> We applied this patch to our code base and it seemed to work fine. However,
> in the meantime I arrived at the same conclusion as described in [#116
> (comment)](https://github.com/ipxe/ipxe/pull/116#issuecomment-862709507),
> reverted the patch and instead switched to the shorter Let's Encrypt
> certification chain: `R3 -> ISRG Root X1` instead of `R3 -> ISRG Root X1 ->
> DST Root CA X3`. Our certificate chain is now only 2887 bytes long although
> we use 4096-bit RSA keys. It is probably worth pointing out that linking to
> `DST Root CA X3` is kind of pointless as this root certificate expired `Thu,
> 30 Sep 2021 14:01:15 UTC`.
This may be a solution for you or other users of Let's Encrypt, but many other
people have other long certificate chains, so we need a general solution. I
cannot understand why this patch does not get merged.
--
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/116#issuecomment-1070793352
You are receiving this because you commented.
Message ID: <ipxe/ipxe/pull/116/c1070793...@github.com>
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo/ipxe-devel