From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: John Cummings Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 30 Sep 2021 20:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 50921@debbugs.gnu.org X-Debbugs-Original-To: "bug-gnu-emacs@gnu.org" Reply-To: John Cummings Received: via spool by submit@debbugs.gnu.org id=B.163303349319724 (code B ref -1); Thu, 30 Sep 2021 20:25:01 +0000 Received: (at submit) by debbugs.gnu.org; 30 Sep 2021 20:24:53 +0000 Received: from localhost ([127.0.0.1]:54113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW2bt-000584-0u for submit@debbugs.gnu.org; Thu, 30 Sep 2021 16:24:53 -0400 Received: from lists.gnu.org ([209.51.188.17]:55768) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW2bp-00057u-7w for submit@debbugs.gnu.org; Thu, 30 Sep 2021 16:24:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53802) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mW2bp-0000Cy-2C for bug-gnu-emacs@gnu.org; Thu, 30 Sep 2021 16:24:49 -0400 Received: from mail-40133.protonmail.ch ([185.70.40.133]:28617) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mW2bk-0005US-1D for bug-gnu-emacs@gnu.org; Thu, 30 Sep 2021 16:24:48 -0400 Date: Thu, 30 Sep 2021 20:24:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rootabega.net; s=protonmail; t=1633033469; bh=8CWeiVN9jgfT48MytHDTW5bgcqlYyiBFtgbDxlPIqrM=; h=Date:To:From:Reply-To:Subject:From; b=iBFLY0Sq101lbLYeLArQlQHg4OniS+7DM7cY5ULJymWBBPuzycQxYBtGtQtNcyilh sTpJCd00eZLnQdt2VlvShrlwOT+ROH9DX8RqeLaJmDODs1AcWGWQ5l8B7sH+SxmW1W l/wYMcKsQlZdU4szrtWdtuL8MvQu+re8wxeNLF8qPd6mMdLngVFf2jMcPmlWg+XCQR JYww5YT1dAtgi7+QhFg3gdy4LKgcDSWxMKCUR3KVj10mWK/Z3bAHwa/ws7Mc5Z0sKJ c/Ihrek8tNRcxB3xUT0QWrDDeUrTKjayK6uN+eXCsGkstzQXnwgj2t+087Fc9ntvpk znoRxb4Hx0gMg== From: John Cummings Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ" X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch Received-SPF: pass client-ip=185.70.40.133; envelope-from=john@rootabega.net; helo=mail-40133.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) This is a multi-part message in MIME format. --b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm not sure if we are supposed to report infrastructure problems as Emacs = bugs, but it should be easy to close if not. I, and at least a few others, = have had TLS connection problems to GNU ELPA in the last day or two, with t= he errors: |Issued by: R3 |Issued to: CN=3Delpa.gnu.org |Hostname: elpa.gnu.org |Public key: RSA, signature: RSA-SHA256 |Protocol: TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD |Security level: Medium |Valid: From 2021-09-28 to 2021-12-27 | | |The TLS connection to elpa.gnu.org:443 is insecure for the following |reasons: | |certificate has expired |certificate could not be verified It appears that elpa.gnu.org is returning a certificate chain referring to = a root certificate that expired today. (More info: https://twitter.com/lets= encrypt/status/1443621997288767491) I don't know if GnuTLS is supposed to b= e able to work around this (Firefox seems to, for instance), but I think it= 's a safe bet this is the cause of these connection errors. I confirmed the chain that Emacs is seeing a couple ways. In Emacs 28, the = security prompt lets you view certificate details by hitting "d", and in th= at window I confirmed it is seeing the root cert "CN=3DDST Root CA X3,O=3DD= igital Signature Trust Co." I also attached the chain I got by running: openssl s_client -showcerts -servername elpa.gnu.org -connect elpa.gnu.org:= 443 Thanks! --b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ Content-Type: application/x-x509-ca-cert; name=chain.pem Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=chain.pem Q09OTkVDVEVEKDAwMDAwMDAzKQotLS0KQ2VydGlmaWNhdGUgY2hhaW4KIDAgczpDTiA9IGVscGEu Z251Lm9yZwogICBpOkMgPSBVUywgTyA9IExldCdzIEVuY3J5cHQsIENOID0gUjMKLS0tLS1CRUdJ TiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZIakNDQkFhZ0F3SUJBZ0lTQXk1NitzakkvNHJPOVRnc2Rk d1dVNFkzTUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZR UUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNVEE1TWpneU1E UXlOREphRncweU1URXlNamN5TURReU5ERmFNQmN4RlRBVEJnTlZCQU1UCkRHVnNjR0V1WjI1MUxt OXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMM0wKNk5oWGVZ TmRBckhNN1c5K0t5K2IzK0NpZmNWYzFNYkJHR2NEUTJIejBjb00xbUp3Y2dlMGdHS0hEVEFhRWxr Qwo2ZVlVVmVUSVJZVWJ1dTk0bFhoV2ZYc2NBK0N2bW53VC9aeFJYNDByMmRkUlhiUHdFeUs2NjlO eFF0ZEdoWWRXCkRWamhkNmdzRDRrbURxOWFydVFtN0lwTThyRm5pZGpNSzhtRFRac3hJY2hSZXla NnRxK1BrQTRiamo1QVV2Q04KNVZJTlRoM240MjhpMGlqdk1iVTM1M0VRaS9RS01lYlNHYVo2N1BK NlpDZ3U5SWV0bGh0UEVZOU1UVzEyQk5tSwp5WnRqekg5TGMybVpFNmFQdVI1a3g5RDdhVUpkTWhm UnlFMVhoM3FJN1hFTUoxRXV1Q2lCc1ZwSFFuUG1wM1JPClVKalJEc0FRMG1sL25udUFURnNDQXdF QUFhT0NBa2N3Z2dKRE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlYKSFNVRUZqQVVCZ2dyQmdF RkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RQpGZ1FVVXN6 K2I3Q0M2YkVtRmNlVlBYZXJrZU5uNWZZd0h3WURWUjBqQkJnd0ZvQVVGQzZ6RjdkWVZzdXVVQWxB CjVoK3ZuWXNVd3NZd1ZRWUlLd1lCQlFVSEFRRUVTVEJITUNFR0NDc0dBUVVGQnpBQmhoVm9kSFJ3 T2k4dmNqTXUKYnk1c1pXNWpjaTV2Y21jd0lnWUlLd1lCQlFVSE1BS0dGbWgwZEhBNkx5OXlNeTVw TG14bGJtTnlMbTl5Wnk4dwpGd1lEVlIwUkJCQXdEb0lNWld4d1lTNW5iblV1YjNKbk1Fd0dBMVVk SUFSRk1FTXdDQVlHWjRFTUFRSUJNRGNHCkN5c0dBUVFCZ3Q4VEFRRUJNQ2d3SmdZSUt3WUJCUVVI QWdFV0dtaDBkSEE2THk5amNITXViR1YwYzJWdVkzSjUKY0hRdWIzSm5NSUlCQkFZS0t3WUJCQUhX ZVFJRUFnU0I5UVNCOGdEd0FIVUFYTnhEa3Y3bXEwVkVzVjZhMUZibQpFRGY3MWZwSDNLRnpsTEpl NXZiSERzb0FBQUY4TGx3aXd3QUFCQU1BUmpCRUFpQklKejBKeEFqaTFWYUJsaWRiCml2Y2JYdzAr