Opened 8 years ago

Closed 8 years ago

#105 closed task (fixed)

Update ca-certificates bundle

Reported by: Lewis Rosenthal Owned by:
Priority: major Milestone:
Component: *none Version:
Severity: medium Keywords:
Cc:

Description

The current ca-certificates bundle dates from 2011. Since then, Fedora has actually modified its bundle from the stock Mozilla one to retain trust status for some older ones for compatibility reasons. We should determine whether these inclusions in the Fedora project are worth maintaining or whether we should simply package the Mozilla bundle for distribution on OS/2.

Links:

https://fedoraproject.org/wiki/CA-Certificates
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
https://lists.mozilla.org/listinfo/dev-security-policy
https://wiki.mozilla.org/CA:FAQ

It should be noted that Fedora includes a script to toggle between the Fedora bundle and the Mozilla bundle, too.

Change History (1)

comment:1 by Yuri Dario, 8 years ago

Resolution: fixed
Status: newclosed

Using latest Mozilla NSS certificates available from

https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

spec: ca-certificates, update with latest certificates from Mozilla. closes ticket#105.
Committed revision r792.

Note: See TracTickets for help on using tickets.