https://bugs.documentfoundation.org/show_bug.cgi?id=147250
Michael Stahl (allotropia) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #7 from Michael Stahl (allotropia) <[email protected]> --- okay so i did some testing... i've installed a custom CA certificate on Fedora 35 by copying it to /etc/pki/ca-trust/source/anchors/ and running sudo update-ca-trust extract my master build, when configured --without-system-nss, will not find this CA cert, but when configured --with-system-nss, it will find it and connection works fine. probably the system NSS has some p11-kit integration or other magic that is missing in the bundled NSS. but that simply means, since there's no reason to bundle NSS, we can just switch TDF builds to use system NSS and this should work. the following command also works to trust the certificate as root: sudo trust anchor --store ca-certificate.pem (not clear where the file is copied to) the Gnome "Seahorse" application ("Password and Keys") is able to display the certificate, but i can't figure out how to add it (.pem file) as trusted. --- well a CLI way to add it as root should be good enough for now; UI would be "nice to have", so i'm calling it fixed for the TDF rpm/deb builds: commit 0028266e34a683b1650410cee65dac502e304c9f Author: Michael Stahl <[email protected]> AuthorDate: Thu Aug 12 13:04:54 2021 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Fri Apr 29 20:24:58 2022 +0200 configure: default to --with-system-nss on Linux --- for the Flatpak build, it would be possible to bundle curl with LO, to avoid the wrongly configured curl in the runtime, since the p11-kit infrastructure is claimed to exist in the above linked bug report. -- You are receiving this mail because: You are the assignee for the bug.