MU5jWTNwSjhoR3ZlZm9pQjZRSWdLTjRQVjJNajBoMUZxdmtLLzAzQWgyS2FIeTNFYk5uRndJakEK Z1VxZFhuc0Fkd0I5UHZMNGovK0lWV2drd3NES25sS0plU3ZGRG5nSmZ5NXFsMmlaZmlMdzF3QUFB WHd1WENNRQpBQUFFQXdCSU1FWUNJUUM2ZDFPd1lJbENDOHZaRkIwV2FCZll5QU5zbDZFLzZJTmZn dFlLTVloV1dnSWhBT0pBCkpDclIvV0RmeHVERXFtRjhrdGRvUFN3aUZkVGl0aEgrZktSR3V5a3BN QTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFDMHl1WEFqUVE1bjFybU8rTjVRNXBXZENIU3lUQy9k TFVhaUNaQTVnbGhUT3Z0cEJ2VHhrOUswSzV4SVh6dgpBQTlLMExxc29aMitleXM4UWQ4anJnUDNX NlpVMWZDaXduZ1R2bzdBQlhBVHJPOEJOWVRzajJvSG9DbUFtSWEyClR2VzlBYmpqeDg1UHM5VXNw ZkpXR1FjYUhRTHdRSGhDWEoyRGp6MFE1SnIrd1lGbWVqcVl6Y1N6ZFFhVDV1aWkKNXlvYVpXMko0 T3BQOGJ0YzRkZ2tNTWViTElpZTdrSVVoV1BzZ004M1lyalE2VXROcGsxRlNZVkxOWks5eUlSUQow YWlGcFJvd1VZSVlNS2xtNzh1YVdxeGNORHlTRUFpYy9OeTNXdkozMlJOVnFDVGEzSUNCckV4bHRY Z1JTVzRiCjBLQStXYW5ibG5yZzhvUCtMZTljOGFQYwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t CiAxIHM6QyA9IFVTLCBPID0gTGV0J3MgRW5jcnlwdCwgQ04gPSBSMwogICBpOkMgPSBVUywgTyA9 IEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwLCBDTiA9IElTUkcgUm9vdCBYMQotLS0t LUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkZqQ0NBdjZnQXdJQkFnSVJBSkVyQ0VyUERCaW5V L2JXTGlXblgxb3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5C Z05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdF d1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qQXdPVEEwTURBd01EQXcKV2hjTk1qVXdP VEUxTVRZd01EQXdXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpS VzVqY25sd2RERUxNQWtHQTFVRUF4TUNVak13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3 QXdnZ0VLCkFvSUJBUUM3QWhVb3pQYWdsTk1QRXV5TlZaTEQrSUx4bWFaNlFvaW5YU2FxdFN1NXhV eXhyNDVyK1hYSW85Y1AKUjVRVVZUVlhqSjZvb2prWjlZSThRcWxPYnZVN3d5N2JqY0N3WFBOWk9P ZnR6Mm53V2dzYnZzQ1VKQ1dIK2pkeApzeFBuSEt6aG0rL2I1RHRGVWtXV3FjRlR6alRJVXU2MXJ1 MlAzbUJ3NHFWVXE3WnREcGVsUURScks5TzhadXRtCk5IejZhNHVQVnltWitEQVhYYnB5Yi91Qnhh M1NobGc5RjhmbkNidnhLL2VHM01IYWNWM1VSdVBNclNYQmlMeGcKWjNWbXMvRVk5NkpjNWxQL09v aTJSNlgvRXhqcW1BbDNQNTFUK2M4QjVmV21jQmNVcjJPay81bXprNTNjVTZjRwova2lGSGFGcHJp VjF1eFBNVWdQMTdWR2hpOXNWQWdNQkFBR2pnZ0VJTUlJQkJEQU9CZ05WSFE4QkFmOEVCQU1DCkFZ WXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUJJR0ExVWRFd0VCL3dR SU1BWUIKQWY4Q0FRQXdIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZnI1MkxGTUxHTUI4 R0ExVWRJd1FZTUJhQQpGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1TURJR0NDc0dBUVVGQndF QkJDWXdKREFpQmdnckJnRUZCUWN3CkFvWVdhSFIwY0RvdkwzZ3hMbWt1YkdWdVkzSXViM0puTHpB bkJnTlZIUjhFSURBZU1CeWdHcUFZaGhab2RIUncKT2k4dmVERXVZeTVzWlc1amNpNXZjbWN2TUNJ R0ExVWRJQVFiTUJrd0NBWUdaNEVNQVFJQk1BMEdDeXNHQVFRQgpndDhUQVFFQk1BMEdDU3FHU0li M0RRRUJDd1VBQTRJQ0FRQ0Z5azVIUHFQM2hVU0Z2TlZuZUxLWVk2MTFUUjZXClBUTmxjbFF0Z2FE cXcrMzRJTDlmekxkd0FMZHVPL1plbE43a0lKK203NHV5QStlaXRSWThrYzYwN1RrQzUzd2wKaWtm bVpXNC9SdlRaOE02VUsrNVV6aEs4akNkTHVNR1lMNkt2elhHUlNnaTN5TGdqZXdRdENQa0lWejZE MlFRegpDa2NoZUFtQ0o4TXF5SnU1emx6eVpNakF2bm5BVDQ1dFJBeGVrcnN1OTRzUTRlZ2RSQ25i V1NEdFk3a2grQkltCmxKTlhvQjFsQk1FS0lxNFFEVU9Yb1JnZmZ1RGdoamUxV3JHOU1MK0hiaXNx L3lGT0d3WEQ5UmlYOEY2c3c2VzQKYXZBdXZEc3p1ZTVMM3N6ODVLK0VDNFkvd0ZWRE52Wm80VFlY YW82WjBmK2xRS2MwdDhEUVl6azFPWFZ1OHJwMgp5Sk1DNmFsTGJCZk9EQUxadllIN243ZG8xQVps czRJOWQxUDRqbmtEclFveEIzVXFROWhWbDNMRUtRNzN4RjFPCnlLNUdoRERYOG9WZkdLRjV1K2Rl Y0lzSDRZYVR3N21QM0dGeEpTcXYzKzBsVUZKb2k1TGM1ZGExNDlwOTBJZHMKaENFeHJvTDErN21y eUlrWFBlRk01VGdPOXIwcnZaYUJGT3ZWMnowZ3AzNVowK0w0V1BsYnVFak4vbHhQRmluKwpIbFVq cjhnUnNJM3FmSk9RRnkvOXJLSUpSMFkvOE9td3QvOG9UV2d5MW1kZUhtbWprN2oxbllzdkM5SlNR Nlp2Ck1sZGxUVEtCM3poVGhWMStYV1lwNnJqZDVKVzF6YlZXRWtMTnhFN0dKVGhFVUczc3pnQlZH UDdwU1dUVVRzcVgKbkxSYndIT29xN2hId2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAy IHM6QyA9IFVTLCBPID0gSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAsIENOID0gSVNS RyBSb290IFgxCiAgIGk6TyA9IERpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLiwgQ04gPSBEU1Qg Um9vdCBDQSBYMwotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRllEQ0NCRWlnQXdJQkFn SVFRQUYzSVRmVTZVSzQ3bmFxUEdRS3R6QU5CZ2txaGtpRzl3MEJBUXNGQURBLwpNU1F3SWdZRFZR UUtFeHRFYVdkcGRHRnNJRk5wWjI1aGRIVnlaU0JVY25WemRDQkRieTR4RnpBVkJnTlZCQU1UCkRr UlRWQ0JTYjI5MElFTkJJRmd6TUI0WERUSXhNREV5TURFNU1UUXdNMW9YRFRJME1Ea3pNREU0TVRR d00xb3cKVHpFTE1Ba0dBMVVFQmhNQ1ZWTXhLVEFuQmdOVkJBb1RJRWx1ZEdWeWJtVjBJRk5sWTNW eWFYUjVJRkpsYzJWaApjbU5vSUVkeWIzVndNUlV3RXdZRFZRUURFd3hKVTFKSElGSnZiM1FnV0RF d2dnSWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDdDZDUno5QlEzODV1 ZUsxY29ISWUrM0xmZk9KQ01ianptVjZCNDkzWEMKb3Y3MWFtNzJBRThvMjk1b2hteEVrN2F4WS8w VUVtdS9IOUxxTVpzaGZ0RXpQTHBJOWQxNTM3TzQveEx4SVpwTAp3WXFHY1dsS1ptWnNqMzQ4Y0wr dEtTSUc4K1RBNW9DdTRrdVB0NWwrbEFPZjAwZVhmSmxJSTFQb09LNVBDbStECkx0RkpWNHlBZExi YUw5QTRqWHNEY0NFYmRmSXdQUHFQcnQzYVk2dnJGay9DamhGTGZzOEw2UCsxZHk3MHNudEsKNEV3 U0pReHdqUU1wb09GVEpPd1QyZTRadnhDelNvdy9pYU5oVWQ2c2h3ZVU5R054N0M3aWIxdVlnZUdK WERSNQpiSGJ2TzVCaWVlYmJwSm92SnNYUUVPRU8zdGtRamhiN3QvZW85OGZsQWdlWWp6WUlsZWZp TjVZTk5uV2UrdzV5CnNSMmJ2QVA1U1FYWWdkMEZ0Q3JXUWVtc0FYYVZDZy9ZMzlXOUVoODFMeWdY Yk5LWXdhZ0paSGR1UnplNnpxeFoKWG1pZGYzTFdpY1VHUVNrK1dUN2RKdlVreVJHbldxTk1RQjlH b1ptMXB6cFJib1k3bm4xeXB4SUZlRm50UGxGNApGUXNEajQzUUx3V3lQbnRLSEV0ekJSTDh4dXJn VUJOOFE1TjBzOHAwNTQ0ZkFRalFNTlJiY1RhMEI3ckJNREJjClNMZUNPNWltZldDS29xTXBnc3k2 dllNRUc2S0RBMEdoMWdYeEc4SzI4S2g4aGp0R3FFZ3FpTngybW5hL0gycWwKUFJtUDZ6anpaTjdJ S3cwS0tQLzMyK0lWUXRRaTBDZGQ0WG4rR09kd2lLMU81dG1MT3NiZEoxRnUvN3hrOVRORApUd0lE QVFBQm80SUJSakNDQVVJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNB UVl3ClN3WUlLd1lCQlFVSEFRRUVQekE5TURzR0NDc0dBUVVGQnpBQ2hpOW9kSFJ3T2k4dllYQndj eTVwWkdWdWRISjEKYzNRdVkyOXRMM0p2YjNSekwyUnpkSEp2YjNSallYZ3pMbkEzWXpBZkJnTlZI