[gnutls-devel] How to configure GnuTLS on MinGW?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Dec 13 22:31:24 CET 2014
On Sat, 2014-12-13 at 21:23 +0200, Eli Zaretskii wrote:
> > From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> > Cc: gnutls-devel at lists.gnutls.org
> > Date: Sat, 13 Dec 2014 19:23:31 +0100
>
> Thanks for responding.
>
> > > --without-p11-kit
> > > I do have p11-kit built and installed, but I wonder whether it is
> > > useful on Windows to build GnuTLS with it. At least for the
> > > certificate storage, I see in the sources that lib/system.c is
> > > capable of using Windows's own certificates. However,
> > > ENABLE_PKCS11 is present in quite a few other locations in the
> > > sources, so certificates seems to be not the only part of GnuTLS's
> > > functionality that needs p11-kit. What GnuTLS features might
> > > benefit from p11-kit?
> >
> > That would be whether you need support for PKCS #11 smart cards or so.
> > It is not straightforward to use them in windows, and unlike linux your
> > application must setup the pkcs11 libraries etc. If you don't do that,
> > then most probably you don't need it.
>
> Can you elaborate a bit about "setting up the pkcs11 libraries"? I do
> have p11-kit built for Windows and installed, so what else is needed?
With PKCS #11 you'll need to load a PKCS #11 module for the smart card
you have. Some smart card providers give you one, or most rely on
opensc's pkcs11 module. To load a module if you have, you use something
like gnutls_pkcs11_add_provider(). In linux you don't normally need to
call that because p11-kit often comes with configuration
(in /etc/pkcs11) for the existing modules.
regards,
Nikos
More information about the Gnutls-devel
mailing list