Hey all, p11-kit has a trust module which is a first step toward a central cross-crypto-library list of trust anchors and blacklists for Linux.
http://p11-glue.freedesktop.org/trust-module.html In addition to its PKCS#11 based access methods, p11-kit also provides an extract tool for writing out the anchors and black lists in a format that can be consumed by OpenSSL. p11-kit extract --format=openssl-bundle --filter=trust-policy out.pem p11-kit extract --format=openssl-directory --filter=trust-policy out.pem I mention this because if anyone is interested in testing this, and making sure that it works well with OpenSSL, there's a test day going on: https://fedoraproject.org/wiki/Test_Day:2013-03-28_Shared_System_Certificates Join us at #fedora-test-day or #p11-kit on Freenode. Cheers, Stef ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
