Since version 2.60 the glib-networking TLS database relies on GnuTLS's system trust store, so not enabling it leads to TLS errors in applications depending on glib-networking. The raised runtime warning is:
process:500): GLib-Net-WARNING **: 09:14:09.321: Failed to load TLS database: Failed to load system trust store: GnuTLS was not configured with a system trust (app:490): ... TLS Error: TLS certificate has unknown CA. This new option is enabled by default because it is what glib-networking now expects. Disabling this option would break certificates validation for all applications directly or indirectly (via libsoup for instance) depending on glib-networking. --- meta/recipes-support/gnutls/gnutls_3.6.7.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-support/gnutls/gnutls_3.6.7.bb b/meta/recipes-support/gnutls/gnutls_3.6.7.bb index e05dc2b57d..48684678bb 100644 --- a/meta/recipes-support/gnutls/gnutls_3.6.7.bb +++ b/meta/recipes-support/gnutls/gnutls_3.6.7.bb @@ -26,7 +26,7 @@ SRC_URI[sha256sum] = "5b3409ad5aaf239808730d1ee12fdcd148c0be00262c7edf157af655a8 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc -PACKAGECONFIG ??= "libidn" +PACKAGECONFIG ??= "libidn p11-kit pkcs11-trust-store" # You must also have CONFIG_SECCOMP enabled in the kernel for # seccomp to work. @@ -35,6 +35,8 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[pkcs11-trust-store] = "--with-default-trust-store-pkcs11=pkcs11:,," + EXTRA_OECONF = " \ --enable-doc \ -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core