Comment 1 for bug 925713

Revision history for this message
dobey (dobey) wrote :

Because we have to continue shipping the cert .pems anyway, for other platforms, and because OpenSSL has issues with the chaining when reading from ca-certificates.crt, it doesn't seem like trying to get them added to ca-certificates.crt (which seems to have quite a complex process to do), won't affect security at all. And if the cert is changed on the server, validation will fail as-is since the certs would no longer match until we ship an update. Agreed on IRC to just close the bug.