<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
We would need to bypass / shortcut the "eap" test phase.<br>
<br>
But I agree, "master" is stable, I haven't had any issues or
reports, so I think we could do that. The FreeRTOS timer issue I'm
working on only affects very specific conditions, so not necessary
to wait for that.<br>
<br>
Should we remove the expiring DST certificate in that release then?<br>
<br>
…uh oh: just tried removing the DST certificate: the module cannot
connect to my server anymore…!?<br>
<br>
<font face="monospace">I (490213) ovms-server-v2: Connection is
ovms.dexters-web.de:6870 TEST1<br>
I (490213) ovms-server-v2: Status: Connecting...<br>
V (490723) ovms-server-v2:
OvmsServerV2MongooseCallback(MG_EV_CONNECT=-3)<br>
W (490723) ovms-server-v2: Connection failed<br>
E (490723) ovms-server-v2: Status: Error: Connection failed<br>
V (490723) ovms-server-v2:
OvmsServerV2MongooseCallback(MG_EV_CLOSE)<br>
I (490723) ovms-server-v2: Status: Disconnected</font><br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Am 28.09.21 um 14:32 schrieb Mark
Webb-Johnson:<br>
</div>
<blockquote type="cite"
cite="mid:D612B1E5-EA64-4CC1-89DD-66EAE385A654@webb-johnson.net">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Shall we release a full update? The last 3.2?</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">What we have now in master seems stable.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Mark</div>
<div dir="ltr"><br>
<blockquote type="cite">On 28 Sep 2021, at 5:39 PM, Michael
Balzer <a class="moz-txt-link-rfc2396E" href="mailto:dexter@expeedo.de"><dexter@expeedo.de></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
Everyone,<br>
<br>
the DST root certificate we include (DST Root CA X3) expires
on September 30, i.e. in two days.<br>
<br>
<font face="monospace">OVMS# tls trust list <br>
DST Root CA X3 length 1200 bytes<br>
1200 byte certificate: DST Root CA X3<br>
cert. version : 3<br>
serial number :
44:AF:B0:80:D6:A3:27:BA:89:30:39:86:2E:F8:40:6B<br>
issuer name : O=Digital Signature Trust Co., CN=DST
Root CA X3<br>
subject name : O=Digital Signature Trust Co., CN=DST
Root CA X3<br>
issued on : 2000-09-30 21:12:19<br>
<b> expires on : 2021-09-30 14:01:15</b><br>
signed using : RSA with SHA1<br>
RSA key size : 2048 bits<br>
basic constraints : CA=true<br>
key usage : Key Cert Sign, CRL Sign</font><br>
<br>
AFAICT, this root certificate is currently used by the OVMS to
validate Let's Encrypt certificates.<br>
<ul>
<li><a class="moz-txt-link-freetext"
href="https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/"
moz-do-not-send="true">https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/</a></li>
<li><a class="moz-txt-link-freetext"
href="https://letsencrypt.org/docs/certificate-compatibility/"
moz-do-not-send="true">https://letsencrypt.org/docs/certificate-compatibility/</a><br>
</li>
</ul>
Unfortunately, we missed adding the followup LE root
certificate "ISRG Root X1" in time.<br>
<br>
I've just added that certificate to our builtin certificate
repository, but it's too late now to roll out a "main" update
in time (isn't it?).<br>
<br>
So, to prevent losing TLS connectivity with LE servers, users
need to manually add the ISRG Root X1 certificate to their TLS
repositories.<br>
<br>
I've added a section on this to our user manual:<br>
<ul>
<li><a class="moz-txt-link-freetext"
href="https://docs.openvehicles.com/en/latest/userguide/ssltls.html"
moz-do-not-send="true">https://docs.openvehicles.com/en/latest/userguide/ssltls.html</a></li>
</ul>
If users contact you, point them to that page.<br>
<br>
We probably should also remove the expired DST root
certificate after September 30.<br>
<br>
Regards,<br>
Michael<br>
<br>
<pre class="moz-signature" cols="72">--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26</pre>
<span>_______________________________________________</span><br>
<span>OvmsDev mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:OvmsDev@lists.openvehicles.com">OvmsDev@lists.openvehicles.com</a></span><br>
<span><a class="moz-txt-link-freetext" href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
OvmsDev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OvmsDev@lists.openvehicles.com">OvmsDev@lists.openvehicles.com</a>
<a class="moz-txt-link-freetext" href="http://lists.openvehicles.com/mailman/listinfo/ovmsdev">http://lists.openvehicles.com/mailman/listinfo/ovmsdev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26</pre>
</body>
</html>