On 2021-10-02 09:48, Jon Turney wrote:
On 02/10/2021 14:56, Achim Gratz wrote:
This package by Yaakov is getting long in the tooth and one of my Perl
distributions is using it. Here's the change to pull it up to the
latest iteration from Fedora and make it compatible with the CI:
https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/ca-certificates.git;a=commitdiff;h=33c21d5cd
+# actually get the Fedora sources
+# the output from git must not be seen by cygport…
+git submodule update > /dev/null
I think it's a scallywag bug that it doesn't currently checkout
packaging repository submodules, so let me try to fix that.
Very timely gentlemen, as it could eliminate or help mitigate the below:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
OpenSSL 1.0.2 packages are now hitting this - see attached log.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
$ for url in https://curl.se/download/ http://curl.se/download/ \
https://libssh2.org/download/ http://libssh2.org/download/;
do
lynx -dump -nolist -nonumbers $url;
done
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0
lynx: Can't access startfile https://curl.se/download/
Looking up curl.se
Making HTTP connection to curl.se
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 301 Moved Permanently
Data transfer complete
HTTP/1.1 301 Moved Permanently
Using https://curl.se/download/
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up curl.se
Making HTTPS connection to curl.se
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0
SSL callback:ok, preverify_ok=1, ssl_okay=0
lynx: Can't access startfile http://curl.se/download/
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:self signed certificate, preverify_ok=0, ssl_okay=0
Alert!: Unable to make secure connection to remote host.
lynx: Can't access startfile https://libssh2.org/download/
Looking up libssh2.org
Making HTTP connection to libssh2.org
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 301 Moved Permanently
Data transfer complete
HTTP/1.1 301 Moved Permanently
Using https://libssh2.org/download/
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:certificate has expired, preverify_ok=0, ssl_okay=0
Retrying connection without TLS.
Looking up libssh2.org
Making HTTPS connection to libssh2.org
SSL callback:self signed certificate, preverify_ok=0, ssl_okay=0
Alert!: Unable to make secure connection to remote host.
lynx: Can't access startfile http://libssh2.org/download/
