One would be to create a patcher which would let you change the set of certificate authorities accepted by the browser. Currently the browser accepts at least one (an internal Netscape test CA) which is not needed by end users. Maybe its public key could be statically overwritten by the patch program with the public key of the replacement CA. This sounds simple and safe. The patch program can confirm that the data being changed matches the test CA.
Where is the public key for the test CA available? Seems pretty trivial to take those bits and just do a bit compare against your netscape binary to find out where the key is stored within the binary.. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org