Using system SSL certificates...

Brad Hards bradh at
Wed Feb 3 01:17:12 GMT 2010

On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and
> Equifax. The question is: why are those well-known certificates in Qt but
>  not in Firefox?
Based on the log, it appears Qt may have just taken the cert bundle from an 
earlier version of KDE (when George Staikos was actively managing it).

George's policy (which I concur with) was that a cert in either Firefox or IE 
was OK, if the vendor requested it. It is not OK to just add certificates 
without doing appropriate checks of the vendors practices and policies, and 
KDE doesn't have the resources to do that, hence the out-sourcing approach.

FWIW, I'd support removing the cert bundle from KDE and just using mozilla's 
bundle. Ideally we'd support using system certs where the OS or vendor 
provides them.


More information about the kde-core-devel mailing list