Description of problem: RHEL's ca-bundle.crt doesn't contain the CAcert CA certificates. Since the Thawte Web of Trust was shut down two days ago, the only remaining Web of Trust seems to be CAcert. I'm wondering, that the community project is not included in RHEL's ca-bundle.crt right now. Using the CAcert certificates, you e.g. can sign and encrypt your e-mails by using the S/MIME standard. Without the root CA of CAcert, the path is broken. - http://www.cacert.org/certs/root.txt - http://www.cacert.org/certs/class3.txt Please ensure that both CAcert CAs (Class 1 and 3) are added to RHEL's ca-bundle.crt. Version-Release number of selected component (if applicable): openssl-0.9.8e-12 How reproducible: Everytime, see above. Actual results: RHEL's ca-bundle.crt doesn't contain the CAcert CA certificates. Expected results: RHEL is shipping the CAcert CA certificates. Additional info: Please add the missing CAs at openssl with the next openssl update/errata.
As the same issue exists in Fedora, the Fedora issue is tracked in bug #538219
We will not include CA certs which are not in the mozilla CA bundle.
There ARE already CAs included, which are not in the Mozilla CA bundle.
Red Hat CAs
Sure and you're right, but they are CAs which are not in the Mozilla CA bundle.