there's a new nss package available at ftp.mozilla.org
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_72_RTM/src/ remember that I have in Squeak Smalltalk an issue with the following certificate # openssl x509 -noout -in /etc/certs/CA/DST_Root_CA_X3.pem -text ... Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Validity Not Before: Sep 30 21:12:19 2000 GMT Not After : Sep 30 14:01:15 2021 GMT Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 Unfortunately the previous upgrade to crypto/ca-certificates version 3.71-2020.0.1.0 did not solve that issue. the issue is documented at https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ where they say openssl 1.0.2 has an issue with that expired certificate and they say openssl 1.1 does not (but perhaps openssl 1.1 may have some other issues) Perhaps a new upgrade to the ca-certificates 3.72 is a possibility ? I didn't test that. Note that this is not super urgent as the workaround document in the blog article works fine. Regards, David Stes _______________________________________________ oi-dev mailing list [email protected] https://openindiana.org/mailman/listinfo/oi-dev
