Using system SSL certificates...

Andreas Hartmetz ahartmetz at gmail.com
Fri Jan 29 02:27:56 GMT 2010


On Friday 29 January 2010 01:26:11 Andreas Hartmetz wrote:
> Hi,
> 
> I don't think anymore that it is a good idea to ship our own certificate
> bundle with KDE *on Linux*. Good Linux distributions have more resources
> and do a good job at maintaining a set of certificates. On some platforms
> we will probably always have to ship our own certificates or maybe add an
> interface to the native certificate store API (I'd rather not).
> That said, if and when I make this change I will also (re)add some GUI to
> add certificates on top of system certificates, and maybe a blacklist for
> unwanted system certificates too.
> Encouragement? Protest?
> (Currently there is no client certificate support because I didn't get
> around to doing it, this is also something I want to add at some point. No
> need for discussion.)
> 

I was thinking that Firefox uses those system certificates as well, but it 
doesn't, as SadEagle and bradh told me on IRC. We also located where Firefox 
stores its certificates, unfortunately it's binary and inside a library.
So I change the suggestion to: keep using our own certificate bundle and 
occasionally just download and sync with whatever Firefox uses from the 
Mozilla repository. i'll look into making a script for that.
The other things that I wrote still stand.




More information about the kde-core-devel mailing list