[OE-core] cURL recipe: SSL backend

2018-05-07 Thread Viacheslav Salnikov 
Hello all,

cULR is built with GNUTLS for Target but OpenSSL is used for native and
SDK.

So my question is: why GNUTLS is used only for target? Is it necessary for
some good reason? Documentation for cURL has no explicit answer for that.

Could somebody help me to find the answer?

Thanks.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] cURL recipe: SSL backend

2018-05-07 Thread Alexander Kanavin 

On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
cULR is built with GNUTLS for Target but OpenSSL is used for native and 
SDK.


So my question is: why GNUTLS is used only for target? Is it necessary 
for some good reason? Documentation for cURL has no explicit answer for 
that.


Could somebody help me to find the answer?


I think enabling gnutls on the native side would add a ton of 
dependencies to build, and so openssl (which is more self-contained) is 
selected there.


Alex

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] cURL recipe: SSL backend

2018-05-07 Thread Viacheslav Salnikov 
Alright, good point.

But what if I need to use openssl instead of gnutls on Target? Can it be
changed without side effects?

Regards,

2018-05-07 15:59 GMT+03:00 Alexander Kanavin <
alexander.kana...@linux.intel.com>:

> On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
>
>> cULR is built with GNUTLS for Target but OpenSSL is used for native and
>> SDK.
>>
>> So my question is: why GNUTLS is used only for target? Is it necessary
>> for some good reason? Documentation for cURL has no explicit answer for
>> that.
>>
>> Could somebody help me to find the answer?
>>
>
> I think enabling gnutls on the native side would add a ton of dependencies
> to build, and so openssl (which is more self-contained) is selected there.
>
> Alex
>
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] cURL recipe: SSL backend

2018-05-07 Thread Mark Hatle 
On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
> Alright, good point.
> 
> But what if I need to use openssl instead of gnutls on Target? Can it be 
> changed
> without side effects?

This is why the package config settins are present in the curl recipe.  You can
adjust the setting to use whatever TLS engine you want in your distribution or
project configuration.

PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"

or any other combination of available options..

--Mark

> Regards,
> 
> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin 
>  >:
> 
> On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
> 
> cULR is built with GNUTLS for Target but OpenSSL is used for native 
> and SDK.
> 
> So my question is: why GNUTLS is used only for target? Is it necessary
> for some good reason? Documentation for cURL has no explicit answer 
> for
> that.
> 
> Could somebody help me to find the answer?
> 
> 
> I think enabling gnutls on the native side would add a ton of dependencies
> to build, and so openssl (which is more self-contained) is selected there.
> 
> Alex
> 
> 
> 
> 

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] cURL recipe: SSL backend

2018-05-07 Thread Andre McCurdy 
On Mon, May 7, 2018 at 7:17 AM, Mark Hatle  wrote:
> On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
>> Alright, good point.
>>
>> But what if I need to use openssl instead of gnutls on Target? Can it be 
>> changed
>> without side effects?

The behaviour of curl when built with gnutls -vs- openssl in OE is not
the same. There are things (maybe related to certificates?) which work
fine with openssl but don't work with gnutls. Unfortunately I don't
have many more details than that - all the OE distros I use have
switched to using openssl, so going back to figure out what's wrong
with gnutls has never been a high priority. If you switch you should
test carefully, but from my experience openssl works better.

> This is why the package config settins are present in the curl recipe.  You 
> can
> adjust the setting to use whatever TLS engine you want in your distribution or
> project configuration.
>
> PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"

This will work, but a more robust approach may be to use _append and
_remove to change PACKAGECONFIG options (rather than over-riding with
an absolute set of options, which may become out of sync with the
defaults in the main recipe). e.g.

  PACKAGECONFIG_remove_pn-curl = "gnutls"
  PACKAGECONFIG_append_pn-curl = " ssl"

> or any other combination of available options..
>
> --Mark
>
>> Regards,
>>
>> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin 
>> > >:
>>
>> On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
>>
>> cULR is built with GNUTLS for Target but OpenSSL is used for native 
>> and SDK.
>>
>> So my question is: why GNUTLS is used only for target? Is it 
>> necessary
>> for some good reason? Documentation for cURL has no explicit answer 
>> for
>> that.
>>
>> Could somebody help me to find the answer?
>>
>>
>> I think enabling gnutls on the native side would add a ton of 
>> dependencies
>> to build, and so openssl (which is more self-contained) is selected 
>> there.
>>
>> Alex
>>
>>
>>
>>
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] cURL recipe: SSL backend

2018-05-08 Thread Viacheslav Salnikov 
Mark, the main point of the question about "changing without side-effects"
and not about "how to change one config option to another"

But Andre has already provided information, cheers for that.

Thanks for participation

2018-05-07 23:00 GMT+03:00 Andre McCurdy :

> On Mon, May 7, 2018 at 7:17 AM, Mark Hatle 
> wrote:
> > On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
> >> Alright, good point.
> >>
> >> But what if I need to use openssl instead of gnutls on Target? Can it
> be changed
> >> without side effects?
>
> The behaviour of curl when built with gnutls -vs- openssl in OE is not
> the same. There are things (maybe related to certificates?) which work
> fine with openssl but don't work with gnutls. Unfortunately I don't
> have many more details than that - all the OE distros I use have
> switched to using openssl, so going back to figure out what's wrong
> with gnutls has never been a high priority. If you switch you should
> test carefully, but from my experience openssl works better.
>
> > This is why the package config settins are present in the curl recipe.
> You can
> > adjust the setting to use whatever TLS engine you want in your
> distribution or
> > project configuration.
> >
> > PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"
>
> This will work, but a more robust approach may be to use _append and
> _remove to change PACKAGECONFIG options (rather than over-riding with
> an absolute set of options, which may become out of sync with the
> defaults in the main recipe). e.g.
>
>   PACKAGECONFIG_remove_pn-curl = "gnutls"
>   PACKAGECONFIG_append_pn-curl = " ssl"
>
> > or any other combination of available options..
> >
> > --Mark
> >
> >> Regards,
> >>
> >> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin  intel.com
> >> >:
> >>
> >> On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
> >>
> >> cULR is built with GNUTLS for Target but OpenSSL is used for
> native and SDK.
> >>
> >> So my question is: why GNUTLS is used only for target? Is it
> necessary
> >> for some good reason? Documentation for cURL has no explicit
> answer for
> >> that.
> >>
> >> Could somebody help me to find the answer?
> >>
> >>
> >> I think enabling gnutls on the native side would add a ton of
> dependencies
> >> to build, and so openssl (which is more self-contained) is selected
> there.
> >>
> >> Alex
> >>
> >>
> >>
> >>
> >
> > --
> > ___
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core