[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Compile without CA
|
From: |
Nicolás Reynolds |
|
Subject: |
Re: Compile without CA |
|
Date: |
Fri, 22 Oct 2010 00:23:30 -0300 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
El 21/10/10 11:44, manu revah dijo:
>
> Le Jeu 21 octobre 2010 22:57, Gary a écrit :
> > On Thu, Oct 21, 2010 at 1:31 PM, Emmanuel Revah wrote:
> >
> >> I was wondering if there was a flag (or something) to compile Icecat to:
> >>
> >> - Not contain any root certificates by default
> >> - (less important for now) Not halt on ssl "errors"
> >
> > Wouldn't that break SSL browsing altogether?
>
>
> Not really, right now having to either:
> - manually adding certificates one by one (after removing all the roots)
> - trusting people i don't trust (and still add "exceptions" for sites i
> do trust)
> is more ssl browser breaking then anything..
>
>
> > If you're merely trying
> > to debug an SSL connection you might try something like Charles?
> > http://www.charlesproxy.com/overview.
>
>
> Thanks for the link, but I am not trying to debug right now, cheers : ]
>
>
> > Alternately, you could just go
> > in and remove all your root CA certs rather than spend the time trying
> > to yank that code out.
> >
> > -Gary
> >
>
>
> It would be easier to add a compile option then to remove certs one by one
> on every browser I use, in my humble IMHO :]. Anyway I am curious and
> would like to know how to do this if it is possible.
an empty ca-certificates package, maybe?
or you could use perspectives :)
http://www.cs.cmu.edu/~perspectives/
--
Salud!
Nicolás Reynolds,
xmpp:address@hidden
omb:http://identi.ca/fauno
blog:http://selfdandi.com.ar/
gnu/linux user #455044
http://librecultivo.org.ar
http://parabolagnulinux.org
pgp5e_Z3DsCwk.pgp
Description: PGP signature