Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is required for some versions of OpenSSL having trouble to establish and verify the new certificates for rubygems.org SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash. http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
- Loading branch information
5a31f09
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I can tell, this is the only cert that is needed. Do we need to keep the other AddTrust cert for some reason?
5a31f09
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@indirect this was done as requested by Eric (keep them both root certs).
I did confirm that the SHA384 version didn't work with current certs, only the SHA1 version, but that is something we can clear up at a later time.
5a31f09
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.