U01FR0RBV2dCVEVwN0drZXl4eAordHZoUzVCMS84UVZZSVdKRURCVUJnTlZIU0FFVFRCTE1BZ0dC bWVCREFFQ0FUQS9CZ3NyQmdFRUFZTGZFd0VCCkFUQXdNQzRHQ0NzR0FRVUZCd0lCRmlKb2RIUndP aTh2WTNCekxuSnZiM1F0ZURFdWJHVjBjMlZ1WTNKNWNIUXUKYjNKbk1Ed0dBMVVkSHdRMU1ETXdN YUF2b0MyR0syaDBkSEE2THk5amNtd3VhV1JsYm5SeWRYTjBMbU52YlM5RQpVMVJTVDA5VVEwRllN ME5TVEM1amNtd3dIUVlEVlIwT0JCWUVGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1Ck1BMEdD U3FHU0liM0RRRUJDd1VBQTRJQkFRQUtjd0JzbG03L0RsTFFydDJNNTFvR3JTK280NCsveVFvREZW REMKNVd4Q3UyK2I5TFJQd2tTSUNIWE02d2ViRkdKdWVON3NKN281WFBXaW9XNVdsSEFRVTdHNzVL L1Fvc01yQWRTVwo5TVVnTlRQNTJHRTI0SEdOdExpMXFvSkZsY0R5cVNNbzU5YWh5MmNJMnFCRExL b2JreC9KM3ZXcmFWMFQ5VnVHCldDTEtUVlhrY0dkdHdsZkZSamxCejRwWWcxaHRtZjVYNkRZTzhB NGpxdjJJbDlEalhBNlVTYlcxRnpYU0xyOU8KaGU4WTRJV1M2d1k3YkNrakNXRGNSUUpNRWhnNzZm c08zdHhFK0ZpWXJ1cTlSVVdoaUYxbXl2NFE2VytDeUJGQwpEZnZwN09PR0FONmRFT000K3FSOXNk am9TWUtFQnBzcjZHdFBBUXc0ZHk3NTNlYzUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0K U2VydmVyIGNlcnRpZmljYXRlCnN1YmplY3Q9Q04gPSBlbHBhLmdudS5vcmcKCmlzc3Vlcj1DID0g VVMsIE8gPSBMZXQncyBFbmNyeXB0LCBDTiA9IFIzCg== --b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ-- From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: John Cummings Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 30 Sep 2021 20:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 50921@debbugs.gnu.org Reply-To: John Cummings Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.163303487222080 (code B ref 50921); Thu, 30 Sep 2021 20:48:01 +0000 Received: (at 50921) by debbugs.gnu.org; 30 Sep 2021 20:47:52 +0000 Received: from localhost ([127.0.0.1]:54128 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW2y8-0005k4-M2 for submit@debbugs.gnu.org; Thu, 30 Sep 2021 16:47:52 -0400 Received: from mail-4323.protonmail.ch ([185.70.43.23]:15991) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW2y2-0005jT-H6 for 50921@debbugs.gnu.org; Thu, 30 Sep 2021 16:47:51 -0400 Date: Thu, 30 Sep 2021 20:47:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rootabega.net; s=protonmail; t=1633034859; bh=ycMn9TCtddt6qxCbSYMLtUU5SKlqoOAKwEg8JU95GI4=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:From; b=o3Bsomduut+s/Wsvjj+Lz/rjscXfbR+ReFCW/FJgE2xnUWFtROAwg8v02dIGrHTlz kr7oX+b7LFWKWatu8Ft18TTMpcXcjOmgFDV4mJrheCHxLz7qXw301l4ll0CRefwQxV znP3JGwsnrksDhJz8xX5OJkT7FBUXlHwJF6mnwGTTXn1lwaqx59GPw9yCiQucJvI6s G1G74CbTPnTpkLG/zVH1yRXynaHP3nqxuhh2AlPRrR4pn9O2QWYY9MNBaJdxIhk+a5 TmZcAPGDagwZFJInynmuNsrIgURXC2l0vznH9QmqhOhE+6Xk9IbgZboQR/9/dC2InR bO/UpwtWpHfUg== From: John Cummings Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) John Cummings wrote: > It appears that elpa.gnu.org is returning a certificate chain referring > to a root certificate that expired today. (More info: > https://twitter.com/letsencrypt/status/1443621997288767491) I don't know > if GnuTLS is supposed to be able to work around this (Firefox seems to, f= or instance) One possibility (and note here that I'm clearly not a TLS expert) is that Firefox recognizes the intermediate cert "ISRG Root X1" as one that is also now a trusted root cert, and so short circuits the rest of the chain, ignoring the expired cross-signature. Is this something that is possible and desirable to have Emacs do with GnuTLS? From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: Eric Abrahamsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 30 Sep 2021 21:04:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: John Cummings Cc: 50921@debbugs.gnu.org Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.163303579423663 (code B ref 50921); Thu, 30 Sep 2021 21:04:01 +0000 Received: (at 50921) by debbugs.gnu.org; 30 Sep 2021 21:03:14 +0000 Received: from localhost ([127.0.0.1]:54155 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW3D0-00069b-Dm for submit@debbugs.gnu.org; Thu, 30 Sep 2021 17:03:14 -0400 Received: from mail.ericabrahamsen.net ([52.70.2.18]:58956) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW3Cw-00069K-TS for 50921@debbugs.gnu.org; Thu, 30 Sep 2021 17:03:13 -0400 Received: from localhost (75-172-126-110.tukw.qwest.net [75.172.126.110]) (Authenticated sender: eric@ericabrahamsen.net) by mail.ericabrahamsen.net (Postfix) with ESMTPSA id 54F89FA059; Thu, 30 Sep 2021 21:03:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericabrahamsen.net; s=mail; t=1633035784; bh=pJhxrAKp5tQc4hzYDLP1jR7psxu53k5mW9Z/62Te2YY=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=qc8lMHbPRS2qDcQ4C2+ScWr/mfXtSiyP8TZE52uxp28ysMHe7oMRhbNoyOIC5eQH2 jsQDEoKBtpWuXDlP5tMfk20YQUYlf+jdzfQre8ej7GCftu71LNxot1whdEvam/yvIN 207tpPH3iNTOuVgoLB7q5okGO9PwXYQV3dYP5J5Y= From: Eric Abrahamsen References: Date: Thu, 30 Sep 2021 14:03:02 -0700 In-Reply-To: (John Cummings's message of "Thu, 30 Sep 2021 20:47:38 +0000") Message-ID: <874ka1ixo9.fsf@ericabrahamsen.