On Thu, 2014-12-04 at 10:33 -0800, Robert Relyea wrote: > > > That one. libnssckbi.so is what provides the default trust roots. It's > > *always* supposed to be loaded in an NSS system. You shouldn't need to > > add it manually. I don't. > Huh? that is not true. libnssckbi.so is loaded by nssysinit, or by the > application or by someone explicitly loading it into the > pkcs11.txt/secmod.db. It is not loaded automatically by every nss > application.
OK... but applications such as firefox which actually want trust to work should be loading it, right? Yes, there are some applications which use NSS only for private crypto purposes and don't need the trust roots, but Patrik seemed to be suggesting that in RHEL, even Firefox wasn't loading libnssckbi.so until he manually added it to pkcs11.txt/secmod.db. > I believe the p11-kit does some magic to get it loaded for mozilla and > the root store. Kai worked with stef to get that working, kai do you > recall how that hooks in? I thought we really were just replacing libnssckbi.so with our own. Which is fine as long as it's actually being loaded. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
