This is an update to the Mozilla CA certificates list version 2.9, which has been published as part of Mozilla NSS 3.26.
This update reverts the CA list to the unmodified upstream CA list. The legacy CA modifications, which had previously been shipped with Fedora, have been reverted to an empty list. Because the certificate verification libraries shipped in Fedora have already been updated to find alternative chains of trust, trusting the legacy CAs with 1024-bit RSA keys should no longer be necessary.
The ca-legacy tool is kept, and existing configuration on systems will be preserved. However, the ca-legacy system configuration will have no effect after this update, as long as the legacy CA list is empty. The tool and the configuration are kept, because potentially it might be useful again, if other CAs must be treated as legacy CAs in the future.
sudo dnf upgrade --advisory=FEDORA-2016-d1408c3ba3
Please login to add feedback.