On Sun, May 31, 2020 at 16:43:23 +0200, Matthias Apitz wrote: > Doesn't this mean that something on my local system (FreeBSD with > OpenSSL, both from end of 2018) is outdated? > > $ uname -a > FreeBSD c720-r342378 13.0-CURRENT FreeBSD 13.0-CURRENT GENERIC amd64 > > $ openssl version > OpenSSL 1.1.1a-freebsd 20 Nov 2018
Ah, yes. You need to check your ca-certificates version, not OpenSSL. I'm not sure where FreeBSD gets their bundles though (or the package/ports name for it). I imagine Mozilla is the source though, but the required certs were added back in Firefox 36 days. --Ben
