From kde-core-devel Fri Jan 29 07:45:04 2010 From: Thiago Macieira Date: Fri, 29 Jan 2010 07:45:04 +0000 To: kde-core-devel Subject: Re: Using system SSL certificates... Message-Id: <201001290845.13884.thiago () kde ! org> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=126475117008021 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart1767226.S693XcUkJU" --nextPart1767226.S693XcUkJU Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Em Sexta-feira 29. Janeiro 2010, =E0s 03.27.56, Andreas Hartmetz escreveu: > On Friday 29 January 2010 01:26:11 Andreas Hartmetz wrote: > > Hi, > >=20 > > I don't think anymore that it is a good idea to ship our own certificate > > bundle with KDE *on Linux*. Good Linux distributions have more resources > > and do a good job at maintaining a set of certificates. On some platfor= ms > > we will probably always have to ship our own certificates or maybe add = an > > interface to the native certificate store API (I'd rather not). > > That said, if and when I make this change I will also (re)add some GUI = to > > add certificates on top of system certificates, and maybe a blacklist f= or > > unwanted system certificates too. > > Encouragement? Protest? > > (Currently there is no client certificate support because I didn't get > > around to doing it, this is also something I want to add at some point. > > No need for discussion.) >=20 > I was thinking that Firefox uses those system certificates as well, but it > doesn't, as SadEagle and bradh told me on IRC. We also located where > Firefox stores its certificates, unfortunately it's binary and inside a > library. So I change the suggestion to: keep using our own certificate > bundle and occasionally just download and sync with whatever Firefox uses > from the Mozilla repository. i'll look into making a script for that. > The other things that I wrote still stand. I've already made a script to do that. Actually, a Qt program. I'll probably update Qt's certificate list with the Firefox ones for the ne= xt=20 Qt version. So all KDE has to do is stop overriding Qt's default certificate bundle. =2D-=20 Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Senior Product Manager - Nokia, Qt Development Frameworks PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358 --nextPart1767226.S693XcUkJU Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQBLYpIAM/XwBW70U1gRAgxGAJ0eH0VDbwwibfSEL+UVj23Kyc3x/gCdG8at n4BnW2CB59xM0t7BWFL7CwA= =4I3/ -----END PGP SIGNATURE----- --nextPart1767226.S693XcUkJU--