Explicitly trust old Verisign 1024 bit root
authorTom Hughes <tom@compton.nu>
Wed, 21 Jan 2015 00:39:07 +0000 (00:39 +0000)
committerTom Hughes <tom@compton.nu>
Wed, 21 Jan 2015 00:53:36 +0000 (00:53 +0000)
commit74c2316a8d5cb85c0e7d5a31e661ce8fcd812512
tree7f49639d8ad72523bd6f531d3c8ecb3b31e398fe
parent9ce6a4d981b118441756c1a27c9aeb1bb941fd54
Explicitly trust old Verisign 1024 bit root

Unfortunately S3 sends an unnecessary intermediate certificate
that is signed by this old root. They also send another one signed
by a newer root, but OpenSSL is not currently able to work out
that it should use that path instead of the one to the old root:

https://bugzilla.mozilla.org/show_bug.cgi?id=986005
cookbooks/chef/recipes/default.rb
cookbooks/chef/templates/default/verisign.pem.erb [new file with mode: 0644]