On 7/10/21 02:53, Thiago Macieira wrote:
On Wednesday, 6 October 2021 02:41:39 PDT Hamish Moffatt via Interest wrote:
I upgraded to 1.0.2u and added the X1 root directly to Qt. Now the
application works. But the instructions from OpenSSL say to also remove
the X3 root which I'm not able to do (it's loaded from Windows), so I am
puzzled by why this works. I have not done anything special when
generating my certificates like requesting the alternate certificate chain.
If OpenSSL has any path to a still-valid root certificate, then it can ignore
the others. That's one way of dealing with expirations: you add a new link in
the chain that will continue to be valid when the other path(s) aren't.
The OpenSSL blog writes that this unfortunately doesn't happen with
1.0.2 though - it sees the expired root and gives up.
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
Hamish
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
