Hello So without the flag OpenSSL would use another store ? One located locally or embedded inside OpenSSL?
Christophe > Le 7 oct. 2021 à 01:37, Thorsten Glaser <t.gla...@tarent.de> a écrit : > > On Wed, 6 Oct 2021, Hamish Moffatt via Interest wrote: > >> The OpenSSL blog writes that this unfortunately doesn't happen with >> 1.0.2 though - it sees the expired root and gives up. >> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ > > http://www.mirbsd.org/cvs.cgi/src/lib/libssl/src/crypto/x509/x509_vfy.c.diff?r1=1.5;r2=1.6 > > This is what I applied to MirBSD’s SSL. Apparently, OpenSSL > does not always trust the local store? They seem to be making > it dependent on X509_V_FLAG_TRUSTED_FIRST. > > With this patch, local files in /etc/ssl/certs/ have precedence. > > bye, > //mirabilos > -- > Infrastrukturexperte • tarent solutions GmbH > Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ > Telephon +49 228 54881-393 • Fax: +49 228 54881-235 > HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 > Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg > > **************************************************** > /⁀\ The UTF-8 Ribbon > ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: > ╳ HTML eMail! Also, https://www.tarent.de/newsletter > ╱ ╲ header encryption! > **************************************************** > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
