We applied this patch to our code base and it seemed to work fine. However, in 
the meantime I arrived at the same conclusion as described in 
https://github.com/ipxe/ipxe/pull/116#issuecomment-862709507, reverted the 
patch and instead switched to the shorter Let's Encrypt certification chain: 
`R3 -> ISRG Root X1` instead of `R3 -> ISRG Root X1 -> DST Root CA X3`. Our 
certificate chain is only 2887 bytes long although we use 4096-bit RSA keys. 
Maybe it is worth pointing out that linking to `DST Root CA X3` is kind of 
pointless as this root certificate expired `Thu, 30 Sep 2021 14:01:15 UTC`.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/116#issuecomment-1069294392
You are receiving this because you commented.

Message ID: <ipxe/ipxe/pull/116/c1069294...@github.com>
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo/ipxe-devel

Reply via email to