[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#126586: ITP]: mozilla-ca-cert -- Mozilla builtin CA certificates' PEM files

On Fri, Dec 28, 2001 at 03:38:37AM +0900, Fumitoshi UKAI wrote:
> At Thu, 27 Dec 2001 09:23:06 -0600,
> Steve Langasek wrote:

> > On Thu, Dec 27, 2001 at 05:30:35PM +0900, Fumitoshi UKAI wrote:

> > > Mozilla has several builtin CA certificate, but it can be useful only in 
> > > mozilla for now.  It would be very useful for other OpenSSL enabled
> > > applications, such as w3m-ssl.  This package will provides PEM files
> > > generated from mozilla certdata.txt, install them to /etc/ssl/certs
> > > and probably generate hash symlinks by using c_rehash(1).
> > > So a package using openssl can use /etc/ssl/certs as CApath to verify
> > > SSL peer certificate.

> > > What do you think about this package?  Does it make sense?
> > > If mozilla maintainer or openssl maintainer is interested to provide this
> > > package, I'd like to tell them how to build this package instead of 
> > > building this by myself.

> > > Can we put this package in main?

> > Is there any chance of including in this package the CA used to sign the 
> > SSL key for https://db.debian.org/? :)

> Hmm, then it's better to change the package name.

Perhaps so, yes.  But I think a broader package is more useful.  Is 
there a reason that we, as an OS vendor, should treat Mozilla's list of
CAs as authoritative?

> BTW, cert key of https://db.debian.org/ is self signed, so that 
> openssl complains as self signed certificate.

Does OpenSSL not like self-signed certificates, even if the cert is 
listed as a CA?  

Steve Langasek
postmodern programmer

Attachment: pgpM4S55aoFjL.pgp
Description: PGP signature

Reply to: