gnome-keyring Changed default root certificate authority location
- From: Stef Walter <stefw gnome org>
- To: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Subject: gnome-keyring Changed default root certificate authority location
- Date: Thu, 09 Feb 2012 21:41:12 +0100
gnome-keyring-daemon loads root certificate authority trust anchors, and
exposes them via PKCS#11. Currently only a few applications lookup their
trust anchors through gnome-keyring-daemon.
I've just committed a change so that by default gnome-keyring-daemon
only loads the root CA certificates from a single file rather than a
whole directory.
The default files are either (depending on which one exists):
* /etc/pki/tls/certs/ca-bundle.crt
* /etc/ssl/certs/ca-certificates.crt
These are the same locations that glib-networking looks for its CAs.
Previously we used to load everything in /etc/ssl/certs. But apparently
some distributions have been placing distrusted certificates in those
locations as well. So this isn't a good default for gnome-keyring-daemon
By specifying the --with-root-certs=<dir> configure argument when
building gnome-keyring the previous behavior (loading certs from a
directory) can be restored.
See this commit for more details:
http://git.gnome.org/browse/gnome-keyring/commit/?id=de327ab6ea69bbecf4b9ee9f3ff2c38da76817f0
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
