On 2021-10-02 10:37, Brian Inglis wrote:
> On 2021-10-02 09:48, Jon Turney wrote:
>> On 02/10/2021 14:56, Achim Gratz wrote:
>>>
>>> This package by Yaakov is getting long in the tooth and one of my Perl
>>> distributions is using it.  Here's the change to pull it up to the
>>> latest iteration from Fedora and make it compatible with the CI:
>>>
>>> https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/ca-certificates.git;a=commitdiff;h=33c21d5cd 
>>>
>>
>>> +# actually get the Fedora sources
>>> +# the output from git must not be seen by cygport…
>>> +git submodule update > /dev/null
>>
>> I think it's a scallywag bug that it doesn't currently checkout 
>> packaging repository submodules, so let me try to fix that.
> 
> Very timely gentlemen, as it could eliminate or help mitigate the below:
> 
> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
> 
> https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
> 
> OpenSSL 1.0.2 packages are now hitting this - see attached log.

Oh-oh!
Seems a bit more widespread than that.
Please see attached log for dumps from all the below:

$ cygcheck wget wget2 curl | egrep \
	'^\s*C:/.*/bin/.*(crypto|exe|gpg|krb|ss[hl]|tls)'
C:/.../bin/wget.exe
   C:/.../bin/cyggnutls-30.dll
   C:/.../bin/cyggpgme-11.dll
       C:/.../bin/cyggpg-error-0.dll
C:/.../bin/wget2.exe
     C:/.../bin/cyggnutls-30.dll
   C:/.../bin/cyggpgme-11.dll
       C:/.../bin/cyggpg-error-0.dll
C:/.../bin/curl.exe
     C:/.../bin/cygcrypto-1.1.dll
         C:/.../bin/cyggpg-error-0.dll
       C:/.../bin/cyggssapi_krb5-2.dll
         C:/.../bin/cygk5crypto-3.dll
           C:/.../bin/cygkrb5support-0.dll
         C:/.../bin/cygkrb5-3.dll
       C:/.../bin/cygssl-1.1.dll
     C:/.../bin/cygssh2-1.dll

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]