[ca-certificates/f20] - merge manual improvement from f19
Kai Engert
kengert at fedoraproject.org
Tue Sep 3 12:12:02 UTC 2013
commit a85d2e834e973a2ad643ecc368759b23c6669883
Author: Kai Engert <kaie at redhat.com>
Date: Tue Sep 3 14:11:43 2013 +0200
- merge manual improvement from f19
ca-certificates.spec | 5 ++++-
update-ca-trust.8.txt | 29 ++++++++++++++++-------------
2 files changed, 20 insertions(+), 14 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 43ab935..10f2060 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -27,7 +27,7 @@ Name: ca-certificates
# because all future versions will start with 2013 or larger.)
Version: 2013.1.94
-Release: 16%{?dist}
+Release: 17%{?dist}
License: Public Domain
Group: System Environment/Base
@@ -286,6 +286,9 @@ fi
%changelog
+* Tue Sep 03 2013 Kai Engert <kaie at redhat.com> - 2013.1.94-17
+- merge manual improvement from f19
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2013.1.94-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/update-ca-trust.8.txt b/update-ca-trust.8.txt
index 24ca456..3a21f87 100644
--- a/update-ca-trust.8.txt
+++ b/update-ca-trust.8.txt
@@ -33,23 +33,26 @@ SYNOPSIS
DESCRIPTION
-----------
update-ca-trust(8) is used to manage a consolidated and dynamic configuration
-feature of CA certificates and associated trust.
+feature of Certificate Authority (CA) certificates and associated trust.
-The feature is available for any new applications that read the
+The feature is available for new applications that read the
consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
or that load the PKCS#11 module p11-kit-trust.so
Parts of the new feature are also provided in a way to make it useful
-by legacy applications.
+for legacy applications.
Many legacy applications expect CA certificates and trust configuration
in a fixed location, contained in files with particular path and name,
-or by referring to a specific legacy PKCS#11 trust module provided by the
+or by referring to a classic PKCS#11 trust module provided by the
NSS cryptographic library.
-In order to enable legacy applications, that read the legacy files or
-legacy module, to make use of the new consolidated and dynamic configuration
-feature, the legacy filenames have been changed to symbolic links.
+The dynamic configuration feature provides functionally compatible replacements
+for classic configuration files and for the classic NSS trust module named libnssckbi.
+
+In order to enable legacy applications, that read the classic files or
+access the classic module, to make use of the new consolidated and dynamic configuration
+feature, the classic filenames have been changed to symbolic links.
The symbolic links refer to dynamically created and consolidated
output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
@@ -58,8 +61,8 @@ or using the 'update-ca-trust extract' command.
In order to produce the output, a flexible set of source configuration
is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
-In addition, the static legacy PKCS#11 module
-is replaced by a new PKCS#11 module (p11-kit-trust.so) that dynamically
+In addition, the classic PKCS#11 module
+is replaced with a new PKCS#11 module (p11-kit-trust.so) that dynamically
reads the same source configuration.
@@ -147,7 +150,7 @@ directories or in any of their subdirectories, or after adding a file,
it is necessary to run the 'update-ca-trust extract' command,
in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
-Applications that load the legacy PKCS#11 module using filename libnssckbi.so
+Applications that load the classic PKCS#11 module using filename libnssckbi.so
(which has been converted into a symbolic link pointing to the new module)
and any application capable of
loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
@@ -215,15 +218,15 @@ COMMANDS
FILES
-----
/etc/pki/tls/certs/ca-bundle.crt::
- Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
+ Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/etc/pki/tls/certs/ca-bundle.trust.crt::
- Legacy filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
+ Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/etc/pki/java/cacerts::
- Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
+ Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/usr/share/pki/ca-trust-source::
More information about the scm-commits
mailing list