> We applied this patch to our code base and it seemed to work fine. However, 
> in the meantime I arrived at the same conclusion as described in [#116 
> (comment)](https://github.com/ipxe/ipxe/pull/116#issuecomment-862709507), 
> reverted the patch and instead switched to the shorter Let's Encrypt 
> certification chain: `R3 -> ISRG Root X1` instead of `R3 -> ISRG Root X1 -> 
> DST Root CA X3`. Our certificate chain is now only 2887 bytes long although 
> we use 4096-bit RSA keys. It is probably worth pointing out that linking to 
> `DST Root CA X3` is kind of pointless as this root certificate expired `Thu, 
> 30 Sep 2021 14:01:15 UTC`.

This may be a solution for you or other users of Let's Encrypt, but many other 
people have other long certificate chains, so we need a general solution. I 
cannot understand why this patch does not get merged.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/116#issuecomment-1070793352
You are receiving this because you commented.

Message ID: <ipxe/ipxe/pull/116/c1070793...@github.com>
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo/ipxe-devel

Reply via email to