[OE-core] [PATCH] gnutls: Add a config option to enable the pkcs11 trust store
richard.purdie at linuxfoundation.org
richard.purdie at linuxfoundation.org
Thu May 30 11:46:07 UTC 2019
On Thu, 2019-05-30 at 12:43 +0100, Philippe Normand wrote:
> On Thu, 2019-05-30 at 12:38 +0100, Richard Purdie wrote:
> > On Thu, 2019-05-30 at 11:12 +0100, Philippe Normand wrote:
> > > Since version 2.60 the glib-networking TLS database relies on
> > > GnuTLS's system
> > > trust store, so not enabling it leads to TLS errors in
> > > applications
> > > depending on
> > > glib-networking. The raised runtime warning is:
> > >
> > > process:500): GLib-Net-WARNING **: 09:14:09.321: Failed to load
> > > TLS
> > > database: Failed to load system trust store: GnuTLS was not
> > > configured with a system trust
> > > (app:490): ... TLS Error: TLS certificate has unknown CA.
> >
> > Doesn't this mean we should enable it by default as well?
> >
>
> Yes, I would likely support this decision. :)
>
> I didn't do it in the patch because I don't know all the consequences
> of enabling this by default. I would rather defer the decision to the
> recipe maintainer.
Given we're seeing issues without it enabled, can you send a v2 with it
being enabled by default please?
We try not to do that where it adds dependencies we don't need but it
seems to make sense here to me (I can take repsonsibilty for asking for
it!).
Cheers,
Richard
More information about the Openembedded-core
mailing list