Proposed F19 Feature: Shared System Certificates
Bill Nottingham
notting at redhat.com
Wed Jan 23 21:31:35 UTC 2013
Jaroslav Reznik (jreznik at redhat.com) said:
> OpenSSL: p11-kit tool will extract trusted certificate PEM blocks from the
> PKCS#11 trust module.
> These extracted certificates will be placed in a location so that they
> can be consumed by OpenSSL by default.
> The aim is that neither OpenSSL nor OpenSSL applications will have to
> be changed for this to work.
"the aim"...
> GnuTLS: The p11-kit tool tool will extract a CA bundle to be used by GnuTLS
> from the PKCS#11 trust module.
> This CA bundle would be placed in the location where most GnuTLS
> applications today are configured to use it.
"most"...
> Obviously applications can continue to use their own CA list as appropriate,
> for example in servers such as httpd or postfix.
Essentially, how will we know whether apps work transparently with the
library changes, and/or if there are apps that are hardcoding old
locations/methods somewhere?
Bill
More information about the devel
mailing list