From 26dabca6f023ec7bc9290d0bf4ef496ba6acd0ec Mon Sep 17 00:00:00 2001 From: DJ Lucas Date: Thu, 5 Aug 2021 20:40:36 -0500 Subject: [PATCH] CHANGELOG,README: udpate version requirements for p11-kit to 0.23.19. --- CHANGELOG | 3 ++- README | 18 +++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a80312c..e67f47e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,7 +6,8 @@ copy-local-modifications - Assume serverAuth for certificates added by 'trust anchors --store' and generate a trusted certificate for use in LOCALDIR - - Add nss-{server,email}-distrust-after values in anchors + - Add nss-{server,email}-distrust-after values in anchors - ruquires + p11-kit >= 0.23.19 - Use --filter=certificates for all stores - Fix output of NSSDB and Java PCKS#12 stores - Correct incorrectly named get_p11_val() diff --git a/README b/README index 8dddf37..a6bd0ca 100644 --- a/README +++ b/README @@ -12,16 +12,16 @@ certificate stores. Additionally, any local OpenSSL Trusted certificates stored in /etc/ssl/local will also be imported into the system trust anchors and certificate stores making it a full trust management utiltiy. -The make-ca script depends on OpenSSL-1.1.0, P11-Kit-0.23, and optionally, -NSS-3.23 (for the MozTrust exetension). Additionally, Coreutils, gawk, and sed -are used. The default locations for output files can be tailored for your -environment via the /etc/make-ca.conf configuration file. +The make-ca script depends on OpenSSL >= 1.1.0, P11-Kit >= 0.23.19, and +optionally NSS >= 3.23 and Java >= 1.7. Additionally, Coreutils, gawk, and +sed are used. The default locations for output files can be tailored for +your environment via the /etc/make-ca.conf configuration file. -As of version 1.2, a p11-kit helper, copy-trust-modifications, is included -for use in p11-kit's trust-extract-compat script (which should be symlinked -to the user's path as update-ca-certificates). Manual creation of OpenSSL -trusted certificates is no longer needed. Instead, import the certificate -using p11-kit's 'trust anchor --store /path/to/certificate.crt' functionality, +A p11-kit helper, copy-trust-modifications, is included for use in p11-kit's +trust-extract-compat script (which should be symlinked to the user's path as +update-ca-certificates). Manual creation of OpenSSL Trusted certificates is no +longer required for general use. Instead, import the certificate using +p11-kit's 'trust anchor --store /path/to/certificate.crt' functionality, which will recreate the individual stores assigning serverAuth permissions to the added certificate. A copy of any newly added anchors will be placed into $LOCALDIR (in the correct format) by the p11-kit helper script, and the