On 2024-07-14 19:40, Brian Inglis via Cygwin-apps wrote:
On 2024-07-14 13:46, ASSI via Cygwin-apps wrote:
Brian Inglis via Cygwin-apps writes:
Re-installed last ca-certificates-letencrypt package and cygport
announce and git send-email are working again.
Then keep it installed one or two months longer, but I will not revive
that package. The original problem with the R3 cross-signed through X3
went away at least a year ago already and the last R3 signed
certificates (that don't have this problem) should expire somewhere in
the next two or three months latest. New certificates should be signed
by R10 or R11 already.
Sorry Achim,
But given that the Cygwin certs appear that they may require some of these, and
does not expire until mid-August, might it not have been better to keep the
package around until after then?
Some unexpired letsencrypt certificates should probably have been
migrated to ca-certificates or left in ca-certificates-letencrypt?
Nope.
so were any DigiCert certs harmed in the making of this package? ;^>
Bollocks. If installing ca-certificates-letencrypt fixes it for you,
then it's either an old TrustID X3 or Let's Encrypt R3 certificate
(probably the latter) somewhere in the cert chain _plus_ an openssl
earlier than 1.2 (as these had a bug in cert validation that gets
triggered during validation of a cross-signed a CA).
I do not know how to figure out what is in these cert packages, and what
correlation is significant between those, my email server, cygwin/sourceware
email server, cygport pkg_upload(__pkg_announce) and git send-email.
Anyway, the current openssl has no problems with either of the servers
you mentioned:
It seems to me that both /usr/share/cygport/lib/pkg_upload.cygpart
__pkg_announce() and /usr/libexec/git-core/git-send-email send_message() have
Net::SMTP::SSL in common: those perl modules and dependencies all seem to be
5.36, and I have no idea how they link to OpenSSL, but could they eventually
link to the old OpenSSL 1.1.1w, and could that be causing an issue?
It seems with the latest ca-certificates obsoleting ca-certificates-letsencrypt,
and possibly other Perl package updates, that I can now email here and elsewhere
using cygport, git-email, and other Cygwin packages, without any issues.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
