Update resources/ssl/default.pem to the latest available at #259
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update default.pem to the latest available from https://curl.se/docs/caextract.html
Ideally this should PR should not be directly merged but re-created by a trusted maintainer.
The default.pem which is included no longer seems to work for me, for our wildcard lets encrypt certificate. I think this may have to do with this recent change: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
The change described in the article above went into effect today 9/30/21 when one of Lets Encrypt's intermediate CA's expired, and consequently my arcanist stopped working today. However, others on my team are not experiencing this problem. It's possible that it's because I'm running a different setup (linux) and have different versions for various things. All I know is that updating this file fixed it for me.
Before the fix, I was getting this:
Further testing with curl also confirmed this: