p11-kit trust module on Debian and OpenSUSE
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Jun 10 05:09:15 PDT 2013
On Fri, Jun 7, 2013 at 5:31 PM, Stef Walter <stef at thewalter.net> wrote:
> Hey guys,
>
> I've been working to make p11-kit work with the update-ca-certificates
> script on OpenSUSE and Debian. I think they're pretty much the same, so
> I hope referring to them together is okay.
>
> Goals:
> * p11-kit trust module allows NSS, GnuTLS, OpenSSL and Java to share
> the same trust source.
> * Right now NSS and GnuTLS load certificate anchors directly from
> the module. NSS even loads blacklists and so on.
btw. I am curious how do you load the blacklist? I have implemented CA
black lists to load certificates in android systems (using
gnutls_x509_trust_list_remove_trust_file). Would that be sufficient,
or another high level function is needed?
regards,
Nikos
More information about the p11-glue
mailing list