Hi, I'm the submitter of the bug at Debian.
Nikos Mavrogiannopoulos wrote: > Thanks for the report. I'll try to fix it as soon. However note that if > you want to set all the list of ca-certificates.crt as the trusted list > then probably you are doing something wrong. In my case I am building a website where people authenticate using a client certificate. I extract the e-mail address from the client certificate DN and match that against the database of known users. If it's an unknown user then they can create an account. I don't want to babysit SSL certificates and sign them all myself. As long as someone presents me with a certificate signed by someone I trust (that would be all the CA's in ca-certificates) I want them to be able to access the website. This is not some small, closed intranet or something, but a website that anyone should be able to access. The only way I see to reduce the list of CA's that I need to load is to figure out which of them don't give out client certificates. There's got to be quite a few in that list that only give out server certificates. -- Sander Marechal _______________________________________________ Modules mailing list Modules@lists.outoforder.cc http://lists.outoforder.cc/mailman/listinfo/modules