Add expired "DST Root CA X3" to the blacklist (!14) · Merge requests · pkg / ca-certificates

Ritesh Raj Sarraf requested to merge apertis/v2021-updates into apertis/v2021 Oct 04, 2021

Blacklist the expired DST Root CA X3 as it has expired; In particular this causes issues with e.g. gnutls as it validates the full available chain even if one of the intermediate certicates is trusted by itself.

This happens in particular with letsencrypt whose intended root certificate is "ISRG Root X1", which itself has been signed by the now expired "DST Root CA X3" certificate.

Signed-off-by: Sjoerd Simons sjoerd@collabora.com

Admin message

Add expired "DST Root CA X3" to the blacklist

Merge request reports