curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: cacert.pem includes two malformed Trustwave certificates

From: Jeffrey Walton via curl-users <>
Date: Tue, 21 Jun 2022 14:52:16 -0400

On Tue, Jun 21, 2022 at 10:38 AM Daniel Stenberg <> wrote:
> On Tue, 21 Jun 2022, Jeffrey Walton via curl-users wrote:
> Curious!
> > It appears cacert.pem includes two malformed Trustwave certificates.
> Just to make sure, are you talking about the current cacert.pem on
>, downloadable from
> ?
> > It appears the Trustwave certs are using two octets for keyUsage
> > instead of one.
> The PEM file we provide is just a converted version of the original source
> file hosted by Mozilla at
> Can you spot if the error is present in their source file?
> If it is, the error is somewhere on Mozilla's side.
> If it isn't, the error is somewhere in

It looks like the problem is with the Trustwave certs. Also see
on Mozilla's dev-security-policy mailing list.

Received on 2022-06-21