[wp-trac] [WordPress Trac] #50828: Update ca-bundle.crt and remove expired certificates
WordPress Trac
noreply at wordpress.org
Sat Aug 1 14:06:20 UTC 2020
#50828: Update ca-bundle.crt and remove expired certificates
-------------------------------------------+---------------------
Reporter: barry | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5
Component: Security | Version:
Severity: normal | Resolution:
Keywords: commit dev-reviewed has-patch | Focuses:
-------------------------------------------+---------------------
Changes (by SergeyBiryukov):
* keywords: commit dev-feedback has-patch => commit dev-reviewed has-patch
Comment:
Replying to [comment:7 ayeshrajans]:
> Wouldn't it be possible to store separate files for the 1024-bit
certificates, and Mozilla/curl certificates in `src/wp-
includes/certificates` directory? The final `ca-bundle.crt` file can then
be built with a simple concat of the two files.
>
> This way, we can make updates to CA bundle directly from Curl project
(https://curl.haxx.se/ca/cacert.pem) without having to manually verify
each update. As long as the content is verbatim, we know we have the up to
date bundles.
This looks great, but I think it's too big a change for 5.5 RC2 and would
require more testing.
Let's get [attachment:"50828.diff"] in for now and [attachment:"50828
-split-file-verbatim.patch"] early in 5.6.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50828#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list