Hello,
----- Original Message -----
> On Tue, 2014-12-02 at 11:16 -0500, Miloslav Trmač wrote:
> > Hello,
> > > It has largely been superseded by p11-kit-trust, which in the NSS case
> > > provides a replacement for libnssckbi.so and gives us consistency across
> > > the entire system regardless of the crypto libraries in use. (This
> > > wasn't in RHEL6; it came in with Fedora 19 so hopefully it's in RHEL7).
> >
> > FWIW this is also available in RHEL ≥ 6.5, but you have to opt in via
> > (update-ca-trust enable).
>
> Great. So that should solve Patrik's CA issues without needing to do
> anything special. All that remains is to get the smartcards working by
> loading p11-kit-proxy.so (or preferably the individual modules) too.
>
> Is that something we could do in the p11-kit-trust implementation of
> libnssckbi.so without having to add another hook?
That feels like an pretty icky workaround, but I don’t actually know whether it
would or wouldn’t work. Stef, could the RHEL 6.5 p11-kit{,-trust} be (ab)used
to load a smartcard token into all NSS users (without changing the
application-specific NSS configuration)?
Mirek
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
