bug#50921: GNU ELPA TLS errors: server is returning chain with expired r

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#50921: GNU ELPA TLS errors: server is returning chain with expired r

From:	John Cummings
Subject:	bug#50921: GNU ELPA TLS errors: server is returning chain with expired root
Date:	Thu, 30 Sep 2021 20:47:38 +0000

John Cummings <john@rootabega.net> wrote:

> It appears that elpa.gnu.org is returning a certificate chain referring
> to a root certificate that expired today. (More info:
> https://twitter.com/letsencrypt/status/1443621997288767491) I don't know
> if GnuTLS is supposed to be able to work around this (Firefox seems to, for 
> instance)

One possibility (and note here that I'm clearly not a TLS expert) is that
Firefox recognizes the intermediate cert "ISRG Root X1" as one that is also
now a trusted root cert, and so short circuits the rest of the chain,
ignoring the expired cross-signature. Is this something that is possible
and desirable to have Emacs do with GnuTLS?

[Prev in Thread]

Current Thread

[Next in Thread]

bug#50921: GNU ELPA TLS errors: server is returning chain with expired root, John Cummings, 2021/09/30
- bug#50921: GNU ELPA TLS errors: server is returning chain with expired root, John Cummings <=
  - bug#50921: GNU ELPA TLS errors: server is returning chain with expired root, Eric Abrahamsen, 2021/09/30

Prev by Date: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root
Next by Date: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root
Previous by thread: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root
Next by thread: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root
Index(es):
- Date
- Thread