[Interest] SSL & Let's Encrypt certificate expiration
Thorsten Glaser
t.glaser at tarent.de
Thu Oct 7 01:35:06 CEST 2021
On Wed, 6 Oct 2021, Hamish Moffatt via Interest wrote:
> The OpenSSL blog writes that this unfortunately doesn't happen with
> 1.0.2 though - it sees the expired root and gives up.
> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
http://www.mirbsd.org/cvs.cgi/src/lib/libssl/src/crypto/x509/x509_vfy.c.diff?r1=1.5;r2=1.6
This is what I applied to MirBSD’s SSL. Apparently, OpenSSL
does not always trust the local store? They seem to be making
it dependent on X509_V_FLAG_TRUSTED_FIRST.
With this patch, local files in /etc/ssl/certs/ have precedence.
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
╳ HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************
More information about the Interest
mailing list