FS#71182 : [gnutls] Do not hard-code p11-kit-trust.so

FS#71182 - [gnutls] Do not hard-code p11-kit-trust.so

Attached to Project: Arch Linux
Opened by Vladimir Stoiakin (VStoiakin) - Tuesday, 08 June 2021, 15:52 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 08 June 2021, 20:12 GMT

Task Type	General Gripe
Category	Packages: Core
Status	Closed
Assigned To	Andreas Radke (AndyRTR) Jan Alexander Steffens (heftig)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hi!

As I see in the PKGBUILD currently gnutls is built with
--with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit".

My suggestion is to change it to
--with-default-trust-store-pkcs11="pkcs11:".

This would allow gnutls to load CA certificates from dynamically configured list of PKCS#11 modules, like NSS does.

Is there a reason to hard-code p11-kit-trust.so?

This task depends upon

Closed by Andreas Radke (AndyRTR)
Tuesday, 08 June 2021, 20:12 GMT
Reason for closing: Fixed
Additional comments about closing: 3.7.2-2

Comment by Andreas Radke (AndyRTR) - Tuesday, 08 June 2021, 17:47 GMT

https://github.com/archlinux/svntogit-packages/commit/2f497b26117048da09f5e9edac036606e2e98151#diff-3e341d2d9c67be01819b25b25d5e53ea3cdf3a38d28846cda85a195eb9b7203a

@Jan - can you comment on your intention when you've added this?

Comment by Jan Alexander Steffens (heftig) - Tuesday, 08 June 2021, 19:01 GMT

I copied it from Fedora.

Fedora also switched to pkcs11: so I think we should follow suit.

https://src.fedoraproject.org/rpms/gnutls/c/9a4f99b569e185982f997aff62c19533c74d51fa

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#71182 - [gnutls] Do not hard-code p11-kit-trust.so

Details

Loading...