I came across https://fedoraproject.org/wiki/PackagingDrafts/Certificates while trying to figure out how best to manage adding our private CA certificate to openssl's list of CA certificates. Unfortunately it appears that currently openssl only uses the single file /etc/pki/tls/cert.pem. This makes it hard to add one's own CAs and still get updates.
Has there been any progress in this area? Any hope of a /etc/pkg/tls/cert.d/ directory where you could drop CA certs?
packaging@lists.fedoraproject.org