From 7afd1e18d1bc570292571b7dcb688364f68668c4 Mon Sep 17 00:00:00 2001
From: samczsun <samczsun@users.noreply.github.com>
Date: Sun, 16 Jan 2022 02:40:44 -0800
Subject: [PATCH] Fix certificate verification issue when building

Use the workaround suggested by Rob Stradling here:
https://mta.openssl.org/pipermail/openssl-users/2021-October/014402.html

Fixes #109
---
 build.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/build.sh b/build.sh
index 954acf4..ee8a382 100755
--- a/build.sh
+++ b/build.sh
@@ -87,6 +87,11 @@ if [ ! -d "$build_env" ]; then
     # Ensure the installed toolchain has support for CA signed certificates.
     # Without this wget on https:// will fail
     cp /etc/ssl/certs/ca-certificates.crt "$build_env/etc/ssl/certs/"
+    
+    # Add patched version of DST Root CA X3 certificate
+    wget -O DSTRootCAX3_Extended.crt "https://crt.sh/?d=8395"
+    sed -i "s/xMDkzMDE0MDExNVow/0MDkzMDE4MTQwM1ow/g" DSTRootCAX3_Extended.crt
+    cat DSTRootCAX3_Extended.crt >> "$build_env/etc/ssl/certs/ca-certificates.crt"
 fi
 
 # Patch WireGuard to use its own included memneq implementation if architecture