From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Ioannis Kappas Newsgroups: gmane.emacs.bugs Subject: bug#51038: 27.2; ELPA certificate not trusted on Windows Date: Sun, 24 Oct 2021 19:21:00 +0100 Message-ID: References: <83mtmy2vri.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14709"; mail-complaints-to="usenet@ciao.gmane.io" Cc: john@rootabega.net, 51038@debbugs.gnu.org, Lars Ingebrigtsen , emacs-hoffman@snkmail.com To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Oct 24 20:22:14 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mei8M-0003Wf-1i for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 24 Oct 2021 20:22:14 +0200 Original-Received: from localhost ([::1]:43110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mei8K-00088K-A8 for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 24 Oct 2021 14:22:12 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36192) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mei8A-00087v-L8 for bug-gnu-emacs@gnu.org; Sun, 24 Oct 2021 14:22:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:57482) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mei8A-0002BR-Bd for bug-gnu-emacs@gnu.org; Sun, 24 Oct 2021 14:22:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mei8A-0000JV-4P for bug-gnu-emacs@gnu.org; Sun, 24 Oct 2021 14:22:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Ioannis Kappas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 24 Oct 2021 18:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51038 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: notabug Original-Received: via spool by 51038-submit@debbugs.gnu.org id=B51038.16350996781157 (code B ref 51038); Sun, 24 Oct 2021 18:22:02 +0000 Original-Received: (at 51038) by debbugs.gnu.org; 24 Oct 2021 18:21:18 +0000 Original-Received: from localhost ([127.0.0.1]:40795 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mei7S-0000Ib-6A for submit@debbugs.gnu.org; Sun, 24 Oct 2021 14:21:18 -0400 Original-Received: from mail-ot1-f54.google.com ([209.85.210.54]:45841) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mei7N-0000IL-Du for 51038@debbugs.gnu.org; Sun, 24 Oct 2021 14:21:17 -0400 Original-Received: by mail-ot1-f54.google.com with SMTP id l16-20020a9d6a90000000b0054e7ab56f27so11696947otq.12 for <51038@debbugs.gnu.org>; Sun, 24 Oct 2021 11:21:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DoNq05WD7AT+AIMfgpQGk9HGns1gE4+i1hcgz7p6z48=; b=SQz6EHEETzO+/UTc1SliZLBApwza/ZGmapAM2axdJAgnask/Cuu4z4YH/NS32mIeX+ DUrBKvGI3WrmRBAm5BU1QaUWhAl/IngALTQUljCYbK0P3lOzRHFz5TdvfxarES2/X3ql eLvfBjf9A5EACQnT4CoN59aFGv+m09rn4oxpT/1jK4rsf64syDBZ3mrLbV8w78l5QRCp +mRUgwac0Zvm7I02N8Bvqy1qS373rE/IgPTqsRgvf3X+yXAu2lREV6nMdpHNST5L5kXu 8kS4o5xPusf+QXpWxPba1lONww/TFCG9clmv4n1OQQUAfFopB6np0FNldmT6HjwH/3U6 BKrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DoNq05WD7AT+AIMfgpQGk9HGns1gE4+i1hcgz7p6z48=; b=CPqBlEM1EjLKLBCGnzXHnTz2wDQlXEjGGvg8z8irbiGmODkk416QQFF5zCMkjODFkO APhgPtrEu68YVCbWWLaS+cRi78JQU9kzbO9LEndtXo5dLahf5Gd4BojtbbHCfmYEJkoJ 7fTXoDaZO4y/xVHEHWRZYEs1DE0dAWutHebh1fDn0TvzKUDa/POOA9CIQj0QCxi/9Nyf REVXIF3ob94Fj4tIFPBAncGHv6BAlhwAXf3F5LyU1yZlhx9dhN0prJbreppBOOLj76JR dzNunFQa2q+ecxsGWj/jRDfMvKhqOeISxdYGo3hZCmO78rkZu1QjRgNY00PqI9+XHgZ2 uftg== X-Gm-Message-State: AOAM531RLx9OvrsOFph2Iw+Ebljp7QxMw+/BbsRqrHl774dv2vLSN8BS E6eDOXgCbgYC/JnjMaM+y69Ica3HMCUtyx/5kps= X-Google-Smtp-Source: ABdhPJyKia64vKukXvdPHwwr0WYeuE7s1zQvodKORZMqlUcY+KMbNKCDDHsU5Oo+PrhesFlbWhlrmcXAeE8zUSmSfOM= X-Received: by 2002:a9d:588d:: with SMTP id x13mr10272130otg.248.1635099667813; Sun, 24 Oct 2021 11:21:07 -0700 (PDT) In-Reply-To: <83mtmy2vri.