This is an update to the Mozilla CA certificates list version 2.9, which has been published as part of Mozilla NSS 3.26.
This update reverts the CA list to the unmodified upstream CA list. The legacy CA modifications, which had previously been shipped with Fedora, have been reverted to an empty list. Because the certificate verification libraries shipped in Fedora have already been updated to find alternative chains of trust, trusting the legacy CAs with 1024-bit RSA keys should no longer be necessary.
The ca-legacy tool is kept, and existing configuration on systems will be preserved. However, the ca-legacy system configuration will have no effect after this update, as long as the legacy CA list is empty. The tool and the configuration are kept, because potentially it might be useful again, if other CAs must be treated as legacy CAs in the future.
sudo dnf upgrade --refresh --advisory=FEDORA-2016-d1408c3ba3
Please login to add feedback.
This update has been submitted for testing by kengert.
This update has been pushed to testing.
This update has been submitted for testing by em3rson
kengert edited this update.
kengert edited this update.
New build(s):
Removed build(s):
This update has been submitted for testing by kengert.
This update has been pushed to testing.
LGTM
I have not seen any application breaking on my system after this update
This update has been submitted for stable by bodhi.
No regressions noted
This update has been pushed to stable.