GnuTLS 1.2.8 with TLS Inner Application (TLS/IA) support
jas at extundo.com
Wed Dec 14 08:37:02 EST 2005
We are pleased to present a customized version of GnuTLS 1.2.8 that
adds an implementation of the TLS Inner Application (TLS/IA) protocol.
The TLS/IA protocol was designed to be used in the EAP-TTLSv1
protocol, to perform user authentication of Wireless LAN network nodes
using IEEE 802.1x. The TLS/IA and TTLSv1 protocols were published
through the IETF and descriptions can be found at:
The goal is to merge this TLS/IA branch with the main development
branch (1.3.x) and then to investigate how EAP-TTLSv1 can be
implemented. We invite suggestions and comments on these matters.
This work was done by Simon Josefsson Datakonsult in close
co-operation with Emile van Bergen of E-advies, under commission for
Lumiad is a Dutch based privately held company. Lumiad is specialized
in wireless applications and wireless security solutions. Lumiad
supports open source projects, from which large parts will be used in
Lumiad products. Lumiad was happy to sponsor this specific TLS/IA
module. We see this module as a first step for the correct
implementation of the EAP-TTLSV1 standard in open source products.
E-advies is a privately held company based in the Netherlands that
designs and develops software and solutions, and provides consultancy
in telecommunications and storage. Its flagship product is
OpenRADIUS, an industrial strength RADIUS server that offers complete
freedom in policy definition, and is available under the GNU General
Simon Josefsson Datakonsult, a Stockholm based privately held company
that specialize in development and standardization of security and
internationalization technologies, is currently funding GnuTLS
maintenance. Commercial support contracts for GnuTLS are available,
and they help finance continued maintenance.
GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network
The NEWS entries for this release are:
- GnuTLS now support TLS Inner application (TLS/IA) as per
draft-funk-tls-inner-application-extension-01. This functionality
is added to libgnutls-extra, so it is licensed under the GPL.
- API and ABI modifications:
gnutls_ia_handshake: New function, to perform TLS/IA handshake.
gnutls_ia_handshake_p: New function, a predicate to decide whether
to TLS/IA handshake.
gnutls_ia_allocate_server_credentials: New functions to allocate a
gnutls_ia_get_server_avp_ptr: New functions to handle the AVP callback.
gnutls_ia_require_inner_phase: New functions, to toggle TLS/IA
gnutls_ia_permute_inner_secret: New function to mix session keys
with inner secret.
gnutls_ia_recv: Low-level API.
gnutls_ia_extract_inner_secret: New functions that can be used
after successful TLS/IA negotiation.
gnutls_ia_mode_t: Enum type with TLS/IA modes.
gnutls_ia_apptype_t: Enum type with TLS/IA packet types.
GNUTLS_A_INNER_APPLICATION_VERIFICATION: Enum values for TLS/IA alerts.
GNUTLS_E_WARNING_IA_FPHF_RECEIVED: New error codes, to signal when
an application phase has finished.
GNUTLS_E_IA_VERIFY_FAILED: New error code to signal TLS/IA verify failure.
If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
The project page of the library is available at:
Here are the compressed sources:
Here are GPG detached signatures signed using key 0xB565716F:
The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
1280R/B565716F 2002-05-05 [expires: 2006-02-28]
Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F
The key is available from:
Here are the SHA-1 checksums:
More information about the HostAP