Proposed F19 Feature: Shared System Certificates
Florian Weimer
fweimer at redhat.com
Thu Jan 24 08:12:29 UTC 2013
On 01/23/2013 04:05 PM, Jaroslav Reznik wrote:
> OpenSSL: p11-kit tool will extract trusted certificate PEM blocks from the
> PKCS#11 trust module.
> These extracted certificates will be placed in a location so that they
> can be consumed by OpenSSL by default.
> The aim is that neither OpenSSL nor OpenSSL applications will have to
> be changed for this to work.
I think OpenSSL (and GNUTLS, SunSSE) changes are unavoidable if we want
to process the certdata.txt information in its entirety, including
explicitly distributed intermediate certificates.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list