Page MenuHomePhabricator

Update the extracted cURL SSL CA bundle

Authored by epriestley on Dec 2 2021, 10:55 PM.



This default CA bundle file hasn't been updated since 2016. Update it to the current cURL extraction.

I believe this is notably impactful because of a new "Let's Encrypt" certificate, but didn't hunt down the particulars.

Test Plan

Confirmed the hash matches the published hash:

$ openssl dgst -sha256 resources/ssl/default.pem 
SHA256(resources/ssl/default.pem)= ae31ecb3c6e9ff3154cb7a55f017090448f88482f0e94ac927c0c67a1f33b9cf

This assurance is fairly meaningless since both the hash and file are published on It didn't get corrupted by stellar radiation before it made it into Git, at least?

Diff Detail

rARC Arcanist
Lint Not Applicable
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Dec 2 2021, 10:56 PM
This revision was landed with ongoing or failed builds.
epriestley requested review of this revision.
This revision was automatically updated to reflect the committed changes.