[oe] Fwd: Re: wpa_supplicant and GnuTLS
Howard Chu
hyc at symas.com
Tue Sep 8 07:30:07 UTC 2009
Howard Chu wrote:
> On the Always Innovating TouchBook I've found that the wpa_supplicant always
> fails on WPA-EAP authentication in its default package, built with GnuTLS. It
> works fine when I rebuild it using OpenSSL. It's surprising the number of
> packages in the distro that depend on GnuTLS. I think you should seriously
> reconsider relying on such a volatile library in your builds.
Another note, looking at the diff of recipes/wpa-supplicant/files/defconfig
and defconfig-0.6-gnutls
@@ -132,6 +95,10 @@
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
...
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+# none = Empty template
+CONFIG_TLS=gnutls
+
setting CONFIG_SMARTCARD is pointless since GnuTLS has no hardware engine
support. (Or: using GnuTLS is pointless if you actually want smartcard support...)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Openembedded-devel
mailing list