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) John Cummings writes: > John Cummings wrote: > >> It appears that elpa.gnu.org is returning a certificate chain referring >> to a root certificate that expired today. (More info: >> https://twitter.com/letsencrypt/status/1443621997288767491) I don't know >> if GnuTLS is supposed to be able to work around this (Firefox seems to, for instance) > > One possibility (and note here that I'm clearly not a TLS expert) is that > Firefox recognizes the intermediate cert "ISRG Root X1" as one that is also > now a trusted root cert, and so short circuits the rest of the chain, > ignoring the expired cross-signature. Is this something that is possible > and desirable to have Emacs do with GnuTLS? Not only that: I deleted the offending line from my ~/.ssh/known_hosts, re-accepted the key as valid (of course I have no idea), and attempted to pull, and it asked me for my Savannah password -- ie, did not go to my local ssh key. That really made me wonder -- does that mean we've switched machines altogether, and the new machines don't have our public keys? I don't know how all these things work well enough to know what's going on, but it certainly seems broken. From unknown Sun Jun 22 08:09:55 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: John Cummings Subject: bug#50921: closed (Re: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root) Message-ID: References: <83ee95fg5s.fsf@gnu.org> X-Gnu-PR-Message: they-closed 50921 X-Gnu-PR-Package: emacs Reply-To: 50921@debbugs.gnu.org Date: Fri, 01 Oct 2021 05:51:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1633067462-9325-1" This is a multi-part message in MIME format... ------------=_1633067462-9325-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #50921: GNU ELPA TLS errors: server is returning chain with expired root which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 50921@debbugs.gnu.org. --=20 50921: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D50921 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1633067462-9325-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 50921-done) by debbugs.gnu.org; 1 Oct 2021 05:50:02 +0000 Received: from localhost ([127.0.0.1]:54502 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mWBQn-0002OY-Ri for submit@debbugs.gnu.org; Fri, 01 Oct 2021 01:50:02 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43698) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mWBQl-0002O0-R1 for 50921-done@debbugs.gnu.org; Fri, 01 Oct 2021 01:50:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42552) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mWBQg-00023x-Gt; Fri, 01 Oct 2021 01:49:54 -0400 Received: from 84.94.185.95.cable.012.net.il ([84.94.185.95]:4318 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mWBQf-000245-F0; Fri, 01 Oct 2021 01:49:54 -0400 Date: Fri, 01 Oct 2021 08:49:35 +0300 Message-Id: <83ee95fg5s.fsf@gnu.org> From: Eli Zaretskii To: John Cummings In-Reply-To: (message from John Cummings on Thu, 30 Sep 2021 20:24:28 +0000) Subject: Re: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root References: X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 50921-done Cc: 50921-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Thu, 30 Sep 2021 20:24:28 +0000 > From: John Cummings > > I'm not sure if we are supposed to report infrastructure problems as Emacs bugs, but it should be easy to close if not. I, and at least a few others, have had TLS connection problems to GNU ELPA in the last day or two, with the errors: > > |Issued by: R3 > |Issued to: CN=elpa.gnu.org > |Hostname: elpa.gnu.org > |Public key: RSA, signature: RSA-SHA256 > |Protocol: TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD > |Security level: Medium > |Valid: From 2021-09-28 to 2021-12-27 > | > | > |The TLS connection to elpa.gnu.org:443 is insecure for the following > |reasons: > | > |certificate has expired > |certificate could not be verified > > It appears that elpa.gnu.org is returning a certificate chain referring to a root certificate that expired today. (More info: https://twitter.com/letsencrypt/status/1443621997288767491) I don't know if GnuTLS is supposed to be able to work around this (Firefox seems to, for instance), but I think it's a safe bet this is the cause of these connection errors. It isn't our issue, it's a possible issue with gnu.org infrastructure and "older" TLS libraries. The issue is known to GNU sysadmins and they are working on it. However, what they advise is to upgrade your TLS libraries. Here's a quote from what they told me: [GNU machines] have a lets encrypt cert that is valid, it seems some older tls libraries dont like that is has 2 alternate intermediate certificates and one of them expired. So this is not an Emacs problem, and I'm therefore closing this bug. If you want to pursue this further, please write to sysadmin@gnu.org. ------------=_1633067462-9325-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 30 Sep 2021 20:24:53 +0000 Received: from localhost ([127.0.0.1]:54113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW2bt-000584-0u for submit@debbugs.gnu.org; Thu, 30 Sep 2021 16:24:53 -0400 Received: from lists.gnu.org ([209.51.188.17]:55768) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mW2bp-00057u-7w for submit@debbugs.gnu.org; Thu, 30 Sep 2021 16:24:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53802) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mW2bp-0000Cy-2C for bug-gnu-emacs@gnu.org; Thu, 30 Sep 2021 16:24:49 -0400 Received: from mail-40133.protonmail.ch ([185.70.40.133]:28617) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mW2bk-0005US-1D for bug-gnu-emacs@gnu.org; Thu, 30 Sep 2021 16:24:48 -0400 Date: Thu, 30 Sep 2021 20:24:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rootabega.net; s=protonmail; t=1633033469; bh=8CWeiVN9jgfT48MytHDTW5bgcqlYyiBFtgbDxlPIqrM=; h=Date:To:From:Reply-To:Subject:From; b=iBFLY0Sq101lbLYeLArQlQHg4OniS+7DM7cY5ULJymWBBPuzycQxYBtGtQtNcyilh sTpJCd00eZLnQdt2VlvShrlwOT+ROH9DX8RqeLaJmDODs1AcWGWQ5l8B7sH+SxmW1W l/wYMcKsQlZdU4szrtWdtuL8MvQu+re8wxeNLF8qPd6mMdLngVFf2jMcPmlWg+XCQR JYww5YT1dAtgi7+QhFg3gdy4LKgcDSWxMKCUR3KVj10mWK/Z3bAHwa/ws7Mc5Z0sKJ c/Ihrek8tNRcxB3xUT0QWrDDeUrTKjayK6uN+eXCsGkstzQXnwgj2t+087Fc9ntvpk znoRxb4Hx0gMg== To: "bug-gnu-emacs@gnu.org" From: John Cummings Subject: GNU ELPA TLS errors: server is returning chain with expired root Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ" X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch Received-SPF: pass client-ip=185.70.40.133; envelope-from=john@rootabega.net; helo=mail-40133.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: John Cummings Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) This is a multi-part message in MIME format. --b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm not sure if we are supposed to report infrastructure problems as Emacs = bugs, but it should be easy to close if not. I, and at least a few others, = have had TLS connection problems to GNU ELPA in the last day or two, with t= he errors: |Issued by: R3 |Issued to: CN=3Delpa.gnu.org |Hostname: elpa.gnu.org |Public key: RSA, signature: RSA-SHA256 |Protocol: TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD |Security level: Medium |Valid: From 2021-09-28 to 2021-12-27 | | |The TLS connection to elpa.gnu.org:443 is insecure for the following |reasons: | |certificate has expired |certificate could not be verified It appears that elpa.gnu.org is returning a certificate chain referring to = a root certificate that expired today. (More info: https://twitter.com/lets= encrypt/status/1443621997288767491) I don't know if GnuTLS is supposed to b= e able to work around this (Firefox seems to, for instance), but I think it= 's a safe bet this is the cause of these connection errors. I confirmed the chain that Emacs is seeing a couple ways. In Emacs 28, the = security prompt lets you view certificate details by hitting "d", and in th= at window I confirmed it is seeing the root cert "CN=3DDST Root CA X3,O=3DD= igital Signature Trust Co." I also attached the chain I got by running: openssl s_client -showcerts -servername elpa.gnu.org -connect elpa.gnu.org:= 443 Thanks! --b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ Content-Type: application/x-x509-ca-cert; name=chain.pem Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=chain.pem Q09OTkVDVEVEKDAwMDAwMDAzKQotLS0KQ2VydGlmaWNhdGUgY2hhaW4KIDAgczpDTiA9IGVscGEu Z251Lm9yZwogICBpOkMgPSBVUywgTyA9IExldCdzIEVuY3J5cHQsIENOID0gUjMKLS0tLS1CRUdJ TiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZIakNDQkFhZ0F3SUJBZ0lTQXk1NitzakkvNHJPOVRnc2Rk d1dVNFkzTUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZR UUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNVEE1TWpneU1E UXlOREphRncweU1URXlNamN5TURReU5ERmFNQmN4RlRBVEJnTlZCQU1UCkRHVnNjR0V1WjI1MUxt OXlaekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMM0wKNk5oWGVZ TmRBckhNN1c5K0t5K2IzK0NpZmNWYzFNYkJHR2NEUTJIejBjb00xbUp3Y2dlMGdHS0hEVEFhRWxr Qwo2ZVlVVmVUSVJZVWJ1dTk0bFhoV2ZYc2NBK0N2bW53VC9aeFJYNDByMmRkUlhiUHdFeUs2NjlO eFF0ZEdoWWRXCkRWamhkNmdzRDRrbURxOWFydVFtN0lwTThyRm5pZGpNSzhtRFRac3hJY2hSZXla NnRxK1BrQTRiamo1QVV2Q04KNVZJTlRoM240MjhpMGlqdk1iVTM1M0VRaS9RS01lYlNHYVo2N1BK NlpDZ3U5SWV0bGh0UEVZOU1UVzEyQk5tSwp5WnRqekg5TGMybVpFNmFQdVI1a3g5RDdhVUpkTWhm UnlFMVhoM3FJN1hFTUoxRXV1Q2lCc1ZwSFFuUG1wM1JPClVKalJEc0FRMG1sL25udUFURnNDQXdF QUFhT0NBa2N3Z2dKRE1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlYKSFNVRUZqQVVCZ2dyQmdF RkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RQpGZ1FVVXN6 K2I3Q0M2YkVtRmNlVlBYZXJrZU5uNWZZd0h3WURWUjBqQkJnd0ZvQVVGQzZ6RjdkWVZzdXVVQWxB CjVoK3ZuWXNVd3NZd1ZRWUlLd1lCQlFVSEFRRUVTVEJITUNFR0NDc0dBUVVGQnpBQmhoVm9kSFJ3 T2k4dmNqTXUKYnk1c1pXNWpjaTV2Y21jd0lnWUlLd1lCQlFVSE1BS0dGbWgwZEhBNkx5OXlNeTVw TG14bGJtTnlMbTl5Wnk4dwpGd1lEVlIwUkJCQXdEb0lNWld4d1lTNW5iblV1YjNKbk1Fd0dBMVVk SUFSRk1FTXdDQVlHWjRFTUFRSUJNRGNHCkN5c0dBUVFCZ3Q4VEFRRUJNQ2d3SmdZSUt3WUJCUVVI QWdFV0dtaDBkSEE2THk5amNITXViR1YwYzJWdVkzSjUKY0hRdWIzSm5NSUlCQkFZS0t3WUJCQUhX ZVFJRUFnU0I5UVNCOGdEd0FIVUFYTnhEa3Y3bXEwVkVzVjZhMUZibQpFRGY3MWZwSDNLRnpsTEpl NXZiSERzb0FBQUY4TGx3aXd3QUFCQU1BUmpCRUFpQklKejBKeEFqaTFWYUJsaWRiCml2Y2JYdzAr MU5jWTNwSjhoR3ZlZm9pQjZRSWdLTjRQVjJNajBoMUZxdmtLLzAzQWgyS2FIeTNFYk5uRndJakEK Z1VxZFhuc0Fkd0I5UHZMNGovK0lWV2drd3NES25sS0plU3ZGRG5nSmZ5NXFsMmlaZmlMdzF3QUFB WHd1WENNRQpBQUFFQXdCSU1FWUNJUUM2ZDFPd1lJbENDOHZaRkIwV2FCZll5QU5zbDZFLzZJTmZn dFlLTVloV1dnSWhBT0pBCkpDclIvV0RmeHVERXFtRjhrdGRvUFN3aUZkVGl0aEgrZktSR3V5a3BN QTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFDMHl1WEFqUVE1bjFybU8rTjVRNXBXZENIU3lUQy9k TFVhaUNaQTVnbGhUT3Z0cEJ2VHhrOUswSzV4SVh6dgpBQTlLMExxc29aMitleXM4UWQ4anJnUDNX NlpVMWZDaXduZ1R2bzdBQlhBVHJPOEJOWVRzajJvSG9DbUFtSWEyClR2VzlBYmpqeDg1UHM5VXNw ZkpXR1FjYUhRTHdRSGhDWEoyRGp6MFE1SnIrd1lGbWVqcVl6Y1N6ZFFhVDV1aWkKNXlvYVpXMko0 T3BQOGJ0YzRkZ2tNTWViTElpZTdrSVVoV1BzZ004M1lyalE2VXROcGsxRlNZVkxOWks5eUlSUQow YWlGcFJvd1VZSVlNS2xtNzh1YVdxeGNORHlTRUFpYy9OeTNXdkozMlJOVnFDVGEzSUNCckV4bHRY Z1JTVzRiCjBLQStXYW5ibG5yZzhvUCtMZTljOGFQYwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t CiAxIHM6QyA9IFVTLCBPID0gTGV0J3MgRW5jcnlwdCwgQ04gPSBSMwogICBpOkMgPSBVUywgTyA9 IEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwLCBDTiA9IElTUkcgUm9vdCBYMQotLS0t LUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRkZqQ0NBdjZnQXdJQkFnSVJBSkVyQ0VyUERCaW5V L2JXTGlXblgxb3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5C Z05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdF d1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qQXdPVEEwTURBd01EQXcKV2hjTk1qVXdP VEUxTVRZd01EQXdXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpS