X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 20A7C3858415
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=systematicsw.ab.ca
X-Authority-Analysis: v=2.4 cv=I4EG+Psg c=1 sm=1 tr=0 ts=615d4b7c
 a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17
 a=IkcTkHD0fZMA:10 a=mDV3o1hIAAAA:8 a=w_pzkKWiAAAA:8 a=dObwguuGK3392xsKgrAA:9
 a=QEXdDO2ut3YA:10 a=AzgcE_VP5rAA:10 a=_FVE-zBwftR9WsbkzFJk:22
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Subject: Re: Emacs, GnuTLS, and DST Root CA X3
To: cygwin AT cygwin DOT com
References: <vriuy277ank1 DOT fsf AT gmail DOT com>
X-Priority: 1 (Highest)
Organization: Systematic Software
Message-ID: <5e7db95b-7904-a991-5257-8c929efadc57@SystematicSw.ab.ca>
Date: Wed, 6 Oct 2021 01:08:43 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
MIME-Version: 1.0
In-Reply-To: <vriuy277ank1.fsf@gmail.com>
Content-Language: en-CA
X-CMAE-Envelope: MS4xfMPC/3uukwUo6fqjIx3bv+Qa/VedUqfYV7nzDb5gx/nJpFzeLIOj4BSWtDBKIgcMigstERv2zZRD+nZ96+qL3kEDS+HxQBheokwntajkQ8G82DoWSSUw
X-Spam-Status: No, score=-1161.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Reply-To: cygwin AT cygwin DOT com
Cc: Jib Style <jibstyle209 AT gmail DOT com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On 2021-10-05 02:22, Jib Style via Cygwin wrote:
> Several days ago, root certificate "DST Root CA X3" expired, breaking
> TLS for many clients. I believe the lastest version of GnuTLS available
> on Cygwin (3.6.9, 2 years ago) is impacted. Is anyone able to publish a
> newer version of this package?
> This impacts me as I use Cygwin Emacs and can no longer open TLS
> connections to many hosts for the purposes of web browsing and
> newsgroups. I believe all other Cygwin Emacs users would be impacted
> also.
> Repro steps:
> 1. Install Cygwin default packages.
> 2. Install Cygwin package emacs-w32 27.2-1.
> 3. In Cygwin terminal: emacs -nw -Q
> 4. In Emacs: M-: (url-retrieve-synchronously "https://gnu.org")
> Expected: Emacs should load webpage and return a buffer.
> Actual: Emacs network security manager says certificate expired/could
> not be verified.
> After discussing this in the #emacs Libera.chat IRC, the consensus was
> that the old GnuTLS version is to blame, and that a newer version would
> fix the problem.
> Does anyone have similar issues or tips on how to resolve? Thank you.

The latest ca-certificates package from Mozilla has been announced as 
re-released three times recently to attempt to address all the issues.
Please read the latest mailing list announcement:

	[ANNOUNCEMENT] Updated: ca-certificates-2.50-3

Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple