On Mon, Jun 01, 2020 at 07:17:28PM +0200, Theo Buehler wrote:
> On Mon, Jun 01, 2020 at 06:04:17PM +0100, Stuart Henderson wrote:
> > OK to drop the expired AddTrust cert from cert.pem?
>
> Thanks for taking care of this (and for checking the firefox set). I see
> no reason to keep it.
>
> ok
>
> > I checked against the firefox set, there are no new/removed certs that
> > work with libressl there. There are now two with GENERALIZEDTIME notAfter
> > dates from before 2050 that don't work though (I only remember seeing one
> > of those when I last looked).. but that is a separate issue.
> >
> > /C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root
> > CA/emailAddress=p...@sk.ee
> > /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification
> > Authority/CN=Certum Trusted Network CA 2
>
> Ugh...
