agl__ Adam Langley
Don't mix up Mozilla's explicitly distrusted certificates when using their root CA list: imperialviolet.org/2012/01/30/moz…

January 30, 2012     3 retweets #

KevinSMcArthur Kevin McArthur
@agl__ fun times from curl eh?

January 30, 2012 #

KevinSMcArthur Kevin McArthur
@agl__ fyi, there was tinyurl.com/3wz2mcq already (which is what curl uses for its extracts) and it does take trust into account.

January 30, 2012 #

agl__ Adam Langley
@KevinSMcArthur CURL's script is pretty good, but it missed CKT_NSS_MUST_VERIFY_TRUST which shouldn't be trusted.

January 30, 2012 #

KevinSMcArthur Kevin McArthur
@agl__ interesting, though, that shouldnt result in the including of any bad ca's today right?

January 30, 2012 #

agl__ Adam Langley
@KevinSMcArthur TDC OCES is the only one affected: bugzilla.mozilla.org/show_bug.cgi?i…

January 30, 2012 #