Comment 26 for bug 1647285

Before we switch any software to using p11-kit-trust.so, we need to fix our ca-certificates package to properly handle untrusted or blacklisted certificates. At the moment, I believe they are simply skipped when generating the contents of /usr/share/ca-certificates.