pissircd

mirror of https://github.com/pissnet/pissircd.git synced 2024-06-05 07:48:44 +01:00

History

Bram Matthys d2ef328147 Update curl-ca-bundle.crt to version of Thu Sep 30 03:12:05 2021 GMT from https://curl.se/ca/cacert.pem. Has a few changes, but the most notable change is that they removed DST Root CA X3. This fixes verifying Let's Encrypt certificates if you use the "DST Root CA X3" chain (which is currently the default in certbot and all) on: * OpenSSL 1.0.2 or earlier (old but in use on eg: Debian 8, Ubuntu 16.04, ..) * LibreSSL below 3.3.5/3.2.7 (so until a day ago) This only affects outgoing connections, so for remote includes and for server linking. Server linking is only affected if you use the link::verify-certificate option, which most people don't use. On a side note, ISRG Root X1, so the "real root" for Let's Encrypt is already included since August 2017 (`c8a67f9436`)	2021-10-03 10:13:40 +02:00
..
curl-ca-bundle.crt	Update curl-ca-bundle.crt to version of Thu Sep 30 03:12:05 2021 GMT	2021-10-03 10:13:40 +02:00

Update curl-ca-bundle.crt to version of Thu Sep 30 03:12:05 2021 GMT

from https://curl.se/ca/cacert.pem. Has a few changes, but the most
notable change is that they removed DST Root CA X3. This fixes
verifying Let's Encrypt certificates if you use the "DST Root CA X3"
chain (which is currently the default in certbot and all) on:
* OpenSSL 1.0.2 or earlier (old but in use on eg: Debian 8, Ubuntu 16.04, ..)
* LibreSSL below 3.3.5/3.2.7 (so until a day ago)

This only affects outgoing connections, so for remote includes and
for server linking. Server linking is only affected if you use the
link::verify-certificate option, which most people don't use.

On a side note, ISRG Root X1, so the "real root" for Let's Encrypt is
already included since August 2017 (c8a67f9436)

2021-10-03 10:13:40 +02:00

curl-ca-bundle.crt Update curl-ca-bundle.crt to version of Thu Sep 30 03:12:05 2021 GMT 2021-10-03 10:13:40 +02:00