Emacs, GnuTLS, and DST Root CA X3

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Wed Oct 6 07:08:43 GMT 2021


On 2021-10-05 02:22, Jib Style via Cygwin wrote:
> Several days ago, root certificate "DST Root CA X3" expired, breaking
> TLS for many clients. I believe the lastest version of GnuTLS available
> on Cygwin (3.6.9, 2 years ago) is impacted. Is anyone able to publish a
> newer version of this package?
> 
> This impacts me as I use Cygwin Emacs and can no longer open TLS
> connections to many hosts for the purposes of web browsing and
> newsgroups. I believe all other Cygwin Emacs users would be impacted
> also.
> 
> Repro steps:
> 1. Install Cygwin default packages.
> 2. Install Cygwin package emacs-w32 27.2-1.
> 3. In Cygwin terminal: emacs -nw -Q
> 4. In Emacs: M-: (url-retrieve-synchronously "https://gnu.org")
> 
> Expected: Emacs should load webpage and return a buffer.
> Actual: Emacs network security manager says certificate expired/could
> not be verified.
> 
> After discussing this in the #emacs Libera.chat IRC, the consensus was
> that the old GnuTLS version is to blame, and that a newer version would
> fix the problem.
> 
> Does anyone have similar issues or tips on how to resolve? Thank you.

The latest ca-certificates package from Mozilla has been announced as 
re-released three times recently to attempt to address all the issues.
Please read the latest mailing list announcement:

	[ANNOUNCEMENT] Updated: ca-certificates-2.50-3
	https://cygwin.com/pipermail/cygwin/2021-October/249569.html

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]


More information about the Cygwin mailing list