[FirefoxDevEdition] Extra certificates in /etc/ssl/certs are ignored

[khardix]

As said in title, imported certificates in /etc/ssl/certs not in ca-bundle.crt are ignored by the browser.

Flatpak version: 0.9.3
OS: Fedora 25 x86_64
FF version: 54.0b7

[xhorak]

What kind of Firefox is it? DevEdition, Nightly? NightlyWayland?

[khardix]

DevEdition, currently at 54.0b12.
I have my employer's CA certificate as extra PEM file, and on pages with certificates issued by that CA I'm getting UNKNOWN_ISSUER error. Non-flatpak Firefox works fine.

[xhorak]

Oh, I may I know why is that. The DevEdition flatpak gives access only to the $HOME directory.
However when I run
flatpak run --filesystem=host --devel --command=sh org.mozilla.FirefoxDevEdition
I still get different directory listing of ls -l /etc/ssl/certs than on my machine. Is that okay, how it can be overridden, any idea @alexlarsson ?

[alexlarsson]

/etc/ssl/certs is atm supplied from the runtime. I want to expose the host certificates, but it is complicated because every distro exposes this differently. The current plan is: flatpak/flatpak#677 (comment)