cURL recipe: SSL backend

cURL recipe: SSL backend

[Viacheslav Salnikov]

[-- Attachment #1: Type: text/plain, Size: 303 bytes --]

Hello all,

cULR is built with GNUTLS for Target but OpenSSL is used for native and
SDK.

So my question is: why GNUTLS is used only for target? Is it necessary for
some good reason? Documentation for cURL has no explicit answer for that.

Could somebody help me to find the answer?

Thanks.

[-- Attachment #2: Type: text/html, Size: 479 bytes --]

Re: cURL recipe: SSL backend

[Alexander Kanavin]

On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
> cULR is built with GNUTLS for Target but OpenSSL is used for native and 
> SDK.
> 
> So my question is: why GNUTLS is used only for target? Is it necessary 
> for some good reason? Documentation for cURL has no explicit answer for 
> that.
> 
> Could somebody help me to find the answer?

I think enabling gnutls on the native side would add a ton of 
dependencies to build, and so openssl (which is more self-contained) is 
selected there.

Alex

Re: cURL recipe: SSL backend

[Viacheslav Salnikov]

[-- Attachment #1: Type: text/plain, Size: 768 bytes --]

Alright, good point.

But what if I need to use openssl instead of gnutls on Target? Can it be
changed without side effects?

Regards,

2018-05-07 15:59 GMT+03:00 Alexander Kanavin <
alexander.kanavin@linux.intel.com>:

> On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
>
>> cULR is built with GNUTLS for Target but OpenSSL is used for native and
>> SDK.
>>
>> So my question is: why GNUTLS is used only for target? Is it necessary
>> for some good reason? Documentation for cURL has no explicit answer for
>> that.
>>
>> Could somebody help me to find the answer?
>>
>
> I think enabling gnutls on the native side would add a ton of dependencies
> to build, and so openssl (which is more self-contained) is selected there.
>
> Alex
>
>

[-- Attachment #2: Type: text/html, Size: 1241 bytes --]

Re: cURL recipe: SSL backend

[Mark Hatle]

On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
> Alright, good point.
> 
> But what if I need to use openssl instead of gnutls on Target? Can it be changed
> without side effects?

This is why the package config settins are present in the curl recipe.  You can
adjust the setting to use whatever TLS engine you want in your distribution or
project configuration.

PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"

or any other combination of available options..

--Mark

> Regards,
> 
> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin <alexander.kanavin@linux.intel.com
> <mailto:alexander.kanavin@linux.intel.com>>:
> 
>     On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
> 
>         cULR is built with GNUTLS for Target but OpenSSL is used for native and SDK.
> 
>         So my question is: why GNUTLS is used only for target? Is it necessary
>         for some good reason? Documentation for cURL has no explicit answer for
>         that.
> 
>         Could somebody help me to find the answer?
> 
> 
>     I think enabling gnutls on the native side would add a ton of dependencies
>     to build, and so openssl (which is more self-contained) is selected there.
> 
>     Alex
> 
> 
> 
> 

Re: cURL recipe: SSL backend

[Andre McCurdy]

On Mon, May 7, 2018 at 7:17 AM, Mark Hatle <mark.hatle@windriver.com> wrote:
> On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
>> Alright, good point.
>>
>> But what if I need to use openssl instead of gnutls on Target? Can it be changed
>> without side effects?

The behaviour of curl when built with gnutls -vs- openssl in OE is not
the same. There are things (maybe related to certificates?) which work
fine with openssl but don't work with gnutls. Unfortunately I don't
have many more details than that - all the OE distros I use have
switched to using openssl, so going back to figure out what's wrong
with gnutls has never been a high priority. If you switch you should
test carefully, but from my experience openssl works better.

> This is why the package config settins are present in the curl recipe.  You can
> adjust the setting to use whatever TLS engine you want in your distribution or
> project configuration.
>
> PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"

This will work, but a more robust approach may be to use _append and
_remove to change PACKAGECONFIG options (rather than over-riding with
an absolute set of options, which may become out of sync with the
defaults in the main recipe). e.g.