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:218167 Archived-At: Hi Eli, On Sun, Oct 24, 2021 at 6:11 PM Eli Zaretskii wrote: > > Thus, I advocate, that the latest official precompiled Gnu Emacs > > MS-Windows binaries have a serious issue (caused by a bug in the > > GnuTLS version they are bundled with), that either needs to be > > addressed or a workaround needs to be suggested somewhere in the > > download/install instructions. > > AFAIU, this issue is not with Emacs, it's with GnuTLS. So all you > need is download and install a newer GnuTLS, where this problem was > fixed, in place of the old one. Emacs should then work with that > GnuTLS; there's no need to rebuild Emacs itself. > > If you already tried that and it didn't work, please tell the details. (apologies for being pedantic here, just want tom make sure that any difference in opinion become clear) before going into the details of a workaround, my argument is that this is an issue with the precompiled binaries of the latest official Gnu Emacs release at the official ftp site. If a user or process installs today these binaries on their system, Emacs will not work to its full potential. Furthermore, the user will not be aware why the connection to the elpa archive fails nor of a potential work around. I consider this to be a major issue with the precompiled binaries prepared by the Gnu Emacs projects, that they don't work out of the box and likely to leave the user/system in a perplexed/volnurable state. I believe you are saying that there is no issue with the latest official precompiled Gnu Emacs Windows release (say at http://ftp.gnu.org/gnu/emacs/windows/emacs-27/emacs-27.2-x86_64.zip), because the error is coming from libgnu-3.6.12, a library that Emacs depends on, and not from the Emacs code. May I point out that libgnu-2.6.12 ships in emacs-27.2-x86_64.zip under bin/libgnutls-30.dll, and thus the responsibility to the maintainer of the package to fix any shortfalls IMHO? Currently the official instructions to install the latest Gnu Emacs release from the precompiled binaries from the official ftp site, install a version of Emacs which is impaired, and wont work to its full potential out of the box for any user. We need to either fix this so it works out of the box, provide official instructions how to work around it, or provide an official note that this is broken. Letting users being unaware and thus vulnerable to the current behaviour IMHO is suboptimal. --- With regards to the suggested workaround, on my Windows machine 1. I've downloaded and unpacked http://ftp.gnu.org/gnu/emacs/windows/emacs-27/emacs-27.2-x86_64.zip to a local directory. 2. Looking for the GnuTLS precompiled version for windows, I landed on this page: https://www.gnutls.org/download.html 2.1 There is a latest w64 version on gitlab link at https://gitlab.com/gnutls/gnutls/builds/artifacts/3.7.2/download?job=MinGW64.DLLs that redirects to a 404. 2.1.1 Trying to find the artifacts by going to https://gitlab.com/gnutls/gnutls -> CI/CD -> Pipelines -> click on pipeline ID (in my case #392652428)->Jobs->mingw64/archive->Browser->Win64-build->bin/libgnutls-30.dll->Download (quite a mouthful) and replace libgnutls-30.dll with it works. Which i find it a bit too involved, especially for new users regardless even if they are magically aware of the root issue? Thanks!