espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 02:37:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(mbedtls): re-include Starfield Class 2 CA

Browse Source 
Some of the endpoints (e.g., httpbin.org) is still relying on the
Starfield Class 2 CA in the chain. Added this root certificate as
a temporary exception and shall be removed in future.
This commit is contained in:
Mahavir Jain
2025-06-12 22:29:44 +05:30
parent 068847e2af
commit 03433aad49
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
components/mbedtls/esp_crt_bundle/cacrt_local.pem
View File

@ -2,3 +2,32 @@
## Local CA Root Certificates
##
## Local CA Root Certificates that gets appended to "cacrt_all.pem"
##
## Starfield Class 2 CA has been removed from the list of trusted CAs
## from Mozilla's CA Certificate Store. However, it is still used in
## some endpoints and hence it is included here. This shall be removed
## once the relevant endpoints are updated to use a different CA.
Starfield Class 2 CA
====================
-----BEGIN CERTIFICATE-----
MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
QBFGmh95DmK/D5fs4C8fF5Q=
-----END CERTIFICATE-----

1
components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv
View File

@ -20,6 +20,7 @@ GlobalSign nv-sa,GlobalSign Root CA - R3
GlobalSign nv-sa,GlobalSign Root E46
GlobalSign nv-sa,GlobalSign Root R46
GoDaddy,Go Daddy Root Certificate Authority - G2
GoDaddy,Starfield Class 2 CA
GoDaddy,Starfield Root Certificate Authority - G2
Google Trust Services LLC,GlobalSign ECC Root CA - R4
Google Trust Services LLC,GTS Root R1

1 Owner Common Name or Certificate Name
20 GlobalSign nv-sa GlobalSign Root E46
21 GlobalSign nv-sa GlobalSign Root R46
22 GoDaddy Go Daddy Root Certificate Authority - G2
23 GoDaddy Starfield Class 2 CA
24 GoDaddy Starfield Root Certificate Authority - G2
25 Google Trust Services LLC GlobalSign ECC Root CA - R4
26 Google Trust Services LLC GTS Root R1