dirmngr: Fix Let's Encrypt certificate chain validation.
687993788597
Actions

Description

dirmngr: Fix Let's Encrypt certificate chain validation.

* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
certififcate if any.

This is basically the same as using OpenSSL with ist
X509_V_FLAG_TRUSTED_FIRST flag. See
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

Provenance

• werner

Authored on Oct 6 2021, 9:28 AM

Parents

Branches

Unknown

Tags

Unknown

Tasks

T5639: dirmngr uses the wrong Let's encrypt chain

Path

Size

dirmngr/