[OE-core] cURL recipe: SSL backend

Andre McCurdy armccurdy at gmail.com
Mon May 7 20:00:57 UTC 2018 

On Mon, May 7, 2018 at 7:17 AM, Mark Hatle <mark.hatle at windriver.com> wrote:
> On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
>> Alright, good point.
>>
>> But what if I need to use openssl instead of gnutls on Target? Can it be changed
>> without side effects?

The behaviour of curl when built with gnutls -vs- openssl in OE is not
the same. There are things (maybe related to certificates?) which work
fine with openssl but don't work with gnutls. Unfortunately I don't
have many more details than that - all the OE distros I use have
switched to using openssl, so going back to figure out what's wrong
with gnutls has never been a high priority. If you switch you should
test carefully, but from my experience openssl works better.

> This is why the package config settins are present in the curl recipe.  You can
> adjust the setting to use whatever TLS engine you want in your distribution or
> project configuration.
>
> PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"

This will work, but a more robust approach may be to use _append and
_remove to change PACKAGECONFIG options (rather than over-riding with
an absolute set of options, which may become out of sync with the
defaults in the main recipe). e.g.

  PACKAGECONFIG_remove_pn-curl = "gnutls"
  PACKAGECONFIG_append_pn-curl = " ssl"

> or any other combination of available options..
>
> --Mark
>
>> Regards,
>>
>> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin <alexander.kanavin at linux.intel.com
>> <mailto:alexander.kanavin at linux.intel.com>>:
>>
>>     On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
>>
>>         cULR is built with GNUTLS for Target but OpenSSL is used for native and SDK.
>>
>>         So my question is: why GNUTLS is used only for target? Is it necessary
>>         for some good reason? Documentation for cURL has no explicit answer for
>>         that.
>>
>>         Could somebody help me to find the answer?
>>
>>
>>     I think enabling gnutls on the native side would add a ton of dependencies
>>     to build, and so openssl (which is more self-contained) is selected there.
>>
>>     Alex
>>
>>
>>
>>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list