.NET NuGet Package Validation Broken: Certificate Expired (github.com) 4 points by Belphemur 5y ago ↗ HN
[–] Belphemur 5y ago ↗ From the issue:> So, there is in deed certificate issue. If one tries to execute "nuget verify -All <msnuget.nupkg>" there is clear evidence:Subject Name: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US SHA1 hash: F404000FB11E61F446529981C7059A76C061631E SHA256 hash: 3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE Issued by: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US Valid from: 26.02.2018 01:00:00 to 27.01.2021 13:00:00So MS cert expired today at 13:00 [–] Belphemur 5y ago ↗ It's weird that Microsoft didn't use any timestamping for the NuGet package. This wouldn't have been a direct issue then.
[–] Belphemur 5y ago ↗ It's weird that Microsoft didn't use any timestamping for the NuGet package. This wouldn't have been a direct issue then.
[–] Belphemur 5y ago ↗ Related to a change of certificate done in November it seems: https://devblogs.microsoft.com/nuget/microsoft-author-signin...
[–] rdhatt 5y ago ↗ This is the workaround my place is using for now:https://github.com/NuGet/Home/issues/10491#issuecomment-7684...
4 comments
[ 4.3 ms ] story [ 20.5 ms ] thread> So, there is in deed certificate issue. If one tries to execute "nuget verify -All <msnuget.nupkg>" there is clear evidence:
Subject Name: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US SHA1 hash: F404000FB11E61F446529981C7059A76C061631E SHA256 hash: 3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE Issued by: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US Valid from: 26.02.2018 01:00:00 to 27.01.2021 13:00:00
So MS cert expired today at 13:00
https://github.com/NuGet/Home/issues/10491#issuecomment-7684...