I had long discussion with Marc-Andre Lemburg about the issue. He maintains the eGenix pyOpenSSL distribution which also contains root CA certs. He did some tests with TRUST settings but apparently OpenSSL ignores them. Eventually we came up with the idea to split the CA bundle into multiple files: a separate file for each purpose. See http://www.egenix.com/products/python/pyOpenSSL/
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1207004 Title: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs