Updated: ca-certificates-2.50-4

Achim Gratz Stromeko@nexgo.de
Wed Oct 6 17:30:52 GMT 2021

The following packages have been uploaded to the Cygwin distribution:

* ca-certificates-2.50-4
* ca-certificates-letsencrypt-2.50-4

Mozilla's CA root certificates for use with OpenSSL, NSS, GnuTLS, and
other software that handles certificate verification.

This update adds the ca-certificates-letsencrypt package, which when
installed will make the ISRG R3 intermediate CA a trust anchor and
removes trust for the already expired DST X3 root CA (this should
strictly not be necessary, but works around bugs present in some
libraries in how alternate chains are constructed and verified).  This
will allow to successfully verify certificates using the Letsencrypt
legacy cert chain in certain applications.  Install this package when
you currently have trouble accessing sites (due to validation
complaining about an expired certificate) that had no problems until
about September 30 or October 1 2021 depending on your timezone.

Please report to the main Cygwin mailing list if you know of an example
that still doesn't work for you (with details for reproducing the
validation or application error).


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:


If you need more information on unsubscribing, start reading here:


Please read *all* of the information on unsubscribing that is available
starting at this URL.

More information about the Cygwin-announce mailing list