Skip to content

Add expired "DST Root CA X3" to the blacklist

Ritesh Raj Sarraf requested to merge apertis/v2021-updates into apertis/v2021

Blacklist the expired DST Root CA X3 as it has expired; In particular this causes issues with e.g. gnutls as it validates the full available chain even if one of the intermediate certicates is trusted by itself.

This happens in particular with letsencrypt whose intended root certificate is "ISRG Root X1", which itself has been signed by the now expired "DST Root CA X3" certificate.

Signed-off-by: Sjoerd Simons sjoerd@collabora.com

Merge request reports

Loading