Bug 924186

Summary: The p11-kit trust module should reload its input paths
Product: [Fedora] Fedora Reporter: Stef Walter <stefw>
Component: p11-kitAssignee: Stef Walter <stefw>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 20CC: jjaburek, kalevlember, kengert, mclasen, stefw, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: p11-kit-0.20.0 Doc Type: Enhancement
Doc Text:
Feature: Reload input paths for p11-kit trust module. Reason: When a user adds CA's these should be reflected in running applications where possible. Result (if any):
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-14 08:17:35 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 924173    
Bug Blocks:    

Description Stef Walter 2013-03-21 06:47:53 EDT
The p11-kit trust module should reload its input paths when they change. This allows some running applications to detect changes.

Further testing is needed as to which applications support what and how this interacts with caches.

This might be done by looking for changes when a new PKCS#11 session (ie: C_OpenSession) is created by NSS or other crypto libraries using the trust module.
Comment 1 Stef Walter 2013-03-21 06:50:49 EDT
This is not intended to be a Fedora 19 feature, as indicated by selecting 'rawhide' above. In Fedora 19, we don't yet reload while running. 

This behavior is identical to the current libnssckbi.so behavior, of not reloading its data (ie: itself) if the file had been changed, until the process was restarted. So this is not a regression. NSS per user stored trust policy in libsoftokn continues to be put into use without restarting the process.
Comment 2 Fedora Admin XMLRPC Client 2013-05-13 15:29:12 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 3 Stef Walter 2013-07-17 06:01:59 EDT
Upstream work in 0.19.x done to implement this.
Comment 4 Stef Walter 2013-07-18 10:14:02 EDT
Released as part of development release 0.19.2.
Comment 5 Fedora End Of Life 2013-09-16 09:16:14 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20