WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Sectigo AddTrust External CA Root Expiring May 30, 2020  (Read 239 times)

Offline jazzbiker

  • Sr. Member
  • ****
  • Posts: 277
Sectigo AddTrust External CA Root Expiring May 30, 2020
« on: May 31, 2020, 03:27:00 AM »
Hi, all Core habitants!

So,everything must change, even the root certificates. Even crt.sh?id=1 expire.
Some citations of Ryan Sleevi, Official Roku support:

"If you use Golang, you’ll be fine. If you use CryptoAPI (Windows), you should be fine, as long as AuthRoot is enabled. If you use macOS 10.11 or later, you should be fine. Android < Honeycomb? No dice. OpenSSL < 1.1.x? Doomed. That includes language bindings (PHP, Python, etc)"

"The problem is so much software assumes that certificates are a single linear chain. They aren’t. The ASCII Art in RFC 4158 should help show: they’re directed, distributed, cyclic graphs, with a wide variety of trust anchors and constraints."

Gnutls is told to fail, due to not implementing RFC 4158 concerning certificates chains topology interpretation. openssl since 1.1.1 - ok. Old Debians and Ubuntus going to have big repo access problems. Some propose to turn off certificate checking. And many many web services are knocked down.

Just so easy to turn somone else off-line if You have the little key.

EDIT: By the way this certificate is included in ca-certificates.tcz.

« Last Edit: May 31, 2020, 03:32:41 AM by jazzbiker »