Home GnuPG
Diffusion GnuPG 687993788597

dirmngr: Fix Let's Encrypt certificate chain validation.

Description

dirmngr: Fix Let's Encrypt certificate chain validation.

* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
certififcate if any.

This is basically the same as using OpenSSL with ist
X509_V_FLAG_TRUSTED_FIRST flag. See
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

Details

Provenance
wernerAuthored on Wed, Oct 6, 9:28 AM
Parents
rG3918fa1a9488: agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
Branches
Unknown
Tags
Unknown
Tasks
T5639: dirmngr uses the wrong Let's encrypt chain