Bug#926388: let Firefox trust /etc/ssl/certs/ca-certificates.crt
Hi,
Bullseye will be frozen soon. Let's manage to get this sorted out 😀️.
I think the maintainable solution to this is to
replace (dpkg-divert)
libnssckbi.so (/usr/lib/<ARCH>/nss/libnssckbi.so)
with
/usr/lib/<ARCH>/pkcs11/p11-kit-trust.so
if a package
p11-kit-trust
is installed.
The package p11-kit-trust can be built from:
https://packages.debian.org/source/sid/p11-kit ;
as described here (the package name here is still p11-kit-nssckbi, but
that can be changed easily):
https://salsa.debian.org/gnutls-team/p11-kit/-/commit/2bc43fb58fc491d2a845a321cadd90a7f33f371e
Solution found here:
https://salsa.debian.org/gnutls-team/p11-kit/commits/tmp-704180-divertnss
taken from bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704180#80
Internet sources which describe the same solution:
https://superuser.com/a/1312419
https://www.bachmann-lan.de/linux-mit-eigenen-ssl-zertifikaten-root-ca-installieren/
(In Fedora/Red Hat/etc. it's done this way by default, package name for
this is p11-kit-trust)
I think this bug report is a duplicate of #704180
BR
DI(FH) Holger Fischer, MSc
Reply to: