[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1486114605.4450.11.camel@infradead.org>
Date: Fri, 03 Feb 2017 09:36:45 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: Antony Vennard <antony@...nard.ch>,
David Howells <dhowells@...hat.com>
Cc: keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/1] Load OpenSSL config if present in sign-file.c
On Fri, 2017-02-03 at 10:23 +0100, Antony Vennard wrote:
> On 03/02/17 10:07, David Woodhouse wrote:
> > You should[n't] need any of the special OpenSSL config horridness.
> Ah, I did not even know that was a thing. I do now. That looks like a
> much neater solution. Forget this patch then :)
As a general rule, this is true of *every* well-behaved application in
a Linux system.
If you have a PKCS#11 provider configured with a p11-kit .module file,
then it should automatically be usable just by providing a suitable
RFC7512 PKCS#11 URI in place of a filename.
If you find any application which can't do that on Fedora, file a bug
and Cc me. It's violating the packaging guidelines.
Other distributions may catch up in a decade or two (hey, I hear Debian
might even get coherent SSL trust settings by 2020...)
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (4938 bytes)
Powered by blists - more mailing lists