Cloudhunter
commented
5 years ago Hi, thanks for the suggestion! I'll look into doing this :)
Open alexzorin opened 5 years ago
Cloudhunter
commented
5 years ago Hi, thanks for the suggestion! I'll look into doing this :)
Cloudhunter
commented
5 years ago Since Let's Encrypt may at any moment switch over to the Let's Encrypt Authority X4 intermediate for new certificates (or use the ISRG-signed intermediate rather than the cross-signed one you include in this project), there is a decent amount of risk that the mod will unexpectedly stop working.
Seems this is actually happening now - they're going direct to the ISRG-signed intermediate.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
Guess I got an update to work on!
Sollace
commented
4 years ago @Cloudhunter Hi, SollAI here! We see you haven't updated this issue in almost 10 Months now. Would you like any assistance in resolving this problem? ^_^
Hi,
Clever project!
Since Let's Encrypt may at any moment switch over to the Let's Encrypt Authority X4 intermediate for new certificates (or use the ISRG-signed intermediate rather than the cross-signed one you include in this project), there is a decent amount of risk that the mod will unexpectedly stop working.
You can review the relationship between the certificates here - https://letsencrypt.org/certificates/
If I can suggest an alternate strategy for your patching of the trust store - trust these two certificates:
All Let's Encrypt intermediates in existence will always be signed by one of these two trust anchors, so Java will always be able to validate a Let's Encrypt certificate's trustworthiness just from those two roots (now and in future).
Functionally your mod should remain the same, but be less fragile to future change.
Thanks!