CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2018/12/16 05:08:32
Modified files:
lib/libcrypto : cert.pem
Log message:
Regenerate root CA list using updated format-pem.pl. Specifically this
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).
LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:
error 13 at 1 depth lookup:format error in certificate's notBefore field
"probably" beck@
