[oi-dev] crypto/ca-certificates
stes@PANDORA.BE
stes at telenet.be
Thu Oct 28 16:56:35 UTC 2021
I tested building a 3.72 package but that also does not solve the problem.
$ pkgrepo -s i386/repo/ list
PUBLISHER NAME O VERSION
userland crypto/ca-certificates 3.72-2020.0.1.0:20211028T165026Z
The problem remains for both 3.71 and 3.72 that
$ pkg contents ca-certificates | grep DST
etc/certs/CA/DST_Root_CA_X3.pem
So the expired certificate remains in the package.
I am not certain how this should be solved.
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
is clear about several ways to fix it on a client machine.
Perhaps escalating / providing a patch "upstream" to the source of those root certificates ??
Regards,
David Stes
More information about the oi-dev
mailing list