From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems Date: Sun, 08 Jul 2018 16:22:28 +0200 Message-ID: <871scdoli3.fsf@mouse.gnus.org> References: <87fu1apchn.fsf@gmail.com> <87sh4zlr6e.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1531059771 18696 195.159.176.226 (8 Jul 2018 14:22:51 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 8 Jul 2018 14:22:51 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 31946@debbugs.gnu.org To: Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Jul 08 16:22:47 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcAaK-0004kR-4J for geb-bug-gnu-emacs@m.gmane.org; Sun, 08 Jul 2018 16:22:44 +0200 Original-Received: from localhost ([::1]:37183 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcAcR-0002gD-Ab for geb-bug-gnu-emacs@m.gmane.org; Sun, 08 Jul 2018 10:24:55 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40889) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcAbd-00026i-PF for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcAba-0000DR-Uv for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:43330) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fcAba-0000DL-Ri for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fcAba-0007kS-MF for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 08 Jul 2018 14:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31946 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.153105978729691 (code B ref 31946); Sun, 08 Jul 2018 14:24:02 +0000 Original-Received: (at 31946) by debbugs.gnu.org; 8 Jul 2018 14:23:07 +0000 Original-Received: from localhost ([127.0.0.1]:51221 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcAah-0007ij-C4 for submit@debbugs.gnu.org; Sun, 08 Jul 2018 10:23:07 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:34596) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcAaf-0007iJ-5F for 31946@debbugs.gnu.org; Sun, 08 Jul 2018 10:23:06 -0400 Original-Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=marnie) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fcAa5-0004fH-DY; Sun, 08 Jul 2018 16:23:03 +0200 In-Reply-To: <87sh4zlr6e.fsf@gmail.com> (Noam Postavsky's message of "Tue, 03 Jul 2018 21:34:33 -0400") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:148343 Archived-At: Noam Postavsky writes: > But in Emacs, I'm getting this from gnutls_x509_crt_get_issuer_dn(): > > "C=US,O=VeriSign\\, Inc.,OU=Class 3 Public Primary Certification Authority" > > and this from gnutls_x509_crt_get_dn(): > > "C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 > VeriSign\\, Inc. - For authorized use only,CN=VeriSign Class 3 Public > Primary Certification Authority - G5" Ah, I see... > So gnutls is getting this non-matching issuer from somewhere, but it's > unclear to me where. Hm... Oh! I see that gnutls has gotten several variations on these functions now. For instance: https://www.gnutls.org/reference/gnutls-x509.html#gnutls-x509-crt-get-issuer-dn3 It says: "When the flag GNUTLS_X509_DN_FLAG_COMPAT is specified, the output format will match the format output by previous to 3.5.6 versions of GnuTLS which was not not fully RFC4514-compliant." Which I would interpret to mean that the dn3 version of these functions now return the RFC4515-compliant strings. Perhaps we should call these newer functions instead of the _dn functions? I guess more #ifdefs and configure checks will be needed... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no