'Re: Using system SSL certificates...'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Using system SSL certificates...
From:       Thiago Macieira <thiago () kde ! org>
Date:       2010-01-29 7:45:04
Message-ID: 201001290845.13884.thiago () kde ! org
[Download RAW message or body]


Em Sexta-feira 29. Janeiro 2010, às 03.27.56, Andreas Hartmetz escreveu:
> On Friday 29 January 2010 01:26:11 Andreas Hartmetz wrote:
> > Hi,
> > 
> > I don't think anymore that it is a good idea to ship our own certificate
> > bundle with KDE *on Linux*. Good Linux distributions have more resources
> > and do a good job at maintaining a set of certificates. On some platforms
> > we will probably always have to ship our own certificates or maybe add an
> > interface to the native certificate store API (I'd rather not).
> > That said, if and when I make this change I will also (re)add some GUI to
> > add certificates on top of system certificates, and maybe a blacklist for
> > unwanted system certificates too.
> > Encouragement? Protest?
> > (Currently there is no client certificate support because I didn't get
> > around to doing it, this is also something I want to add at some point.
> > No need for discussion.)
> 
> I was thinking that Firefox uses those system certificates as well, but it
> doesn't, as SadEagle and bradh told me on IRC. We also located where
> Firefox stores its certificates, unfortunately it's binary and inside a
> library. So I change the suggestion to: keep using our own certificate
> bundle and occasionally just download and sync with whatever Firefox uses
> from the Mozilla repository. i'll look into making a script for that.
> The other things that I wrote still stand.

I've already made a script to do that. Actually, a Qt program.

I'll probably update Qt's certificate list with the Firefox ones for the next 
Qt version.

So all KDE has to do is stop overriding Qt's default certificate bundle.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic