"DST Root CA X3" expiry workaround for OpenSSL 1.0.1, 1.0.0 and 0.9.8 client applications
Felipe Gasper
felipe at felipegasper.com
Sun Oct 3 23:14:35 UTC 2021
> On Oct 3, 2021, at 7:09 PM, Rob Stradling <rob at sectigo.com> wrote:
>
> The "Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2" blog article [1] doesn't cover OpenSSL versions prior to 1.0.2, presumably because they've been unsupported for a long time. However, no doubt there are still some users and applications that are stuck using even older versions of OpenSSL.
Indeed, CentOS/RHEL 7 and earlier still use OpenSSL 1.0.2. These are widely used in shared hosting.
We ended up implementing Workaround #2 in order to bring OpenSSL 1.0.x into parity with the behaviour of 1.1.0+. It would be nice--would have been helpful for me, at least--to have fleshed-out code examples.
Thank you to everyone who maintains OpenSSL and who’s helping us all through this transition.
cheers,
-Felipe Gasper
More information about the openssl-users
mailing list