On Mon, Jun 01, 2020 at 06:04:17PM +0100, Stuart Henderson wrote: > OK to drop the expired AddTrust cert from cert.pem?
Thanks for taking care of this (and for checking the firefox set). I see no reason to keep it. ok > I checked against the firefox set, there are no new/removed certs that > work with libressl there. There are now two with GENERALIZEDTIME notAfter > dates from before 2050 that don't work though (I only remember seeing one > of those when I last looked).. but that is a separate issue. > > /C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root > CA/emailAddress=p...@sk.ee > /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum > Trusted Network CA 2 Ugh...