[gnutls-devel] How to configure GnuTLS on MinGW?
Eli Zaretskii
eliz at gnu.org
Sat Dec 13 12:29:55 CET 2014
Could someone please help me figuring out how best to configure GnuTLS
on MS-Windows for the MinGW build? The configure script offers a lot
of optional switches, but I couldn't find guidance about which ones to
use on Windows.
Mind you, I know almost nothing about Internet security, so the
description of the various options that could perhaps tell enough to
someone who does know about security, doesn't give enough information
for me.
Some specific switches that I was wondering about:
--without-p11-kit
I do have p11-kit built and installed, but I wonder whether it is
useful on Windows to build GnuTLS with it. At least for the
certificate storage, I see in the sources that lib/system.c is
capable of using Windows's own certificates. However,
ENABLE_PKCS11 is present in quite a few other locations in the
sources, so certificates seems to be not the only part of GnuTLS's
functionality that needs p11-kit. What GnuTLS features might
benefit from p11-kit?
--with-default-trust-store-file
I initially intended using it, but then I saw in lib/system.c that
doing so disables the code that uses the Windows's certificate
store, so I understand this option is not to be used on Windows,
even if one does have a certificate bundle installed as
ca-certificates.crt. Is that correct? Also, would it make sense
to use ca-certificates.crt, if available, in addition to the
Windows-stored certificates (by making an appropriate change in
system.c)?
--with-default-blacklist-file
Is it advisable to use this, and if so, where and how to get the
initial blacklist file, and in what format should it be?
--with-system-priority-file
Likewise with this option: will it be useful on Windows, and if
so, how to obtain the priority file?
Any other of the --enable/--disable or --with/--without options that
need special considerations on Windows?
Thanks in advance.
(Btw, "./configure --help" implies that building Guile bindings is
disabled by default, but the default is actually to enable them if
Guile is found on the build system. I suggest to update configure.ac
to reflect the default.)
More information about the Gnutls-devel
mailing list