Skip to content

Cancel certificate pinning for our packages

Some of our tools insist certificate pinning which is not handled well (e.g. 2 LE intermediate certificates...). We should get rid of them.

There was already a MR !77 (merged) do handle this but it was insufficient.

This is mainly about /etc/ssl/www_turris_cz_ca.pem file from cznic-cacert-bundle package. I have discovered these packages using this file as a CAFile:

  • server-uplink (from turris/turris-os-packages>)
  • haas (also from turris/turris-os-packages>)
  • netmetr (from turris/netmetr-client>)
Edited by Vojtech Myslivec