cURL / Mailing Lists / curl-library / Single Mail

curl-library

Support for GnuTLS/nettle

From: Martin Storsjö <martin_at_martin.st>
Date: Tue, 15 Nov 2011 14:13:45 +0200 (EET)

Hi,

As you know, GnuTLS can be built with nettle as crypto backend since
GnuTLS 2.12, and in the latest git versions, the gcrypt backend has been
removed.

The attached patch adds replacement code for using crypto routines from
nettle instead of gcrypt, which passes all tests that "make test" runs
here.

To use these codepaths, both USE_GNUTLS and USE_GNUTLS_NETTLE would be
defined.

The big question that remains, however, is how to detect this setup - the
current gnutls+gcrypt check in configure simply checks that we can link to
gcrypt. If the system has gcrypt development libraries, this will pass,
even though the gnutls library links to nettle. (This doesn't lead to any
other problems than linking to gcrypt, so that the process has both crypto
libraries linked, as far as I know, though.)

I'm not sure if the crypto backend is reflected in the gnutls headers in
any way, but one way would be to inspect the Libs.private part of gnutls
via pkg-config. The alternative would be to simply use
--with-gnutls-nettle instead of trying to detect which backend to use.
(I'm not that good with autoconf, so help on doing this part is
appreciated.)

// Martin

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2011-11-15