Re: [ITA] ca-certificates

[Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>]

[-- Attachment #1: Type: text/plain, Size: 1210 bytes --]

On 2021-10-02 09:48, Jon Turney wrote:
> On 02/10/2021 14:56, Achim Gratz wrote:
>>
>> This package by Yaakov is getting long in the tooth and one of my Perl
>> distributions is using it.  Here's the change to pull it up to the
>> latest iteration from Fedora and make it compatible with the CI:
>>
>> https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/ca-certificates.git;a=commitdiff;h=33c21d5cd 
>>
> 
>> +# actually get the Fedora sources
>> +# the output from git must not be seen by cygport…
>> +git submodule update > /dev/null
> 
> I think it's a scallywag bug that it doesn't currently checkout 
> packaging repository submodules, so let me try to fix that.

Very timely gentlemen, as it could eliminate or help mitigate the below:

https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

OpenSSL 1.0.2 packages are now hitting this - see attached log.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

[-- Attachment #2: lynx-noaccess.log --]
[-- Type: text/plain, Size: 2252 bytes --]

$ for url in https://curl.se/download/ http://curl.se/download/ \
	https://libssh2.org/download/ http://libssh2.org/download/;
  do
	lynx -dump -nolist -nonumbers $url;
  done

Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0

lynx: Can't access startfile https://curl.se/download/

Looking up curl.se
Making HTTP connection to curl.se
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 301 Moved Permanently
Data transfer complete
HTTP/1.1 301 Moved Permanently
Using https://curl.se/download/
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0

lynx: Can't access startfile http://curl.se/download/

Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:self signed certificate, preverify_ok=0, ssl_okay=0
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile https://libssh2.org/download/

Looking up libssh2.org
Making HTTP connection to libssh2.org
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 301 Moved Permanently
Data transfer complete
HTTP/1.1 301 Moved Permanently
Using https://libssh2.org/download/
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:self signed certificate, preverify_ok=0, ssl_okay=0
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile http://libssh2.org/download/