GNU bug report logs - #51038
27.2; ELPA certificate not trusted on Windows

Previous Next

Package: emacs;

Reported by: "Michael Hoffman" <emacs-hoffman <at> snkmail.com>

Date: Tue, 5 Oct 2021 15:15:02 UTC

Severity: normal

Tags: notabug

Found in version 27.2

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: John Cummings <john <at> rootabega.net>
Cc: 51038 <at> debbugs.gnu.org, emacs-hoffman <at> snkmail.com, larsi <at> gnus.org
Subject: bug#51038: 27.2; ELPA certificate not trusted on Windows
Date: Wed, 06 Oct 2021 16:35:12 +0300

> Date: Wed, 06 Oct 2021 13:12:14 +0000
> From: John Cummings <john <at> rootabega.net>
> Cc: 51038 <at> debbugs.gnu.org, emacs-hoffman <at> snkmail.com
> 
> >I don't understand: you want to do what for that build?
> 
> Upgrade the client -- emacs and gnutls -- to work with this trust chain.

That's not how this stuff works on MS-Windows.  There, the
certificates are stored by the system, and GnuTLS (and Emacs) just use
what the system stores.  See gnutls_certificate_set_x509_system_trust.

So you need to update your Windows system, and then everything will
work.

Of course, you can install a cert bundle from someplace and tell
GnuTLS to use it.  But I'm not sure this is easy on Windows, or that
it would override the system's trust store, or even where to download
that from.  And in any case, the fix is again on your system, not in
Emacs or in GnuTLS: those don't come with any certificate DB, at least
not AFAIK.
This bug report was last modified 3 years and 205 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.