We applied this patch to our code base and it seemed to work fine. However, in
the meantime I arrived at the same conclusion as described in
https://github.com/ipxe/ipxe/pull/116#issuecomment-862709507, reverted the
patch and instead switched to the shorter Let's Encrypt certification chain:
`R3 -> ISRG Root X1` instead of `R3 -> ISRG Root X1 -> DST Root CA X3`. Our
certificate chain is only 2887 bytes long although we use 4096-bit RSA keys.
Maybe it is worth pointing out that linking to `DST Root CA X3` is kind of
pointless as this root certificate expired `Thu, 30 Sep 2021 14:01:15 UTC`.
--
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/116#issuecomment-1069294392
You are receiving this because you commented.
Message ID: <ipxe/ipxe/pull/116/c1069294...@github.com>
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo/ipxe-devel