diff mbox series

[XEN,v3,3/4] automation: Remove expired root certificates used to be used by let's encrypt

Message ID 20230224172915.39675-4-anthony.perard@citrix.com (mailing list archive)
State New, archived
Headers show
Series automation: Update containers to allow HTTPS access to xenbits | expand

Commit Message

Anthony PERARD Feb. 24, 2023, 5:29 p.m. UTC 
While the Let's Encrypt root certificate ISRG_Root_X1.crt is already
present, openssl seems to still check for the root certificate
DST_Root_CA_X3.crt which has expired. This prevent https connections.

Removing DST_Root_CA_X3 fix the issue.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---

Notes:
    v3:
    - remove change to Debian Jessie containers, as we won't use them with
      HTTPS urls.
    
    v2:
    - remove unneeded changes to CentOS containers

 automation/build/ubuntu/trusty.dockerfile | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/automation/build/ubuntu/trusty.dockerfile b/automation/build/ubuntu/trusty.dockerfile
index b298a515c6..22e294c20c 100644
--- a/automation/build/ubuntu/trusty.dockerfile
+++ b/automation/build/ubuntu/trusty.dockerfile
@@ -47,3 +47,8 @@  RUN apt-get update && \
         apt-get autoremove -y && \
         apt-get clean && \
         rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \
+    update-ca-certificates