[poky] gnutls-2.12.14-r3.1 - strange rpm names yocto
Andrei Gherzan
andrei at gherzan.ro
Tue Dec 20 15:41:58 PST 2011
On 12/20/2011 08:18 PM, Saul Wold wrote:
> On 12/20/2011 03:09 AM, Andrei Gherzan wrote:
>> I can look over this as well but there would be a problem: i don't know
>> what solution to choose. I can take this package out from WHITELIST,
>> ican make wpa_supplicant to compile with openssl and not with gnutls...
>> i can compile wpa-supplicant without gnutls-extra and so on... What do
>> you say?
> I think it needs to stay in the WHITELIST for know, until we have some
> kind of future change that can determine package based LICENSE info
> and build accordingly (that's a different issue then this right now).
>
> What does wpa-supplicant use from gnutls-extra? What functionality
> could be lost? This might be the best approach, and could be a
> conditional patch based on GPLv3 or not (see code in util-linux_2.19.1)
>
> For WPA-supplicant and openssl, are there know issues?
>
> Sau!
>
>> _______________________________________________
>> poky mailing list
>> poky at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/poky
>>
Well things seem to be like this. wpa-supplicant has 3 ways of
implementing TLS:
1. internal
2. openssl
3. gnutls + optional gnutls extra.
For internal there are only these features:
1. can be used in place of an external TLS/crypto library
2. TLSv1
3. X.509 certificate processing
4. PKCS #1
5. ASN.1
6. RSA
7. bignum
8. minimal size (ca. 50 kB binary, parts of which are already needed for
WPA; TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86)
OpenSSL has a license problem (as i recall). It is not GPL compatible.
gnutls comes optionally with gnutls-extra. This rpm implements TLS/IA.
"The TLS/IA protocol was designed to be used in the EAP-TTLSv1
protocol, to perform user authentication of Wireless LAN network nodes
using IEEE 802.1x. The TLS/IA and TTLSv1 protocols were published
through the IETF and descriptions"
My choice would be to eliminate this feature and build wpa-suplicant
without gnutls-extra. In this way we have a solid TLS implementations,
GPL compatible with a little compromise. Obviously, this would be only
in a non-GPLv3 build.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/poky/attachments/20111221/0ff56393/attachment.html>
More information about the poky
mailing list