support specifying custom trust store in trust command

[abbra]

I'd like to use trust command to manage custom trust store. This is needed for cases like encrypted DNS where a custom set of certificates and CA chains will be in use by local encrypted DNS end-points (unbound, bind, etc) and should not necessarily be trusted for the whole system.

I tried to specify paths to p11-kit-trust module via custom pkcs11.conf but trust command ignored it. Not sure how I can get it working with existing tools.

@ueno told me that it could be an RFE, hence this issue.

[pemensik]

Because user may want to use DNS certificates from diagnostic tools like dig, overriding $HOME to get custom certificates would not work. It may work for DNS cache service itself, but not when reproducing issues with command line tools.

[abbra]

If we enable specifying configuration per-application (via pkcs11.conf) in trust, then it will be applied automatically in command line tools.

[ueno]

I haven't tried, but if you specify the cofiguration in pkcs11.conf, does x-init-reserved: help? For example:

module: p11-kit-trust.so
x-init-reserved: paths='/home/someone/trust'

[abbra]

@ueno I tried that and nothing changed, sadly.