Bug 637966 – Read-only PKCS#11 module for root settings

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 637966 - Read-only PKCS#11 module for root settings


Summary:	Read-only PKCS#11 module for root settings


Status:	RESOLVED FIXED

Product:	gnome-keyring
Classification:	Core
Component:	pkcs11
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-12-24 15:56 UTC by Stef Walter
Modified:	2016-02-23 09:54 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Stef Walter 2010-12-24 15:56:18 UTC

For the system CA certificates, and possibly CRLs and other stuff, we shouldn't need to call into gnome-keyring-daemon. There should be a pkcs11 module which loads these things in-process.

This PKCS#11 module will be read-only and can't use any private data. Writable stuff and private stuff will need to continue to be handled by the daemon. So this will be limited to exposing system trust and certificates.

Comment 1 Stef Walter 2016-02-23 09:54:23 UTC

Closing. p11-kit trust implemented this.