Bug#309564: cacert certificate

martin f krafft madduck at debian.org
Sat Jul 12 12:02:31 UTC 2008 

tags 309564 patch
thanks

also sprach martin f krafft <madduck at debian.org> [2008.07.11.1206 +0200]:
> Mike Hommey pointed me to
> mozilla/security/nss/lib/ckfw/builtins/README in the nss source for
> the fastest way to get CAcert's cert in for lenny

I followed those instructions, added the two CAcert certificates and
the SPI Inc. 2008 certificate, bumped the library version to 1.71,
and produced the attached patch.

I have tried the new package and can verify that it works. I have
also verified the fingerprints with another person looking over my
shoulder.

The only thing I don't like now is that the CAcert certs show up
under "Root CA", which is the CN they use. I don't think there's
anything we can do about it though.

Looking at the list of certs Mozilla ships by default, I'd say this
patch should go upstream! If anyone objects because of trust issues,
I'd like to see trust paths for all the CAs that are being provided,
many of which don't even provide URLs or policies. But this is
another issue.

-- 
 .''`.   martin f. krafft <madduck at debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
 
"it is impossible to foresee the consequences of being clever."
                                                -- cristopher strachey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nss_3.12.0-1+cacert+spiinc_certs.diff
Type: text/x-diff
Size: 71424 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20080712/6b69f678/attachment-0003.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url : http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20080712/6b69f678/attachment-0003.pgp

More information about the pkg-mozilla-maintainers mailing list