Comment 66 for bug 1771880

Unfortunately, upstream, they don't like my patch which comments out the "enable-in" line in /usr/share/p11-kit/modules/gnome-keyring.module, because that patch works by getting gnome-keyring's PKCS#11 module working again, but that module is pretty broken (it has thread safety issues) and they deprecated it because it's no longer maintained. Also gnome-keyring uses the old GNOME 2 module to store certificates, which itself is not ideal.

The approach they want upstream is to replace gnome-keyring's PKCS#11 module with p11-kit's user trust module, but for that to work, considerable other work to that user trust module is still necessary, including some way to store trust assertions. And the search paths for p11-kit probably need to be changed to include some path in the user home directory, otherwise only root can add new client certificates.

Nobody upstream seem to be available/interested in that p11-kit development, and I am not sure when I'll have time. Hopefully soon.