Bug#926388: let Firefox trust /etc/ssl/certs/ca-certificates.crt

To: 926388@bugs.debian.org
Subject: Bug#926388: let Firefox trust /etc/ssl/certs/ca-certificates.crt
From: Holger Fischer <holger.fischer@hoonet.org>
Date: Sun, 07 Feb 2021 17:54:26 +0100
Message-id: <[🔎] 256144c606622a8638375ae0f09bfaf5c3b6e8e5.camel@hoonet.org>
Reply-to: Holger Fischer <holger.fischer@hoonet.org>, 926388@bugs.debian.org
References: <20190404103154.Horde.4qUfSY1NSh56vIzduZGrsD0@mail.das-netzwerkteam.de>

Hi,
Bullseye will be frozen soon. Let's manage to get this sorted out 😀️.

I think the maintainable solution to this is to 

replace (dpkg-divert)
libnssckbi.so (/usr/lib/<ARCH>/nss/libnssckbi.so)

with
/usr/lib/<ARCH>/pkcs11/p11-kit-trust.so 

if a package 
p11-kit-trust 
is installed.

The package p11-kit-trust can be built from:
https://packages.debian.org/source/sid/p11-kit ;

as described here (the package name here is still p11-kit-nssckbi, but
that can be changed easily):
https://salsa.debian.org/gnutls-team/p11-kit/-/commit/2bc43fb58fc491d2a845a321cadd90a7f33f371e

Solution found here:
https://salsa.debian.org/gnutls-team/p11-kit/commits/tmp-704180-divertnss

taken from bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704180#80

Internet sources which describe the same solution:
https://superuser.com/a/1312419

https://www.bachmann-lan.de/linux-mit-eigenen-ssl-zertifikaten-root-ca-installieren/

(In Fedora/Red Hat/etc. it's done this way by default, package name for
this is p11-kit-trust)

I think this bug report is a duplicate of #704180

BR
DI(FH) Holger Fischer, MSc

Reply to:

Prev by Date: debian-edu_2.11.34_source.changes ACCEPTED into unstable
Next by Date: Changing password from outside
Previous by thread: debian-edu_2.11.34_source.changes ACCEPTED into unstable
Next by thread: Bug#926388: let Firefox trust /etc/ssl/certs/ca-certificates.crt
Index(es):
- Date
- Thread