Re: wpa_supplicant and GnuTLS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Howard Chu <hyc@symas.com>
To: openembedded-devel@lists.openembedded.org
Subject: Re: wpa_supplicant and GnuTLS
Date: Tue, 08 Sep 2009 00:30:07 -0700	[thread overview]
Message-ID: <4AA607FF.4020607@symas.com> (raw)
In-Reply-To: <4AA60682.1020309@symas.com>

Howard Chu wrote:
> On the Always Innovating TouchBook I've found that the wpa_supplicant always
> fails on WPA-EAP authentication in its default package, built with GnuTLS. It
> works fine when I rebuild it using OpenSSL. It's surprising the number of
> packages in the distro that depend on GnuTLS. I think you should seriously
> reconsider relying on such a volatile library in your builds.

Another note, looking at the diff of recipes/wpa-supplicant/files/defconfig 
and defconfig-0.6-gnutls

@@ -132,6 +95,10 @@
  # a file that usually has extension .p12 or .pfx)
  CONFIG_PKCS12=y

+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
  # PC/SC interface for smartcards (USIM, GSM SIM)
  # Enable this if EAP-SIM or EAP-AKA is included
  #CONFIG_PCSC=y

...

+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+# none = Empty template
+CONFIG_TLS=gnutls
+

setting CONFIG_SMARTCARD is pointless since GnuTLS has no hardware engine 
support. (Or: using GnuTLS is pointless if you actually want smartcard support...)

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

next prev parent reply	other threads:[~2009-09-09  0:35 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-08  7:23 wpa_supplicant and GnuTLS Howard Chu
2009-09-08  7:30 ` Howard Chu [this message]
2009-09-09  7:32 ` Holger Hans Peter Freyther
2009-09-09 10:30   ` Phil Blundell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AA607FF.4020607@symas.com \
    --to=hyc@symas.com \
    --cc=openembedded-devel@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.