VzVqY25sd2RERUxNQWtHQTFVRUF4TUNVak13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3 QXdnZ0VLCkFvSUJBUUM3QWhVb3pQYWdsTk1QRXV5TlZaTEQrSUx4bWFaNlFvaW5YU2FxdFN1NXhV eXhyNDVyK1hYSW85Y1AKUjVRVVZUVlhqSjZvb2prWjlZSThRcWxPYnZVN3d5N2JqY0N3WFBOWk9P ZnR6Mm53V2dzYnZzQ1VKQ1dIK2pkeApzeFBuSEt6aG0rL2I1RHRGVWtXV3FjRlR6alRJVXU2MXJ1 MlAzbUJ3NHFWVXE3WnREcGVsUURScks5TzhadXRtCk5IejZhNHVQVnltWitEQVhYYnB5Yi91Qnhh M1NobGc5RjhmbkNidnhLL2VHM01IYWNWM1VSdVBNclNYQmlMeGcKWjNWbXMvRVk5NkpjNWxQL09v aTJSNlgvRXhqcW1BbDNQNTFUK2M4QjVmV21jQmNVcjJPay81bXprNTNjVTZjRwova2lGSGFGcHJp VjF1eFBNVWdQMTdWR2hpOXNWQWdNQkFBR2pnZ0VJTUlJQkJEQU9CZ05WSFE4QkFmOEVCQU1DCkFZ WXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0lHQ0NzR0FRVUZCd01CTUJJR0ExVWRFd0VCL3dR SU1BWUIKQWY4Q0FRQXdIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZnI1MkxGTUxHTUI4 R0ExVWRJd1FZTUJhQQpGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1TURJR0NDc0dBUVVGQndF QkJDWXdKREFpQmdnckJnRUZCUWN3CkFvWVdhSFIwY0RvdkwzZ3hMbWt1YkdWdVkzSXViM0puTHpB bkJnTlZIUjhFSURBZU1CeWdHcUFZaGhab2RIUncKT2k4dmVERXVZeTVzWlc1amNpNXZjbWN2TUNJ R0ExVWRJQVFiTUJrd0NBWUdaNEVNQVFJQk1BMEdDeXNHQVFRQgpndDhUQVFFQk1BMEdDU3FHU0li M0RRRUJDd1VBQTRJQ0FRQ0Z5azVIUHFQM2hVU0Z2TlZuZUxLWVk2MTFUUjZXClBUTmxjbFF0Z2FE cXcrMzRJTDlmekxkd0FMZHVPL1plbE43a0lKK203NHV5QStlaXRSWThrYzYwN1RrQzUzd2wKaWtm bVpXNC9SdlRaOE02VUsrNVV6aEs4akNkTHVNR1lMNkt2elhHUlNnaTN5TGdqZXdRdENQa0lWejZE MlFRegpDa2NoZUFtQ0o4TXF5SnU1emx6eVpNakF2bm5BVDQ1dFJBeGVrcnN1OTRzUTRlZ2RSQ25i V1NEdFk3a2grQkltCmxKTlhvQjFsQk1FS0lxNFFEVU9Yb1JnZmZ1RGdoamUxV3JHOU1MK0hiaXNx L3lGT0d3WEQ5UmlYOEY2c3c2VzQKYXZBdXZEc3p1ZTVMM3N6ODVLK0VDNFkvd0ZWRE52Wm80VFlY YW82WjBmK2xRS2MwdDhEUVl6azFPWFZ1OHJwMgp5Sk1DNmFsTGJCZk9EQUxadllIN243ZG8xQVps czRJOWQxUDRqbmtEclFveEIzVXFROWhWbDNMRUtRNzN4RjFPCnlLNUdoRERYOG9WZkdLRjV1K2Rl Y0lzSDRZYVR3N21QM0dGeEpTcXYzKzBsVUZKb2k1TGM1ZGExNDlwOTBJZHMKaENFeHJvTDErN21y eUlrWFBlRk01VGdPOXIwcnZaYUJGT3ZWMnowZ3AzNVowK0w0V1BsYnVFak4vbHhQRmluKwpIbFVq cjhnUnNJM3FmSk9RRnkvOXJLSUpSMFkvOE9td3QvOG9UV2d5MW1kZUhtbWprN2oxbllzdkM5SlNR Nlp2Ck1sZGxUVEtCM3poVGhWMStYV1lwNnJqZDVKVzF6YlZXRWtMTnhFN0dKVGhFVUczc3pnQlZH UDdwU1dUVVRzcVgKbkxSYndIT29xN2hId2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCiAy IHM6QyA9IFVTLCBPID0gSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAsIENOID0gSVNS RyBSb290IFgxCiAgIGk6TyA9IERpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLiwgQ04gPSBEU1Qg Um9vdCBDQSBYMwotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRllEQ0NCRWlnQXdJQkFn SVFRQUYzSVRmVTZVSzQ3bmFxUEdRS3R6QU5CZ2txaGtpRzl3MEJBUXNGQURBLwpNU1F3SWdZRFZR UUtFeHRFYVdkcGRHRnNJRk5wWjI1aGRIVnlaU0JVY25WemRDQkRieTR4RnpBVkJnTlZCQU1UCkRr UlRWQ0JTYjI5MElFTkJJRmd6TUI0WERUSXhNREV5TURFNU1UUXdNMW9YRFRJME1Ea3pNREU0TVRR d00xb3cKVHpFTE1Ba0dBMVVFQmhNQ1ZWTXhLVEFuQmdOVkJBb1RJRWx1ZEdWeWJtVjBJRk5sWTNW eWFYUjVJRkpsYzJWaApjbU5vSUVkeWIzVndNUlV3RXdZRFZRUURFd3hKVTFKSElGSnZiM1FnV0RF d2dnSWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDdDZDUno5QlEzODV1 ZUsxY29ISWUrM0xmZk9KQ01ianptVjZCNDkzWEMKb3Y3MWFtNzJBRThvMjk1b2hteEVrN2F4WS8w VUVtdS9IOUxxTVpzaGZ0RXpQTHBJOWQxNTM3TzQveEx4SVpwTAp3WXFHY1dsS1ptWnNqMzQ4Y0wr dEtTSUc4K1RBNW9DdTRrdVB0NWwrbEFPZjAwZVhmSmxJSTFQb09LNVBDbStECkx0RkpWNHlBZExi YUw5QTRqWHNEY0NFYmRmSXdQUHFQcnQzYVk2dnJGay9DamhGTGZzOEw2UCsxZHk3MHNudEsKNEV3 U0pReHdqUU1wb09GVEpPd1QyZTRadnhDelNvdy9pYU5oVWQ2c2h3ZVU5R054N0M3aWIxdVlnZUdK WERSNQpiSGJ2TzVCaWVlYmJwSm92SnNYUUVPRU8zdGtRamhiN3QvZW85OGZsQWdlWWp6WUlsZWZp TjVZTk5uV2UrdzV5CnNSMmJ2QVA1U1FYWWdkMEZ0Q3JXUWVtc0FYYVZDZy9ZMzlXOUVoODFMeWdY Yk5LWXdhZ0paSGR1UnplNnpxeFoKWG1pZGYzTFdpY1VHUVNrK1dUN2RKdlVreVJHbldxTk1RQjlH b1ptMXB6cFJib1k3bm4xeXB4SUZlRm50UGxGNApGUXNEajQzUUx3V3lQbnRLSEV0ekJSTDh4dXJn VUJOOFE1TjBzOHAwNTQ0ZkFRalFNTlJiY1RhMEI3ckJNREJjClNMZUNPNWltZldDS29xTXBnc3k2 dllNRUc2S0RBMEdoMWdYeEc4SzI4S2g4aGp0R3FFZ3FpTngybW5hL0gycWwKUFJtUDZ6anpaTjdJ S3cwS0tQLzMyK0lWUXRRaTBDZGQ0WG4rR09kd2lLMU81dG1MT3NiZEoxRnUvN3hrOVRORApUd0lE QVFBQm80SUJSakNDQVVJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNB UVl3ClN3WUlLd1lCQlFVSEFRRUVQekE5TURzR0NDc0dBUVVGQnpBQ2hpOW9kSFJ3T2k4dllYQndj eTVwWkdWdWRISjEKYzNRdVkyOXRMM0p2YjNSekwyUnpkSEp2YjNSallYZ3pMbkEzWXpBZkJnTlZI U01FR0RBV2dCVEVwN0drZXl4eAordHZoUzVCMS84UVZZSVdKRURCVUJnTlZIU0FFVFRCTE1BZ0dC bWVCREFFQ0FUQS9CZ3NyQmdFRUFZTGZFd0VCCkFUQXdNQzRHQ0NzR0FRVUZCd0lCRmlKb2RIUndP aTh2WTNCekxuSnZiM1F0ZURFdWJHVjBjMlZ1WTNKNWNIUXUKYjNKbk1Ed0dBMVVkSHdRMU1ETXdN YUF2b0MyR0syaDBkSEE2THk5amNtd3VhV1JsYm5SeWRYTjBMbU52YlM5RQpVMVJTVDA5VVEwRllN ME5TVEM1amNtd3dIUVlEVlIwT0JCWUVGSG0wV2VaN3R1WGtBWE9BQ0lqSUdsajI2WnR1Ck1BMEdD U3FHU0liM0RRRUJDd1VBQTRJQkFRQUtjd0JzbG03L0RsTFFydDJNNTFvR3JTK280NCsveVFvREZW REMKNVd4Q3UyK2I5TFJQd2tTSUNIWE02d2ViRkdKdWVON3NKN281WFBXaW9XNVdsSEFRVTdHNzVL L1Fvc01yQWRTVwo5TVVnTlRQNTJHRTI0SEdOdExpMXFvSkZsY0R5cVNNbzU5YWh5MmNJMnFCRExL b2JreC9KM3ZXcmFWMFQ5VnVHCldDTEtUVlhrY0dkdHdsZkZSamxCejRwWWcxaHRtZjVYNkRZTzhB NGpxdjJJbDlEalhBNlVTYlcxRnpYU0xyOU8KaGU4WTRJV1M2d1k3YkNrakNXRGNSUUpNRWhnNzZm c08zdHhFK0ZpWXJ1cTlSVVdoaUYxbXl2NFE2VytDeUJGQwpEZnZwN09PR0FONmRFT000K3FSOXNk am9TWUtFQnBzcjZHdFBBUXc0ZHk3NTNlYzUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0K U2VydmVyIGNlcnRpZmljYXRlCnN1YmplY3Q9Q04gPSBlbHBhLmdudS5vcmcKCmlzc3Vlcj1DID0g VVMsIE8gPSBMZXQncyBFbmNyeXB0LCBDTiA9IFIzCg== --b1_wXkDk2s4XfEc7RGvh9fVb7zCMfbkMLmrhLxg4vz3cQ-- ------------=_1633067462-9325-1-- From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 04 Oct 2021 15:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 50921@debbugs.gnu.org Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.163336169328926 (code B ref 50921); Mon, 04 Oct 2021 15:35:01 +0000 Received: (at 50921) by debbugs.gnu.org; 4 Oct 2021 15:34:53 +0000 Received: from localhost ([127.0.0.1]:38129 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXPzR-0007WU-9D for submit@debbugs.gnu.org; Mon, 04 Oct 2021 11:34:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36732) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXPzP-0007WG-F5 for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 11:34:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58182) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mXPzK-0004WS-3n for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 11:34:46 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.90_1) (envelope-from ) id 1mXPz8-0000Ft-4p; Mon, 04 Oct 2021 11:34:35 -0400 From: Glenn Morris References: <83ee95fg5s.fsf@gnu.org> X-Spook: DynCorp smugglers halcon anarchy Shots fired Firewalls X-Ran: 4s`ofs&7l@'x:eG$K (GNU bug Tracking System's message of "Fri, 01 Oct 2021 05:51:02 +0000") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Nice summary of what I assume is the same issue at: http://savannah.nongnu.org/forum/forum.php?forum_id=10054 If you are experiencing invalid certificate chain problems with Let's Encrypt certificates (not a Savannah problem) then please upgrade your client to the latest security patches for your system. From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: Eric Abrahamsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 04 Oct 2021 19:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris Cc: 50921@debbugs.gnu.org Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.16333770145560 (code B ref 50921); Mon, 04 Oct 2021 19:51:02 +0000 Received: (at 50921) by debbugs.gnu.org; 4 Oct 2021 19:50:14 +0000 Received: from localhost ([127.0.0.1]:38417 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXTyY-0001Rc-Fo for submit@debbugs.gnu.org; Mon, 04 Oct 2021 15:50:14 -0400 Received: from mail.ericabrahamsen.net ([52.70.2.18]:55536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXTyV-0001RK-NO for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 15:50:12 -0400 Received: from localhost (c-71-197-232-156.hsd1.wa.comcast.net [71.197.232.156]) (Authenticated sender: eric@ericabrahamsen.net) by mail.ericabrahamsen.net (Postfix) with ESMTPSA id 78B81FA01F; Mon, 4 Oct 2021 19:50:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericabrahamsen.net; s=mail; t=1633377005; bh=xmMsHPGeVtiMPhm7VHp5Pf+4efRwrXVXME5u9+hznQg=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=rOnbhdS4tuJNetvLCPczddb0c0ftd0HdJ3ylaDsMw/AOCVJJVACvtmiE0fiBVcIWA aNN0bhPxmeDvO6UmAwp9Q7shgOrqKEEJl5rSWY5e2O2a6iv3Ngn5Mg+ZT1RH5Q5kNz S270q2T5IFQiSTp4KpgvldNZxBn45iqTY9nvOSjo= From: Eric Abrahamsen References: <83ee95fg5s.fsf@gnu.org> Date: Mon, 04 Oct 2021 12:50:03 -0700 In-Reply-To: (Glenn Morris's message of "Mon, 04 Oct 2021 11:34:33 -0400") Message-ID: <87ilycpo2c.fsf@ericabrahamsen.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Glenn Morris writes: > Nice summary of what I assume is the same issue at: > > http://savannah.nongnu.org/forum/forum.php?forum_id=10054 > > If you are experiencing invalid certificate chain problems with Let's > Encrypt certificates (not a Savannah problem) then please upgrade > your client to the latest security patches for your system. FWIW I had to disable strict checking for this host in order to get ssh to connect. I'm on Arch Linux, which has no old libraries: if anything, it's what everyone else can expect in the future. From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: John Cummings Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 04 Oct 2021 20:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris Cc: 50921@debbugs.gnu.org Reply-To: John Cummings Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.16333789148468 (code B ref 50921); Mon, 04 Oct 2021 20:22:01 +0000 Received: (at 50921) by debbugs.gnu.org; 4 Oct 2021 20:21:54 +0000 Received: from localhost ([127.0.0.1]:38445 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXUTC-0002CW-9d for submit@debbugs.gnu.org; Mon, 04 Oct 2021 16:21:54 -0400 Received: from mail1.protonmail.ch ([185.70.40.18]:48469) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXUT7-0002CF-Jx for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 16:21:53 -0400 Date: Mon, 04 Oct 2021 20:21:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rootabega.net; s=protonmail; t=1633378903; bh=0yglQPyeswClk4idE0YzuKQ5dLowqN3RSVQCTMPkoYU=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=EukLu+KqcS8m2vFZ2sk/GruWauwb9TXlujtgyr5no5cM0vNVvbS3vLEU3lTd8TNso p4onnhmxENPlUEpf94kdP9rICfLvpP6ELFIro8ziVjlmktqS7IaHfY1acrUlJpI5cI DYibhmDeDZQSVKJc3/22K52pmkoLT0ZVWduu7QyrIMRe28sZdMTkPjnumPLBk+KnEA zhKqYQvNFslyjh/Hlor4MLnqLZkouH5SgXgDg9jUO6Nal3lbJLx/LwTHRMH2GiJEal 1MH8NQhAX13vj32bfNFe/h+5zYyFbe3pfI1Ob17lEJRa8kqgkdc/wNCrobfq37y90E +KYgn/nr51onA== From: John Cummings Message-ID: In-Reply-To: References: <83ee95fg5s.