Using system SSL certificates...
Thiago Macieira
thiago at kde.org
Wed Feb 3 05:52:26 GMT 2010
Em Terça-feira 2. Fevereiro 2010, às 17.17.12, Brad Hards escreveu:
> On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> > The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and
> > Equifax. The question is: why are those well-known certificates in Qt but
> >
> > not in Firefox?
>
> Based on the log, it appears Qt may have just taken the cert bundle from an
> earlier version of KDE (when George Staikos was actively managing it).
>
> George's policy (which I concur with) was that a cert in either Firefox or
> IE was OK, if the vendor requested it. It is not OK to just add
> certificates without doing appropriate checks of the vendors practices and
> policies, and KDE doesn't have the resources to do that, hence the
> out-sourcing approach.
>
> FWIW, I'd support removing the cert bundle from KDE and just using
> mozilla's bundle. Ideally we'd support using system certs where the OS or
> vendor provides them.
That's what I did. I took the Mozilla file that describes their cert list.
But I found out that there are 48 certificates that exist today in Qt but not
in Firefox.
The question is: why? Why doesn't Firefox carry VeriSign and Thawte
certificates?
Or, if they do, where is the full list of their certificates?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100202/8181fa8e/attachment.sig>
More information about the kde-core-devel
mailing list