Mailinglist Archive: opensuse-project (156 mails)
| < Previous | Next > |
Re: [opensuse-project] Re: [opensuse-factory] The release notes/product highlights for 12.1
- From: Wolfgang Rosenauer <wolfgang@xxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2011 09:13:15 +0200
- Message-id: <4EA9048B.5070402@rosenauer.org>
Hi,
Am 27.10.2011 08:43, schrieb Ludwig Nussel:
The root cert list which is used by Firefox (NSS) is a separate package
since quite some time.
Hygiea:~ # rpm -ql mozilla-nss-certs
/usr/lib64/libnssckbi.so
People who know how to do it can replace that package with another one
providing "mozilla-nss-certs".
The openSUSE NSS package (and the typical Mozilla apps) are (in theory)
fully prepared to work with custom certificate database on system (and
also user) level.
Currently all mozilla apps are using the same root certificate list but
it's also possible that all mozilla apps use the same database for
personal certs.
That feature is in an experimental stage since 2 or 3 years and never
left it because of missing testing/experience.
Wolfgang
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx
Am 27.10.2011 08:43, schrieb Ludwig Nussel:
Rajko M. wrote:
On Wednesday, October 26, 2011 02:05:37 AM Ludwig Nussel wrote:
Anyways, in general no package must include it's own list of root CA
certificates but rather use the distro provided defaults. If you
find some package that includes it's own list please file a bug and
let the package maintainer fix it (CC security). Should be an easy
task.
Is that valid for Mozilla products and Chromium?
It would be desirable, yes. The system list is Mozilla's anyways.
AFAIK Chromium uses NSS too so if NSS was able to read an external
source instead of only the compiled in(!) ones both browsers would
automatically use the system certs.
The root cert list which is used by Firefox (NSS) is a separate package
since quite some time.
Hygiea:~ # rpm -ql mozilla-nss-certs
/usr/lib64/libnssckbi.so
People who know how to do it can replace that package with another one
providing "mozilla-nss-certs".
The openSUSE NSS package (and the typical Mozilla apps) are (in theory)
fully prepared to work with custom certificate database on system (and
also user) level.
Currently all mozilla apps are using the same root certificate list but
it's also possible that all mozilla apps use the same database for
personal certs.
That feature is in an experimental stage since 2 or 3 years and never
left it because of missing testing/experience.
Wolfgang
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx
| < Previous | Next > |