[gnutls-devel] How to configure GnuTLS on MinGW?
eliz at gnu.org
Sun Dec 14 04:34:57 CET 2014
> From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> Cc: gnutls-devel at lists.gnutls.org
> Date: Sat, 13 Dec 2014 22:31:24 +0100
> On Sat, 2014-12-13 at 21:23 +0200, Eli Zaretskii wrote:
> > > From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> > > Cc: gnutls-devel at lists.gnutls.org
> > > Date: Sat, 13 Dec 2014 19:23:31 +0100
> > Thanks for responding.
> > > > --without-p11-kit
> > > > I do have p11-kit built and installed, but I wonder whether it is
> > > > useful on Windows to build GnuTLS with it. At least for the
> > > > certificate storage, I see in the sources that lib/system.c is
> > > > capable of using Windows's own certificates. However,
> > > > ENABLE_PKCS11 is present in quite a few other locations in the
> > > > sources, so certificates seems to be not the only part of GnuTLS's
> > > > functionality that needs p11-kit. What GnuTLS features might
> > > > benefit from p11-kit?
> > >
> > > That would be whether you need support for PKCS #11 smart cards or so.
> > > It is not straightforward to use them in windows, and unlike linux your
> > > application must setup the pkcs11 libraries etc. If you don't do that,
> > > then most probably you don't need it.
> > Can you elaborate a bit about "setting up the pkcs11 libraries"? I do
> > have p11-kit built for Windows and installed, so what else is needed?
> With PKCS #11 you'll need to load a PKCS #11 module for the smart card
> you have. Some smart card providers give you one, or most rely on
> opensc's pkcs11 module. To load a module if you have, you use something
> like gnutls_pkcs11_add_provider(). In linux you don't normally need to
> call that because p11-kit often comes with configuration
> (in /etc/pkcs11) for the existing modules.
Got it, thanks.
More information about the Gnutls-devel