Home GnuPG
Diffusion GnuPG 341ab0123a8f

dirmngr: Fix Let's Encrypt certificate chain validation.

Description

dirmngr: Fix Let's Encrypt certificate chain validation.

* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
certififcate if any.

This is basically the same as using OpenSSL with ist
X509_V_FLAG_TRUSTED_FIRST flag. See
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

Details

Provenance
wernerAuthored on Wed, Oct 6, 9:28 AM
Parents
rG48dc463adacf: Post release updates
Branches
Unknown
Tags
Unknown
Tasks
T5639: dirmngr uses the wrong Let's encrypt chain