<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">This morning I again found the following message (in an emacs window) on starting Aquamacs:<div class=""><br class=""></div><div class=""><div class="">Certificate information</div><div class="">Issued by: Let's Encrypt Authority X3</div><div class="">Issued to: CN=<a href="http://aquamacs.org" class="">aquamacs.org</a></div><div class="">Hostname: <a href="http://aquamacs.org" class="">aquamacs.org</a></div><div class="">Public key: RSA, signature: RSA-SHA256</div><div class="">Protocol: TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD</div><div class="">Security level: Medium</div><div class="">Valid: From 2020-04-16 to 2020-07-15</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The TLS connection to <a href="http://aquamacs.org:443" class="">aquamacs.org:443</a> is insecure for the following</div><div class="">reasons:</div><div class=""><br class=""></div><div class="">the certificate was signed by an unknown and therefore untrusted authority</div><div class="">certificate could not be verified</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On Apr 21, 2020, at 10:48 AM, Roussanka Loukanova <<a href="mailto:rl.stpuu@gmail.com" class="">rl.stpuu@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="gmail_default" style="font-size:small"><br clear="all" class=""></div><div class=""><div dir="ltr" class="gmail_signature"><div dir="ltr" class=""><div class=""></div></div></div></div><div class="gmail_default" style="font-size:small"></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
FWIW, I was just writing a similar comment. These are two essentially unrelated functions, that are doing two completely unrelated things. The only possible couplings I can imagine are<br class="">
<br class="">
1) a failure of network connectivity that prevents both of them from working. (Note that the “check for update” function presumably always needs connectivity, but the “verify” function doesn’t if it doesn’t need to check for developer certificate validity or revocation)<br class="">
<br class=""></blockquote><div class=""><br class=""></div><div class="gmail_default" style="font-size:small">In my case, it seems to me that the network connectivity shouldn't be a problem, judging by:</div><div class="gmail_default" style="font-size:small"><br class=""></div><div class="gmail_default" style="font-size:small">- both problems have started recently</div><div class="gmail_default" style="font-size:small">- Skim / TexShop > Check for Updates...</div><div class="gmail_default" style="font-size:small">pops up a good window [<b style="font-family: "Helvetica Neue"; font-size: 13px;" class="">You’re up-to-date!...</b>]</div><div class="gmail_default" style="font-size:small"><br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
2) some sort of strange behavior (aka “bug”) in the macOS certificate validation code that’s causing valid, or validatable, certificates to fail to validate. <br class="">
<br class="">
As wild speculation, Arthur’s report that he was getting a validation error for an apparently valid Lets Encrypt cert _could_ be a hint that something of that sort is going on, or it could be a legitimate (ie, non-buggy) failure for any number of reasons. Hard to sort that out without more data.<br class="">
<br class="">
(Out of curiosity, for Arthur or anyone else seeing Lets Encrypt errors, can you say what is generating that message? Web browser? Some other downloader? ???)<br class="">
<br class=""></blockquote><div class="gmail_quote"><br class=""></div>I have the sam<span class="gmail_default" style="font-size:small">e</span> question.<span class="gmail_default" style="font-size:small"> I got a message similar to Arthur's, by Aquamacs.app (perhaps by clicking Checking for Updates) a couple of days ago. It also prompted me to select among three options, and after that, perhaps by selecting Accept (or something like that), I get like Bill, just a message "Mark set".</span><br class=""><br class=""></div><div class="gmail_quote">Best Regards,<br class="">Roussanka<div class=""><span style="font-family: -webkit-standard; font-size: inherit;" class=""></span> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
—john<br class="">
<br class="">
<br class="">
_____________________________________________________________<br class="">
MacOSX-Emacs mailing list<br class="">
<a href="mailto:MacOSX-Emacs@email.esm.psu.edu" target="_blank" class="">MacOSX-Emacs@email.esm.psu.edu</a><br class="">
<a href="https://email.esm.psu.edu/mailman/listinfo/macosx-emacs" rel="noreferrer" target="_blank" class="">https://email.esm.psu.edu/mailman/listinfo/macosx-emacs</a><br class="">
List Archives: <a href="http://dir.gmane.org/gmane.emacs.macintosh.osx" rel="noreferrer" target="_blank" class="">http://dir.gmane.org/gmane.emacs.macintosh.osx</a><br class="">
</blockquote></div></div></div></div>
<br class="">_____________________________________________________________<br class="">MacOSX-Emacs mailing list<br class=""><a href="mailto:MacOSX-Emacs@email.esm.psu.edu" class="">MacOSX-Emacs@email.esm.psu.edu</a><br class="">https://email.esm.psu.edu/mailman/listinfo/macosx-emacs<br class="">List Archives: http://dir.gmane.org/gmane.emacs.macintosh.osx<br class=""></div></blockquote></div><br class=""></div></body></html>