Discussion about this post

User's avatar
orangepizza's avatar

because Linux/embedded 'trust store' is just a single or a bunch of PEM files and unable to attach additional conditions, they doesn't/can't use Mozilla's trust store fully: for example if a root was distrusted notbefore date after 2024-01-01 because ca-certificates doesn't have that information this root will be fully trusted until 398 days later and when Mozilla stop publishing about that certificate and removed from list.

Expand full comment
3 more comments...

No posts