Feature added by: Ludwig Nussel (lnussel) Feature #314991, revision 1 Title: system ca certificates based on p11-kit openSUSE Distribution: Unconfirmed Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: openSUSE should use p11-kit as primary tool for ca-certificate management. 1. define directory where to store ca certificates. Currently we use subdirs of /usr/share/ca-certificates. p11-kit likes to have all in one directory called 'ancors'. Fedora chose /usr/share/pki/ca-trust-source. 2. make update-ca-certificates call p11-kit to generate the compat bundles. 3. patch openssl, nss, gnutls to directly use p11-kit via library instead of relying on generated directories. More info about the implementation in Fedora: https://fedoraproject.org/wiki/Features/SharedSystemCertificates https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks -- openSUSE Feature: https://features.opensuse.org/314991