certs: add 'USERTrust ECC Certification Authority'

Add ROOT certification authority for github.com (USERTrust ECC Certification Authority) Also, running 'make' when you don't have support for ipv6 stops at 'ipv6.showipv6.de' which only has AAAA record. To allow verify all IPv4 sites/certs before failing for IPv6, Makefile now has two domain lists; the original one (DOMAINS) and the IPv6-only (DOMAINSIPV6). With these changes, the error occurs after validating all IPv4 compatible sites/certs.
2026-02-14 20:29:35 +00:00 · 2025-01-30 17:19:05 +01:00 · 2025-01-30 17:19:05 +01:00 · 078af75546
commit 078af75546
parent a446f31262
2 changed files with 23 additions and 4 deletions
--- a/certs/Makefile
+++ b/certs/Makefile
@ -12,9 +12,9 @@ DOMAINS = \
 	dns.quad9.net/DigiCert-Global-Root-G3 \
 	feodotracker.abuse.ch/GlobalSign \
 	git.eworm.de/ISRG-Root-X2 \
+	github.com/USERTrust-ECC-Certification-Authority \
 	ipv4.showipv6.de/ISRG-Root-X1 \
 	ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \
-	ipv6.showipv6.de/ISRG-Root-X1 \
 	lists.blocklist.de/Certum-Trusted-Network-CA \
 	matrix.org/GTS-Root-R4 \
 	mkcert.org/ISRG-Root-X1 \
@ -24,9 +24,12 @@ DOMAINS = \
 	www.dshield.org/ISRG-Root-X1 \
 	www.spamhaus.org/GTS-Root-R4

-.PHONY: $(DOMAINS)
+DOMAINSIPV6 = \
+	ipv6.showipv6.de/ISRG-Root-X1

-all: $(DOMAINS)
+.PHONY: $(DOMAINS) $(DOMAINSIPV6)

-$(DOMAINS):
+all: $(DOMAINS) $(DOMAINSIPV6)
+
+$(DOMAINS) $(DOMAINSIPV6) :
 	curl --output /dev/null --silent --connect-timeout 5 --cacert $(notdir $@).pem https://$(dir $@)