Red Hat Bugzilla – Bug 480640
[RFE] Add write support to NSS PKCS #11 PEM module
Last modified: 2016-01-22 11:33:10 EST
The NSS PEM PKCS #11 module is read only. Support for writing PEM files is needed. The lack of PEM write support hampers the migration to NSS of security
products as part of the FIPS 140-2 validation and Crypto Consolidation efforts.
Two such products are Openswan's Pluto (# 444801) and crypto-utils (#46731).
Elio or Rob, are you going to work on this?
See External link to https://bugzilla.mozilla.org/show_bug.cgi?id=402712. It's logged here to help Red Hat program management track it. The existing PEM module is currently under review upstream.
I have learned that the PEM module is actually not yet a supported RHEL 5 feature. It turns out that this not a mere matter of adding the write support feature to the PEM module and it currently ships in Fedora only. The module has been submitted to upstream NSS and is presently under review by the nss team. Furthermore numerous patches have been submitted in Fedora as other libraries (mainly libcurl) use it more.
We are working on this for Fedora-12 but don't know yet whether it would RHEL 6.0 or RHEL 5.5 the delivery vehicle. This bug should not be marked as a RHEL 5.4 FIPS-140 blocker.
per bug council, shifting to rhel6
*** Bug 555273 has been marked as a duplicate of this bug. ***
Bob, I recommend a devel-ack+. It's in my to do list for the pem module.