This directory contains the root_ssl_certificates package, which is used by appmgr to provide the root-ssl-certificates sandbox feature.
The certificates file, third_party/cert.pem, is updated using the roll_certs.go script, which pulls from Mozilla's root cert bundle at https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt and converts it to a single PEM file using third_party/convert_mozilla_certdata.go. To update, simply run go run roll_certs.go and check in the new version of the files third_party/cert.pem and third_party/cert.stamp.
This includes the third_party/convert_mozilla_certdata.go tool, which is used by roll_certs.go to extract the bundle of Mozilla root certificates. This tool is originally from https://github.com/agl/extract-nss-root-certs. The version of the tool here is taken from commit 492d8c95628eb861a9f1467099936bc2b1fd6a7b.
The contents of third_party/cert.pem are covered by the license file third_party/LICENSE.MPLv2.