Jaroslav Reznik (jreznik@xxxxxxxxxx) said: > OpenSSL: p11-kit tool will extract trusted certificate PEM blocks from the > PKCS#11 trust module. > These extracted certificates will be placed in a location so that they > can be consumed by OpenSSL by default. > The aim is that neither OpenSSL nor OpenSSL applications will have to > be changed for this to work. "the aim"... > GnuTLS: The p11-kit tool tool will extract a CA bundle to be used by GnuTLS > from the PKCS#11 trust module. > This CA bundle would be placed in the location where most GnuTLS > applications today are configured to use it. "most"... > Obviously applications can continue to use their own CA list as appropriate, > for example in servers such as httpd or postfix. Essentially, how will we know whether apps work transparently with the library changes, and/or if there are apps that are hardcoding old locations/methods somewhere? Bill -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
