1230
Comment:
|
1383
|
Deletions are marked like this. | Additions are marked like this. |
Line 8: | Line 8: |
* Seems that Kleopatra only works on stuff under ~/.gnupg and ignores /etc/ssl/certs ? | * Seems that Kleopatra only works on stuff under ~/.gnupg and ignores /etc/ssl/certs ? Kleopatra and KMail use gpgsm for S/MIME? * gpgsm seems to come with an empty trust list? https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/273625 |
I thought by adding certificates to /etc/ssl/certs they would automatically be used in browsers and mail clients. How much wronger can you be...
Findings
- Mozilla uses libnss, which brings its own list of trusted certificates in /usr/lib/firefox/libnssckbi.so (see bug #316436)
- KDE comes with its own certificates kdelibs5-data: /usr/share/kde4/apps/kssl/ca-bundle.crt
- Seems that Kleopatra only works on stuff under ~/.gnupg and ignores /etc/ssl/certs ? Kleopatra and KMail use gpgsm for S/MIME?
gpgsm seems to come with an empty trust list? https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/273625
KDE SSL bug https://bugs.kde.org/show_bug.cgi?id=162485
Crypto Consolidation
Fedora is working to consolidate Cryptography: https://fedoraproject.org/wiki/FedoraCryptoConsolidation
The matter has also been discussed on debian-devel without a conclusion: http://lists.debian.org/debian-devel/2011/04/msg01062.html
Tipps
This might work to make ca-certificates available in Debian? (source)
# dpkg-divert --local --rename --add /usr/share/kde4/apps/kssl/ca-bundle.crt # ln -s /etc/ssl/certs/ca-certificates.crt /usr/share/kde4/apps/kssl/ca-bundle.crt