On Wed, Feb 12, 2014 at 12:22 PM, David Woodhouse <dwmw2 at infradead.org> wrote: > But if the default build the "easy way" using Fedora's mingw packages is > working (and it *is*, with both mingw32 and mingw64), then that'll be > fine with me. I'm happy enough to stick a pkgconfig check in, just for > Windows, for the known-problematic versions of GnuTLS. If only I knew > for sure which those were... :) You could avoid anything between 3.2.0 and 3.2.9 to be sure. >> > Do we have support for using keys in the Windows certificate store? >> Only the trusted CAs are loaded from there. For keys I think that this >> API would work as a smart card so gnutls_privkey_import_ext2() should >> be used (and only the signing function needed). From people that have >> already done it, I was told that you need a signing function similar >> to: >> http://thewalter.net/git/cgit.cgi/p11-capi/tree/module/p11-capi-rsa.c#n180 > Hm, interesting. > I note Stef's code is licence-compatible with GnuTLS. It would be very > interesting if we could get proper support for the Windows key store > into GnuTLS natively. And by "we" I don't really mean to do it myself > this time; that's one rathole too far :) I believe we've done quite a lot for the windows port. I guess any other addition should come from someone actually using that code. As I have no windows system it is a very big burden to me to test any windows code, so I'll not bother with that unless there is someone contributing it. regards, Nikos
