From snapd 2.50 onwards, strictly confined snaps running on classic Ubuntu and Debian systems can read files in /etc/ssl on the host system, outside of their confined snap environment.
The /etc/ssl directory contains SSL certificates that are typically used to authenticate connections to a server, and snap access enables end-users to add their own certificates for connections outside the default certificates provided by the snap environment, which come from the base snap being used.
This feature is only for strictly confined snaps. It is distinct from a separate feature (see store-certs) that enables snapd itself to use and trust a custom store certificate.
Support for reading the host system’s /etc/ssl/ will be expanded to include Ubuntu Core and other classic distros like, such as Fedora and openSUSE, in the future.