X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3187D385C401 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1633523178; bh=hvPVddZMwk+HZU6g9muWt+8GI/eOjHFbpkzpzBiA4ho=; h=To:Subject:Date:References:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=Gat+rygw1dmf0ladw+KoC6wLEYskfmVL2dCXQsm8fXftj6NoOAokt+VrvZa1bcvhB iq7hk7Htk7h1h4QaD97LuGddjb0RVG/cWKF0KqQQ0sPgZ5pK4uyOT56mQ2yHjBfdPT CWpoGhD7pu3/qzfUdGIMRi9j9bGahqHlR7j7bOdw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 024C73858427 X-Injected-Via-Gmane: http://gmane.org/ To: cygwin AT cygwin DOT com Subject: Re: Emacs, GnuTLS, and DST Root CA X3 Date: Wed, 06 Oct 2021 05:25:40 -0700 Message-ID: References: <5e7db95b-7904-a991-5257-8c929efadc57 AT SystematicSw DOT ab DOT ca> Mime-Version: 1.0 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (cygwin) Cancel-Lock: sha1:Aaiwv5YNfvscJDDaNEx9mM2BqdU= X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_NUMSUBJECT, NML_ADSP_CUSTOM_MED, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , From: Jib Style via Cygwin Reply-To: Jib Style Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Cygwin" I followed the recent announcements, but unfortunately the problem persists. I tested on two computers, with the following ca-certificates versions: - ca-certificates-2.40-1 - ca-certificates-2.50-1 - ca-certificates-2.50-2 - ca-certificates-2.50-3 - ca-certificates-2.50-3 AND ca-certificates-letsencrypt-2.50-3 In all cases, the result was the same. From the ca-certificates-letsencrypt-2.50-3 announcement: > It may be necessary to also remove trust for the already expired DST > X3 root CA I'm still trying to figure out _how_ to do this, although I'm not sure whether it should help my situation. I'll report back with the result. Some (non-Cygwin) Emacs users reported that GnuTLS >= 3.6.14 works. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple