Bug 793281 – Consider whether the gnutls-pkcs11 backend should still exist

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 793281 - Consider whether the gnutls-pkcs11 backend should still exist


Summary:	Consider whether the gnutls-pkcs11 backend should still exist


Status:	RESOLVED OBSOLETE

Product:	glib
Classification:	Platform
Component:	network
Version:	2.55.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2018-02-07 20:25 UTC by Michael Catanzaro
Modified:	2018-05-29 06:36 UTC

See Also:	793280
GNOME target:	---
GNOME version:	---

Attachments
Disable building PKCS#11 backend by default (1.43 KB, patch) 2018-05-22 00:22 UTC, Michael Catanzaro	committed	Details \| Review

Description Michael Catanzaro 2018-02-07 20:25:25 UTC

The gnutls-pkcs11 backend of glib-networking is only used when the user explicitly sets the environment variable GIO_USE_TLS=gnutls-pkcs11. Since it's not enabled by default, it's not clear to me if it is really useful to keep around. I suspect that almost nobody is using this code.

If we keep it around, we should:

 * Test https://git.gnome.org/browse/glib-networking/commit/?id=5d0dcfd2bd85773e090008a7b1e1f28b9dbe9840. (The testsuite passed, but it passes even when I sabotage some of those function calls.)
 * Fix bug #793280
 * Somehow enable its use by default, so setting an environment variable is not required for this code to be useful

In the meantime, it's a big component of glib-networking that I'm not planning to work on myself.

Comment 1 Michael Catanzaro 2018-02-09 01:31:27 UTC

Also note that, as part of bug #753260, the non-PKCS#11 backend will now be using the p11-kit trust store by default on systems where that is configured as GnuTLS's default trust store, such as Fedora.

Comment 2 Michael Catanzaro 2018-05-22 00:22:43 UTC

Created attachment 372318 [details] [review]
Disable building PKCS#11 backend by default

This backend has never been enabled at runtime, except when the
GIO_USE_TLS=gnutls-pkcs11 environment variable is set. I'm quite
uncertain as to whether it should continue to exist or not. So let's
disable it. If nobody complains, I'll probably delete the code, but
let's keep the code around for now to be on the safe side.

Comment 3 Michael Catanzaro 2018-05-22 00:23:17 UTC

Comment on attachment 372318 [details] [review]
Disable building PKCS#11 backend by default

Attachment 372318 [details] pushed as 9cc21be - Disable building PKCS#11 backend by default

Comment 4 GNOME Infrastructure Team 2018-05-24 20:12:03 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib/issues/1336.

Comment 5 Michael Catanzaro 2018-05-25 16:35:41 UTC

Reopening. This bug was migrated to https://gitlab.gnome.org/GNOME/glib, but it should have been migrated to https://gitlab.gnome.org/GNOME/glib-networking.

Comment 6 Christoph Reiter (lazka) 2018-05-29 06:36:09 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib-networking/issues/7.