Add expired "DST Root CA X3" to the blacklist
Blacklist the expired DST Root CA X3 as it has expired; In particular this causes issues with e.g. gnutls as it validates the full available chain even if one of the intermediate certicates is trusted by itself.
This happens in particular with letsencrypt whose intended root certificate is "ISRG Root X1", which itself has been signed by the now expired "DST Root CA X3" certificate.
Signed-off-by: Sjoerd Simons sjoerd@collabora.com