[Converge] src: re-add 1024-bit SSL certs removed by f9456a2

Question

[Converge] src: re-add 1024-bit SSL certs removed by f9456a2

Closed this issue 9 years ago · 6 comments

1425ccd1b2baca267d3201bfc219e28bb84989fd src: re-add 1024-bit SSL certs removed by f9456a2 - nodejs/node-v0.x-archive@1425ccd
/cc @chrisdickinson @misterdjules

Obviously we want to be careful with these. We need to reconcile the differences between the v0.12 root certs and the current set of io.js rootcerts.

Answer 1 · 2015-05-21T20:17:35.000Z

I suspect @indutny will want to take a look at this. I re-added the 1024-bit certs because folks were running into problems talking to AWS when they were removed. That may have changed since then.

Answer 2 · 2015-05-21T20:24:24.000Z

Wait... we updated to OpenSSL-1.0.2 and backported ae8831f from OpenSSL master. I suspect this should no longer be failing at 1024-bit certs with AWS.

Answer 3 · 2015-05-22T16:59:25.000Z

@misterdjules @mhdawson @cjihrig @orangemocha ... thoughts on this one? Is there any reason not to simply take the current io.js root certs in the next major?

Answer 4 · 2015-05-27T16:21:14.000Z

/cc @shigeki

Answer 5 · 2015-05-28T06:07:42.000Z

This commit is not necessary as noticed by @indutny . The openssl team also backported alt-cert patch both to 1.0.2 and 1.0.1 so that we can revert this fix even on node-v0.12 after next release of 1.0.1n.
Root certs data in iojs has already been outdated from that of mozilla repository so I will update it soon. I think it is better to have the same updates on node.

Answer 6 · 2015-05-28T14:49:34.000Z

👍 thank you @shigeki ! If you would, cc me when that root cert update is available and I'll work on getting it landed over in v0.12 as well.