On Tue, 2014-12-02 at 20:30 +0000, David Woodhouse wrote: > On Tue, 2014-12-02 at 19:59 +0000, David Woodhouse wrote: > > > > That doesn't happen here on F21, FWIW. > > > > Firefox only asks me to log into my p11-kit-provided hardware tokens > > when I go to a web site which wants a certificate, which is fair > > enough. > > > > And I haven't actually got Evolution to show me any hard evidence that > > they're loaded at all. I'll have to put a S/MIME certificate onto one > > of them and see if that works. > > There's something weirder going on here. Whenever I start an application > (even after disabling the p11-kit replacement for libnssckbi.so) it > seems to forcibly *remove* p11-kit-proxy from the modules list. > > I can get Firefox to use p11-kit-proxy.so but only for one run at a time > having manually added it through the GUI. I'm fairly sure that's a > recent regression; I tried this once before and it was basically > working.
I'll quit following up to myself now but two more observations first: I filed a bug for the above observation that the added module gets removed when I start applications: https://bugzilla.redhat.com/1169953 I worked around it by symlinking /usr/lib64/libnssckbi.so to p11-kit-proxy.so instead of p11-kit-trust.so, which gives me the trust roots *and* the other loaded modules. That one probably ought to be the default. Firefox only asks for the PIN for the hardware tokens. Evolution does ask for a PIN for GNOME keyring and the Secret Store. Stef suggests that's because Evolution doesn't handle CKF_PROTECTED_AUTHENTICATION_PATH. I filed this bug for that: https://bugzilla.gnome.org/show_bug.cgi?id=741059 -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
