gnutls  3.7.5
About: GnuTLS (GNU Transport Layer Security Library) implements the TLS 1.3, 1.2, 1.1, 1.0 and SSL 3.0 protocols accompanied with the required framework for authentication and public key infrastructure.
Next stable release.
  Fossies Dox: gnutls-3.7.5.tar.xz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

gnutls Documentation

Some Fossies usage hints in advance:

  1. To see the Doxygen generated documentation please click on one of the items in the steelblue colored "quick index" bar above or use the side panel at the left which displays a hierarchical tree-like index structure and is adjustable in width.
  2. If you want to search for something by keyword rather than browse for it you can use the client side search facility (using Javascript and DHTML) that provides live searching, i.e. the search results are presented and adapted as you type in the Search input field at the top right.
  3. Doxygen doesn't incorporate all member files but just a definable subset (basically the main project source code files that are written in a supported language). So to search and browse all member files you may visit the Fossies gnutls-3.7.5.tar.xz contents page and use the Fossies standard member browsing features (also with source code highlighting and additionally with optional code folding).

CII Best Practices

Branch CI system Status Test suite coverage Fuzzer coverage
Master/3.7.x Gitlab build status coverage report Fuzzer coverage report
Master/3.7.x Github Actions build status N/A N/A
3.6.x Gitlab build status N/A N/A

GnuTLS -- Information for developers

GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure Sockets Layer) protocol. Additional information can be found at

This file contains instructions for developers and advanced users that want to build from version controlled sources. See for building released versions.

We require several tools to check out and build the software, including:

The required software is typically distributed with your operating system, and the instructions for installing them differ. Here are some hints:


apt-get install -y dash git-core autoconf libtool gettext autopoint
apt-get install -y automake python3 nettle-dev libp11-kit-dev libtspi-dev libunistring-dev
apt-get install -y guile-2.2-dev libtasn1-6-dev libidn2-0-dev gawk gperf
apt-get install -y libtss2-dev libunbound-dev dns-root-data bison gtk-doc-tools
apt-get install -y texinfo texlive texlive-generic-recommended texlive-extra-utils

NOTE: Some software versions might not be available in older releases, e.g. nettle-dev. Available backport repos, APT-Pinning or source code compilating can be used to install these versions (and dependencies) from a newer release.


yum install -y dash git autoconf libtool gettext-devel automake patch
yum install -y nettle-devel p11-kit-devel libunistring-devel
yum install -y tpm2-tss-devel trousers-devel guile22-devel libtasn1-devel libidn2-devel gawk gperf
yum install -y libtasn1-tools unbound-devel bison gtk-doc texinfo texlive

Sometimes, you may need to install more recent versions of Automake, Nettle, and P11-kit, which you will need to build from sources.

Dependencies that are used during make check or make dist are listed below. Moreover, for basic interoperability testing you may want to install openssl and mbedtls.


apt-get install -y valgrind nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect libev-dev
apt-get install -y dieharder openssl abigail-tools socat net-tools ppp util-linux

NOTE: libubsan0 and libasan1 are required on older versions of Ubuntu <= 16.04. This packages must be manually added on these versions:

apt-get install -y v libubsan0 libasan1


yum install -y valgrind libasan libasan-static libubsan nodejs softhsm datefudge lcov openssl-devel expect libev-devel
yum install -y dieharder mbedtls-utils openssl libabigail libcmocka-devel socat util-linux

To download the version controlled sources:

$ git clone
$ cd gnutls

The next step is to bootstrap and ./configure:

$ ./bootstrap
$ ./configure

When built this way, some developer defaults will be enabled. See for details.

Then build the project normally, and run the test suite.

$ make
$ make check

To test the code coverage of the test suite use the following:

$ ./configure --enable-code-coverage
$ make && make check && make code-coverage-capture

Individual tests that may require additional hardware (e.g., smart cards) are:

$ sh tests/suite/testpkcs11

Building for windows

It is recommended to cross compile using Fedora and the following dependencies:

yum install -y wine mingw32-nettle mingw32-libtasn1 mingw32-gcc

and build as:

mingw32-configure --disable-non-suiteb-curves --disable-doc --without-p11-kit
mingw32-make check

Continuous Integration (CI)

We utilize two continuous integration systems, the gitlab-ci and travis. Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), and is split in two phases, build image creation and compilation/test. The build image creation is done at the gnutls/build-images subproject and uploads the image at the container registry. The compilation/test phase is on every commit to gnutls project.

The Travis based CI, is used to test compilation on MacOSX based systems.


See the contributing document.

Happy hacking!

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.