While mailing with a subversion people related to a subversion bug he mentioned : "Please stop posting links to the HTTPS version of that site. They don't use a certificate that Firefox recognizes, which is a pain. HTTP is perfectly fine." He's correct about that (Andy Levy <andy.levy@gmail.com>). I'm wondering when the certificate chain will be completed ? Reproducible: Always
In firefox, it is trivially easy to accept our certificate. We use CAcert, which is free. In my opinion, it is quite silly to pay large amounts of money for eg Verisign or someone else such that firefox stops complaining. At least, this is my understanding. @infra, please correct me if I am wrong.
Your real problem lies here: https://bugzilla.mozilla.org/show_bug.cgi?id=215243 - and on that note, adding CACert seems to be a huge problem for Mozilla, but adding shit like CNNIC was no problem at all, cf. https://bugzilla.mozilla.org/show_bug.cgi?id=525008 Plus, see tons of upstream FF bugs about horrible handling of untrusted certs in FF, which keeps annoying users ad nauseam for no good reason. FF is a PITA here, not using CACert. There's nothing wrong with using CACert.org certs and pointing to https links, either you can install the root certs from http://www.cacert.org/index.php?id=3 or add a permanent exception to FF or stop using HTTPS and move on.
Yup, we use CACert because of the validation chain. The upstream SVN guy can either accept them or use the HTTP version at his own wishes. However, the certificate and chain are most definitely not invalid.
