[ca-certificates/f20] - merge manual improvement from f19

Kai Engert kengert at fedoraproject.org
Tue Sep 3 12:12:02 UTC 2013 

commit a85d2e834e973a2ad643ecc368759b23c6669883
Author: Kai Engert <kaie at redhat.com>
Date:   Tue Sep 3 14:11:43 2013 +0200

    - merge manual improvement from f19

 ca-certificates.spec  |    5 ++++-
 update-ca-trust.8.txt |   29 ++++++++++++++++-------------
 2 files changed, 20 insertions(+), 14 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 43ab935..10f2060 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -27,7 +27,7 @@ Name: ca-certificates
 # because all future versions will start with 2013 or larger.)
 
 Version: 2013.1.94
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: Public Domain
 
 Group: System Environment/Base
@@ -286,6 +286,9 @@ fi
 
 
 %changelog
+* Tue Sep 03 2013 Kai Engert <kaie at redhat.com> - 2013.1.94-17
+- merge manual improvement from f19
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2013.1.94-16
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
diff --git a/update-ca-trust.8.txt b/update-ca-trust.8.txt
index 24ca456..3a21f87 100644
--- a/update-ca-trust.8.txt
+++ b/update-ca-trust.8.txt
@@ -33,23 +33,26 @@ SYNOPSIS
 DESCRIPTION
 -----------
 update-ca-trust(8) is used to manage a consolidated and dynamic configuration 
-feature of CA certificates and associated trust.
+feature of Certificate Authority (CA) certificates and associated trust.
 
-The feature is available for any new applications that read the
+The feature is available for new applications that read the
 consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
 or that load the PKCS#11 module p11-kit-trust.so
 
 Parts of the new feature are also provided in a way to make it useful
-by legacy applications.
+for legacy applications.
 
 Many legacy applications expect CA certificates and trust configuration
 in a fixed location, contained in files with particular path and name,
-or by referring to a specific legacy PKCS#11 trust module provided by the 
+or by referring to a classic PKCS#11 trust module provided by the 
 NSS cryptographic library.
 
-In order to enable legacy applications, that read the legacy files or 
-legacy module, to make use of the new consolidated and dynamic configuration 
-feature, the legacy filenames have been changed to symbolic links.
+The dynamic configuration feature provides functionally compatible replacements 
+for classic configuration files and for the classic NSS trust module named libnssckbi.
+
+In order to enable legacy applications, that read the classic files or 
+access the classic module, to make use of the new consolidated and dynamic configuration 
+feature, the classic filenames have been changed to symbolic links.
 The symbolic links refer to dynamically created and consolidated 
 output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
 
@@ -58,8 +61,8 @@ or using the 'update-ca-trust extract' command.
 In order to produce the output, a flexible set of source configuration
 is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
 
-In addition, the static legacy PKCS#11 module 
-is replaced by a new PKCS#11 module (p11-kit-trust.so) that dynamically 
+In addition, the classic PKCS#11 module 
+is replaced with a new PKCS#11 module (p11-kit-trust.so) that dynamically 
 reads the same source configuration.
 
 
@@ -147,7 +150,7 @@ directories or in any of their subdirectories, or after adding a file,
 it is necessary to run the 'update-ca-trust extract' command,
 in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
 
-Applications that load the legacy PKCS#11 module using filename libnssckbi.so 
+Applications that load the classic PKCS#11 module using filename libnssckbi.so 
 (which has been converted into a symbolic link pointing to the new module)
 and any application capable of 
 loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
@@ -215,15 +218,15 @@ COMMANDS
 FILES
 -----
 /etc/pki/tls/certs/ca-bundle.crt::
-	Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
+	Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
 
 /etc/pki/tls/certs/ca-bundle.trust.crt::
-	Legacy filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
+	Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
 
 /etc/pki/java/cacerts::
-	Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
+	Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
 
 /usr/share/pki/ca-trust-source::

More information about the scm-commits mailing list