* p11-kit >= 0.22.1 for PKCS #11 URI handling
* libdb >= 4.0 for key->value lookup with BerkeleyDB transactions/replication
* libtasn1 for parsing of BER and DER data structures
- * NOT-YET: libldns for DNS lookups
+ * libldns for DNS lookups
+ * libunbound for more DNS lookups
+ * Quick-DER >= 1.2.3 for DER manipulation
+ * libkrb5 for Kerberos support
* NOT-YET: libldap for LDAP lookups
* NOT-YET: libmemcached for caching of intermediate results
* NOT-YET: libradius to do additional authn / authz [/acct]
sort of maturity that this project has not reached yet.
+Build Packages
+--------------
+
+As a **sugestion** only, here are packages you should have installed
+before trying to build TLSPOOL.
+
+ - Debian
+ - libdb-dev libldns-dev libunbound-dev libkrb5-dev
+ - libgnutls-dev (you'll need one with DANE support)
+
First-time build
----------------
chown -R tlspool:tlspool /var/lib/softhsm/tokens/XXX
+To setup Kerberos authentication, you need to install the basic package,
+usually named `krb5-user` or `krb5-client`, depending on your distro.
+In `/etc/krb5.conf`, be sure to have this entry to guide the test
+domain names to our KDC::
+
+ [domain_realm]
+ # ...other entries...
+ tlspool.arpa2.lab = ARPA2.NET
+
The following test demonstrates proper working of the TLS Pool based on
the testdata and under the warnings above:
The TLS pool also handles teardown in all its forms with grace; that
is, it will detect it immediately and notify the other side.
+
+Language Wrappers
+-----------------
+
+The TLS Pool protocol is published and can be implemented in any language
+that prefers to work at that level. It is important to understand that the
+format may change with future versions however, and that would cause some
+dismay related to versioning. We promise to confine API changes to major
+versions only to make this somewhat bearable.
+
+The golden way is to instead rely on the C library, built in lib/* and
+installed for linking with a "-ltlspool" argument. We also provide a
+.pc file for use with pkg-config.
+
+Based on this C library, we build wrappers for other languages, usually
+going through SWIG. If you desire a library, please build it separately
+with:
+
+ make -C lib/python all install
+ make -C lib/go all install
+
+and so on. Some of the libraries may not have been completed yet, in that
+case you will run into difficulties. These libraries are neither built
+nor installed as part of the normal (main directory) builds! Only the
+C library is made and/or installed by default.
+