<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Hi David,</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 24, 2020 at 8:00 PM David Reitter <<a href="mailto:david.reitter@gmail.com">david.reitter@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Guys, Aquamacs checks for a new version every three days. If the website refuses to serve cgi-bin/currentversion.cgi without HTTP and only with a certificate signed by an authority unknown to Emacs, then every user is going to get that message. And version updates will fail, too. Suggest disabling HTTPS on the website for now.</div></blockquote><div><br></div><div class="gmail_default" style="font-size:small">On which side this disabling is to be done? If on the side of us, the users, how this can be done? But I would not dare doing something on my side.</div><div class="gmail_default" style="font-size:small"><span style="color:rgb(0,0,0)"> </span><br></div><div class="gmail_default" style="font-size:small"><div style="color:rgb(0,0,0)"><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr">Best Regards,<br>Roussanka</div></div></div></div></div><div class="gmail_default" style="font-size:small"></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>David</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 24, 2020 at 1:50 PM Arthur E. OGUS <<a href="mailto:ogus@math.berkeley.edu" target="_blank">ogus@math.berkeley.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div>This morning I again found the following message (in an emacs window) on starting Aquamacs:<div><br></div><div><div>Certificate information</div><div>Issued by: Let's Encrypt Authority X3</div><div>Issued to: CN=<a href="http://aquamacs.org" target="_blank">aquamacs.org</a></div><div>Hostname: <a href="http://aquamacs.org" target="_blank">aquamacs.org</a></div><div>Public key: RSA, signature: RSA-SHA256</div><div>Protocol: TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD</div><div>Security level: Medium</div><div>Valid: From 2020-04-16 to 2020-07-15</div><div><br></div><div><br></div><div>The TLS connection to <a href="http://aquamacs.org:443" target="_blank">aquamacs.org:443</a> is insecure for the following</div><div>reasons:</div><div><br></div><div>the certificate was signed by an unknown and therefore untrusted authority</div><div>certificate could not be verified</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br><blockquote type="cite"><div>On Apr 21, 2020, at 10:48 AM, Roussanka Loukanova <<a href="mailto:rl.stpuu@gmail.com" target="_blank">rl.stpuu@gmail.com</a>> wrote:</div><br><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small"><br clear="all"></div><div><div dir="ltr"><div dir="ltr"><div></div></div></div></div><div style="font-size:small"></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
FWIW, I was just writing a similar comment. These are two essentially unrelated functions, that are doing two completely unrelated things. The only possible couplings I can imagine are<br>
<br>
1) a failure of network connectivity that prevents both of them from working. (Note that the “check for update” function presumably always needs connectivity, but the “verify” function doesn’t if it doesn’t need to check for developer certificate validity or revocation)<br>
<br></blockquote><div><br></div><div style="font-size:small">In my case, it seems to me that the network connectivity shouldn't be a problem, judging by:</div><div style="font-size:small"><br></div><div style="font-size:small">- both problems have started recently</div><div style="font-size:small">- Skim / TexShop > Check for Updates...</div><div style="font-size:small">pops up a good window [<b style="font-family:"Helvetica Neue";font-size:13px">You’re up-to-date!...</b>]</div><div style="font-size:small"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
2) some sort of strange behavior (aka “bug”) in the macOS certificate validation code that’s causing valid, or validatable, certificates to fail to validate. <br>
<br>
As wild speculation, Arthur’s report that he was getting a validation error for an apparently valid Lets Encrypt cert _could_ be a hint that something of that sort is going on, or it could be a legitimate (ie, non-buggy) failure for any number of reasons. Hard to sort that out without more data.<br>
<br>
(Out of curiosity, for Arthur or anyone else seeing Lets Encrypt errors, can you say what is generating that message? Web browser? Some other downloader? ???)<br>
<br></blockquote><div class="gmail_quote"><br></div>I have the sam<span class="gmail_default" style="font-size:small">e</span> question.<span class="gmail_default" style="font-size:small"> I got a message similar to Arthur's, by Aquamacs.app (perhaps by clicking Checking for Updates) a couple of days ago. It also prompted me to select among three options, and after that, perhaps by selecting Accept (or something like that), I get like Bill, just a message "Mark set".</span><br><br></div><div class="gmail_quote">Best Regards,<br>Roussanka<div><span style="font-family:-webkit-standard;font-size:inherit"></span> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
—john<br>
<br>
<br>
_____________________________________________________________<br>
MacOSX-Emacs mailing list<br>
<a href="mailto:MacOSX-Emacs@email.esm.psu.edu" target="_blank">MacOSX-Emacs@email.esm.psu.edu</a><br>
<a href="https://email.esm.psu.edu/mailman/listinfo/macosx-emacs" rel="noreferrer" target="_blank">https://email.esm.psu.edu/mailman/listinfo/macosx-emacs</a><br>
List Archives: <a href="http://dir.gmane.org/gmane.emacs.macintosh.osx" rel="noreferrer" target="_blank">http://dir.gmane.org/gmane.emacs.macintosh.osx</a><br>
</blockquote></div></div></div></div>
<br>_____________________________________________________________<br>MacOSX-Emacs mailing list<br><a href="mailto:MacOSX-Emacs@email.esm.psu.edu" target="_blank">MacOSX-Emacs@email.esm.psu.edu</a><br><a href="https://email.esm.psu.edu/mailman/listinfo/macosx-emacs" target="_blank">https://email.esm.psu.edu/mailman/listinfo/macosx-emacs</a><br>List Archives: <a href="http://dir.gmane.org/gmane.emacs.macintosh.osx" target="_blank">http://dir.gmane.org/gmane.emacs.macintosh.osx</a><br></div></blockquote></div><br></div></div><br>
_____________________________________________________________<br>
MacOSX-Emacs mailing list<br>
<a href="mailto:MacOSX-Emacs@email.esm.psu.edu" target="_blank">MacOSX-Emacs@email.esm.psu.edu</a><br>
<a href="https://email.esm.psu.edu/mailman/listinfo/macosx-emacs" rel="noreferrer" target="_blank">https://email.esm.psu.edu/mailman/listinfo/macosx-emacs</a><br>
List Archives: <a href="http://dir.gmane.org/gmane.emacs.macintosh.osx" rel="noreferrer" target="_blank">http://dir.gmane.org/gmane.emacs.macintosh.osx</a><br>
</blockquote></div>
<br>
_____________________________________________________________<br>
MacOSX-Emacs mailing list<br>
<a href="mailto:MacOSX-Emacs@email.esm.psu.edu" target="_blank">MacOSX-Emacs@email.esm.psu.edu</a><br>
<a href="https://email.esm.psu.edu/mailman/listinfo/macosx-emacs" rel="noreferrer" target="_blank">https://email.esm.psu.edu/mailman/listinfo/macosx-emacs</a><br>
List Archives: <a href="http://dir.gmane.org/gmane.emacs.macintosh.osx" rel="noreferrer" target="_blank">http://dir.gmane.org/gmane.emacs.macintosh.osx</a><br>
</blockquote></div></div></div>