This update introduces the ca-legacy utility and a ca-legacy.conf configuration file. Several legacy roots, which have been removed from the active trust list by the upstream Mozilla CA maintainers, are still required to be trusted for OpenSSL/GnuTLS compatibility, and are therefore kept enabled in the ca-certificates package by default. Using the new ca-legacy utility, it is possible to opt-in to disable the trust for the legacy root CA certificates. If disabled, the system will use the trust set as provided by the upstream Mozilla CA list, and as a consequence software based on OpenSSL/GnuTLS might fail to validate affected certificates. (See also: #1158197)
Please login to add feedback.
This update has been submitted for testing by kengert.
Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/6765/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/6765/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/6779/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/6779/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 21 testing updates repository.
This update has been pushed to testing
Works for me
Critical path update approved
no regression
Noticed no regressions
did not notice any problems
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been obsoleted by https://admin.fedoraproject.org/updates/ca-certificates-2014.2.1-1.4.fc21