Bug 120280 - Request for inclusion of ca certificate into ca-bundle.crt
Request for inclusion of ca certificate into ca-bundle.crt
Status: CLOSED DEFERRED
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
https://bugzilla.mozilla.org/show_bug...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-07 11:37 EDT by Daniel Vollbrecht
Modified: 2013-11-13 10:40 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-08 11:58:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 215243 None None None Never

  None (edit)
Description Daniel Vollbrecht 2004-04-07 11:37:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux)

Description of problem:
I would apply for the addition of the DFN-PCA SSL certificate. The
cert is available at
http://www.dfn-pca.de/certification/x509/g1/data/html/cacert.html

As far as I know, the requirements are fulfilled:

(a) The DFN-PCA is root CA in the DFN association
(b) certification is offered to the public, for non-commercial
organizations without fee
(c) info about DFN-PCA authority http://www.dfn-cert.de/eng/dfncert/
(d) policy
http://www.dfn-pca.de/certification/policies/ssl-tls/cp-1.4/wwwpolicy.html


--- http://www.dfn.de/content/welcometodfn/aboutdfn/ ---
"The DFN-Verein is a non-profit association of the research,
development and education sector in Germany to promote computer-based
communication and information services."

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.cert not present
2.
3.
    

Additional info:
Comment 1 Petri Koistinen 2004-10-15 18:11:21 EDT
Root Certificate from https://www.cacert.org/ would be great.
Comment 2 Joe Orton 2005-01-27 04:53:10 EST
In the future, we are keeping the OpenSSL root CA bundle in sync with
the Mozilla root CA bundle.  If and when the DFN-PCA cert is accepted
by Mozilla, it will get pulled into a future version of OpenSSL
automatically.  Please move this bug to ASSIGNED when the upstream
Mozilla bug is closed.
Comment 3 Nicolas Vilz 'niv' 2005-07-22 08:17:56 EDT
other distros have outsourced ca-certs for console progs. the package is called
ca-certificates. On these distros you refer on /etc/ssl/certs/ and can easily
add some for your own ... would that be a big problem for you guys?
Comment 4 Tomas Mraz 2005-09-08 11:58:35 EDT
This problem will be resolved in a future release of Fedora Core if the
certificate is included in the Mozilla root CA bundle. See comment #2.
Comment 5 Bernie Innocenti 2006-08-03 19:37:19 EDT
Please don't wait for Mozilla to catch up, it won't be
soon enough for FC6.

Missing support out of the box in Fedora is preventing
us to switch to CaCert for SSL.

Note You need to log in before you can comment on or make changes to this bug.