Remove all root CA files (beyond test CAs including private key)

from the OpenSSL distribution.
author: Lutz Jänicke <jaenicke@openssl.org> 2008-05-23 08:59:23 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2008-05-23 08:59:23 +0000
commit: d18ef847f4c2d15fee0b69a1b331dee5c9e9b97a (patch)
tree: 06dd66c71b3c6e0db9f8924bfccc025a7b8816ec /CHANGES
parent: 5c0d90a6998ba4be970f69aa06bd879bb48f5e4b (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 411e69b204..e14c405abb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -686,6 +686,14 @@
 
  Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
 
+  *) Remove root CA certificates of commercial CAs:
+
+     The OpenSSL project does not recommend any specific CA and does not
+     have any policy with respect to including or excluding any CA.
+     Therefore it does not make any sense to ship an arbitrary selection
+     of root CA certificates with the OpenSSL software.
+     [Lutz Jaenicke]
+
   *) RSA OAEP patches to fix two separate invalid memory reads.
      The first one involves inputs when 'lzero' is greater than
      'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
author	Lutz Jänicke <jaenicke@openssl.org>	2008-05-23 08:59:23 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2008-05-23 08:59:23 +0000
commit	d18ef847f4c2d15fee0b69a1b331dee5c9e9b97a (patch)
tree	06dd66c71b3c6e0db9f8924bfccc025a7b8816ec /CHANGES
parent	5c0d90a6998ba4be970f69aa06bd879bb48f5e4b (diff)