diff options
authorGravatar Trent Piepho <tpiepho@impinj.com>2018-11-16 20:17:32 +0000
committerGravatar Peter Korsgaard <peter@korsgaard.com>2018-12-16 15:25:08 +0100
commita32df40af6638e6bc5fb5d93db01539ac781290d (patch)
parent82c624cd6e791988330784b946a0e6fe3f98a279 (diff)
package/gnutls: give library a default trust location
Gnutls is building with no default location to look for CA certs. Since there are buildroot packages to provide these, configure it to use them by default. Configure gnutls to find them using the bundle file which contains all certs, rather than looking in the cert directory. When gnutls is told to use the directory, it loads *every* file in it. This means it loads the bundle with all certs, then loads each cert a second time using the individual pem files, and then loads them all the third time via the hash symlinks to the pem files. When p11-kit is enabled, use its trust module instead of the bundle file. p11-kit can be configured to use the bundle (the default), but it can do other things too, such as integrate with the "trust" command for adding and removing trust anchors. Signed-off-by: Trent Piepho <tpiepho@impinj.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 379306e8f2394d6f75ac138673dbf6be9ae9155a) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1 files changed, 7 insertions, 0 deletions
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index 1cf1f281fa..1d8071a405 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -82,4 +82,11 @@ else
GNUTLS_CONF_OPTS += --without-zlib
+# Provide a default CA cert location
+ifeq ($(BR2_PACKAGE_P11_KIT),y)
+GNUTLS_CONF_OPTS += --with-default-trust-store-pkcs11=pkcs11:model=p11-kit-trust
+GNUTLS_CONF_OPTS += --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
$(eval $(autotools-package))