Use p11-kit for this purpose: https://p11-glue.github.io/p11-glue/p11-kit.html
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/593320 Title: system wide libnssckbi.so does not reflect /etc/ca-certificates Status in nss package in Ubuntu: Expired Bug description: As all well known, ca-certificate issued by CNNIC should not be trusted, so it should not appear in system wide libnssckbi.so. If one removes cnnic and entrust CAs from /etc/ca-certificates.conf using dpkg-reconfigure, the libnssckbi.so still left unchanged, that leaves great security holes to system, which will threat all man-kinds all over the world. Something must be taken to stop this. the following is screen shot: $ grep CNNIC /etc/ca-certificates.conf $ $ certutil -d sql:.pki/nssdb -L -h "Builtin Object Token"|grep CNNIC Builtin Object Token:CNNIC ROOT ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: libnss3-1d 3.12.6-0ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-22-generic x86_64 Architecture: amd64 Date: Sun Jun 13 20:37:56 2010 ProcEnviron: LANGUAGE=zh_CN:zh:en_US:en LANG=zh_CN.utf8 SHELL=/bin/bash SourcePackage: nss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/593320/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
