F29 System Wide Change: NSS load p11-kit modules by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

= Proposed System Wide Change: NSS load p11-kit modules by default =
https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules


Owner(s):
  * Daiki Ueno <dueno at redhat dot com>


When NSS database is created, PKCS#11 modules configured in the
system's p11-kit will be automatically registered and visible to NSS
applications.



== Detailed description ==
Fedora provides a mechanism to configure PKCS#11 modules system wide,
allowing the crypto libraries (GnuTLS and OpenSSL) to use PKCS#11
modules in a consistent manner. Until now NSS applications haven't
benefit from it as NSS uses a different configuration mechanism which
requires users to register PKCS#11 modules in NSS databases. This
change makes the manual procedure unnecessary, by registering the
p11-kit-proxy module (the aggregator of the system PKCS#11 modules) in
NSS databases with the default configuration.
See also:
* https://bugzilla.redhat.com/show_bug.cgi?id=1173577


== Scope ==
* Proposal owners:
** Enable p11-kit-proxy in the newly created NSS database, through the
crypto-policies package.
** Modify the opensc package not to register itself to the NSS
database upon installation.

* Other developers:
** Make sure that this change doesn't cause any regression with the
existing applications.

* Release engineering:
[https://pagure.io/releng/issue/7548 #7548]
** List of deliverables: N/A

* Policies and guidelines:
PackageMaintainers/PKCS11 needs changes basically to eliminate NSS
specific stuff

* Trademark approval:
N/A (not needed for this Change)
-- 
Jan Kuřík
JBoss EAP Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/5J5SRVBJR5PDE6G6ZKOFWQG5AJ6WCFR3/
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux