Description of problem:
ncat uses its own bundled certificate bundle (/usr/share/ncat/ca-bundle.crt) by default. We should review how it differs from the ca-certificte's bundle and see if it really needs to be distributed in nmap packages, or we can make ncat default to using ca-certificate's bundle (via symlink or different compiled-in path).
Created attachment 520855 [details]
Diff of ncat bundle to system bundle
This compares subjects of CA certs in ncat ca-bundle.crt to ca-bundle.crt from ca-certificates-2011.75-1.fc16 (which builds the certificate list from Mozilla's / NSS's certdata).
Out of more than 100 certs in ncat bundle, more than 30 are already expired.