From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) by sourceware.org (Postfix) with ESMTPS id 20A7C3858415 for ; Wed, 6 Oct 2021 07:08:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 20A7C3858415 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=systematicsw.ab.ca Received: from shw-obgw-4003a.ext.cloudfilter.net ([10.228.9.183]) by cmsmtp with ESMTP id XsT7mYW8hps7PY12imaMBb; Wed, 06 Oct 2021 07:08:44 +0000 Received: from [192.168.1.105] ([68.147.0.90]) by cmsmtp with ESMTP id Y12hmkScHcHSBY12imHOyk; Wed, 06 Oct 2021 07:08:44 +0000 X-Authority-Analysis: v=2.4 cv=I4EG+Psg c=1 sm=1 tr=0 ts=615d4b7c a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17 a=IkcTkHD0fZMA:10 a=mDV3o1hIAAAA:8 a=w_pzkKWiAAAA:8 a=dObwguuGK3392xsKgrAA:9 a=QEXdDO2ut3YA:10 a=AzgcE_VP5rAA:10 a=_FVE-zBwftR9WsbkzFJk:22 a=sRI3_1zDfAgwuvI8zelB:22 From: Brian Inglis Subject: Re: Emacs, GnuTLS, and DST Root CA X3 Reply-To: cygwin@cygwin.com To: cygwin@cygwin.com Cc: Jib Style References: X-Priority: 1 (Highest) Organization: Systematic Software Message-ID: <5e7db95b-7904-a991-5257-8c929efadc57@SystematicSw.ab.ca> Date: Wed, 6 Oct 2021 01:08:43 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfMPC/3uukwUo6fqjIx3bv+Qa/VedUqfYV7nzDb5gx/nJpFzeLIOj4BSWtDBKIgcMigstERv2zZRD+nZ96+qL3kEDS+HxQBheokwntajkQ8G82DoWSSUw cQyQ9EbRJ806XysaqXwP1V6+vyOY0SUENfhTMCZsoi3jnsVse3SxYO1ISeAiIsMzfLH+HRt/owVo2WRWCuYIz0sRalBqR9QK1IpAE3TV6DBQ5K5PAAgg+IqI X-Spam-Status: No, score=-1161.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2021 07:08:46 -0000 On 2021-10-05 02:22, Jib Style via Cygwin wrote: > Several days ago, root certificate "DST Root CA X3" expired, breaking > TLS for many clients. I believe the lastest version of GnuTLS available > on Cygwin (3.6.9, 2 years ago) is impacted. Is anyone able to publish a > newer version of this package? > > This impacts me as I use Cygwin Emacs and can no longer open TLS > connections to many hosts for the purposes of web browsing and > newsgroups. I believe all other Cygwin Emacs users would be impacted > also. > > Repro steps: > 1. Install Cygwin default packages. > 2. Install Cygwin package emacs-w32 27.2-1. > 3. In Cygwin terminal: emacs -nw -Q > 4. In Emacs: M-: (url-retrieve-synchronously "https://gnu.org") > > Expected: Emacs should load webpage and return a buffer. > Actual: Emacs network security manager says certificate expired/could > not be verified. > > After discussing this in the #emacs Libera.chat IRC, the consensus was > that the old GnuTLS version is to blame, and that a newer version would > fix the problem. > > Does anyone have similar issues or tips on how to resolve? Thank you. The latest ca-certificates package from Mozilla has been announced as re-released three times recently to attempt to address all the issues. Please read the latest mailing list announcement: [ANNOUNCEMENT] Updated: ca-certificates-2.50-3 https://cygwin.com/pipermail/cygwin/2021-October/249569.html -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]