From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jens Lechtenboerger Newsgroups: gmane.emacs.bugs Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Date: Tue, 18 Mar 2014 22:25:42 +0100 Message-ID: <86siqf8ai1.fsf@informationelle-selbstbestimmung-im-internet.de> References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1395177974 26537 80.91.229.3 (18 Mar 2014 21:26:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Mar 2014 21:26:14 +0000 (UTC) To: 16978@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Mar 18 22:26:23 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WQ1Wd-00089V-Hw for geb-bug-gnu-emacs@m.gmane.org; Tue, 18 Mar 2014 22:26:19 +0100 Original-Received: from localhost ([::1]:37512 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQ1Wd-0002Ut-4u for geb-bug-gnu-emacs@m.gmane.org; Tue, 18 Mar 2014 17:26:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:32939) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQ1WS-0002MO-TT for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:26:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WQ1WM-0006Mr-O4 for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:26:08 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:39270) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQ1WM-0006Mn-Ke for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:26:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WQ1WM-0005Mm-8U for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:26:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 18 Mar 2014 21:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139517795320611 (code B ref 16978); Tue, 18 Mar 2014 21:26:02 +0000 Original-Received: (at 16978) by debbugs.gnu.org; 18 Mar 2014 21:25:53 +0000 Original-Received: from localhost ([127.0.0.1]:40452 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQ1WC-0005MM-Cs for submit@debbugs.gnu.org; Tue, 18 Mar 2014 17:25:53 -0400 Original-Received: from moutng.kundenserver.de ([212.227.17.10]:58250) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQ1W8-0005MB-ES for 16978@debbugs.gnu.org; Tue, 18 Mar 2014 17:25:49 -0400 Original-Received: from PC (mnsr-4db0a223.pool.mediaWays.net [77.176.162.35]) by mrelayeu.kundenserver.de (node=mreue105) with ESMTP (Nemesis) id 0M0RFl-1XFv770dDB-00uYgH; Tue, 18 Mar 2014 22:25:44 +0100 OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc In-Reply-To: <87siqg7bnf.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 17 Mar 2014 17:33:56 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-Provags-ID: V02:K0:JhJ+ReraAA8yAguBxLA6+eRfS5CXmomYXJT0sJ0bXB5 uuC+QbDMCG1dbIgXtr8Co5eoWiQ+pHtt4ZL+E5EcMtJdgt2IaA OoAT/Ict7BQMMjc2mVS6w06mIqA9oP8BfKGF0z5nOXl2Aqomc+ XSrsITJjhtipq8tO/HBtWzMLPAqdqd3LPcpoMrvSlPw3B0l4tj dwEQENNJyVE4+4Ml5AgY8I3mrTD92uhqblFsnRYYHoLakB2Ijw L1rLbcWvo51lFeiFcaBly8ztFe69Sh84/pAk/FzENGhQUllFpy roCeuJLQ1wphP2H4rRLbdkAiqORuR4qmdhOUzPzzWmJ4/1lRMo xJd54jFBtETiqE1/Bz3BK6dmJ38r41N7xB+Czk0DN8w/DLwIp3 IkT02sgLIUm9g== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:86944 Archived-At: On 2014-03-17, Ted Zlatanov wrote: > (require 'gnutls) > (setq gnutls-verify-error t) > (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") > (open-gnutls-stream "tls" "tls-buffer" "localhost" "imaps") > > I just made a small change to allow the t in the above, so please > update to the latest. > > Can you please run `gnutls-serv' with the right options and hit it > directly, and see if that replicates the issue? Hi Ted, I don=E2=80=99t see `gnutls-serv'. The following works for me: (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") It also catches MITM attacks with self-signed certs: (error "Certificate validation failed imap.gmail.com, verification code 66") That=E2=80=99s good. Thanks Jens P.S. Self-signed certs are unusable now, e.g., this fails: (open-gnutls-stream "tls" "tls-buffer" "news.gmane.org" "nntps") Of course, this is to be expected, but Gnus aborts the connection without any user-visible clue, and the server is reported to be offline. P.P.S. I=E2=80=99m using imap.el, which knows of various ways to establish SSL/TLS connections, but gnutls.el is not among them.