It looks like symlinking firefox and thunderbird's own copies of
libnssckbi.so to the system-wide p11-kit-trust.so is the proper way to
fix this bug, as far as Mozilla's products are concerned.
Before I proceed to doing this, I'd welcome comments from the security
team on this approach though, as I suspect I don't understand all the
implications.
(an alternative would be building firefox/thunderbird against the
system-wide nss, but firefox currently requires 3.50, which isn't yet in
focal, and I suspect that requirement is being bumped often, so that
wouldn't really work with our distribution model)
** Changed in: firefox (Ubuntu)
Status: New => Confirmed
** Changed in: firefox (Ubuntu)
Assignee: (unassigned) => Olivier Tilloy (osomon)
** Changed in: thunderbird (Ubuntu)
Assignee: (unassigned) => Olivier Tilloy (osomon)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647285
Title:
SSL trust not system-wide
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1647285/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
