Keystore, , ca-certificates, browser.xul.error_pages.expert_bad_cert and more basic questions
intrigeri
intrigeri at debian.org
Mon Feb 24 09:52:57 UTC 2014
Hi,
Daniel Kahn Gillmor wrote (23 Feb 2014 16:25:04 GMT) :
> On 02/23/2014 11:12 AM, kwadronaut wrote:
>> * It seems like it's not relying on ca-certificates but instead using
>> it's own root keystore. Is that assumption correct? If not, how can I
>> find out?
> This has always been the case for iceweasel and icedove and anything
> else that relies on libnss.
Moreover, backport builds of Iceweasel use the in-tree NSS library,
instead of the system one.
Therefore, it's not patched to add the CACert.org root certificate,
causing additional brain damage when one maintains a HTTPS service
with HSTS enabled and a certificate issued by CACert.org, and had
previously relied on Debian's default web browser to ship the needed
root CA.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
More information about the pkg-mozilla-maintainers
mailing list