From 54d4d0b140212be5fb46d03df2c9964387fec6b5 Mon Sep 17 00:00:00 2001 From: Espressif BOT Date: Fri, 3 Apr 2026 06:33:02 +0800 Subject: [PATCH] change(mbedtls/crt_bundle): Update esp_crt_bundle certificates --- .../mbedtls/esp_crt_bundle/cacrt_all.pem | 28 +++++++++++++++---- .../protocols/esp_crt_bundle.rst | 2 +- .../protocols/esp_crt_bundle.rst | 2 +- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/components/mbedtls/esp_crt_bundle/cacrt_all.pem b/components/mbedtls/esp_crt_bundle/cacrt_all.pem index 65be891eea..a78e1dd471 100644 --- a/components/mbedtls/esp_crt_bundle/cacrt_all.pem +++ b/components/mbedtls/esp_crt_bundle/cacrt_all.pem @@ -1,7 +1,7 @@ ## ## Bundle of CA Root Certificates ## -## Certificate data from Mozilla as of: Tue Dec 2 04:12:02 2025 GMT +## Certificate data from Mozilla last updated on: Wed Feb 11 18:26:30 2026 GMT ## ## Find updated versions here: https://curl.se/docs/caextract.html ## @@ -15,8 +15,8 @@ ## an Apache+mod_ssl webserver for SSL client authentication. ## Just configure this file as the SSLCACertificateFile. ## -## Conversion done with mk-ca-bundle.pl version 1.30. -## SHA256: a903b3cd05231e39332515ef7ebe37e697262f39515a52015c23c62805b73cd0 +## Conversion done with mk-ca-bundle.pl version 1.32. +## SHA256: 3b98d4e3ff57a326d9587c33633039c8c3a9cf0b55f7ca581d7598ff329eb1f3 ## @@ -3480,8 +3480,8 @@ SM49BAMDA2kAMGYCMQCpKjAd0MKfkFFRQD6VVCHNFmb3U2wIFjnQEnx/Yxvf4zgAOdktUyBFCxxg ZzFDJe0CMQCSia7pXGKDYmH5LVerVrkR3SW+ak5KGoJr3M/TvEqzPNcum9v4KGm8ay3sMaE641c= -----END CERTIFICATE----- - OISTE Server Root RSA G1 -========================= +OISTE Server Root RSA G1 +======================== -----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIQVaXZZ5Qoxu0M+ifdWwFNGDANBgkqhkiG9w0BAQwFADBLMQswCQYDVQQG EwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UEAwwYT0lTVEUgU2VydmVyIFJv @@ -3509,3 +3509,21 @@ msuY33OhkKCgxeDoAaijFJzIwZqsFVAzje18KotzlUBDJvyBpCpfOZC3J8tRd/iWkx7P8nd9H0aT olkelUTFLXVksNb54Dxp6gS1HAviRkRNQzuXSXERvSS2wq1yVAb+axj5d9spLFKebXd7Yv0PTY6Y MjAwcRLWJTXjn/hvnLXrahut6hDTlhZyBiElxky8j3C7DOReIoMt0r7+hVu05L0= -----END CERTIFICATE----- + +e-Szigno TLS Root CA 2023 +========================= +-----BEGIN CERTIFICATE----- +MIICzzCCAjGgAwIBAgINAOhvGHvWOWuYSkmYCjAKBggqhkjOPQQDBDB1MQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xFzAVBgNVBGEMDlZBVEhV +LTIzNTg0NDk3MSIwIAYDVQQDDBllLVN6aWdubyBUTFMgUm9vdCBDQSAyMDIzMB4XDTIzMDcxNzE0 +MDAwMFoXDTM4MDcxNzE0MDAwMFowdTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYw +FAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEiMCAGA1UEAwwZ +ZS1Temlnbm8gVExTIFJvb3QgQ0EgMjAyMzCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAGgP36J8 +PKp0iGEKjcJMpQEiFNT3YHdCnAo4YKGMZz6zY+n6kbCLS+Y53wLCMAFSAL/fjO1ZrTJlqwlZULUZ +wmgcAOAFX9pQJhzDrAQixTpN7+lXWDajwRlTEArRzT/vSzUaQ49CE0y5LBqcvjC2xN7cS53kpDzL +Ltmt3999Cd8ukv+ho2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E +FgQUWYQCYlpGePVd3I8KECgj3NXW+0UwHwYDVR0jBBgwFoAUWYQCYlpGePVd3I8KECgj3NXW+0Uw +CgYIKoZIzj0EAwQDgYsAMIGHAkIBLdqu9S54tma4n7Zwf2Z0z+yOfP7AAXmazlIC58PRDHpty7Ve +7hekm9sEdu4pKeiv+62sUvTXK9Z3hBC9xdIoaDQCQTV2WnXzkoYI9bIeCvZlC9p2x1L/Cx6AcCIw +wzPbGO2E14vs7dOoY4G1VnxHx1YwlGhza9IuqbnZLBwpvQy6uWWL +-----END CERTIFICATE----- diff --git a/docs/en/api-reference/protocols/esp_crt_bundle.rst b/docs/en/api-reference/protocols/esp_crt_bundle.rst index e6a1d478f8..ad35569642 100644 --- a/docs/en/api-reference/protocols/esp_crt_bundle.rst +++ b/docs/en/api-reference/protocols/esp_crt_bundle.rst @@ -12,7 +12,7 @@ The bundle comes with the complete list of root certificates from Mozilla's NSS When generating the bundle you may choose between: - * The full root certificate bundle from Mozilla, containing more than 130 certificates. The current bundle was updated Tue Dec 2 04:12:02 2025 GMT. + * The full root certificate bundle from Mozilla, containing more than 130 certificates. The current bundle was updated Wed Feb 11 18:26:30 2026 GMT. * A pre-selected filter list of the name of the most commonly used root certificates, reducing the amount of certificates to around 38 while still having around 93% absolute usage coverage and 99% market share coverage according to SSL certificate authorities statistics. In addition, it is possible to specify a path to a certificate file or a directory containing certificates which then will be added to the generated bundle. diff --git a/docs/zh_CN/api-reference/protocols/esp_crt_bundle.rst b/docs/zh_CN/api-reference/protocols/esp_crt_bundle.rst index eda148bed8..a55d7c2f3b 100644 --- a/docs/zh_CN/api-reference/protocols/esp_crt_bundle.rst +++ b/docs/zh_CN/api-reference/protocols/esp_crt_bundle.rst @@ -12,7 +12,7 @@ ESP x509 证书包 API 提供了一种简便的方法,帮助你安装自定义 生成证书包时,你需选择: -* 来自 Mozilla 的完整根证书包,包含超过 130 份证书。目前提供的证书包更新于 2025 年 12 月 2 日,星期二, 04:12:02 (GMT)。 +* 来自 Mozilla 的完整根证书包,包含超过 130 份证书。目前提供的证书包更新于 2026 年 2 月 11 日,星期三, 18:26:30 (GMT)。 * 一组预先筛选的常用根证书。其中仅包含约 38 份证书,但根据 SSL 证书颁发机构统计数据,其绝对使用率约达到 93%,市场覆盖率约达 99%。 此外,还可指定证书文件的路径或包含证书的目录,将其他证书添加到生成的证书包中。