[gnutls-devel] GnuTLS | report system config file location in gnutls-cli (#1399)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Aug 24 17:27:37 CEST 2022



Robert Elliott created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1399



## Description of the feature:
The default location of the system configuration file is a compile-time choice specified in the Makefile. There is no command reporting this information to the user, though.

The gnutls_get_system_config_file() function returns the active value (which might be overridden by the GNUTLS_SYSTEM_PRIORITY_FILE environment variable), but there is no CLI command that reports that information.

Suggestions:
1. add the compiled-in directory location to:
```
$ gnutls-cli --list-config
libgnutls-soname: libgnutls.so.30
libnettle-soname: libnettle.so.8
libhogweed-soname: libhogweed.so.6
libgmp-soname: libgmp.so.10
hardware-features: padlock pkcs11
tls-features: ssl2-compat srtp alpn ocsp srp psk dhe ecdhe auth-anon heartbeat
default-system-config-file: /path/to/gnutls.config
## Applications that this feature may be relevant to:
gnutls-cli
```

That can be done by adding one line to this array:
```
static const struct gnutls_library_config_st _gnutls_library_config[] = {
#ifdef FIPS_MODULE_NAME
        { "fips-module-name", FIPS_MODULE_NAME },
#endif
#ifdef FIPS_MODULE_VERSION
        { "fips-module-version", FIPS_MODULE_VERSION },
#endif
        { "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
        { "libnettle-soname", NETTLE_LIBRARY_SONAME },
        { "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
        { "libgmp-soname", GMP_LIBRARY_SONAME },
        { "hardware-features", HW_FEATURES },
        { "tls-features", TLS_FEATURES },
        { "default-system-config", SYSTEM_PRIORITY_FILE },
        { NULL, NULL }
};
```

2. Add a command reporting the active value (i.e., the results of
gnutls_get_system_config_file(), maybe:
```
$ gnutls --list-config-file
GNUTLS_SYSTEM_PRIORITY_FILE: "/path/to/gnutls.config"
```

## Is this feature implemented in other libraries (and which)

A similar command in OpenSSL is
```
$ openssl version -d
OPENSSLDIR: "/etc/pki/tls"
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1399
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220824/5fe7be6f/attachment-0001.html>


More information about the Gnutls-devel mailing list