e24bfeb6b0
By default, legacy roots required for OpenSSL/GnuTLS compatibility are kept enabled. Using the ca-legacy utility, the legacy roots can be disabled. If disabled, the system will use the trust set as provided by the upstream Mozilla CA list. (See also: rhbz#1158197)
10 lines
323 B
Plaintext
10 lines
323 B
Plaintext
# legacy=enable :
|
|
# Certain legacy certs, that have been removed by upstream Mozilla,
|
|
# are still marked as trusted, if required for backwards compatibility
|
|
# with cryptographic libraries like openssl or gnutls.
|
|
#
|
|
# legacy=disable :
|
|
# Follow all removal decisions of upstream Mozilla CA maintainers
|
|
#
|
|
legacy=enable
|