[gnutls-devel] Trust store from environment variable

Andreas Enge andreas at enge.fr
Sun Feb 8 13:00:28 CET 2015

Thanks for your kind explanations!

On Sun, Feb 08, 2015 at 10:18:18AM +0100, Nikos Mavrogiannopoulos wrote:
> The loading of certificates from a system wide file or directory are
> legacy options, and they don't allow much space for improvement. The
> recommended way in a modern system is via the p11-kit trust module [0],
> which in addition to what you ask, it can allow users to also specify
> the purpose each CA certificate is trusted for. The p11-kit trust module
> is used in Fedora for few releases now, for both NSS and gnutls.
> [0]. http://gnutls.org/manual/html_node/Verification-using-PKCS11.html

What I do not quite understand is how that applies to packagers for
distributions. The documentation speaks about the C library interface.
What about existing applications? Do they need to be patched to use
this trust module? Or specially configured? Do you have a link how Fedora
is handling this?


More information about the Gnutls-devel mailing list