[webkit-gtk] Support for PKCS11 / Smartcard?

Michael Catanzaro mcatanzaro at igalia.com
Sun Dec 2 12:05:57 PST 2018

On Sun, Dec 2, 2018 at 1:58 PM, Michael Catanzaro 
<mcatanzaro at igalia.com> wrote:
>  In CentOS 7.6, you are in a good spot to do this, because you have 
> glib-networking 2.56, which is the first version of glib-networking 
> that uses GnuTLS's default trust store

Oops, that's not true; looks like 2.58 was the first version for this. 
So there is no PKCS#11 support at all (because in 2.56 and older, 
glib-networking bypasses GnuTLS's trust store and loads CA's from a 
certificate file) unless you use the gnutls-pkcs11 backend (again, 
that's now removed, but still present in 2.56). So that means what 
you're testing on CentOS 7.6 will be completely different than the 
current code.

So if you check the state of PKCS#11 in glib-networking in CentOS 7.6, 
you're going to want to turn around and check again in Fedora 29 as 
well, due to these huge changes.


More information about the webkit-gtk mailing list