  PACKAGECONFIG_remove_pn-curl = "gnutls"
  PACKAGECONFIG_append_pn-curl = " ssl"

> or any other combination of available options..
>
> --Mark
>
>> Regards,
>>
>> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin <alexander.kanavin@linux.intel.com
>> <mailto:alexander.kanavin@linux.intel.com>>:
>>
>>     On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
>>
>>         cULR is built with GNUTLS for Target but OpenSSL is used for native and SDK.
>>
>>         So my question is: why GNUTLS is used only for target? Is it necessary
>>         for some good reason? Documentation for cURL has no explicit answer for
>>         that.
>>
>>         Could somebody help me to find the answer?
>>
>>
>>     I think enabling gnutls on the native side would add a ton of dependencies
>>     to build, and so openssl (which is more self-contained) is selected there.
>>
>>     Alex
>>
>>
>>
>>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: cURL recipe: SSL backend

[Viacheslav Salnikov]

[-- Attachment #1: Type: text/plain, Size: 2831 bytes --]

Mark, the main point of the question about "changing without side-effects"
and not about "how to change one config option to another"

But Andre has already provided information, cheers for that.

Thanks for participation

2018-05-07 23:00 GMT+03:00 Andre McCurdy <armccurdy@gmail.com>:

> On Mon, May 7, 2018 at 7:17 AM, Mark Hatle <mark.hatle@windriver.com>
> wrote:
> > On 5/7/18 8:16 AM, Viacheslav Salnikov wrote:
> >> Alright, good point.
> >>
> >> But what if I need to use openssl instead of gnutls on Target? Can it
> be changed
> >> without side effects?
>
> The behaviour of curl when built with gnutls -vs- openssl in OE is not
> the same. There are things (maybe related to certificates?) which work
> fine with openssl but don't work with gnutls. Unfortunately I don't
> have many more details than that - all the OE distros I use have
> switched to using openssl, so going back to figure out what's wrong
> with gnutls has never been a high priority. If you switch you should
> test carefully, but from my experience openssl works better.
>
> > This is why the package config settins are present in the curl recipe.
> You can
> > adjust the setting to use whatever TLS engine you want in your
> distribution or
> > project configuration.
> >
> > PACKAGECONFIG_pn-curl = "ipv6 proxy ssl threaded-resolver zlib"
>
> This will work, but a more robust approach may be to use _append and
> _remove to change PACKAGECONFIG options (rather than over-riding with
> an absolute set of options, which may become out of sync with the
> defaults in the main recipe). e.g.
>
>   PACKAGECONFIG_remove_pn-curl = "gnutls"
>   PACKAGECONFIG_append_pn-curl = " ssl"
>
> > or any other combination of available options..
> >
> > --Mark
> >
> >> Regards,
> >>
> >> 2018-05-07 15:59 GMT+03:00 Alexander Kanavin <alexander.kanavin@linux.
> intel.com
> >> <mailto:alexander.kanavin@linux.intel.com>>:
> >>
> >>     On 05/07/2018 03:51 PM, Viacheslav Salnikov wrote:
> >>
> >>         cULR is built with GNUTLS for Target but OpenSSL is used for
> native and SDK.
> >>
> >>         So my question is: why GNUTLS is used only for target? Is it
> necessary
> >>         for some good reason? Documentation for cURL has no explicit
> answer for
> >>         that.
> >>
> >>         Could somebody help me to find the answer?
> >>
> >>
> >>     I think enabling gnutls on the native side would add a ton of
> dependencies
> >>     to build, and so openssl (which is more self-contained) is selected
> there.
> >>
> >>     Alex
> >>
> >>
> >>
> >>
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

[-- Attachment #2: Type: text/html, Size: 4097 bytes --]