Changeset 1ac799b
- Timestamp:
- 07/04/2017 11:28:56 PM (7 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 6bb33c2
- Parents:
- 542d478
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
introduction/welcome/changelog.xml
r542d478 r1ac799b 46 46 <para>July 4th, 2017</para> 47 47 <itemizedlist> 48 <listitem> 49 <para>[dj] - Use PKCS #11 modules where possible with gnutls.</para> 50 </listitem> 51 <listitem> 52 <para>[dj] - Update to GnuTLS-3.5.14. Fixes 53 <ulink url="&blfs-ticket-root;9444">#9444</ulink>.</para> 54 </listitem> 48 55 <listitem> 49 56 <para>[dj] - Update to Node.js-8.1.3. Fixes -
networking/netlibs/glib-networking.xml
r542d478 r1ac799b 106 106 </para> 107 107 108 <screen><userinput>./configure --prefix=/usr 109 --with -ca-certificates=/etc/ssl/ca-bundle.crt\110 --disable-static 108 <screen><userinput>./configure --prefix=/usr \ 109 --without-ca-certificates \ 110 --disable-static && 111 111 make</userinput></screen> 112 112 … … 127 127 128 128 <para> 129 <parameter>--with -ca-certificates=/etc/ssl/ca-bundle.crt</parameter>:130 This parameter specifies where the trusted root certificates are131 located.129 <parameter>--without-ca-certificates</parameter>: This parameter forces 130 use of PKCS #11 modules for TLS certificate validation instead of a 131 bundle of certificates. 132 132 </para> 133 133 -
postlfs/security/gnutls.xml
r542d478 r1ac799b 7 7 <!ENTITY gnutls-download-http "https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-&gnutls-version;.tar.xz"> 8 8 <!ENTITY gnutls-download-ftp "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-&gnutls-version;.tar.xz"> 9 <!ENTITY gnutls-md5sum " 4fd41ad86572933c2379b4cc321a0959">9 <!ENTITY gnutls-md5sum "1e84b57a472b5f3b01f2c1b7a3a2bcbe"> 10 10 <!ENTITY gnutls-size "6.9 MB"> 11 <!ENTITY gnutls-buildsize "1 21 MB (add 44MB for tests)">12 <!ENTITY gnutls-time "1. 5 SBU (add 8.9SBU for tests)">11 <!ENTITY gnutls-buildsize "147 MB (add 42 MB for tests)"> 12 <!ENTITY gnutls-time "1.3 SBU (add 5.0 SBU for tests)"> 13 13 ]> 14 14 … … 143 143 144 144 <screen><userinput>./configure --prefix=/usr \ 145 --with-default-trust-store- file=/etc/ssl/ca-bundle.crt&&145 --with-default-trust-store-pkcs11="pkcs11:" && 146 146 make</userinput></screen> 147 147 … … 181 181 182 182 <para> 183 <parameter>--with-default-trust-store-file=/etc/ssl/ca-bundle.crt</parameter>: 183 <parameter>--with-default-trust-store-pkcs11="pkcs11:"</parameter>: This 184 switch tells gnutls to use the PKCS #11 trust store as the default trust. 185 Omit this switch if <xref linkend="p11-kit"/> is not installed. 186 </para> 187 188 <para> 189 <option>--with-default-trust-store-file=/etc/ssl/ca-bundle.crt</option>: 184 190 This switch tells <command>configure</command> where to find the 185 CA Certificates. 191 legacy CA certificate bundle and to use it instead of PKCS #11 module 192 by default. Use this if <xref linkend="p11-kit"/> is not installed. 186 193 </para> 187 194 -
postlfs/security/nss.xml
r542d478 r1ac799b 210 210 <title>Configuring NSS</title> 211 211 212 <para>If <xref linkend="p11-kit"/> is installed, 213 <filename>/usr/lib/libp11-kit.so</filename> can be used as a drop-in 214 replacement for <filename>/usr/lib/libnssckbi.so</filename> to 212 <para>If <xref linkend="p11-kit"/> is installed, the 213 <application>p11-kit</application> trust module 214 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a 215 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to 215 216 transparently make the system CAs available to 216 217 <application>NSS</application> aware applications, rather than the static … … 222 223 readlink /usr/lib/libnssckbi.so || 223 224 rm -v /usr/lib/libnssckbi.so && 224 ln -sfv libp11-kit.so /usr/lib/libnssckbi.so225 ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so 225 226 fi</userinput></screen> 226 227 -
postlfs/security/p11-kit.xml
r542d478 r1ac799b 143 143 <title>Configuring p11-kit</title> 144 144 145 <para> If <xref linkend="nss"/> is installed,146 <filename>/usr/lib/libp11-kit.so</filename> can be used as a drop-in147 replacement for <filename>/usr/lib/libnssckbi.so</filename> to145 <para>The <application>p11-kit</application> trust module 146 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a 147 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to 148 148 transparently make the system CAs available to 149 149 <application>NSS</application> aware applications, rather than the static … … 155 155 readlink /usr/lib/libnssckbi.so || 156 156 rm -v /usr/lib/libnssckbi.so && 157 ln -sfv libp11-kit.so /usr/lib/libnssckbi.so157 ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so 158 158 fi</userinput></screen> 159 159
Note:
See TracChangeset
for help on using the changeset viewer.