Regenerate root CA list using updated format-pem.pl. Specifically this - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	sthen <sthen@openbsd.org>	2018-12-16 12:08:32 +0000
committer	sthen <sthen@openbsd.org>	2018-12-16 12:08:32 +0000
commit	4e9c419856037f26b4e4523973bebd76637ca8b8 (patch)
tree	e5b9b73d610b938709fbd01fd58a95e3b75acff9 /lib/libc
parent	Add a check that libressl is actually able to verify CA certs. (diff)
download	wireguard-openbsd-4e9c419856037f26b4e4523973bebd76637ca8b8.tar.xz wireguard-openbsd-4e9c419856037f26b4e4523973bebd76637ca8b8.zip

Regenerate root CA list using updated format-pem.pl. Specifically this

drops CA certificates whose validity dates don't comply with the rules on ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at least RFC 2459, section 4.1.2.5). LibreSSL strictly enforces this, so attempting to validate certificates signed by these CAs just result in the following: error 13 at 1 depth lookup:format error in certificate's notBefore field "probably" beck@

Diffstat (limited to 'lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: