| @@ -1,12 +1,20 @@ | | | @@ -1,12 +1,20 @@ |
| 1 | This package provides the certificates distributed by the Mozilla | | 1 | This package provides the root certificates distributed by the Mozilla |
| 2 | Project and will, by default, install certificates trusted by the | | 2 | Project as curated by Debian in their package of the same name, along |
| 3 | Mozilla Project in the system OpenSSL certificate store. Modification | | 3 | with tools to manage the set of configured trust anchors for openssl. |
| 4 | of system configuration files is very irregular as pkgsrc should not | | | |
| 5 | write anything outside of ${PREFIX}. | | | |
| 6 | | | 4 | |
| 7 | The sysadmin can configure the list of trusted certificates and also | | 5 | \todo Explain if Debian adds or removes, or if this is exactly the |
| 8 | add local certificates as needed by editing ca-certificates.conf and | | 6 | same set. |
| 9 | re-running update-ca-certificates. | | 7 | |
| | | 8 | NB: Installing this package will modify the configuration of the |
| | | 9 | openssl implementation used by pkgsrc, which is either the base system |
| | | 10 | openssl or pkgsrc openssl. The modification is configuring every |
| | | 11 | certificate as a trust anchor. Modification of system configuration |
| | | 12 | files is very irregular as pkgsrc should not write anything outside of |
| | | 13 | ${PREFIX}. |
| | | 14 | |
| | | 15 | The sysadmin can exclude CA certificates from the list of trust |
| | | 16 | anchors and also add local certificates as configured trust anchors by |
| | | 17 | editing ca-certificates.conf and re-running update-ca-certificates. |
| 10 | | | 18 | |
| 11 | See also the mozilla-rootcerts and mozilla-rootcerts-openssl packages | | 19 | See also the mozilla-rootcerts and mozilla-rootcerts-openssl packages |
| 12 | for an alternative approach. | | 20 | for an alternative approach. |