Why does it need to be removed? Shouldn't it just cleanly expire and be ignored? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		detaro on May 28, 2020 \| parent \| context \| favorite \| on: Sectigo AddTrust External CA Root Expiring May 30,... Why does it need to be removed? Shouldn't it just cleanly expire and be ignored?

hayzeus on May 28, 2020 [–]

Yes -- but on older linux distributions curl, etc continue to try to use it

detaro on May 28, 2020 | [–]

Interesting, I would've expected them to ignore an expired cert in the chain if there is also a still valid one.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact