Hi Wolfgang.
On Do 04 Apr 2019 17:18:38 CEST, Wolfgang Schweer wrote:
> On Thu, Apr 04, 2019 at 01:03:50PM +0000, Mike Gabriel wrote:
>> Feel free to keep this bug open for bullseye, so we can re-discuss this
>> approach or close it.
>
> Yes, let's consider this for bullseye.
Yep.
> Just for the record:
>
> [ pkcs11.txt ]
> On a 64-bit PC Buster system this is working ok:
>> library=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so
>> name=PKCS#11 Trust Module
>> NSS=trustOrder=100
Nice.
> To get it working for a mixed 64-bit / 32-bit setup this content
> seems to work:
> library=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so
> library=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-trust.so
> name=PKCS#11 Trust Module
> NSS=trustOrder=100
Nice add-on information.
> For already existing accounts:
>
> [ Firefox-ESR ]
> Checking the existence and then removing
> ~/.mozilla/firefox/debian-edu.default/{cert8.db,key3.db,cert9.db,key4.db}
> after replacing the exsting pkcs11.txt file seems to work.
That is not necessary IMHO. If pkcs11.txt exists, the above text
config block needs to be appended to it. If it does not exist, copying
over the above pkcs11.txt is sufficient.
> [ Thunderbird ]
> Similar to Firefox-ESR; location:
> ~/.thunderbird/debian-edu.default/{cert8.db,key3.db,cert9.db,key4.db}
Same here. The .db files can stay. If pkcs11.txt exists, append the
above config block.
> [ Chromium, Konqueror, and others using PKI ]
> Check the existence and then remove
> ~/.pki/{cert9.db,key4.db}
> after replacing the exsting pkcs11.txt file
Same here. Again, not replacing pkcs11.txt, but appending to it, if it
exists. The .db files can stay.