FS#71182 - [gnutls] Do not hard-code p11-kit-trust.so
Attached to Project:
Arch Linux
Opened by Vladimir Stoiakin (VStoiakin) - Tuesday, 08 June 2021, 15:52 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 08 June 2021, 20:12 GMT
Opened by Vladimir Stoiakin (VStoiakin) - Tuesday, 08 June 2021, 15:52 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 08 June 2021, 20:12 GMT
|
Details
Hi!
As I see in the PKGBUILD currently gnutls is built with --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit". My suggestion is to change it to --with-default-trust-store-pkcs11="pkcs11:". This would allow gnutls to load CA certificates from dynamically configured list of PKCS#11 modules, like NSS does. Is there a reason to hard-code p11-kit-trust.so? |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Tuesday, 08 June 2021, 20:12 GMT
Reason for closing: Fixed
Additional comments about closing: 3.7.2-2
Tuesday, 08 June 2021, 20:12 GMT
Reason for closing: Fixed
Additional comments about closing: 3.7.2-2
@Jan - can you comment on your intention when you've added this?
Fedora also switched to pkcs11: so I think we should follow suit.
https://src.fedoraproject.org/rpms/gnutls/c/9a4f99b569e185982f997aff62c19533c74d51fa