On Mi, 2014-01-08 at 09:16 -0800, Adam Williamson wrote: > > Packages, that would like to use a default list of CA certificates, > > should be changed to use (consume) the new consolidated data that we > > provide as part of SharedSystemCertificates. > > This could do with some specifics: > > [adamw@adam libtorrent (master)]$ rpm -ql ca-certificates | grep -c -e > 'pem' -e 'crt' > 11 > [adamw@adam libtorrent (master)]$ > > which one of those 11 files, exactly, should we have packages use when? > When I came up against this situation recently I threw a dart and > picked /etc/pki/tls/certs/ca-bundle.crt , but I'm hardly certain. The manual page explains which files are intended for which purpose, and also mentions the availability of a smarter pkcs#11 module for applications that are able to use it. $ rpm -ql ca-certificates |grep -w man /usr/share/man/man8/update-ca-trust.8.gz $ man update-ca-trust Kai -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
