[ANNOUNCEMENT] Updated: ca-certificates-2.50-3

[Achim Gratz]

The following packages have been uploaded to the Cygwin distribution:

* ca-certificates-2.50-3
* ca-certificates-letsencrypt-2.50-3

Mozilla's CA root certificates for use with OpenSSL, NSS, GnuTLS, and
other software that handles certificate verification.

This update adds the ca-certificates-letsencrypt package, which when
installed will make the ISRG R3 intermediate CA a trust anchor.  This
will allow to successfully verify certificates using the Letsencrypt
legacy cert chain in certain applications.  Install this package when
you currently have trouble accessing sites (due to validation
complaining about an expired certificate) that had no problems until
about September 30 or October 1 2021 depending on your timezone.

It may be necessary to also remove trust for the already expired DST X3
root CA (which is provided in /usr/share/pki/letsencrypt together with
the R3 intermediate and ISRG X1 and X2 root CA certificates).  Please
report to the main Cygwin mailing list if you know of an example that
needs this blocklisting (with details for reproducing the validation or
application error).


-- 
              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sourceware.org/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.