gnutls_ia_apptype_t: Enum type with TLS/IA packet types. GNUTLS_A_INNER_APPLICATION_FAILURE, GNUTLS_A_INNER_APPLICATION_VERIFICATION: Enum values for TLS/IA alerts. GNUTLS_E_WARNING_IA_IPHF_RECEIVED, GNUTLS_E_WARNING_IA_FPHF_RECEIVED: New error codes, to signal when an application phase has finished. GNUTLS_E_IA_VERIFY_FAILED: New error code to signal TLS/IA verify failure. If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: <http://lists.gnu.org/mailman/listinfo/help-gnutls>. The project page of the library is available at: http://josefsson.org/gnutls/ Here are the compressed sources: http://josefsson.org/gnutls/releases/tlsia/gnutls-1.2.8+ia.1.tar.bz2 (2.5MB) Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/tlsia/gnutls-1.2.8+ia.1.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: 1280R/B565716F 2002-05-05 [expires: 2006-02-28] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 checksums: 4296d3bcdd32f11df9b3ea16f1811f4bc6569fd9 gnutls-1.2.8+ia.1.tar.bz2 da6445dfb716adbbcb696a205f0361c0add2a9e1 gnutls-1.2.8+ia.1.tar.bz2.sig Enjoy, Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
