From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpout2.vodafonemail.de (smtpout2.vodafonemail.de [145.253.239.133]) by sourceware.org (Postfix) with ESMTPS id 61EB63858401 for ; Thu, 7 Oct 2021 06:20:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 61EB63858401 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=nexgo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nexgo.de Received: from smtp.vodafone.de (unknown [10.2.0.36]) by smtpout2.vodafonemail.de (Postfix) with ESMTP id BEE8761EFC for ; Thu, 7 Oct 2021 08:20:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexgo.de; s=vfde-smtpout-mb-15sep; t=1633587610; bh=3bMRZWGtWhxy+A7iscWQJY6H1Eypcz0Dk6WINNHGGNE=; h=From:To:Subject:References:Date:In-Reply-To; b=pPLRi6/ZvR/2Xr67wFU0zgG8cOe7yAhl9cLN8Y8d03VXoqvrTveImrr8B7K7Dk7EU MGXzssVda7AtscXnQoxHVJf6/raFyW0dpfXd//0PqRchoFJ0/l441i64to/2RhkbDS uhb/z4WxjDbRwLq+kTj7DVjSD1qBx7o52gVYxV8Y= Received: from Otto (p54a0cb96.dip0.t-ipconnect.de [84.160.203.150]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 5D8A4140197 for ; Thu, 7 Oct 2021 06:20:07 +0000 (UTC) From: ASSI To: cygwin@cygwin.com Subject: Re: Emacs, GnuTLS, and DST Root CA X3 References: <5e7db95b-7904-a991-5257-8c929efadc57@SystematicSw.ab.ca> Date: Thu, 07 Oct 2021 08:19:41 +0200 In-Reply-To: (Jib Style via Cygwin's message of "Wed, 06 Oct 2021 16:33:51 -0700") Message-ID: <87pmsh4arm.fsf@Otto.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate: clean X-purgate-size: 754 X-purgate-ID: 155817::1633587607-00004EF9-D7863F01/0/0 X-Spam-Status: No, score=-3025.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPAM_URI, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2021 06:20:14 -0000 Jib Style via Cygwin writes: > My final question would be if ca-certificates-letsencrypt will > eventually be merged into ca-certificates? No unless upstream choses to do that, which seems unlikely. The ca-certificates-letsencrypt package will be obsoleted as soon as certificates (or libraries / applications) that need the workaround cease to exist in the wild. I think the maximum lifetime of client certificates is 60 days, but the intermediate cert validity using the cross-signed chain that triggers this problem is much longer than that (for compatibility with older Android versions). Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ DIY Stuff: http://Synth.Stromeko.net/DIY.html