CAcert.org root certificate is not included anymore

All Iceweasel backports (including ours) now use the in-tree NSS library, that does not include the patches Debian applies to the NSS library. On the one hand, this falls under the #5870 (closed) umbrella. On the other, that’s a regression, and e.g. blocks access to our own Redmine, hence a priority higher than normal.

It’s probably not-too-hard to patch the in-tree NSS library with the relevant Debian patch(es).

Feature Branch: feature/6474-tor-browser-mozconfig

Related issues

Related to #5870 (closed)
Related to #5976

Original created by @intrigeri on 6704 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information