Fixing NSS and p11-kit in Fedora (and beyond)

Stef Walter stefw at
Fri Dec 12 06:11:25 PST 2014

On 12.12.2014 14:53, David Woodhouse wrote:
> On Fri, 2014-12-12 at 14:44 +0100, Stef Walter wrote:
>>> Joy. Remind me again why you're happy for NSS softokn to be one of the
>>> default writable tokens on the system and ditch that functionality from
>>> gnome-keyring-pkcs11? :)
>> Because I don't have time to maintain it, or finish it, and the
>> implementation is woefully incomplete. It was short sighted of me to
>> think I could implement something complete.
> Fair enough. Although with the patch I just filed it's working fairly
> nicely now from Firefox. What major things are missing?
>> But p11-kit has the functionality to remote PKCS#11 now ... with more
>> work on it's way (thanks Nikos). It could (with a bit more work) run
>> PKCS#11 modules in a daemon ... coordinate their writability etc.
> Or maybe we should just grit our teeth and enable in
> $HOME/.pki/nssdb in the default p11-kit configuration? That'll probably
> be a whole lot easier to coordinate with NSS applications.

Yup. You won't hear objections from me. When you do, you'll probably run
into a few issues to do with the initialization string, and I'd be happy
to review patches :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the p11-glue mailing list