[libav-bugs] [Bug 990] Impending distrust of StartCom (WoSign) certificates poses risk to *.libav.org

bugzilla at libav.org bugzilla at libav.org
Fri Dec 30 18:56:34 CET 2016


https://bugzilla.libav.org/show_bug.cgi?id=990

andrew at andrewrminion.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andrew at andrewrminion.com
           Severity|critical                    |blocker

--- Comment #1 from andrew at andrewrminion.com ---
The site is now blocked in Google Chrome and displays an (bypassable) security
error in Safari and Firefox. The curl download utility also does not trust the
cert, depending on the local cert bundle.

It appears to be the specific intermediate cert used by StartCom to sign the
main domain’s URL. Bugzilla is using a different intermediat cert and does not
have the issue.

However, I’d recommend using Let’s Encrypt (https://letsencrypt.org) instead of
StartCom.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20161230/dcf37d94/attachment.html>


More information about the libav-bugs mailing list