[oe] Fwd: Re: wpa_supplicant and GnuTLS
Howard Chu
hyc at symas.com
Tue Sep 8 07:23:46 UTC 2009
On the Always Innovating TouchBook I've found that the wpa_supplicant always
fails on WPA-EAP authentication in its default package, built with GnuTLS. It
works fine when I rebuild it using OpenSSL. It's surprising the number of
packages in the distro that depend on GnuTLS. I think you should seriously
reconsider relying on such a volatile library in your builds.
-------- Original Message --------
Subject: Re: wpa_supplicant
Date: Tue, 08 Sep 2009 00:02:43 -0700
From: Gregoire Gentil <gregoire at gentil.com>
Reply-To: gregoire at gentil.com
Organization: Gregoire Gentil
To: Howard Chu <hyc at symas.com>
I have no experience with gnutls vs. openssl and I didn't patch
anything. It's OE which is using gnutls and unfortunately, there is a
bunch of packages depending of gnutls :-(. I think that in the situation
you raise, it's really wpa-supplicant recipe that matters:
http://cgit.openembedded.net/cgit.cgi/openembedded/tree/recipes/wpa-supplicant
I can try to replace gnutls depends by openssl but I'm not an expert of
this, so I'm not sure of the result,
Grégoire
On Mon, 2009-09-07 at 23:19 -0700, Howard Chu wrote:
> Also, as I mentioned in bug #8, the wpa_supplicant built with GnuTLS doesn't
> work for me; it only works when built with OpenSSL. I suppose I should point
> out that GnuTLS doesn't exactly have a brilliant history in my experience.
>
> http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
>
> http://www.openldap.org/lists/openldap-bugs/200908/msg00080.html
> http://www.openldap.org/lists/openldap-bugs/200908/msg00084.html
> http://www.openldap.org/lists/openldap-bugs/200903/msg00049.html
> http://www.openldap.org/lists/openldap-bugs/200903/msg00050.html
> http://www.openldap.org/lists/openldap-bugs/200805/msg00094.html
> http://www.openldap.org/lists/openldap-bugs/200802/msg00080.html
>
> The software is immature and the coders behind the project have insufficient
> experience with programming, let alone security software programming. I
> strongly recommend sticking with OpenSSL and removing all GnuTLS dependencies
> from your distro.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Openembedded-devel
mailing list