On Tue, 1 Sep 2020 at 06:45, Yousong Zhou <yszhou4t...@gmail.com> wrote: > > It's worth mentioning that recent versions of macos since 10.15 have a > restriction on certificate validity period, self-signed or not. It's > a strong restriction that the browser ui will have no buttons or knobs > to bypass the certificate validation, rendering such sites > inaccessible. I remembered it's also a system wide enforcement that > chrome on macos also respects this. > > [1] Requirements for trusted certificates in iOS 13 and macOS 10.15, > https://support.apple.com/en-us/HT210176 > > > TLS server certificates must have a validity period of 825 days or fewer > > (as expressed in the NotBefore and NotAfter fields of the certificate). > > [2] About upcoming limits on trusted certificates, > https://support.apple.com/en-us/HT211025 > > > TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC > > must not have a validity period greater than 398 days. > > Regards, > yousong
The other thing that just occurred to me is, chrome will not cache content fetched from links with invalid certificates. It's a WontFix decision [1] . I would guess a 400MHz MIPS CPU might have a hard time with this. [1] Issue 110649: Browser not caching files if HTTPS is used even if it's allowed by webserver via response headers, https://bugs.chromium.org/p/chromium/issues/detail?id=110649#c8 Regards, yousong _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
