From 6fe38c7efdc471174d8e0efb62f39985d7752334 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Fri, 13 Jun 2025 16:18:41 +0530 Subject: [PATCH] fix(mbedtls): re-include Comodo AAA Services root --- .../mbedtls/esp_crt_bundle/cacrt_local.pem | 33 ++++++++++++++++--- .../esp_crt_bundle/cmn_crt_authorities.csv | 1 + 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/components/mbedtls/esp_crt_bundle/cacrt_local.pem b/components/mbedtls/esp_crt_bundle/cacrt_local.pem index 34f9d73290..4aa11f4d3a 100644 --- a/components/mbedtls/esp_crt_bundle/cacrt_local.pem +++ b/components/mbedtls/esp_crt_bundle/cacrt_local.pem @@ -3,10 +3,11 @@ ## ## Local CA Root Certificates that gets appended to "cacrt_all.pem" ## -## Starfield Class 2 CA has been removed from the list of trusted CAs -## from Mozilla's CA Certificate Store. However, it is still used in -## some endpoints and hence it is included here. This shall be removed -## once the relevant endpoints are updated to use a different CA. +## Starfield Class 2 and Comodo AAA Services root CA have been removed +## from the list of trusted CAs from Mozilla's CA Certificate Store. +## However, it is still used in some endpoints and hence it is included +## here. This shall be removed once the relevant endpoints are updated +## to use a different CA. Starfield Class 2 CA ==================== @@ -31,3 +32,27 @@ xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE----- + +Comodo AAA Services root +======================== +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- diff --git a/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv b/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv index 3f74fbbc40..0e50c65017 100644 --- a/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv +++ b/components/mbedtls/esp_crt_bundle/cmn_crt_authorities.csv @@ -31,6 +31,7 @@ Google Trust Services LLC,GTS Root R4 "IdenTrust Services, LLC",IdenTrust Public Sector Root CA 1 Internet Security Research Group,ISRG Root X1 Internet Security Research Group,ISRG Root X2 +Sectigo,Comodo AAA Services root Sectigo,COMODO Certification Authority Sectigo,COMODO ECC Certification Authority Sectigo,COMODO RSA Certification Authority