libnss replacement
Valek, Andrej
andrej.valek at siemens.com
Fri May 24 10:53:46 UTC 2019
Hello Everyone!
I have found your nice project, which could solves my problems.
I am trying to get rid of the libnss due to some problems.
My application is QtWebengine + chromium based. Previously SSL certificates have been handled by openssl. Chromium read ca-certificates from /etc/ssl/certs, but from QT version 5.12.3 they have switched to used nss. When the application starts, it loads certificates from ~/.pki/nssdb . Application is still using the old certificates, even if I upload the new certificate and the nssdb is updated via certutil from ca-certificate update hook. Application just reads nssdb during starting. After application restarting, it re-loaded the library and worked. But this case is unwanted.
I was trying to use your p11-kit a replacement to be able to update certificates during application running.
So I have replaced libnss (/usr/lib/libnssckbi.so -> /usr/lib/pkcs11/p11-kit-trust.so) with your library. Started my application and import new certificate via "trust anchor --store /var/lib/xxx.pem". But application still couldn't verified the page. Same behavior as before, after restarts, application was working.
So is it possible to use your SW for my runtime use-cases? If yes, how I can do that?
Many thanks,
Andrej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/p11-glue/attachments/20190524/94019dcc/attachment.html>
More information about the p11-glue
mailing list