Skip to content

Make apt work again by dropping the expired "DST Root CA X3" cert

Walter Lozano requested to merge wip/wlozano/certificate-fix into apertis/v2022pre

Remove the expired DST Root CA X3 as it causes issues with old versions of GnuTLS as they validates the full available chain even if one of the intermediate certificates is trusted on its own. This happens in particular with letsencrypt whose intended root certificate is "ISRG Root X1", which itself has been signed by the now expired "DST Root CA X3" certificate.

Signed-off-by: Walter Lozano walter.lozano@collabora.com

Edited by Walter Lozano

Merge request reports

Loading