[tor-talk] RapidSSL and WildCard Intermediate CA

grarpamp grarpamp at gmail.com
Tue Apr 29 05:52:18 UTC 2014


On Sun, Apr 27, 2014 at 10:36 AM, shmick at riseup.net <shmick at riseup.net> wrote:
> noticed in TBB and beta this was absent
>
> not sure of the intention to include or not - it's included in firefox
> stable and nightly but i can't be 100% certain if i installed it myself
> from memory
>
> https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

These are not service certs but CA certs, so no wildcarding involved.
Neither of them are in nss tip, therefore they're not in any mozilla either.
Other than possibly dropping nss tip into TBB, Tor won't be in the
business of adding any certs, except maybe for Tor's own
infrastructure.

You can add/check whatever you want in [new] TBB profiles.
Though it's really the responsibility of the service to include them
in their service bundle, or the CA's to submit to mozilla, lest
either make themselves look bad.


More information about the tor-talk mailing list