[gnutls-devel] How to configure GnuTLS on MinGW?

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Dec 13 22:31:24 CET 2014

On Sat, 2014-12-13 at 21:23 +0200, Eli Zaretskii wrote:
> > From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> > Cc: gnutls-devel at lists.gnutls.org
> > Date: Sat, 13 Dec 2014 19:23:31 +0100
> Thanks for responding.
> > >   --without-p11-kit
> > >     I do have p11-kit built and installed, but I wonder whether it is
> > >     useful on Windows to build GnuTLS with it.  At least for the
> > >     certificate storage, I see in the sources that lib/system.c is
> > >     capable of using Windows's own certificates.  However,
> > >     ENABLE_PKCS11 is present in quite a few other locations in the
> > >     sources, so certificates seems to be not the only part of GnuTLS's
> > >     functionality that needs p11-kit.  What GnuTLS features might
> > >     benefit from p11-kit?
> > 
> > That would be whether you need support for PKCS #11 smart cards or so.
> > It is not straightforward to use them in windows, and unlike linux your
> > application must setup the pkcs11 libraries etc. If you don't do that,
> > then most probably you don't need it.
> Can you elaborate a bit about "setting up the pkcs11 libraries"?  I do
> have p11-kit built for Windows and installed, so what else is needed?

With PKCS #11 you'll need to load a PKCS #11 module for the smart card
you have. Some smart card providers give you one, or most rely on
opensc's pkcs11 module. To load a module if you have, you use something
like gnutls_pkcs11_add_provider(). In linux you don't normally need to
call that because p11-kit often comes with configuration
(in /etc/pkcs11) for the existing modules.


More information about the Gnutls-devel mailing list