Description of problem:
Cannot connect via SSL connection to servers which has missing CAs in ca-bundle.crt

e.g. github.com signed by DigiCert CA


Version-Release number of selected component (if applicable):
openssl-0.9.8e-12.el5_5.7


Steps to Reproduce:
1a. curl --cacert /etc/pki/tls/certs/ca-bundle.crt https://github.com
or
1b. git clone https://github.com/whatever/whatever.git

  
Actual results:
Cannot connect to many sites which are using newer e.g. "only" 5 years old CAs

Expected results:
RHEL5 without security issues(Some CAs are missing and others should be removed)

Additional info:
I see updated RHEL 5.6 provides ca-bundle.crt with content:
---
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
#
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
#
# Generated from certdata.txt RCS revision 1.39
---

1.39 has been commited 2006-06-09 14:02 -> Completely missing DigiCert CAs
1.42 has been commited 2007-06-05 12:16 -> first evidence of DigiCert CAs
1.68 has been commited 2010-11-26 14:48 -> updated DigiCert CAs

To fix issue with DigiCert CA I need at least version 1.68 but definitely prefer
latest 1.74 2011-04-12 17:10	


What about backporting ca-certificates rpm from RHEL6.x ?