Jaroslav Reznik (jrez...@redhat.com) said: > OpenSSL: p11-kit tool will extract trusted certificate PEM blocks from > the > PKCS#11 trust module. > These extracted certificates will be placed in a location so that > they > can be consumed by OpenSSL by default. > The aim is that neither OpenSSL nor OpenSSL applications will have to > be changed for this to work.
"the aim"... > GnuTLS: The p11-kit tool tool will extract a CA bundle to be used by > GnuTLS > from the PKCS#11 trust module. > This CA bundle would be placed in the location where most GnuTLS > applications today are configured to use it. "most"... > Obviously applications can continue to use their own CA list as appropriate, > for example in servers such as httpd or postfix. Essentially, how will we know whether apps work transparently with the library changes, and/or if there are apps that are hardcoding old locations/methods somewhere? Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
