Mail Archives: cygwin/2021/10/06/19:34:32

Jib Style via Cygwin <cygwin AT cygwin DOT com> · Wed, 06 Oct 2021 16:33:51 -0700

Good news! My problem is solved.

> From the ca-certificates-letsencrypt-2.50-3 announcement:
> 
> > It may be necessary to also remove trust for the already expired DST
> > X3 root CA
> 
> I'm still trying to figure out _how_ to do this, although I'm not sure
> whether it should help my situation. I'll report back with the result.

This did the trick.

Regarding the outdated version of GnuTLS available in Cygwin, I see that
these trust anchor changes constitute a workaround.

Furthermore, I see that ca-certificates-2.50-4 and
ca-certificates-letsencrypt-2.50-4 were released, which automate the
above quoted process. Very nice! My final question would be if
ca-certificates-letsencrypt will eventually be merged into
ca-certificates?

I am now happily browsing the web again in Cygwin Emacs. Thank you to
this mailing list and those in IRC who helped me debug the problem. I
learned a lot about certificate trust chains in the process!

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 3B5C73858015
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1633563270;
	bh=Elo8isJ+U9OoFY4gctcbApyfJHAxSgKPh3UKZWmsfzU=;
	h=To:Subject:Date:References:List-Id:List-Unsubscribe:List-Archive:
	List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=GZ+jP89SuZWL0PBzHiCj22jNPWiEPp8qbsbTnbIQ0829skFeYjfgEEnRsmvFM0e/8
	zR3JoavpM2In677/zywvcvpi5Tj8bWJ03bS6dpHbA1issohNFmgrM8Ub1gms4bkBEh
	PEVIEklrksGLthLY9DVCKAwkldqZckxTxkMBgsjM=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org 3632D3858C39
X-Injected-Via-Gmane:	http://gmane.org/
To:	cygwin AT cygwin DOT com
Subject:	Re: Emacs, GnuTLS, and DST Root CA X3
Date:	Wed, 06 Oct 2021 16:33:51 -0700
Message-ID:	<vriuily94tk0.fsf@gmail.com>
References:	<vriuy277ank1 DOT fsf AT gmail DOT com>
	<5e7db95b-7904-a991-5257-8c929efadc57 AT SystematicSw DOT ab DOT ca>
	<vriu1r4yibln DOT fsf AT gmail DOT com>
Mime-Version:	1.0
User-Agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (cygwin)
Cancel-Lock:	sha1:SPKuhNjXlMafcN4a4oWKArzSaNM=
X-Spam-Status:	No, score=1.2 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED,
	FORGED_GMAIL_RCVD, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_NUMSUBJECT,
	NML_ADSP_CUSTOM_MED, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Level:	*
X-Spam-Checker-Version:	SpamAssassin 3.4.4 (2020-01-24) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Jib Style via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Jib Style <jibstyle209 AT gmail DOT com>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019