www.delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2021/10/05/18:46:14

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0397A385C40E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1633473972;
bh=77xSeVNmruAFkvJVpIuTyXzH3H+c66HY/j+F4H0qkw0=;
h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
List-Help:List-Subscribe:From:Reply-To:From;
b=IQmB6vrMpIL3lNUmFwbPjVY/xCZsn40P9s7UtvybUeHveFDIAM/zkseWhWFFDA+GE
CbWecE7RJLQK/47KF5zpIrLmkFyk7ccQH7y0tU8AFlk85IfD76vQF5kWH4BqANYQa/
oXAeC0E6ATSa+nzIEPCRH9k9vghpHSqP6opXHFwE=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3F2653858415
X-Injected-Via-Gmane: http://gmane.org/
To: cygwin AT cygwin DOT com
Subject: Emacs, GnuTLS, and DST Root CA X3
Date: Tue, 05 Oct 2021 01:22:22 -0700
Message-ID: <vriuy277ank1.fsf@gmail.com>
Mime-Version: 1.0
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (cygwin)
Cancel-Lock: sha1:u0UEulDY94rbN6xZBg8F4sHmE5I=
X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_00, DATE_IN_PAST_12_24,
DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD, FREEMAIL_FORGED_FROMDOMAIN,
FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, KAM_NUMSUBJECT,
NML_ADSP_CUSTOM_MED, SPF_HELO_NONE, SPF_PASS,
TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Jib Style via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Jib Style <jibstyle209 AT gmail DOT com>
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> 

Several days ago, root certificate "DST Root CA X3" expired, breaking
TLS for many clients. I believe the lastest version of GnuTLS available
on Cygwin (3.6.9, 2 years ago) is impacted. Is anyone able to publish a
newer version of this package?

This impacts me as I use Cygwin Emacs and can no longer open TLS
connections to many hosts for the purposes of web browsing and
newsgroups. I believe all other Cygwin Emacs users would be impacted
also.

Repro steps:
1. Install Cygwin default packages.
2. Install Cygwin package emacs-w32 27.2-1.
3. In Cygwin terminal: emacs -nw -Q
4. In Emacs: M-: (url-retrieve-synchronously "https://gnu.org")

Expected: Emacs should load webpage and return a buffer.
Actual: Emacs network security manager says certificate expired/could
not be verified.

After discussing this in the #emacs Libera.chat IRC, the consensus was
that the old GnuTLS version is to blame, and that a newer version would
fix the problem.

Does anyone have similar issues or tips on how to resolve? Thank you.


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019