Package: gnutls28
Version: 3.6.6-2
Currently, gnutls28 is built with the following CONFIGUREARGS[0]:
> --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt \
This breaks a number of things, including pinning certificates with
libgcr and having that respected by glib-networking[1] (requiring
applications such as Geary to implement non-trivial worarounds[2] to
make this work on Debian systems) and using GnuTLS and GIO with things
like smart cards and other PKCS11 components.
Per [1], please consider not building with
`-with-default-trust-store-file` and build with
`--with-default-trust-store-pkcs11="pkcs11:"` instead.
Cheers,
//Mike
[0] -
<https://salsa.debian.org/gnutls-team/gnutls/blob/master/debian/rules#L30>
[1] - <https://gitlab.gnome.org/GNOME/gcr/issues/12#note_422793>
[2] - <https://gitlab.gnome.org/GNOME/geary/merge_requests/80>
--
⊨ Michael Gratton, Percept Wrangler.
⚙ <http://mjog.vee.net/>
