On Mon, 2014-09-08 at 17:07 +0200, Nikos Mavrogiannopoulos wrote:
I understand but this is not the case here. The internet isn't broken because of gnutls and openssl have some limitation, but because the current NSS derived ca-certificates work assume the NSS validation strategy. This should not be allowed in the Fedora package.
I would say, "The Internet is broken because NSS is more permissive than gnutls and openssl, and also because the current NSS derived ca-certificates assume the NSS validation strategy." Even once this fallout gets straightened out, we will still have cases of sites that work in Firefox and Chrome but not in Epiphany, which is unfortunate.
Thanks a bunch for your help with debugging the issue!
Michael