[Buildroot] [PATCH 1/2] gnutls: Give library a default trust location

Peter Korsgaard peter at korsgaard.com
Sun Dec 16 14:25:33 UTC 2018


>>>>> "Trent" == Trent Piepho <tpiepho at impinj.com> writes:

 > Gnutls is building with no default location to look for CA certs.  Since
 > there are buildroot packages to provide these, configure it to use them
 > by default.

 > Configure gnutls to find them using the bundle file which contains all
 > certs, rather than looking in the cert directory.  When gnutls is told
 > to use the directory, it loads *every* file in it.  This means it loads
 > the bundle with all certs, then loads each cert a second time using the
 > individual pem files, and then loads them all the third time via the
 > hash symlinks to the pem files.

 > When p11-kit is enabled, use its trust module instead of the bundle
 > file.  p11-kit can be configured to use the bundle (the default), but it
 > can do other things too, such as integrate with the "trust" command for
 > adding and removing trust anchors.

 > Signed-off-by: Trent Piepho <tpiepho at impinj.com>

Committed both to 2018.02.x, 2018.08.x and 2018.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list