Using system SSL certificates...

Thiago Macieira thiago at
Wed Feb 3 05:52:26 GMT 2010

Em Terça-feira 2. Fevereiro 2010, às 17.17.12, Brad Hards escreveu:
> On Saturday 30 January 2010 08:21:17 Thiago Macieira wrote:
> > The Qt non-Firefox certificates contain the likes of VeriSign, Thawte and
> > Equifax. The question is: why are those well-known certificates in Qt but
> > 
> >  not in Firefox?
> Based on the log, it appears Qt may have just taken the cert bundle from an
> earlier version of KDE (when George Staikos was actively managing it).
> George's policy (which I concur with) was that a cert in either Firefox or
> IE was OK, if the vendor requested it. It is not OK to just add
> certificates without doing appropriate checks of the vendors practices and
> policies, and KDE doesn't have the resources to do that, hence the
> out-sourcing approach.
> FWIW, I'd support removing the cert bundle from KDE and just using
> mozilla's bundle. Ideally we'd support using system certs where the OS or
> vendor provides them.

That's what I did. I took the Mozilla file that describes their cert list.

But I found out that there are 48 certificates that exist today in Qt but not 
in Firefox.

The question is: why? Why doesn't Firefox carry VeriSign and Thawte 

Or, if they do, where is the full list of their certificates?
Thiago Macieira - thiago (AT) - thiago (AT)
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the kde-core-devel mailing list