Using system SSL certificates...

Thiago Macieira thiago at kde.org
Fri Jan 29 07:45:04 GMT 2010


Em Sexta-feira 29. Janeiro 2010, às 03.27.56, Andreas Hartmetz escreveu:
> On Friday 29 January 2010 01:26:11 Andreas Hartmetz wrote:
> > Hi,
> > 
> > I don't think anymore that it is a good idea to ship our own certificate
> > bundle with KDE *on Linux*. Good Linux distributions have more resources
> > and do a good job at maintaining a set of certificates. On some platforms
> > we will probably always have to ship our own certificates or maybe add an
> > interface to the native certificate store API (I'd rather not).
> > That said, if and when I make this change I will also (re)add some GUI to
> > add certificates on top of system certificates, and maybe a blacklist for
> > unwanted system certificates too.
> > Encouragement? Protest?
> > (Currently there is no client certificate support because I didn't get
> > around to doing it, this is also something I want to add at some point.
> > No need for discussion.)
> 
> I was thinking that Firefox uses those system certificates as well, but it
> doesn't, as SadEagle and bradh told me on IRC. We also located where
> Firefox stores its certificates, unfortunately it's binary and inside a
> library. So I change the suggestion to: keep using our own certificate
> bundle and occasionally just download and sync with whatever Firefox uses
> from the Mozilla repository. i'll look into making a script for that.
> The other things that I wrote still stand.

I've already made a script to do that. Actually, a Qt program.

I'll probably update Qt's certificate list with the Firefox ones for the next 
Qt version.

So all KDE has to do is stop overriding Qt's default certificate bundle.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100129/d6b19692/attachment.sig>


More information about the kde-core-devel mailing list