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Since gnu.org has replied to this bug, seemingly on behalf of GNU, I feel f= ine continuing the dialog. Is there a reason that GNU/FSF wants the servers= to present this cert chain? From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 04 Oct 2021 21:29:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eric Abrahamsen Cc: 50921@debbugs.gnu.org Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.163338289715067 (code B ref 50921); Mon, 04 Oct 2021 21:29:02 +0000 Received: (at 50921) by debbugs.gnu.org; 4 Oct 2021 21:28:17 +0000 Received: from localhost ([127.0.0.1]:38489 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXVVQ-0003ux-Nk for submit@debbugs.gnu.org; Mon, 04 Oct 2021 17:28:16 -0400 Received: from eggs.gnu.org ([209.51.188.92]:53012) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXVVP-0003uk-9E for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 17:28:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:38078) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mXVVJ-0006V5-JR; Mon, 04 Oct 2021 17:28:09 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.90_1) (envelope-from ) id 1mXVVE-0000qH-Jf; Mon, 04 Oct 2021 17:28:08 -0400 From: Glenn Morris References: <83ee95fg5s.fsf@gnu.org> <87ilycpo2c.fsf@ericabrahamsen.net> X-Spook: Active lock picking Biological infection grey data RAID X-Ran: [Fy>N@T08JpwV`FG[^c+MonG*-5%-Gn?,p.D\YP0(moR28F*Rl|o/n]\Ghx|}'QZD6.f^D X-Hue: brightred X-Attribution: GM Date: Mon, 04 Oct 2021 17:28:04 -0400 In-Reply-To: <87ilycpo2c.fsf@ericabrahamsen.net> (Eric Abrahamsen's message of "Mon, 04 Oct 2021 12:50:03 -0700") Message-ID: <0wmtnolbtn.fsf@fencepost.gnu.org> User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) ? ssh is unrelated to https, so I think whatever issue you are talking about is unrelated to the topic of this report. From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 04 Oct 2021 21:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eric Abrahamsen Cc: 50921@debbugs.gnu.org Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.163338349816053 (code B ref 50921); Mon, 04 Oct 2021 21:39:01 +0000 Received: (at 50921) by debbugs.gnu.org; 4 Oct 2021 21:38:18 +0000 Received: from localhost ([127.0.0.1]:38499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXVf8-0004Ar-1J for submit@debbugs.gnu.org; Mon, 04 Oct 2021 17:38:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55154) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXVf6-0004Ae-A0 for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 17:38:17 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:38314) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mXVf0-0006qo-Lv; Mon, 04 Oct 2021 17:38:10 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.90_1) (envelope-from ) id 1mXVez-0001Zx-Oe; Mon, 04 Oct 2021 17:38:09 -0400 From: Glenn Morris References: <83ee95fg5s.fsf@gnu.org> <87ilycpo2c.fsf@ericabrahamsen.net> <0wmtnolbtn.fsf@fencepost.gnu.org> X-Spook: Pseudonyms Storm Collapse AHPCRC EG&G AUTODIN CESID X-Ran: {vPbV~@.P8=-3PWUqWeeY!rS'"s2E"@=*]lq|tw?cS!sJob<;!;Of<)V{Iz6mO(G(L`a#2 X-Hue: green X-Attribution: GM Date: Mon, 04 Oct 2021 17:38:09 -0400 In-Reply-To: <0wmtnolbtn.fsf@fencepost.gnu.org> (Glenn Morris's message of "Mon, 04 Oct 2021 17:28:04 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Glenn Morris wrote: > ssh is unrelated to https, so I think whatever issue you are talking > about is unrelated to the topic of this report. Perhaps your issue is: https://savannah.nongnu.org/support/?110545 From unknown Sun Jun 22 08:09:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root Resent-From: Eric Abrahamsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 04 Oct 2021 21:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50921 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris Cc: 50921@debbugs.gnu.org Received: via spool by 50921-submit@debbugs.gnu.org id=B50921.163338405717020 (code B ref 50921); Mon, 04 Oct 2021 21:48:01 +0000 Received: (at 50921) by debbugs.gnu.org; 4 Oct 2021 21:47:37 +0000 Received: from localhost ([127.0.0.1]:38507 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXVo9-0004QR-7P for submit@debbugs.gnu.org; Mon, 04 Oct 2021 17:47:37 -0400 Received: from mail.ericabrahamsen.net ([52.70.2.18]:59416) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mXVo6-0004Ph-S5 for 50921@debbugs.gnu.org; Mon, 04 Oct 2021 17:47:36 -0400 Received: from localhost (c-71-197-232-156.hsd1.wa.comcast.net [71.197.232.156]) (Authenticated sender: eric@ericabrahamsen.net) by mail.ericabrahamsen.net (Postfix) with ESMTPSA id 2B466FA01F; Mon, 4 Oct 2021 21:47:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericabrahamsen.net; s=mail; t=1633384048; bh=P1Zn63YWDgAlpbQWRoyVDSeQO//fgblT0ZQo5iIx0vA=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=KwH+WtVdXAdEx5nuG0shmKoRs9WsKVl5lYCESOAkt2dEtDf98hRJVoiv5X29bpp5Z x3Q37hLbrIBlQuYu4Rn+Y9qv/6sjRdyBQ7P9UQYR6S/fzXTWi6pfR3AX2xNFvkMtbB aM+P1Zfmrz/nvbQhTaJeDFAjvbzyqMhmGCC4w+Ss= From: Eric Abrahamsen References: <83ee95fg5s.fsf@gnu.org> <87ilycpo2c.fsf@ericabrahamsen.net> <0wmtnolbtn.fsf@fencepost.gnu.org> Date: Mon, 04 Oct 2021 14:47:26 -0700 In-Reply-To: (Glenn Morris's message of "Mon, 04 Oct 2021 17:38:09 -0400") Message-ID: <871r50pimp.fsf@ericabrahamsen.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) On 10/04/21 17:38 PM, Glenn Morris wrote: > Glenn Morris wrote: > >> ssh is unrelated to https, so I think whatever issue you are talking >> about is unrelated to the topic of this report. Gah, you're right, I was confusing the two issues (I started getting the angry SSH banner about the fingerprint change right at the same time as the TLS issue was raised, and conflated them in my head). > Perhaps your issue is: > https://savannah.nongnu.org/support/?110545 I _also_ had that issue. I ended up solving it by creating a new ssh key that used ED25519 and using that for my account instead. That worked fine. Sorry for the noise, Eric