Hello Everyone! I have found your nice project, which could solves my problems.
I am trying to get rid of the libnss due to some problems. My application is QtWebengine + chromium based. Previously SSL certificates have been handled by openssl. Chromium read ca-certificates from /etc/ssl/certs, but from QT version 5.12.3 they have switched to used nss. When the application starts, it loads certificates from ~/.pki/nssdb . Application is still using the old certificates, even if I upload the new certificate and the nssdb is updated via certutil from ca-certificate update hook. Application just reads nssdb during starting. After application restarting, it re-loaded the library and worked. But this case is unwanted. I was trying to use your p11-kit a replacement to be able to update certificates during application running. So I have replaced libnss (/usr/lib/libnssckbi.so -> /usr/lib/pkcs11/p11-kit-trust.so) with your library. Started my application and import new certificate via "trust anchor --store /var/lib/xxx.pem". But application still couldn't verified the page. Same behavior as before, after restarts, application was working. So is it possible to use your SW for my runtime use-cases? If yes, how I can do that? Many thanks, Andrej
_______________________________________________ p11-glue mailing list p11-glue@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/p11-glue
