CHANGELOG,README: udpate version requirements for p11-kit to 0.23.19.
This commit is contained in:
DJ Lucas
parent
6a96f18a6f
commit
26dabca6f0
@ -6,7 +6,8 @@
|
|||||||
copy-local-modifications
|
copy-local-modifications
|
||||||
- Assume serverAuth for certificates added by 'trust anchors --store'
|
- Assume serverAuth for certificates added by 'trust anchors --store'
|
||||||
and generate a trusted certificate for use in LOCALDIR
|
and generate a trusted certificate for use in LOCALDIR
|
||||||
- Add nss-{server,email}-distrust-after values in anchors
|
- Add nss-{server,email}-distrust-after values in anchors - ruquires
|
||||||
|
p11-kit >= 0.23.19
|
||||||
- Use --filter=certificates for all stores
|
- Use --filter=certificates for all stores
|
||||||
- Fix output of NSSDB and Java PCKS#12 stores
|
- Fix output of NSSDB and Java PCKS#12 stores
|
||||||
- Correct incorrectly named get_p11_val()
|
- Correct incorrectly named get_p11_val()
|
||||||
|
|||||||
18
README
18
README
@ -12,16 +12,16 @@ certificate stores. Additionally, any local OpenSSL Trusted certificates
|
|||||||
stored in /etc/ssl/local will also be imported into the system trust anchors
|
stored in /etc/ssl/local will also be imported into the system trust anchors
|
||||||
and certificate stores making it a full trust management utiltiy.
|
and certificate stores making it a full trust management utiltiy.
|
||||||
|
|
||||||
The make-ca script depends on OpenSSL-1.1.0, P11-Kit-0.23, and optionally,
|
The make-ca script depends on OpenSSL >= 1.1.0, P11-Kit >= 0.23.19, and
|
||||||
NSS-3.23 (for the MozTrust exetension). Additionally, Coreutils, gawk, and sed
|
optionally NSS >= 3.23 and Java >= 1.7. Additionally, Coreutils, gawk, and
|
||||||
are used. The default locations for output files can be tailored for your
|
sed are used. The default locations for output files can be tailored for
|
||||||
environment via the /etc/make-ca.conf configuration file.
|
your environment via the /etc/make-ca.conf configuration file.
|
||||||
|
|
||||||
As of version 1.2, a p11-kit helper, copy-trust-modifications, is included
|
A p11-kit helper, copy-trust-modifications, is included for use in p11-kit's
|
||||||
for use in p11-kit's trust-extract-compat script (which should be symlinked
|
trust-extract-compat script (which should be symlinked to the user's path as
|
||||||
to the user's path as update-ca-certificates). Manual creation of OpenSSL
|
update-ca-certificates). Manual creation of OpenSSL Trusted certificates is no
|
||||||
trusted certificates is no longer needed. Instead, import the certificate
|
longer required for general use. Instead, import the certificate using
|
||||||
using p11-kit's 'trust anchor --store /path/to/certificate.crt' functionality,
|
p11-kit's 'trust anchor --store /path/to/certificate.crt' functionality,
|
||||||
which will recreate the individual stores assigning serverAuth permissions to
|
which will recreate the individual stores assigning serverAuth permissions to
|
||||||
the added certificate. A copy of any newly added anchors will be placed
|
the added certificate. A copy of any newly added anchors will be placed
|
||||||
into $LOCALDIR (in the correct format) by the p11-kit helper script, and the
|
into $LOCALDIR (in the correct format) by the p11-kit helper script, and the
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user