From: Eli Zaretskii <eliz@gnu.org>
To: Ken Brown <kbrown@cornell.edu>
Cc: 55858@debbugs.gnu.org
Subject: bug#55858: 28.1; process-async-https-with-delay failure
Date: Thu, 09 Jun 2022 08:26:50 +0300 [thread overview]
Message-ID: <83mtem4db9.fsf@gnu.org> (raw)
In-Reply-To: <7ab5acbf-67a7-2c78-b9d7-eab2d02c7972@cornell.edu> (message from Ken Brown on Wed, 8 Jun 2022 18:04:05 -0400)
> Date: Wed, 8 Jun 2022 18:04:05 -0400
> From: Ken Brown <kbrown@cornell.edu>
>
> process-async-https-with-delay in test/src/process-tests.el fails on my
> Cygwin system when run via 'make check' (but not when run via 'emacs
> -batch -l /path/to/test/src/process-tests.el -f
> ert-run-tests-batch-and-exit'). By adding 'TEST_INTERACTIVE=yes' to the
> make invocation, I traced this to a certificate problem together with
> the fact that HOME is set to /nonexistent during 'make check'.
>
> In more detail, if I run
>
> make -C test process-tests SELECTOR='process-async-https-with-delay'
> TEST_INTERACTIVE=yes
>
> then emacs starts and shows me the following in the *Network Security
> Manager* buffer:
>
> Certificate information
> Issued by: R3
> Issued to: CN=elpa.gnu.org
> Hostname: elpa.gnu.org
> Public key: RSA, signature: RSA-SHA256
> Session: TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD
> Security level: Medium
> Valid: From 2022-05-27 to 2022-08-25
>
> The TLS connection to elpa.gnu.org:443 is insecure
> for the following reasons:
>
> * certificate has expired
> * certificate could not be verified
>
> A minibuffer prompt asks me if I want to continue connecting, and if I
> select 'always', I get a "No such file or directory" error for
> /nonexistent/.emacs.d/network-security.data. Of course,
> ~/.emacs.d/network-security.data does exist and contains the appropriate
> information about elpa.gnu.org:443 from previous selections of 'always'
> outside of 'make check'.
>
> There are two issues here. First, there's obviously something I should
> do on my system so that the TLS certificate for elpa.gnu.org is
> trusted. I know nothing about TLS certificates and would appreciate
> help here.
Not sure about Cygwin, but in general on MS-Windows GnuTLS uses the
system certificate store to verify certificates. The particular
problem above should be solved by upgrading GnuTLS and perhaps also
updating the system certificate store (which should be in general
always up to date, but I don't know how that system is maintained).
OTOH, if Cygwin GnuTLS uses the Posix mechanism of certificate stores
on disk files, then upgrading the certificate files.
next prev parent reply other threads:[~2022-06-09 5:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-08 22:04 bug#55858: 28.1; process-async-https-with-delay failure Ken Brown
2022-06-09 5:26 ` Eli Zaretskii [this message]
2022-06-09 8:30 ` Robert Pluim
2022-06-09 6:44 ` Achim Gratz
2022-06-09 11:17 ` Ken Brown
2022-06-09 13:07 ` Lars Ingebrigtsen
2022-07-11 11:20 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83mtem4db9.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=55858@debbugs.gnu.org \
--cc=kbrown@cornell.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).