From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Oleksii Shevchuk Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Mon, 07 Jan 2013 12:20:45 +0200 Message-ID: <87mwwlz43m.fsf@Black.ICE> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1357577589 12923 80.91.229.3 (7 Jan 2013 16:53:09 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 7 Jan 2013 16:53:09 +0000 (UTC) To: 13374@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jan 07 17:53:25 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TsFwv-0004LC-RD for geb-bug-gnu-emacs@m.gmane.org; Mon, 07 Jan 2013 17:53:22 +0100 Original-Received: from localhost ([::1]:36224 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsFwg-0004dN-DD for geb-bug-gnu-emacs@m.gmane.org; Mon, 07 Jan 2013 11:53:06 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:33597) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsFwb-0004cE-Et for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 11:53:04 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TsFwY-0002Du-Fk for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 11:53:01 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:60247) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsFwY-0002Dn-CQ for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 11:52:58 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TsFwc-00066r-O5 for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 11:53:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Oleksii Shevchuk Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 07 Jan 2013 16:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.135757754823429 (code B ref -1); Mon, 07 Jan 2013 16:53:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 7 Jan 2013 16:52:28 +0000 Original-Received: from localhost ([127.0.0.1]:34432 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsFw3-00065o-1V for submit@debbugs.gnu.org; Mon, 07 Jan 2013 11:52:28 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:53020) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Ts9pN-0004KV-2A for submit@debbugs.gnu.org; Mon, 07 Jan 2013 05:21:19 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ts9pB-0002wH-9T for submit@debbugs.gnu.org; Mon, 07 Jan 2013 05:21:00 -0500 Original-Received: from lists.gnu.org ([208.118.235.17]:59014) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ts9pB-0002wB-6B for submit@debbugs.gnu.org; Mon, 07 Jan 2013 05:20:57 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:36115) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ts9p8-0005k9-0x for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 05:20:57 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ts9p4-0002v5-VI for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 05:20:53 -0500 Original-Received: from mail-we0-f175.google.com ([74.125.82.175]:53970) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ts9p4-0002uy-A7 for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 05:20:50 -0500 Original-Received: by mail-we0-f175.google.com with SMTP id z53so9743490wey.6 for ; Mon, 07 Jan 2013 02:20:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:subject:date:message-id:mime-version :content-type; bh=8pGQHbFJ9ax5BJclbdUg7IGVabDaypH9ZOyEjF939Rw=; b=B0Zo0O//cw5DqlEuC1b4GTxwi8GYrDxyRWIZ2fKD2akUNaBlZ5RhieiRXAHy6hUdFF mHIlCBkQIizikqXTVmybIFY2yH1EVKCTuEZ+a4FH/z/uEJP8ifPyZwQMM/Ktbfm8E96I DY8nc+fQlXpiqIYPitTXhxaQ8P0ljhyZQGZWMbYfq2khWkufY2b81cWvVtIUyAVvFuaZ Cf4Wd4EPZWPcfpCbJg8FXtuQK2fuHkvEgSeXFLR2VSb0WODhEqudSy2NwHKYpT31HSdw mbvyZ2eeR1Rrg3F2Muv1R+BODtX6zXvIhEeSQoW2/rk7d3Axa+YpxFr/kI/UCCc1ii3k 97Pg== X-Received: by 10.180.87.102 with SMTP id w6mr8257613wiz.19.1357554049138; Mon, 07 Jan 2013 02:20:49 -0800 (PST) Original-Received: from localhost ([109.86.168.179]) by mx.google.com with ESMTPS id fv2sm11398561wib.4.2013.01.07.02.20.48 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 07 Jan 2013 02:20:48 -0800 (PST) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Mailman-Approved-At: Mon, 07 Jan 2013 11:52:25 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:69457 Archived-At: Hi list! open-gnutls-stream wrapper doesn't pass :verify-hostname-error t :verify-error t to gnutls-negotiate. So MitM is possible when you use gnus and other packages. Even with :verify-hostname-error t :verify-error t gnutls-negotiate doesn't produce error with selfsigned CA certificate, when :type 'gnutls-x509pki passed. I use next in my .gnus: (defun open-gnutls-stream (name buffer host service) (gnutls-negotiate :process (open-network-stream name buffer host service) :hostname host :verify-hostname-error t :verify-error t)) Works for me. // ---- In GNU Emacs 24.3.50.1 (x86_64-pc-linux-gnu, X toolkit) of 2013-01-06 on BlackICE Bzr revision: cyd@gnu.org-20130106025857-h1wkwx5cwvekj4l1 Windowing system distributor `The X.Org Foundation', version 11.0.11300000 System Description: Gentoo Base System release 2.2 Configured using: `configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 --disable-dependency-tracking --program-suffix=-emacs-24-vcs --program-transform-name=s/emacs-[0-9].*/emacs-24-vcs/ --infodir=/usr/share/info/emacs-24-vcs --enable-locallisppath=/etc/emacs:/usr/share/emacs/site-lisp --with-crt-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.7.2/../../../../lib64 --with-gameuser=games --without-compress-info --without-hesiod --without-kerberos --without-kerberos5 --with-gpm --with-dbus --with-gnutls --with-xml2 --without-selinux --with-wide-int --with-sound --with-x --without-ns --without-gconf --with-gsettings --without-toolkit-scroll-bars --with-gif --with-jpeg --with-png --with-rsvg --with-tiff --with-xpm --without-imagemagick --with-xft --without-libotf --without-m17n-flt --with-x-toolkit=lucid --without-xaw3d GENTOO_PACKAGE=app-editors/emacs-vcs-24.3.9999 EBZR_BRANCH=trunk EBZR_REVNO=111428' Important settings: value of $LC_ALL: ru_RU.UTF-8 value of $LANG: russian locale-coding-system: utf-8-unix default enable-multibyte-characters: t