On Thu, 2014-12-11 at 09:12 +0000, David Woodhouse wrote: > I'd love to have a Fedora Feature in F22 for PKCS#11, where > keys+certs from installed PKCS#11 modules are expected to Just Work⢠> in all applications that can use certificates. Using consistent > PKCS#11 URIs where appropriate.
This isn't a Fedora Feature, but as of yesterday we do have packaging guidelines in Fedora which state that: - Packages using X.509 certificates SHOULD support PKCS#11 - Packages using PKCS#11 SHOULD load the p11-kit modules by default - Packages using PKCS#11 SHOULD accept RFC7512 URIs to specify objects Fedora 22 has fixes for pkcs11-helper and engine_pkcs11, so it's only really NSS that we have yet to fix. For the use of RFC7512 PKCS#11 URIs I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1162897 and started a thread at http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12204.html For loading the correct tokens, I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1161219 and started a thread at http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12230.html I'd quite like to get NSS fixed, but I'm not entirely averse to just going through Fedora packages and switching them to build against GnuTLS or OpenSSL instead, if NSS is going to prove too resistant to getting fixed :) -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ p11-glue mailing list p11-glue@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/p11-glue