Skip to content

Commit 03433aa

Browse files
mahavirjmahavirj
committed
fix(mbedtls): re-include Starfield Class 2 CA
Some of the endpoints (e.g., httpbin.org) is still relying on the Starfield Class 2 CA in the chain. Added this root certificate as a temporary exception and shall be removed in future.
1 parent 068847e commit 03433aa

File tree

2 files changed

+30
-0
lines changed

2 files changed

+30
-0
lines changed

components/mbedtls/esp_crt_bundle/cacrt_local.pem

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,32 @@
22
## Local CA Root Certificates
33
##
44
## Local CA Root Certificates that gets appended to "cacrt_all.pem"
5+
##
6+
## Starfield Class 2 CA has been removed from the list of trusted CAs
7+
## from Mozilla's CA Certificate Store. However, it is still used in
8+
## some endpoints and hence it is included here. This shall be removed
9+
## once the relevant endpoints are updated to use a different CA.
10+
11+
Starfield Class 2 CA
12+
====================
13+
-----BEGIN CERTIFICATE-----
14+
MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
15+
U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
16+
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
17+
MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
18+
A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
19+
SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
20+
bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
21+
JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
22+
epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
23+
F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
24+
MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
25+
hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
26+
bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
27+
QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
28+
afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
29+
PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
30+
xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
31+
KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
32+
QBFGmh95DmK/D5fs4C8fF5Q=
33+
-----END CERTIFICATE-----

components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ GlobalSign nv-sa,GlobalSign Root CA - R3
2020
GlobalSign nv-sa,GlobalSign Root E46
2121
GlobalSign nv-sa,GlobalSign Root R46
2222
GoDaddy,Go Daddy Root Certificate Authority - G2
23+
GoDaddy,Starfield Class 2 CA
2324
GoDaddy,Starfield Root Certificate Authority - G2
2425
Google Trust Services LLC,GlobalSign ECC Root CA - R4
2526
Google Trust Services LLC,GTS Root R1

0 commit comments

Comments
 (0)