Re: Curl thinks SSL cert for code.jquery.com has expired

Thu, 04 Jun 2020 03:33:26 -0700 

On macOS 10.15 you can work round this issue by switching the curl SSL backend 
from LibreSSL to Apple Secure Transport using an environment variable:

CURL_SSL_BACKEND=secure-transport

This fixes the 'certificate expired' issue on 10.15 but doesn't work on 10.14. 
I believe switching to Secure Transport also disables HTTP/2 support in curl.

Best Regards
Mark

On 01/06/2020, 23:25, "Felipe Gasper" <fel...@felipegasper.com> wrote:

    It’s the Sectigo (fka Comodo) “AddTrust” root certificate, which just 
expired on Saturday.

    The standard root bundle includes a “UserTrust” root certificate that’s 
signed by that AddTrust certificate, and the presence of that certificate in 
the root bundle should obviate any need for the AddTrust root, but apparently 
OpenSSL is failing the validation because of the expired AddTrust root even 
though UserTrust is a trusted root.

    More details about the Sectigo side:
    https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT

    -F

    > On Jun 1, 2020, at 4:57 PM, Daniel Stenberg via curl-library 
<curl-library@cool.haxx.se> wrote:
    > 
    > On Mon, 1 Jun 2020, Mark Rogers via curl-library wrote:
    > 
    >> Using curl on macOS 10.15.4
    > 
    > ...
    > 
    >> Is this a LibreSSL issue?
    > 
    > Yes. This is a LibreSSL issue, also found in OpenSSL before 1.1.0, in all 
versions of GnuTLS and probably in some other TLS libs too.
    > 
    > From my understanding, the issue seems to be that these libraries have 
flaws and beleive there's a problem with an expired cert, even though there is 
another trust chain that doesn't include the expired cert.
    > 
    > -- 
    > 
    > / daniel.haxx.se | Commercial curl support up to 24x7 is available!
    >                  | Private help, bug fixes, support, ports, new features
    >                  | https://www.wolfssl.com/contact/
    > -------------------------------------------------------------------
    > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
    > Etiquette:   https://curl.haxx.se/mail/etiquette.html



-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to