[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#50921: GNU ELPA TLS errors: server is returning chain with expired r
From: |
John Cummings |
Subject: |
bug#50921: GNU ELPA TLS errors: server is returning chain with expired root |
Date: |
Thu, 30 Sep 2021 20:47:38 +0000 |
John Cummings <john@rootabega.net> wrote:
> It appears that elpa.gnu.org is returning a certificate chain referring
> to a root certificate that expired today. (More info:
> https://twitter.com/letsencrypt/status/1443621997288767491) I don't know
> if GnuTLS is supposed to be able to work around this (Firefox seems to, for
> instance)
One possibility (and note here that I'm clearly not a TLS expert) is that
Firefox recognizes the intermediate cert "ISRG Root X1" as one that is also
now a trusted root cert, and so short circuits the rest of the chain,
ignoring the expired cross-signature. Is this something that is possible
and desirable to have Emacs do with GnuTLS?