diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-06-13 10:40:22 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-15 18:01:59 +1000 |
commit | dfdbc113eefb80712fefc3187367fe6050610da5 (patch) | |
tree | 8cf009ea7879509c693da7877f89a6b22b993596 /CHANGES.md | |
parent | 3691f1e5567d6b61ed917adf48b40ae95ac5cb17 (diff) |
Partially revert #18070 (Add support for Windows CA certificate store)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21190)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/CHANGES.md b/CHANGES.md index 7e38b79f21..15c1f2c8b2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -229,24 +229,13 @@ OpenSSL 3.2 *Hugo Landau* - * The `SSL_CERT_PATH` and `SSL_CERT_URI` environment variables are introduced. - `SSL_CERT_URI` can be used to specify a URI for a root certificate store. The - `SSL_CERT_PATH` environment variable specifies a delimiter-separated list of - paths which are searched for root certificates. - - The existing `SSL_CERT_DIR` environment variable is deprecated. - `SSL_CERT_DIR` was previously used to specify either a delimiter-separated - list of paths or an URI, which is ambiguous. Setting `SSL_CERT_PATH` causes - `SSL_CERT_DIR` to be ignored for the purposes of determining root certificate - directories, and setting `SSL_CERT_URI` causes `SSL_CERT_DIR` to be ignored - for the purposes of determining root certificate stores. - - *Hugo Landau* - * Support for loading root certificates from the Windows certificate store has been added. The support is in the form of a store which recognises the - URI string of `org.openssl.winstore://`. This store is enabled by default and - can be disabled using the new compile-time option `no-winstore`. + URI string of `org.openssl.winstore://`. This URI scheme currently takes no + arguments. This store is built by default and can be disabled using the new + compile-time option `no-winstore`. This store is not currently used by + default and must be loaded explicitly using the above store URI. It is + expected to be loaded by default in the future. *Hugo Landau* |