Page MenuHomePhabricator

Update the extracted cURL SSL CA bundle
ClosedPublic

Authored by epriestley on Dec 2 2021, 10:55 PM.
Tags
None
Referenced Files
F14078833: D21739.diff
Fri, Nov 22, 5:24 AM
Unknown Object (File)
Sun, Nov 10, 10:54 PM
Unknown Object (File)
Sun, Nov 10, 10:54 PM
Unknown Object (File)
Sun, Nov 10, 10:35 PM
Unknown Object (File)
Sat, Nov 9, 4:50 PM
Unknown Object (File)
Fri, Oct 25, 12:07 PM
Unknown Object (File)
Oct 21 2024, 12:06 PM
Unknown Object (File)
Oct 7 2024, 3:00 PM
Subscribers
None

Details

Summary

This default CA bundle file hasn't been updated since 2016. Update it to the current cURL extraction.

I believe this is notably impactful because of a new "Let's Encrypt" certificate, but didn't hunt down the particulars.

Test Plan

Confirmed the hash matches the published hash:

$ openssl dgst -sha256 resources/ssl/default.pem 
SHA256(resources/ssl/default.pem)= ae31ecb3c6e9ff3154cb7a55f017090448f88482f0e94ac927c0c67a1f33b9cf

This assurance is fairly meaningless since both the hash and file are published on curl.se. It didn't get corrupted by stellar radiation before it made it into Git, at least?

Diff Detail

Repository
rARC Arcanist
Branch
ca1
Lint
Lint Errors
SeverityLocationCodeMessage
Errorresources/ssl/default.pem:649TXT5Bad Charset
Unit
No Test Coverage
Build Status
Buildable 25596
Build 35405: Run Core Tests
Build 35404: arc lint + arc unit

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Dec 2 2021, 10:56 PM
This revision was landed with ongoing or failed builds.
epriestley requested review of this revision.
This revision was automatically updated to reflect the committed changes.