Fedora Account System
Red Hat Associate
Red Hat Customer
To fix bug 1400293, we must enable Firefox to distinguish between Mozilla CAs and other, locally installed CAs. We want to achieve this by using a new pkcs#11 attribute, nss-mozilla-ca-policy, which is set only for Mozilla approved CAs. This bug requests to enhance the ca-certificates package to set this new attribute. This depends on new p11-kit that supports the attribute. This also requires that we change the way how ca-certificates passes data to p11-kit-trust, because the BEGIN TRUSTED CERTIFICATE file format isn't flexible, and doesn't support adding new attributes. I'll file a separate bug for that, because I want to do these changes in separate steps.
fixed in rawhide
ca-certificates-2017.2.11-1.1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e
ca-certificates-2017.2.11-1.1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3753e75f72
ca-certificates-2017.2.11-1.1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3753e75f72
ca-certificates-2017.2.11-1.1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e
ca-certificates-2017.2.11-1.1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
ca-certificates-2017.2.11-1.1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.