|
| 1 | +# Building for TLS Support |
| 2 | + |
| 3 | +If you want to include support for Transport Layer Security |
| 4 | +(`tls+tcp://` and `wss://` URLs) you should follow these directions. |
| 5 | + |
| 6 | +TLS support in NNG depends on either the [Mbed TLS](https://tls.mbed.org/) |
| 7 | +or [WolfSSL](https://www.wolfssl.com/) library (your choice). |
| 8 | + |
| 9 | +> [!IMPORTANT] |
| 10 | +> These libraries are licensed under different terms than NNG. |
| 11 | +> You are responsible for reading those license terms, and ensuring |
| 12 | +> that your use conforms to them. |
| 13 | +
|
| 14 | +> [!TIP] |
| 15 | +> This project receives no compensation or support in any other form |
| 16 | +> from either ARM (owners of the Mbed TLS project) or WolfSSL. |
| 17 | +> Thus, as a special request, if you're paying for commercial licenses for |
| 18 | +> either Mbed TLS or WolfSSL for use with NNG, please consider also sponsoring |
| 19 | +> this project or obtaining a commercial support contract from |
| 20 | +> [Staysail Systems, Inc.](https://www.staysail.tech/) |
| 21 | +> You can enquire about support contracts at [email protected]. |
| 22 | +> Sponsorship information is available on our |
| 23 | +> [GitHub page](https://github.com/nanomsg/nng). Thank you! |
| 24 | +
|
| 25 | +On many distributions you may be able to install a pre-packaged version |
| 26 | +of either library. We recommend doing so if this is an option for you. |
| 27 | +For example, Ubuntu users can install the `libmbedtls-dev` package. |
| 28 | + |
| 29 | +You can also build these from source; if you choose to do so, |
| 30 | +please make sure you also _install_ it somewhere (even a temporary |
| 31 | +staging directory). |
| 32 | + |
| 33 | +## Configuring NNG with TLS |
| 34 | + |
| 35 | +TLS support is not enabled by default, but can be enabled by configuring |
| 36 | +with the CMake option `NNG_ENABLE_TLS=ON`. |
| 37 | + |
| 38 | +You can select which library to use by using `NNG_TLS_ENGINE=mbed` or |
| 39 | +`NNG_TLS_ENGINE=wolf`. If you specify neither, then Mbed TLS will be assumed |
| 40 | +by default. |
| 41 | + |
| 42 | +By default NNG searches for an installed components in `/usr/local`, |
| 43 | +as well as the normal installation directories for libraries on your system. |
| 44 | + |
| 45 | +If you have installed Mbed TLS elsewhere, you can direct the NNG configuration |
| 46 | +to it by setting the `MBEDTLS_ROOT_DIR` or `WOLFSSL_ROOT_DIR` CMake variable |
| 47 | +as appropriate. |
| 48 | + |
| 49 | +## Example |
| 50 | + |
| 51 | +The following example would work on either Linux or macOS, and assumes |
| 52 | +that we have checked out github source trees into `$HOME/work`. |
| 53 | +It also assumes that Mbed TLS is already installed in `/usr/local` or |
| 54 | +a standard search path. |
| 55 | + |
| 56 | +``` |
| 57 | +
|
| 58 | +$ export NNGDIR=$HOME/work/nng |
| 59 | +$ mkdir build |
| 60 | +$ cd build |
| 61 | +
|
| 62 | +$ cmake -G Ninja -DNNG_ENABLE_TLS=ON .. |
| 63 | +
|
| 64 | +... (lots of lines of output from cmake...) |
| 65 | +
|
| 66 | +$ ninja build |
| 67 | +
|
| 68 | +... (lots of lines of output from ninja...) |
| 69 | +
|
| 70 | +$ ./src/supplemental/tls/tls_test -v |
| 71 | +
|
| 72 | +... (lots of lines of output from the test ...) |
| 73 | +
|
| 74 | +Summary: |
| 75 | + Count of all unit tests: 9 |
| 76 | + Count of run unit tests: 9 |
| 77 | + Count of failed unit tests: 0 |
| 78 | + Count of skipped unit tests: 0 |
| 79 | +SUCCESS: All unit tests have passed. |
| 80 | +``` |
0 commit comments