From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#55858: 28.1; process-async-https-with-delay failure
Date: Thu, 09 Jun 2022 08:26:50 +0300
Message-ID: <83mtem4db9.fsf@gnu.org>
References: <7ab5acbf-67a7-2c78-b9d7-eab2d02c7972@cornell.edu>
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="8776"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 55858@debbugs.gnu.org
To: Ken Brown <kbrown@cornell.edu>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Jun 09 07:28:23 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1nzAiU-00025i-SD
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 09 Jun 2022 07:28:23 +0200
Original-Received: from localhost ([::1]:54324 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1nzAiS-0003B2-J0
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 09 Jun 2022 01:28:20 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60668)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nzAiA-0003As-Ks
 for bug-gnu-emacs@gnu.org; Thu, 09 Jun 2022 01:28:04 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:50794)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nzAiA-0005uq-CE
 for bug-gnu-emacs@gnu.org; Thu, 09 Jun 2022 01:28:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nzAiA-0008AC-19
 for bug-gnu-emacs@gnu.org; Thu, 09 Jun 2022 01:28:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 09 Jun 2022 05:28:01 +0000
Resent-Message-ID: <handler.55858.B55858.165475242531308@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 55858
X-GNU-PR-Package: emacs
Original-Received: via spool by 55858-submit@debbugs.gnu.org id=B55858.165475242531308
 (code B ref 55858); Thu, 09 Jun 2022 05:28:01 +0000
Original-Received: (at 55858) by debbugs.gnu.org; 9 Jun 2022 05:27:05 +0000
Original-Received: from localhost ([127.0.0.1]:44691 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nzAhF-00088u-0Q
 for submit@debbugs.gnu.org; Thu, 09 Jun 2022 01:27:05 -0400
Original-Received: from eggs.gnu.org ([209.51.188.92]:47442)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1nzAh9-00088O-QB
 for 55858@debbugs.gnu.org; Thu, 09 Jun 2022 01:27:03 -0400
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:48390)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1nzAh4-0005py-7V; Thu, 09 Jun 2022 01:26:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=KDyXo5GGY64gThaDtG7RVWNSHBV2TlB/Ud+1QBYEsnk=; b=Pg1K8DnBxrM2
 6WX2puoVsLeRcpTHrqPkMfemrio8EEcFGV8QTs4uL0LKl/XNLL2fL22s/b79wusyHgKaqtbkz5SDo
 LurQ4EAd71nI/FQ/NkkQHA2r9zbYiPBwRsCK+EQJi9ACJGtdBokJ6RJbnr2ZDnW1MF9t05H60cuDN
 hfQgzUFPhG5LLsSyB5UEpAAzd5/lA+SiQ6r5eP8LtIGMgm1lTzF12lVdmPyGhoC+1ntQ5Wlz3l0dx
 s/v7Tg3o4rzu0LwmB63WYpgk3ilrg7AJOj3RiHKYKcaeZThaxX4K6hq3+LEB5nB8Xg+sdigRLqFNS
 W7PSBFt/rpDaQgyKX4Q8uA==;
Original-Received: from [87.69.77.57] (port=1162 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1nzAh3-0003vs-MS; Thu, 09 Jun 2022 01:26:54 -0400
In-Reply-To: <7ab5acbf-67a7-2c78-b9d7-eab2d02c7972@cornell.edu> (message from
 Ken Brown on Wed, 8 Jun 2022 18:04:05 -0400)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:234007
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/234007>

> Date: Wed, 8 Jun 2022 18:04:05 -0400
> From: Ken Brown <kbrown@cornell.edu>
> 
> process-async-https-with-delay in test/src/process-tests.el fails on my
> Cygwin system when run via 'make check' (but not when run via 'emacs
> -batch -l /path/to/test/src/process-tests.el -f
> ert-run-tests-batch-and-exit').  By adding 'TEST_INTERACTIVE=yes' to the
> make invocation, I traced this to a certificate problem together with
> the fact that HOME is set to /nonexistent during 'make check'.
> 
> In more detail, if I run
> 
> make -C test process-tests SELECTOR='process-async-https-with-delay' 
> TEST_INTERACTIVE=yes
> 
> then emacs starts and shows me the following in the *Network Security
> Manager* buffer:
> 
> Certificate information
>    Issued by:          R3
>    Issued to:          CN=elpa.gnu.org
>    Hostname:           elpa.gnu.org
>    Public key:         RSA, signature: RSA-SHA256
>    Session:            TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD
>    Security level:     Medium
>    Valid:              From 2022-05-27 to 2022-08-25
> 
> The TLS connection to elpa.gnu.org:443 is insecure
> for the following reasons:
> 
> * certificate has expired
> * certificate could not be verified
> 
> A minibuffer prompt asks me if I want to continue connecting, and if I
> select 'always', I get a "No such file or directory" error for
> /nonexistent/.emacs.d/network-security.data.  Of course,
> ~/.emacs.d/network-security.data does exist and contains the appropriate
> information about elpa.gnu.org:443 from previous selections of 'always'
> outside of 'make check'.
> 
> There are two issues here.  First, there's obviously something I should
> do on my system so that the TLS certificate for elpa.gnu.org is
> trusted.  I know nothing about TLS certificates and would appreciate
> help here.

Not sure about Cygwin, but in general on MS-Windows GnuTLS uses the
system certificate store to verify certificates.  The particular
problem above should be solved by upgrading GnuTLS and perhaps also
updating the system certificate store (which should be in general
always up to date, but I don't know how that system is maintained).

OTOH, if Cygwin GnuTLS uses the Posix mechanism of certificate stores
on disk files, then upgrading the certificate files.