We've been talking about how multiple sources stack when loading trust policy. As part of this the multiple directories that p11-kit trust module can be configured with should show up as multiple slots/tokens in the module. This is an implementation detail, but does better model how we want to stack this stuff in the future.
Created attachment 76092 [details] [review] dict: Allow removal of current item in a p11_dict iteration
Created attachment 76093 [details] [review] trust: Make each configured path its own token
Created attachment 76517 [details] [review] trust: Make each configured path its own token
This is ready for review.
This depends on bug #62327 being applied first.
After applying these patches, the various input paths built into the p11-kit trust module should show up as different tokens. Previously there was only one token in the module. In PKCS#11 each token is a database of objects. A single module can have multiple tokens. This patch changes it so that each configured input source path shows up as a separate token. The certificate files in each input source path will show up as certificate objects in the token in question. These tokens are visible in the Firefox security device manager. You should be able to see which certificates are on which token using the certificate authority list. You can see the various tokens with the tool: p11-kit list-modules
Created attachment 76572 [details] [review] trust: Make each configured path its own token
Attachment 76092 [details] pushed as d2128c2 - dict: Allow removal of current item in a p11_dict iteration Attachment 76572 [details] pushed as 0e75a5b - trust: Make each configured path its own token
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.