On Thu, Apr 04, 2019 at 01:03:50PM +0000, Mike Gabriel wrote:
> Feel free to keep this bug open for bullseye, so we can re-discuss this
> approach or close it.
Yes, let's consider this for bullseye.
Just for the record:
[ pkcs11.txt ]
On a 64-bit PC Buster system this is working ok:
> library=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so
> name=PKCS#11 Trust Module
> NSS=trustOrder=100
To get it working for a mixed 64-bit / 32-bit setup this content
seems to work:
library=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so
library=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-trust.so
name=PKCS#11 Trust Module
NSS=trustOrder=100
For already existing accounts:
[ Firefox-ESR ]
Checking the existence and then removing
~/.mozilla/firefox/debian-edu.default/{cert8.db,key3.db,cert9.db,key4.db}
after replacing the exsting pkcs11.txt file seems to work.
[ Thunderbird ]
Similar to Firefox-ESR; location:
~/.thunderbird/debian-edu.default/{cert8.db,key3.db,cert9.db,key4.db}
[ Chromium, Konqueror, and others using PKI ]
Check the existence and then remove
~/.pki/{cert9.db,key4.db}
after replacing the exsting pkcs11.txt file
Wolfgang
Attachment:
signature.asc
Description: PGP signature