On Tue, 2014-12-02 at 11:16 -0500, Miloslav Trmač wrote: > Hello, > > It has largely been superseded by p11-kit-trust, which in the NSS case > > provides a replacement for libnssckbi.so and gives us consistency across > > the entire system regardless of the crypto libraries in use. (This > > wasn't in RHEL6; it came in with Fedora 19 so hopefully it's in RHEL7). > > FWIW this is also available in RHEL ≥ 6.5, but you have to opt in via > (update-ca-trust enable).
Great. So that should solve Patrik's CA issues without needing to do anything special. All that remains is to get the smartcards working by loading p11-kit-proxy.so (or preferably the individual modules) too. Is that something we could do in the p11-kit-trust implementation of libnssckbi.so without having to add another hook? -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
