Emacs, GnuTLS, and DST Root CA X3
Jib Style
jibstyle209@gmail.com
Wed Oct 6 23:33:51 GMT 2021
Good news! My problem is solved.
> From the ca-certificates-letsencrypt-2.50-3 announcement:
>
> > It may be necessary to also remove trust for the already expired DST
> > X3 root CA
>
> I'm still trying to figure out _how_ to do this, although I'm not sure
> whether it should help my situation. I'll report back with the result.
This did the trick.
Regarding the outdated version of GnuTLS available in Cygwin, I see that
these trust anchor changes constitute a workaround.
Furthermore, I see that ca-certificates-2.50-4 and
ca-certificates-letsencrypt-2.50-4 were released, which automate the
above quoted process. Very nice! My final question would be if
ca-certificates-letsencrypt will eventually be merged into
ca-certificates?
I am now happily browsing the web again in Cygwin Emacs. Thank you to
this mailing list and those in IRC who helped me debug the problem. I
learned a lot about certificate trust chains in the process!
More information about the Cygwin
mailing list