Differential D25049

Update the extracted cURL SSL CA bundle
ClosedPublic
Actions

Authored by • jacques on Aug 26 2022, 08:25.

Details

Reviewers

valerio.bozzolan

Group Reviewers

O1: Blessed Committers

Maniphest Tasks

T15051: default.pem in Arcanist is out of date - maybe remove it completely?

Commits

rARC8eda7669905f: Update the extracted cURL SSL CA bundle

Summary

Updated the default CA bundle file to the 2022-07-19 file from https://curl.se/ca/cacert-2022-07-19.pem

Test Plan

Confirmed the hash matches the published hash:

$ openssl dgst -sha256 resources/ssl/default.pem
SHA256(resources/ssl/default.pem)= 6ed95025fba2aef0ce7b647607225745624497f876d74ef6ec22b26e73e9de77

Diff Detail

Repository

rARC Arcanist

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

• jacques created this revision.Aug 26 2022, 08:25

• jacques created this object with edit policy "Administrators".

Owners added a reviewer: O1: Blessed Committers.Aug 26 2022, 08:25

Herald added subscribers: Matthew, valerio.bozzolan, tobiaswiese, speck. · View Herald TranscriptAug 26 2022, 08:25

• jacques requested review of this revision.Aug 26 2022, 08:25

Note the ISRG Root X2 has been added here used by Lets Encrypt.

• jacques mentioned this in T15051: default.pem in Arcanist is out of date - maybe remove it completely?.Sep 1 2022, 15:45

Cigaryno subscribed.Sep 7 2022, 10:06

Thank you

I'm not the maintainer, but just trying to help you.

Can I ask what happens if this is not merged?

I mean, probably you encountered a problem that can be easily reproduced, just as an additional reason to merge this.

Thank you for this clarification

Interestingly the cURL website is offline in the related homepage. Here in Internet Archive:

http://web.archive.org/web/20221005040606/https://curl.se/docs/caextract.html

In D25049#6176, @valerio.bozzolan wrote:

Interestingly the cURL website is offline in the related homepage. Here in Internet Archive:

http://web.archive.org/web/20221005040606/https://curl.se/docs/caextract.html

(I reported this issue upstream via mail using curl-web <at> haxx.se)

valerio.bozzolan mentioned this in Z1: Phorge.May 18 2023, 09:01

valerio.bozzolan awarded a token.

valerio.bozzolan mentioned this in Wikimedia Hackaton 2023 Athens Code Sprint.May 18 2023, 10:16

chris changed the edit policy from "Administrators" to "Blessed Committers (Project)".May 18 2023, 21:08

I verified the SHA256 manually downloading that from https://curl.se/ca/cacert-2022-07-19.pem

lgtm

This revision is now accepted and ready to land.May 18 2023, 21:09

Hoping to be useful I will land this in 10 days. If you are the author and you are reading this, feel free to land.

Since the user never confirmed the email address and probably cannot follow-up,

Since I double-checked that the file comes from this source:

https://curl.se/ca/cacert-2022-07-19.pem

Since I mentioned 10 days ago about this land, let's land :)

Closed by commit rARC8eda7669905f: Update the extracted cURL SSL CA bundle. · Explain WhyJun 2 2023, 15:06

This revision was automatically updated to reflect the committed changes.

valerio.bozzolan added a commit: rARC8eda7669905f: Update the extracted cURL SSL CA bundle.

If we want to be even more sure about this change, we can see Evan:

rARC13d3a3c3b100: Update the extracted cURL SSL CA bundle

valerio.bozzolan mentioned this in Next Up (since Week 18).Jun 2 2023, 15:27

avivey mentioned this in 2023 Week 23.Jun 10 2023, 07:44

valerio.bozzolan added a task: T15051: default.pem in Arcanist is out of date - maybe remove it completely?.Jun 17 2023, 15:26

Revision Contents
Changeset List

Path

Size

Packages

resources/

ssl/

default.pem

638 lines

O1: Blessed Committers

Diff 263

View Options

Update the extracted cURL SSL CA bundleClosedPublicActions