[OS X Emacs] Verifying Aquamacs
David Reitter
david.reitter at gmail.com
Fri Apr 24 14:00:04 EDT 2020
Guys, Aquamacs checks for a new version every three days. If the website
refuses to serve cgi-bin/currentversion.cgi without HTTP and only with a
certificate signed by an authority unknown to Emacs, then every user is
going to get that message. And version updates will fail, too. Suggest
disabling HTTPS on the website for now.
David
On Fri, Apr 24, 2020 at 1:50 PM Arthur E. OGUS <ogus at math.berkeley.edu>
wrote:
> This morning I again found the following message (in an emacs window) on
> starting Aquamacs:
>
> Certificate information
> Issued by: Let's Encrypt Authority X3
> Issued to: CN=aquamacs.org
> Hostname: aquamacs.org
> Public key: RSA, signature: RSA-SHA256
> Protocol: TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD
> Security level: Medium
> Valid: From 2020-04-16 to 2020-07-15
>
>
> The TLS connection to aquamacs.org:443 is insecure for the following
> reasons:
>
> the certificate was signed by an unknown and therefore untrusted authority
> certificate could not be verified
>
>
>
>
>
>
> On Apr 21, 2020, at 10:48 AM, Roussanka Loukanova <rl.stpuu at gmail.com>
> wrote:
>
>
> FWIW, I was just writing a similar comment. These are two essentially
>> unrelated functions, that are doing two completely unrelated things. The
>> only possible couplings I can imagine are
>>
>> 1) a failure of network connectivity that prevents both of them from
>> working. (Note that the “check for update” function presumably always needs
>> connectivity, but the “verify” function doesn’t if it doesn’t need to check
>> for developer certificate validity or revocation)
>>
>>
> In my case, it seems to me that the network connectivity shouldn't be a
> problem, judging by:
>
> - both problems have started recently
> - Skim / TexShop > Check for Updates...
> pops up a good window [*You’re up-to-date!...*]
>
> 2) some sort of strange behavior (aka “bug”) in the macOS certificate
>> validation code that’s causing valid, or validatable, certificates to fail
>> to validate.
>>
>> As wild speculation, Arthur’s report that he was getting a validation
>> error for an apparently valid Lets Encrypt cert _could_ be a hint that
>> something of that sort is going on, or it could be a legitimate (ie,
>> non-buggy) failure for any number of reasons. Hard to sort that out without
>> more data.
>>
>> (Out of curiosity, for Arthur or anyone else seeing Lets Encrypt errors,
>> can you say what is generating that message? Web browser? Some other
>> downloader? ???)
>>
>>
> I have the same question. I got a message similar to Arthur's, by
> Aquamacs.app (perhaps by clicking Checking for Updates) a couple of days
> ago. It also prompted me to select among three options, and after that,
> perhaps by selecting Accept (or something like that), I get like Bill, just
> a message "Mark set".
>
> Best Regards,
> Roussanka
>
>
>> —john
>>
>>
>> _____________________________________________________________
>> MacOSX-Emacs mailing list
>> MacOSX-Emacs at email.esm.psu.edu
>> https://email.esm.psu.edu/mailman/listinfo/macosx-emacs
>> List Archives: http://dir.gmane.org/gmane.emacs.macintosh.osx
>>
>
> _____________________________________________________________
> MacOSX-Emacs mailing list
> MacOSX-Emacs at email.esm.psu.edu
> https://email.esm.psu.edu/mailman/listinfo/macosx-emacs
> List Archives: http://dir.gmane.org/gmane.emacs.macintosh.osx
>
>
>
> _____________________________________________________________
> MacOSX-Emacs mailing list
> MacOSX-Emacs at email.esm.psu.edu
> https://email.esm.psu.edu/mailman/listinfo/macosx-emacs
> List Archives: http://dir.gmane.org/gmane.emacs.macintosh.osx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://email.esm.psu.edu/pipermail/macosx-emacs/attachments/20200424/5117376d/attachment.htm>
More information about the MacOSX-Emacs
mailing list