ca-certificates/ca-legacy.conf

# legacy=enable :
#   Certain legacy certs, that have been removed by upstream Mozilla,
#   are still marked as trusted, if required for backwards compatibility
#   with cryptographic libraries like openssl or gnutls.
#
# legacy=disable :
#   Follow all removal decisions of upstream Mozilla CA maintainers
#
legacy=enable
- Introduce the ca-legacy utility and a ca-legacy.conf configuration file. By default, legacy roots required for OpenSSL/GnuTLS compatibility are kept enabled. Using the ca-legacy utility, the legacy roots can be disabled. If disabled, the system will use the trust set as provided by the upstream Mozilla CA list. (See also: rhbz#1158197) 2014-10-28 19:54:15 +00:00			`# legacy=enable :`
			`# Certain legacy certs, that have been removed by upstream Mozilla,`
			`# are still marked as trusted, if required for backwards compatibility`
			`# with cryptographic libraries like openssl or gnutls.`
			`#`
			`# legacy=disable :`
			`# Follow all removal decisions of upstream Mozilla CA maintainers`
			`#`
			`legacy=enable`