From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Engster Newsgroups: gmane.emacs.bugs Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Date: Sun, 21 Dec 2014 18:16:35 +0100 Message-ID: <87h9woylcc.fsf@engster.org> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87vbl7lgug.fsf@engster.org> <87ioh7lftp.fsf@engster.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1419182246 31083 80.91.229.3 (21 Dec 2014 17:17:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 21 Dec 2014 17:17:26 +0000 (UTC) Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Dec 21 18:17:19 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Y2k86-00067B-CI for geb-bug-gnu-emacs@m.gmane.org; Sun, 21 Dec 2014 18:17:18 +0100 Original-Received: from localhost ([::1]:37882 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y2k85-0000Dp-JA for geb-bug-gnu-emacs@m.gmane.org; Sun, 21 Dec 2014 12:17:17 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48313) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y2k7w-0000Df-SW for bug-gnu-emacs@gnu.org; Sun, 21 Dec 2014 12:17:14 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y2k7q-0006ZZ-R7 for bug-gnu-emacs@gnu.org; Sun, 21 Dec 2014 12:17:08 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:44618) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y2k7q-0006ZV-Ka for bug-gnu-emacs@gnu.org; Sun, 21 Dec 2014 12:17:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Y2k7q-0002JY-9K for bug-gnu-emacs@gnu.org; Sun, 21 Dec 2014 12:17:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 21 Dec 2014 17:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14191822058865 (code B ref 19404); Sun, 21 Dec 2014 17:17:01 +0000 Original-Received: (at 19404) by debbugs.gnu.org; 21 Dec 2014 17:16:45 +0000 Original-Received: from localhost ([127.0.0.1]:53984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2k7Z-0002Iu-3A for submit@debbugs.gnu.org; Sun, 21 Dec 2014 12:16:45 -0500 Original-Received: from randomsample.de ([5.45.97.173]:49385) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2k7X-0002Im-G1 for 19404@debbugs.gnu.org; Sun, 21 Dec 2014 12:16:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=cxQBjuj3uvLbCEgS2dxFH77SnnAlcPf5VN4qZB3CHCA=; b=kffJyyK649VMBHTQBF/1VR0KQOxulSqq+GjnMgWcpXdyl3XZaCb08V4taph3dRnydqaov8nkYrEaWqqGmSa0sVbTeLXFLd5uVonn0BGxqajjSPRGLa52iSf1uQ6RsL5x; Original-Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y2k7V-00032e-DU; Sun, 21 Dec 2014 18:16:41 +0100 In-Reply-To: <87ioh7lftp.fsf@engster.org> (David Engster's message of "Fri, 19 Dec 2014 18:17:22 +0100") User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:97645 Archived-At: David Engster writes: > David Engster writes: >> If a certificate is "self-signed", this means that issuer and subject >> are the same entity, i.e., the string in there is identical. There are >> some rules how these strings must be compared. I think(!) that if you >> simply compare them byte by byte, you should err on the side of >> safety. But I would assume there is a function for that in GnuTLS that >> adheres to RFC5280 for comparing such things. > > I've asked on the GnuTLS mailing list. Nick answered, and it's really simple: call gnutls_x509_crt_check_issuer on the certificate itself (meaning: provide the certificate in question for both arguments). -David