[gnutls-devel] How to configure GnuTLS on MinGW?

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Dec 13 19:23:31 CET 2014 

On Sat, 2014-12-13 at 13:29 +0200, Eli Zaretskii wrote:
> Could someone please help me figuring out how best to configure GnuTLS
> on MS-Windows for the MinGW build?  The configure script offers a lot
> of optional switches, but I couldn't find guidance about which ones to
> use on Windows.
> 
> Mind you, I know almost nothing about Internet security, so the
> description of the various options that could perhaps tell enough to
> someone who does know about security, doesn't give enough information
> for me.
> 
> Some specific switches that I was wondering about:
>   --without-p11-kit
>     I do have p11-kit built and installed, but I wonder whether it is
>     useful on Windows to build GnuTLS with it.  At least for the
>     certificate storage, I see in the sources that lib/system.c is
>     capable of using Windows's own certificates.  However,
>     ENABLE_PKCS11 is present in quite a few other locations in the
>     sources, so certificates seems to be not the only part of GnuTLS's
>     functionality that needs p11-kit.  What GnuTLS features might
>     benefit from p11-kit?

That would be whether you need support for PKCS #11 smart cards or so.
It is not straightforward to use them in windows, and unlike linux your
application must setup the pkcs11 libraries etc. If you don't do that,
then most probably you don't need it. It may be easier to simply support
the system-keys in windows, but that's only available in master branch
for now.

>   --with-default-trust-store-file

In windows the windows CA store is being used.

>   --with-default-blacklist-file
>     Is it advisable to use this, and if so, where and how to get the
>     initial blacklist file, and in what format should it be?

It's a PEM list of blacklisted certificates. Most systems don't have
something like that, so you're safe if you don't use it.

>   --with-system-priority-file
>     Likewise with this option: will it be useful on Windows, and if
>     so, how to obtain the priority file?

This was made for distributors of gnutls. With that you can make
system-wide priority strings available to applications.

regards,
Nikos

More information about the Gnutls-devel mailing list