Source: nss Severity: wishlist Dear Maintainer,
in Fedora PKCS#11 modules configured in the system's p11-kit will be automatically registered to be visible to NSS applications. https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules In Debian (I am currently testing on Debian 10) this mechanism does not seem to work. I created /etc/crypto-policies/local.d/nss-p11-kit.config as follows: -- name=p11-kit-proxy library=p11-kit-proxy.so -- without success. The background why this functionality is very handy is because it will allow to have a system-wide configuration for applications like Thunderbird and Firefox to auto-load PKCS#11 modules required for crypto-tokens. Regards Sven -- System Information: Debian Release: 10.7 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled