[gnutls-devel] How to configure GnuTLS on MinGW?

Eli Zaretskii eliz at gnu.org
Sat Dec 13 12:29:55 CET 2014 

Could someone please help me figuring out how best to configure GnuTLS
on MS-Windows for the MinGW build?  The configure script offers a lot
of optional switches, but I couldn't find guidance about which ones to
use on Windows.

Mind you, I know almost nothing about Internet security, so the
description of the various options that could perhaps tell enough to
someone who does know about security, doesn't give enough information
for me.

Some specific switches that I was wondering about:

  --without-p11-kit
    I do have p11-kit built and installed, but I wonder whether it is
    useful on Windows to build GnuTLS with it.  At least for the
    certificate storage, I see in the sources that lib/system.c is
    capable of using Windows's own certificates.  However,
    ENABLE_PKCS11 is present in quite a few other locations in the
    sources, so certificates seems to be not the only part of GnuTLS's
    functionality that needs p11-kit.  What GnuTLS features might
    benefit from p11-kit?

  --with-default-trust-store-file
    I initially intended using it, but then I saw in lib/system.c that
    doing so disables the code that uses the Windows's certificate
    store, so I understand this option is not to be used on Windows,
    even if one does have a certificate bundle installed as
    ca-certificates.crt.  Is that correct?  Also, would it make sense
    to use ca-certificates.crt, if available, in addition to the
    Windows-stored certificates (by making an appropriate change in
    system.c)?

  --with-default-blacklist-file
    Is it advisable to use this, and if so, where and how to get the
    initial blacklist file, and in what format should it be?

  --with-system-priority-file
    Likewise with this option: will it be useful on Windows, and if
    so, how to obtain the priority file?

Any other of the --enable/--disable or --with/--without options that
need special considerations on Windows?

Thanks in advance.

(Btw, "./configure --help" implies that building Guile bindings is
disabled by default, but the default is actually to enable them if
Guile is found on the build system.  I suggest to update configure.ac
to reflect the default.)

More information about the Gnutls-devel mailing list