[OE-core] cURL recipe: SSL backend
Andre McCurdy
armccurdy at gmail.com
Mon May 7 20:00:57 UTC 2018
On Mon, May 7, 2018 at 7:17 AM, Mark Hatle <mark.hatle at windriver.com> wrote:
> On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
>> Alright, good point.
>>
>> But what if I need to use openssl instead of gnutls on Target? Can it be changed
>> without side effects?
The behaviour of curl when built with gnutls -vs- openssl in OE is not
the same. There are things (maybe related to certificates?) which work
fine with openssl but don't work with gnutls. Unfortunately I don't
have many more details than that - all the OE distros I use have
switched to using openssl, so going back to figure out what's wrong
with gnutls has never been a high priority. If you switch you should
test carefully, but from my experience openssl works better.
> This is why the package config settins are present in the curl recipe. You can
> adjust the setting to use whatever TLS engine you want in your distribution or
> project configuration.
>
> PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"
This will work, but a more robust approach may be to use _append and
_remove to change PACKAGECONFIG options (rather than over-riding with
an absolute set of options, which may become out of sync with the
defaults in the main recipe). e.g.
PACKAGECONFIG_remove_pn-curl = "gnutls"
PACKAGECONFIG_append_pn-curl = " ssl"
> or any other combination of available options..
>
> --Mark
>
>> Regards,
>>
>> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin <alexander.kanavin at linux.intel.com
>> <mailto:alexander.kanavin at linux.intel.com>>:
>>
>> On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
>>
>> cULR is built with GNUTLS for Target but OpenSSL is used for native and SDK.
>>
>> So my question is: why GNUTLS is used only for target? Is it necessary
>> for some good reason? Documentation for cURL has no explicit answer for
>> that.
>>
>> Could somebody help me to find the answer?
>>
>>
>> I think enabling gnutls on the native side would add a ton of dependencies
>> to build, and so openssl (which is more self-contained) is selected there.
>>
>> Alex
>>
>>
>>
>>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list