[OE-core] [PATCH] gnutls: Add a config option to enable the pkcs11 trust store
Philippe Normand
philn at igalia.com
Thu May 30 11:43:36 UTC 2019
On Thu, 2019-05-30 at 12:38 +0100, Richard Purdie wrote:
> On Thu, 2019-05-30 at 11:12 +0100, Philippe Normand wrote:
> > Since version 2.60 the glib-networking TLS database relies on
> > GnuTLS's system
> > trust store, so not enabling it leads to TLS errors in applications
> > depending on
> > glib-networking. The raised runtime warning is:
> >
> > process:500): GLib-Net-WARNING **: 09:14:09.321: Failed to load TLS
> > database: Failed to load system trust store: GnuTLS was not
> > configured with a system trust
> > (app:490): ... TLS Error: TLS certificate has unknown CA.
>
> Doesn't this mean we should enable it by default as well?
>
Yes, I would likely support this decision. :)
I didn't do it in the patch because I don't know all the consequences
of enabling this by default. I would rather defer the decision to the
recipe maintainer.
Philippe
More information about the Openembedded-core
mailing list