Curl: [ curl-Bugs-1884844 ] Upgrade ca-bundle.crt please

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Fri, 01 Feb 2008 12:41:27 -0800

Bugs item #1884844, was opened at 2008-02-01 13:41
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1884844&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Dax (dkelson)
Assigned to: Daniel Stenberg (bagder)
Summary: Upgrade ca-bundle.crt please

Initial Comment:
Curl does SSL certificate verification by default by virtue of CURLOPT_SSL_VERIFYPEER.

Unfortunately the shipped lib/ca-bundle.crt is woefully outdated this means that curl and libcurl based apps routinely fail to connect to SSL sites with with certificates issued by modern CAs.

From curl 7.18.0's ca-bundle.crt:

## Last Modified: Thu Mar 2 09:32:46 CET 2000

## This is a bundle of X.509 certificates of public
## Certificate Authorities (CA). These were
## automatically extracted from Netscape Communicator
## 4.72's certificate database (the file `cert7.db').

That's when Bill Clinton was still president of the USA.

Please update from the Mozilla root CA list.

http://www.mozilla.org/projects/security/certs/

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1884844&group_id=976
Received on 2008-02-01

curl-tracker mailing list Archives

[ curl-Bugs-1884844 ] Upgrade ca-bundle.crt please