On 6/10/21 06:13, Thiago Macieira wrote:
On Tuesday, 5 October 2021 11:45:23 PDT Christophe Thomas wrote:
For the cert chain we are currently using the default LE setting so we
currently provide the X1 Cross signed with expired X3.
Netherless, the issue is that strangely we need to force caCertificate load
in order to have the connexion accepted.
In the client's system, is the ISRG Root X1 certificate present? Can you check
with plain openssl s_client command to see if the problem is OpenSSL?
We have had some difficulty here with Windows 10's "lazy loading" of the
root certificates. Unless users have been to a site that uses the ISRG
X1 root certificate using Chrome or Edge, they do not have this
certificate and it is not available to Qt. As soon as they visit a site
that uses the new root in Chrome or Edge, Windows loads the certificate
and it works in Qt.
Hamish
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
