Since at least 2013, there have been reports of p11-capi failing to authenticate to some web sites. (I observed this problem with some sites, but not others.) Investigation indicated that the hashing algorithm being selected during the client authentication signing operation was a Suite B algorithm SHA256, which is only supported by the "Microsoft Base Smart Card Crypto Provider" with some trickery. The updated version on GitHub includes the necessary trickery that fixes this issue.
The use of p11-capi allows programs (such as Firefox) that use the industry-standard PKCS#11 API to perform cryptographic operations with Hardware Security Modules, such as the DoD Common Access Card (CAC), or Federal Personal Identity Verification (PIV). This is particularly useful under Windows 7 or later, which have built-in support for smartcards via CAPI, but do not provide PKCS#11 support.
I describe these binaries as "trustable" in that you should be able to verify that the versions you are using were compiled by a US government employee in some trustable way. Whether you trust me is up to you.
I, Daniel Risacher, an employee of the United States Department of Defense, in the office of the DoD Chief Information Officer, compiled binaries of the software library p11-capi for Win32 (on 2016-10-24) and Win64 (on 2016-11-10) platforms.
The source code that I compiled can be retrieved at: https://github.com/risacher/p11-capi/tree/. This code is derived from Stef Walter's project which I obtained from git://thewalter.net/p11-capi. I modified Stef Walter's code to add support for SHA-256, SHA-384, and SHA-512. I inspected the upstream code for obvious back doors. The code was cross-compiled for Microsoft Windows with the w64-mingw32 toolchain on Ubuntu 14.04 LTS.
The SHA256 checksums of the compiled binaries are: