On Fri, Dec 28, 2001 at 03:38:37AM +0900, Fumitoshi UKAI wrote: > At Thu, 27 Dec 2001 09:23:06 -0600, > Steve Langasek wrote:
> > On Thu, Dec 27, 2001 at 05:30:35PM +0900, Fumitoshi UKAI wrote: > > > Mozilla has several builtin CA certificate, but it can be useful only in > > > mozilla for now. It would be very useful for other OpenSSL enabled > > > applications, such as w3m-ssl. This package will provides PEM files > > > generated from mozilla certdata.txt, install them to /etc/ssl/certs > > > and probably generate hash symlinks by using c_rehash(1). > > > So a package using openssl can use /etc/ssl/certs as CApath to verify > > > SSL peer certificate. > > > What do you think about this package? Does it make sense? > > > If mozilla maintainer or openssl maintainer is interested to provide this > > > package, I'd like to tell them how to build this package instead of > > > building this by myself. > > > Can we put this package in main? > > Is there any chance of including in this package the CA used to sign the > > SSL key for https://db.debian.org/? :) > Hmm, then it's better to change the package name. Perhaps so, yes. But I think a broader package is more useful. Is there a reason that we, as an OS vendor, should treat Mozilla's list of CAs as authoritative? > BTW, cert key of https://db.debian.org/ is self signed, so that > openssl complains as self signed certificate. Does OpenSSL not like self-signed certificates, even if the cert is listed as a CA? Steve Langasek postmodern programmer
pgptmghrMsLIH.pgp
Description: PGP signature