Opened 8 years ago
Closed 8 years ago
#105 closed task (fixed)
Update ca-certificates bundle
Reported by: | Lewis Rosenthal | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | *none | Version: | |
Severity: | medium | Keywords: | |
Cc: |
Description
The current ca-certificates bundle dates from 2011. Since then, Fedora has actually modified its bundle from the stock Mozilla one to retain trust status for some older ones for compatibility reasons. We should determine whether these inclusions in the Fedora project are worth maintaining or whether we should simply package the Mozilla bundle for distribution on OS/2.
Links:
https://fedoraproject.org/wiki/CA-Certificates
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
https://lists.mozilla.org/listinfo/dev-security-policy
https://wiki.mozilla.org/CA:FAQ
It should be noted that Fedora includes a script to toggle between the Fedora bundle and the Mozilla bundle, too.
Using latest Mozilla NSS certificates available from
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
spec: ca-certificates, update with latest certificates from Mozilla. closes ticket#105.
Committed revision r792.