[Interest] SSL & Let's Encrypt certificate expiration
Christophe THOMAS
oxygen77.ct at gmail.com
Thu Oct 7 08:21:23 CEST 2021
Hello
So without the flag OpenSSL would use another store ? One located locally or embedded inside OpenSSL?
Christophe
> Le 7 oct. 2021 à 01:37, Thorsten Glaser <t.glaser at tarent.de> a écrit :
>
> On Wed, 6 Oct 2021, Hamish Moffatt via Interest wrote:
>
>> The OpenSSL blog writes that this unfortunately doesn't happen with
>> 1.0.2 though - it sees the expired root and gives up.
>> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>
> http://www.mirbsd.org/cvs.cgi/src/lib/libssl/src/crypto/x509/x509_vfy.c.diff?r1=1.5;r2=1.6
>
> This is what I applied to MirBSD’s SSL. Apparently, OpenSSL
> does not always trust the local store? They seem to be making
> it dependent on X509_V_FLAG_TRUSTED_FIRST.
>
> With this patch, local files in /etc/ssl/certs/ have precedence.
>
> bye,
> //mirabilos
> --
> Infrastrukturexperte • tarent solutions GmbH
> Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
> Telephon +49 228 54881-393 • Fax: +49 228 54881-235
> HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
> Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
>
> ****************************************************
> /⁀\ The UTF-8 Ribbon
> ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
> ╳ HTML eMail! Also, https://www.tarent.de/newsletter
> ╱ ╲ header encryption!
> ****************************************************
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
More information about the Interest
mailing list