Initial commit.

pki/ca-trust/README

@@ -0,0 +1,4 @@
+This directory /etc/pki/ca-trust is used by a system of consolidated
+CA certificates.
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/ca-legacy.conf

@@ -0,0 +1,24 @@
+# The upstream Mozilla.org project tests all changes to the root CA
+# list with the NSS (Network Security Services) library.
+#
+# Occassionally, changes might cause compatibility issues with
+# other cryptographic libraries, such as openssl or gnutls.
+#
+# The package maintainers of the CA certificates package might decide
+# to temporarily keep certain (legacy) root CA certificates trusted,
+# until incompatibility issues can be resolved.
+# 
+# Using this configuration file it is possible to opt-out of the
+# compatibility choices made by the package maintainer.
+#
+# legacy=default :
+#   This configuration uses the choices made by the package maintainer.
+#   It may keep root CA certificate as trusted, which the upstream 
+#   Mozilla.org project has already marked as no longer trusted.
+#   The set of CA certificates that are being kept enabled may change
+#   between package versions.
+#
+# legacy=disable :
+#   Follow all removal decisions made by Mozilla.org
+#
+legacy=default

pki/ca-trust/extracted/README

@@ -0,0 +1,12 @@
+This directory /etc/pki/ca-trust/extracted/ contains 
+CA certificate bundle files which are automatically created.
+
+If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
+then you can use these files in your application to load a list of global
+root CA certificates.
+
+Please never manually edit the files stored in this directory,
+because your changes will be lost and the files automatically overwritten,
+each time the update-ca-trust command gets executed.
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/extracted/edk2/README

@@ -0,0 +1,13 @@
+This directory /etc/pki/ca-trust/extracted/edk2/ contains a
+CA certificate bundle file which is automatically created
+based on the information found in the
+/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/
+directories.
+
+The file is in the EDK2 (EFI Development Kit II) file format.
+
+Please never manually edit the files stored in this directory,
+because your changes will be lost and the files automatically overwritten,
+each time the update-ca-trust command gets executed.
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/extracted/java/README

@@ -0,0 +1,17 @@
+This directory /etc/pki/ca-trust/extracted/java/ contains 
+CA certificate bundle files which are automatically created
+based on the information found in the
+/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/
+directories.
+
+All files are in the java keystore file format.
+
+If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
+then you can use these files in your application to load a list of global
+root CA certificates.
+
+Please never manually edit the files stored in this directory,
+because your changes will be lost and the files automatically overwritten,
+each time the update-ca-trust command gets executed.
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/extracted/openssl/README

@@ -0,0 +1,18 @@
+This directory /etc/pki/ca-trust/extracted/openssl/ contains 
+CA certificate bundle files which are automatically created
+based on the information found in the
+/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/
+directories.
+
+All files are in the BEGIN/END TRUSTED CERTIFICATE file format, 
+as described in the x509(1) manual page.
+
+If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
+then you can use these files in your application to load a list of global
+root CA certificates.
+
+Please never manually edit the files stored in this directory,
+because your changes will be lost and the files automatically overwritten,
+each time the update-ca-trust command gets executed.
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/extracted/pem/README

@@ -0,0 +1,21 @@
+This directory /etc/pki/ca-trust/extracted/pem/ contains 
+CA certificate bundle files which are automatically created
+based on the information found in the
+/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/
+directories.
+
+All files are in the BEGIN/END CERTIFICATE file format, 
+as described in the x509(1) manual page.
+
+Distrust information cannot be represented in this file format,
+and distrusted certificates are missing from these files.
+
+If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
+then you can use these files in your application to load a list of global
+root CA certificates.
+
+Please never manually edit the files stored in this directory,
+because your changes will be lost and the files automatically overwritten,
+each time the update-ca-trust command gets executed.
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/source/README

@@ -0,0 +1,20 @@
+This directory /etc/pki/ca-trust/source/ contains CA certificates and 
+trust settings in the PEM file format. The trust settings found here will be
+interpreted with a high priority - higher than the ones found in 
+/usr/share/pki/ca-trust-source/.
+
+=============================================================================
+QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
+            list of CAs trusted on the system:
+
+            Copy it to the
+                    /etc/pki/ca-trust/source/anchors/
+            subdirectory, and run the
+                    update-ca-trust
+            command.
+
+            If your certificate is in the extended BEGIN TRUSTED file format,
+            then place it into the main source/ directory instead.
+=============================================================================
+
+Please refer to the update-ca-trust(8) manual page for additional information.

pki/ca-trust/source/ca-bundle.legacy.crt

@@ -0,0 +1 @@
+/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt