Eddy Nigg wrote: >> Quite a while ago, I read a message from someone saying he had devised, >> or was going to devise, a scheme to extract all of Mozilla's trusted root >> certs from NSS and make PEM files from them, and use them as trusted >> certs >> in some other non-NSS-based product. >> >> Does anyone remember that? >> Can you point me to the person(s) who did that? >> I'd like to ask them about it, and maybe reuse it. >> > > Yes, that was Curl and here the link to the page > http://curl.netmirror.org/docs/caextract.html and this is the tool: > http://curl.netmirror.org/docs/parse-certs.txt
It's about trust after all... So I wonder whether there's a chance to verify the integrity of http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt Any list of fingerprints of the CA certs therein one could obtain (out-of-band)? Going to all the CA's web sites will not be overly effective I guess... :-/ Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
