Hi, just adding my two cents here: the new class3.crt does verify against the already packaged Class 1 Root. To wit:
$ openssl verify -show_chain -CAfile /usr/share/ca-certificates/CAcert/root_X0F.crt class3.crt class3.crt: OK
Chain: depth=0: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root (untrusted) depth=1: O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = supp...@cacert.org Is there any other reason why the intermediate certificate should not be replaced immediately? Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
signature.asc
Description: PGP signature
