[OE-core] [PATCH] gnutls: Add a config option to enable the pkcs11 trust store
Philippe Normand
philn at igalia.com
Thu May 30 12:04:23 UTC 2019
On Thu, 2019-05-30 at 12:46 +0100, richard.purdie at linuxfoundation.org
wrote:
> On Thu, 2019-05-30 at 12:43 +0100, Philippe Normand wrote:
> > On Thu, 2019-05-30 at 12:38 +0100, Richard Purdie wrote:
> > > On Thu, 2019-05-30 at 11:12 +0100, Philippe Normand wrote:
> > > > Since version 2.60 the glib-networking TLS database relies on
> > > > GnuTLS's system
> > > > trust store, so not enabling it leads to TLS errors in
> > > > applications
> > > > depending on
> > > > glib-networking. The raised runtime warning is:
> > > >
> > > > process:500): GLib-Net-WARNING **: 09:14:09.321: Failed to load
> > > > TLS
> > > > database: Failed to load system trust store: GnuTLS was not
> > > > configured with a system trust
> > > > (app:490): ... TLS Error: TLS certificate has unknown CA.
> > >
> > > Doesn't this mean we should enable it by default as well?
> > >
> >
> > Yes, I would likely support this decision. :)
> >
> > I didn't do it in the patch because I don't know all the
> > consequences
> > of enabling this by default. I would rather defer the decision to
> > the
> > recipe maintainer.
>
> Given we're seeing issues without it enabled, can you send a v2 with
> it
> being enabled by default please?
>
> We try not to do that where it adds dependencies we don't need but it
> seems to make sense here to me (I can take repsonsibilty for asking
> for
> it!).
>
Alright, I'll update the patch then. Enabling this new option requires
the p11-kit option to be enabled as well though.
Philippe
More information about the Openembedded-core
mailing list