On 01/23/2013 04:05 PM, Jaroslav Reznik wrote:
OpenSSL: p11-kit tool will extract trusted certificate PEM blocks from the
PKCS#11 trust module.
These extracted certificates will be placed in a location so that they
can be consumed by OpenSSL by default.
The aim is that neither OpenSSL nor OpenSSL applications will have to
be changed for this to work.
I think OpenSSL (and GNUTLS, SunSSE) changes are unavoidable if we want
to process the certdata.txt information in its entirety, including
explicitly distributed intermediate certificates.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/devel
