p11-kit trust module on Debian and OpenSUSE

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jun 10 05:09:15 PDT 2013

On Fri, Jun 7, 2013 at 5:31 PM, Stef Walter <stef at thewalter.net> wrote:
> Hey guys,
> I've been working to make p11-kit work with the update-ca-certificates
> script on OpenSUSE and Debian. I think they're pretty much the same, so
> I hope referring to them together is okay.
> Goals:
>  * p11-kit trust module allows NSS, GnuTLS, OpenSSL and Java to share
>    the same trust source.
>  * Right now NSS and GnuTLS load certificate anchors directly from
>    the module. NSS even loads blacklists and so on.

btw. I am curious how do you load the blacklist? I have implemented CA
black lists to load certificates in android systems (using
gnutls_x509_trust_list_remove_trust_file). Would that be sufficient,
or another high level function is needed?


More information about the p11-glue mailing list