[ca-certificates/f19] - clarification updates to manual page
Kai Engert
kengert at fedoraproject.org
Tue Jul 9 10:41:20 UTC 2013
commit 52a551389c0b28d739ace8fdd38143763a590060
Author: Kai Engert <kaie at redhat.com>
Date: Tue Jul 9 12:40:59 2013 +0200
- clarification updates to manual page
ca-certificates.spec | 5 ++++-
update-ca-trust.8.txt | 17 ++++++-----------
2 files changed, 10 insertions(+), 12 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 9771611..2a3fb34 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -27,7 +27,7 @@ Name: ca-certificates
# because all future versions will start with 2013 or larger.)
Version: 2012.87
-Release: 10.3%{?dist}
+Release: 10.4%{?dist}
License: Public Domain
Group: System Environment/Base
@@ -286,6 +286,9 @@ fi
%changelog
+* Tue Jul 09 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.4
+- clarification updates to manual page
+
* Mon Jul 08 2013 Kai Engert <kaie at redhat.com> - 2012.87-10.3
- added a manual page and related build requirements
- simplify the README files now that we have a manual page
diff --git a/update-ca-trust.8.txt b/update-ca-trust.8.txt
index 32555fa..24ca456 100644
--- a/update-ca-trust.8.txt
+++ b/update-ca-trust.8.txt
@@ -147,11 +147,9 @@ directories or in any of their subdirectories, or after adding a file,
it is necessary to run the 'update-ca-trust extract' command,
in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
-Legacy applications that rely on legacy filenames benefit from configuration
-updates only if this dynamic configuration feature is in the enabled state.
-
-Applications that use the legacy PKCS#11 module libnssckbi.so with the
-configuration feature in the enabled state, and any application capable of
+Applications that load the legacy PKCS#11 module using filename libnssckbi.so
+(which has been converted into a symbolic link pointing to the new module)
+and any application capable of
loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
the dynamically merged set of certificates and trust information stored in the
/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/ directories.
@@ -218,18 +216,15 @@ FILES
-----
/etc/pki/tls/certs/ca-bundle.crt::
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
- If legacy support is disabled, this is a static file and will remain unchanged.
- Only if the legacy support is enabled, this file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
+ This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/etc/pki/tls/certs/ca-bundle.trust.crt::
Legacy filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
- If legacy support is disabled, this is a static file and will remain unchanged.
- Only if the legacy support is enabled, this file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
+ This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/etc/pki/java/cacerts::
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
- If legacy support is disabled, this is a static file and will remain unchanged.
- Only if the legacy support is enabled, this file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
+ This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/usr/share/pki/ca-trust-source::
Contains multiple, low priority source configuration files as explained in section <<sourceconf,SOURCE CONFIGURATION>>. Please pay attention to the specific meanings of the respective subdirectories.
More information about the scm-commits
mailing list