Hi, Am 27.10.2011 08:43, schrieb Ludwig Nussel:
Rajko M. wrote:
On Wednesday, October 26, 2011 02:05:37 AM Ludwig Nussel wrote:
Anyways, in general no package must include it's own list of root CA certificates but rather use the distro provided defaults. If you find some package that includes it's own list please file a bug and let the package maintainer fix it (CC security). Should be an easy task.
Is that valid for Mozilla products and Chromium?
It would be desirable, yes. The system list is Mozilla's anyways. AFAIK Chromium uses NSS too so if NSS was able to read an external source instead of only the compiled in(!) ones both browsers would automatically use the system certs.
The root cert list which is used by Firefox (NSS) is a separate package since quite some time. Hygiea:~ # rpm -ql mozilla-nss-certs /usr/lib64/libnssckbi.so People who know how to do it can replace that package with another one providing "mozilla-nss-certs". The openSUSE NSS package (and the typical Mozilla apps) are (in theory) fully prepared to work with custom certificate database on system (and also user) level. Currently all mozilla apps are using the same root certificate list but it's also possible that all mozilla apps use the same database for personal certs. That feature is in an experimental stage since 2 or 3 years and never left it because of missing testing/experience. Wolfgang -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org