Fixing NSS and p11-kit in Fedora (and beyond)

Stef Walter stefw at
Fri Dec 12 05:44:36 PST 2014

On 12.12.2014 14:22, David Woodhouse wrote:
> On Fri, 2014-12-12 at 12:02 +0100, Stef Walter wrote:
>>> Yeah. I'm severely tempted at least to file an overall tracker bug for
>>> the "feature", and file individual bugs against all the packages that
>>> need to be "fixed" to comply with the vision. It'll make it much easier
>>> to track. Any objections?
>> There's nothing to object to. That makes sense.
>> $ sudo certutil -d sql:/etc/pki/nssdb -L
>> certutil: function failed: SEC_ERROR_PKCS11_GENERAL_ERROR: A PKCS #11
>> module returned CKR_GENERAL_ERROR, indicating that an unrecoverable
>> error has occurred.
> Joy. Remind me again why you're happy for NSS softokn to be one of the
> default writable tokens on the system and ditch that functionality from
> gnome-keyring-pkcs11? :)

Because I don't have time to maintain it, or finish it, and the
implementation is woefully incomplete. It was short sighted of me to
think I could implement something complete.

But p11-kit has the functionality to remote PKCS#11 now ... with more
work on it's way (thanks Nikos). It could (with a bit more work) run
PKCS#11 modules in a daemon ... coordinate their writability etc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the p11-glue mailing list