From: Howard Chu <hyc@symas.com>
To: openembedded-devel@lists.openembedded.org
Subject: Re: wpa_supplicant and GnuTLS
Date: Tue, 08 Sep 2009 00:23:46 -0700 [thread overview]
Message-ID: <4AA60682.1020309@symas.com> (raw)
On the Always Innovating TouchBook I've found that the wpa_supplicant always
fails on WPA-EAP authentication in its default package, built with GnuTLS. It
works fine when I rebuild it using OpenSSL. It's surprising the number of
packages in the distro that depend on GnuTLS. I think you should seriously
reconsider relying on such a volatile library in your builds.
-------- Original Message --------
Subject: Re: wpa_supplicant
Date: Tue, 08 Sep 2009 00:02:43 -0700
From: Gregoire Gentil <gregoire@gentil.com>
Reply-To: gregoire@gentil.com
Organization: Gregoire Gentil
To: Howard Chu <hyc@symas.com>
I have no experience with gnutls vs. openssl and I didn't patch
anything. It's OE which is using gnutls and unfortunately, there is a
bunch of packages depending of gnutls :-(. I think that in the situation
you raise, it's really wpa-supplicant recipe that matters:
http://cgit.openembedded.net/cgit.cgi/openembedded/tree/recipes/wpa-supplicant
I can try to replace gnutls depends by openssl but I'm not an expert of
this, so I'm not sure of the result,
Grégoire
On Mon, 2009-09-07 at 23:19 -0700, Howard Chu wrote:
> Also, as I mentioned in bug #8, the wpa_supplicant built with GnuTLS doesn't
> work for me; it only works when built with OpenSSL. I suppose I should point
> out that GnuTLS doesn't exactly have a brilliant history in my experience.
>
> http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
>
> http://www.openldap.org/lists/openldap-bugs/200908/msg00080.html
> http://www.openldap.org/lists/openldap-bugs/200908/msg00084.html
> http://www.openldap.org/lists/openldap-bugs/200903/msg00049.html
> http://www.openldap.org/lists/openldap-bugs/200903/msg00050.html
> http://www.openldap.org/lists/openldap-bugs/200805/msg00094.html
> http://www.openldap.org/lists/openldap-bugs/200802/msg00080.html
>
> The software is immature and the coders behind the project have insufficient
> experience with programming, let alone security software programming. I
> strongly recommend sticking with OpenSSL and removing all GnuTLS dependencies
> from your distro.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
next reply other threads:[~2009-09-09 0:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-08 7:23 Howard Chu [this message]
2009-09-08 7:30 ` wpa_supplicant and GnuTLS Howard Chu
2009-09-09 7:32 ` Holger Hans Peter Freyther
2009-09-09 10:30 ` Phil Blundell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AA60682.1020309@symas.com \
--to=hyc@symas.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.