** Changed in: ca-certificates (Ubuntu)
Status: Incomplete => New
** Changed in: nss (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1647285
Title:
SSL trust not system-wide
Status in ca-certificates package in Ubuntu:
New
Status in nss package in Ubuntu:
New
Bug description:
When I install a corporate CA trust root with update-ca-certificates,
it doesn't seem to work everywhere. Various things like Firefox,
Evolution, Chrome, etc. all fail to trust the newly-installed trusted
CA.
This ought to work, and does on other distributions. In p11-kit there
is a module p11-kit-trust.so which can be used as a drop-in
replacement for NSS's own libnssckbi.so trust root module, but which
reads from the system's configured trust setup instead of the hard-
coded version.
This allows us to install the corporate CAs just once, and then file a
bug against any package that *doesn't* then trust them.
See https://fedoraproject.org/wiki/Features/SharedSystemCertificates
for some of the historical details from when this feature was first
implemented, but this is all now supported upstream and not at all
distribution-specific. There shouldn't be any significant work
required; it's mostly just a case of configuring and building it to
make use of this functionality. (With 'alternatives' to let you
substitute p11-kit-trust.so for the original NSS libnssckbi.so, etc.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1647285/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
