On Fri, 2016-05-20 at 11:48 +0200, Jan Kurik wrote:
= Proposed Self Contained Change: NSS enforces the system-wide
IYTM "enforces *some* of the system-wide crypto policy".
We also have a policy (in p11-kit config) for which PKCS#11 tokens
should be loaded into which applications. I suppose you could play
semantic games and say that's not really part of the "system-wide
crypto policy" you were talking about. But please don't :)
As things stand, NSS is a holdout in that respect too. If we were to
rebuilt curl against GnuTLS¹, the right tokens would automatically be
available. As it's currently built against NSS, they aren't.
This is https://bugzilla.redhat.com/show_bug.cgi?id=1173577 —
might even be relatively easily solved just by loading p11-kit-proxy.so
by default whenever the NSS database is initialised (without the NoDB
Please could we make an effort to get that fixed at the same time? The
patches you have as part of this Change are touching the *same* code in
nss_InitModules() which needs to be fixed up for loading the right
¹ Can we, please?