All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrei Gherzan <andrei@gherzan.ro>
To: Saul Wold <sgw@linux.intel.com>
Cc: poky@yoctoproject.org
Subject: Re: gnutls-2.12.14-r3.1 - strange rpm names yocto
Date: Wed, 21 Dec 2011 01:41:58 +0200	[thread overview]
Message-ID: <4EF11D46.7090604@gherzan.ro> (raw)
In-Reply-To: <4EF0D18D.3040104@linux.intel.com>

[-- Attachment #1: Type: text/plain, Size: 2179 bytes --]

On 12/20/2011 08:18 PM, Saul Wold wrote:
> On 12/20/2011 03:09 AM, Andrei Gherzan wrote:
>> I can look over this as well but there would be a problem: i don't know
>> what solution to choose. I can take this package out from WHITELIST,
>> ican make wpa_supplicant to compile with openssl and not with gnutls...
>> i can compile wpa-supplicant without gnutls-extra and so on... What do
>> you say?
> I think it needs to stay in the WHITELIST for know, until we have some 
> kind of future change that can determine package based LICENSE info 
> and build accordingly (that's a different issue then this right now).
>
> What does wpa-supplicant use from gnutls-extra?  What functionality 
> could be lost?  This might be the best approach, and could be a 
> conditional patch based on GPLv3 or not (see code in util-linux_2.19.1)
>
> For WPA-supplicant and openssl, are there know issues?
>
> Sau!
>
>> _______________________________________________
>> poky mailing list
>> poky@yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/poky
>>

Well things seem to be like this. wpa-supplicant has 3 ways of 
implementing TLS:
1. internal
2. openssl
3. gnutls + optional gnutls extra.

For internal there are only these features:
1. can be used in place of an external TLS/crypto library
2. TLSv1
3. X.509 certificate processing
4. PKCS #1
5. ASN.1
6. RSA
7. bignum
8. minimal size (ca. 50 kB binary, parts of which are already needed for 
WPA; TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86)

OpenSSL has a license problem (as i recall). It is not GPL compatible.

gnutls comes optionally with gnutls-extra. This rpm implements TLS/IA.

"The TLS/IA protocol was designed to be used in the EAP-TTLSv1
protocol, to perform user authentication of Wireless LAN network nodes
using IEEE 802.1x.  The TLS/IA and TTLSv1 protocols were published
through the IETF and descriptions"

My choice would be to eliminate this feature and build wpa-suplicant 
without gnutls-extra. In this way we have a solid TLS implementations, 
GPL compatible with a little compromise. Obviously, this would be only 
in a non-GPLv3 build.

[-- Attachment #2: Type: text/html, Size: 3402 bytes --]

  reply	other threads:[~2011-12-20 23:41 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-09 22:15 gnutls-2.12.14-r3.1 - strange rpm names yocto Andrei Gherzan
2011-12-09 23:35 ` Joshua Lock
2011-12-10  0:02   ` Andrei Gherzan
2011-12-10  4:08     ` Mark Hatle
2011-12-11  9:48       ` Richard Purdie
2011-12-19 14:05 ` Andrei Gherzan
2011-12-19 17:29   ` Saul Wold
2011-12-20 11:09     ` Andrei Gherzan
2011-12-20 18:18       ` Saul Wold
2011-12-20 23:41         ` Andrei Gherzan [this message]
2011-12-21  5:55           ` Saul Wold
2011-12-21  9:47             ` Andrei Gherzan
2011-12-21 18:54               ` Andrei Gherzan
2011-12-21 20:23                 ` Andrei Gherzan
2011-12-11 10:58 Foinel
2011-12-11 16:10 ` Andrei Gherzan
2011-12-11 22:12   ` Richard Purdie
2011-12-12 14:54     ` Foinel
2011-12-12 22:42       ` Andrei Gherzan
2011-12-12 23:21         ` Khem Raj
2011-12-13  9:18           ` Foinel
2011-12-13  9:40             ` Anders Darander
2011-12-13 10:04               ` Foinel
2011-12-13 19:52                 ` Khem Raj
2011-12-14  7:26                   ` Andrei Gherzan
2011-12-13 10:22           ` Foinel
2011-12-13 15:23             ` Richard Purdie
2011-12-14 10:54               ` Foinel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4EF11D46.7090604@gherzan.ro \
    --to=andrei@gherzan.ro \
    --cc=poky@yoctoproject.org \
    --cc=sgw@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.