Skip to Content [alt-c]
In reply to Fixing the Breakage from the AddTrust External CA Root Expiration
I am not certain that the following statement is always true:
Fortunately, OpenSSL 1.0.x and GnuTLS only choke on the expired intermediate if the AddTrust External CA Root root is in the local trust store.
On my RHEL and Fedora systems, removing AddTrust External CA Root from my trust stores by following Christian Heimes' twitter link in your post, indeed resolved the openssl s_client -connect test which no longer shows an error but wget which is compiled with GnuTLS still returns the "is not trusted" error, when testing connection to servers that did not remove the expired intermediate certificate issued by AddTrust External CA Root from their certificate chain.
openssl s_client -connect
wget
Am I missing something?
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.