Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: cacert.pem includes two malformed Trustwave certificates
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 21 Jun 2022 16:38:12 +0200 (CEST)
On Tue, 21 Jun 2022, Jeffrey Walton via curl-users wrote:
Curious!
> It appears cacert.pem includes two malformed Trustwave certificates.
Just to make sure, are you talking about the current cacert.pem on
https://curl.se/docs/caextract.html, downloadable from
https://curl.se/ca/cacert.pem ?
> It appears the Trustwave certs are using two octets for keyUsage
> instead of one.
The PEM file we provide is just a converted version of the original source
file hosted by Mozilla at
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
Can you spot if the error is present in their source file?
If it is, the error is somewhere on Mozilla's side.
If it isn't, the error is somewhere in
https://github.com/curl/curl/blob/master/scripts/mk-ca-bundle.pl
Date: Tue, 21 Jun 2022 16:38:12 +0200 (CEST)
On Tue, 21 Jun 2022, Jeffrey Walton via curl-users wrote:
Curious!
> It appears cacert.pem includes two malformed Trustwave certificates.
Just to make sure, are you talking about the current cacert.pem on
https://curl.se/docs/caextract.html, downloadable from
https://curl.se/ca/cacert.pem ?
> It appears the Trustwave certs are using two octets for keyUsage
> instead of one.
The PEM file we provide is just a converted version of the original source
file hosted by Mozilla at
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
Can you spot if the error is present in their source file?
If it is, the error is somewhere on Mozilla's side.
If it isn't, the error is somewhere in
https://github.com/curl/curl/blob/master/scripts/mk-ca-bundle.pl
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-06-21