I'd like to use trust command to manage custom trust store. This is needed for cases like encrypted DNS where a custom set of certificates and CA chains will be in use by local encrypted DNS end-points (unbound, bind, etc) and should not necessarily be trusted for the whole system.
I tried to specify paths to p11-kit-trust module via custom pkcs11.conf but trust command ignored it. Not sure how I can get it working with existing tools.
@ueno told me that it could be an RFE, hence this issue.
I'd like to use
trustcommand to manage custom trust store. This is needed for cases like encrypted DNS where a custom set of certificates and CA chains will be in use by local encrypted DNS end-points (unbound, bind, etc) and should not necessarily be trusted for the whole system.I tried to specify
pathstop11-kit-trustmodule via custom pkcs11.conf buttrustcommand ignored it. Not sure how I can get it working with existing tools.@ueno told me that it could be an RFE, hence this issue.