On Fri, 2017-02-03 at 10:23 +0100, Antony Vennard wrote: > On 03/02/17 10:07, David Woodhouse wrote: > > You should[n't] need any of the special OpenSSL config horridness.
> Ah, I did not even know that was a thing. I do now. That looks like a > much neater solution. Forget this patch then :) As a general rule, this is true of *every* well-behaved application in a Linux system. If you have a PKCS#11 provider configured with a p11-kit .module file, then it should automatically be usable just by providing a suitable RFC7512 PKCS#11 URI in place of a filename. If you find any application which can't do that on Fedora, file a bug and Cc me. It's violating the packaging guidelines. Other distributions may catch up in a decade or two (hey, I hear Debian might even get coherent SSL trust settings by 2020...)
smime.p7s
Description: S/MIME cryptographic signature
