Comment 6 for bug 551811

With the appended patch we could redistribute the certificate chains for CACert, startSSL and Equifax.

However, with Equifax, we would need to sign such a form:
open this page: https://www.geotrust.com/resources/root-certificates/index.html
and take a look at: Root Certificate Distribution Agreement
not really sure if we want to do this, Sander?

The statement regarding cacert certificate license can be found here:
http://www.cacert.org/policy/NRPDisclaimerAndLicence.php
If you want to use certificates issued by CAcert, read the CAcert Disclaimer and Licence .This license applies to using the CAcert root keys.

For startssl I haven't found anything.

Sander, do you can figure out whether including startssl root certificates would be OK?
As far as I can see, including cacert root certificates should be fine.

With the patch applied, Coccinella checks (at least here for me on Linux right now) in ~/.coccinella/certificates for the existence of cacerts.pem file, and if not there, it copies the file from the "application directory/certificates/cacerts.pem" to the above mentioned directory. I chose to put the cacerts.pem file in certificates/cacerts.pem so that it should also work when the configuration is saved in the application path.

Sander, any objections when I commit this one to see how the windows breakfast build binary behaves with using/copying the certificate file?