[gnutls-devel] How to configure GnuTLS on MinGW?

[Eli Zaretskii]

> From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> Cc: gnutls-devel at lists.gnutls.org
> Date: Sat, 13 Dec 2014 22:31:24 +0100
> 
> On Sat, 2014-12-13 at 21:23 +0200, Eli Zaretskii wrote:
> > > From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> > > Cc: gnutls-devel at lists.gnutls.org
> > > Date: Sat, 13 Dec 2014 19:23:31 +0100
> > 
> > Thanks for responding.
> > 
> > > >   --without-p11-kit
> > > >     I do have p11-kit built and installed, but I wonder whether it is
> > > >     useful on Windows to build GnuTLS with it.  At least for the
> > > >     certificate storage, I see in the sources that lib/system.c is
> > > >     capable of using Windows's own certificates.  However,
> > > >     ENABLE_PKCS11 is present in quite a few other locations in the
> > > >     sources, so certificates seems to be not the only part of GnuTLS's
> > > >     functionality that needs p11-kit.  What GnuTLS features might
> > > >     benefit from p11-kit?
> > > 
> > > That would be whether you need support for PKCS #11 smart cards or so.
> > > It is not straightforward to use them in windows, and unlike linux your
> > > application must setup the pkcs11 libraries etc. If you don't do that,
> > > then most probably you don't need it.
> > 
> > Can you elaborate a bit about "setting up the pkcs11 libraries"?  I do
> > have p11-kit built for Windows and installed, so what else is needed?
> 
> With PKCS #11 you'll need to load a PKCS #11 module for the smart card
> you have. Some smart card providers give you one, or most rely on
> opensc's pkcs11 module. To load a module if you have, you use something
> like gnutls_pkcs11_add_provider(). In linux you don't normally need to
> call that because p11-kit often comes with configuration
> (in /etc/pkcs11) for the existing modules.

Got it, thanks.