bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

[Lars Magne Ingebrigtsen]

Anssi Saari <as@sci.fi> writes:

> And with a wild guess after visiting an ssl checker website I think I
> might need MD5 for signature checking. gnutls.el mentions
> GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 but I don't know how to specify that
> from Gnus.

Here's an easy test case:

(open-network-stream
 "nntpd" (get-buffer-create "*foo*")
 "news.eternal-september.org" "nntp"
 :type 'starttls
 :end-of-command "^\\([2345]\\|[.]\\).*\n"
 :capability-command "HELP\r\n"
 :success "^3"
 :starttls-function
 (lambda (capabilities)
   (if (not (string-match "STARTTLS" capabilities))
       nil
     "STARTTLS\r\n")))

First of all, I think the error message is lacking.  It should say more
about what's failing.

As to the bug -- gnutls by default now refuses to deal with MD5
certificates.  We could override that, and instead let the network
security manager notify the user that the connection isn't safe.

I think that's a better solution, but others may differ.




In GNU Emacs 25.1.50.26 (x86_64-unknown-linux-gnu, GTK+ Version 3.4.2)
 of 2016-03-12 built on stories
Repository revision: 63efcc268635dea78c6bd80749eae4ee2c72d717
Windowing system distributor 'The X.Org Foundation', version 11.0.11204000
System Description:	Debian GNU/Linux 7.9 (wheezy)

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GSETTINGS NOTIFY GNUTLS
LIBXML2 FREETYPE LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11

Important settings:
  value of $LANG: en_US
  locale-coding-system: iso-latin-1-unix

Major mode: Group

Minor modes in effect:
  gnus-agent-group-mode: t
  shell-dirtrack-mode: t
  diff-auto-refine-mode: t
  gnus-topic-mode: t
  gnus-undo-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t

Recent messages:
Auto-saving...done
Mark set [2 times]
Sending...
Mark set [2 times]
Sending news via ^$\|\(^gnu\.emacs\.announce$\)\|\(^gnu\.emacs\.bug$\)\|\(^gnu\.emacs\.help$\)\|\(^gnu\.emacs\.sources$\)\|\(^gnu\.gcc\.announce$\)\|\(^gnu\.utils\.bug$\)\|\(^gnu\.utils\.help$\)\|\(^gnu\.gnustep\.announce$\)\|\(^gnu\.gnustep\.bugs$\)\|\(^gnu\.gnustep\.discuss$\)\|\(^gnu\.gnustep\.help$\)\|\(^gnu\.emacs\.gnews$\)\|\(^gnu\.emacs\.vm\.bug$\)\|\(^gnu\.emacs\.vm\.info$\)\|\(^gnu\.emacs\.vms$\)\|\(^gnu\.gnusenet\.config$\)\|\(^comp\.emacs$\)\|\(^comp\.emacs\.xemacs$\) using nnvirtual...
Mark set
Saving file /home/larsi/Mail/archive/sent/2016w11...
Wrote /home/larsi/Mail/archive/sent/2016w11
Sending...done
Making completion list...

Load-path shadows:
/home/larsi/src/clock.el/clock hides /home/larsi/lisp/clock
/home/larsi/src/cddb.el/expect hides /home/larsi/lisp/expect
/home/larsi/src/pvr.el/pvr hides /home/larsi/lisp/pvr
~/pgnus/contrib/vcard hides /home/larsi/lisp/vcard
/home/larsi/src/cddb.el/captitle hides /home/larsi/lisp/captitle
~/lisp/zenirc-2.112/src/zenirc-example hides /home/larsi/lisp/zenirc-example
/home/larsi/lisp/dom hides /home/larsi/src/emacs/trunk/lisp/dom
~/pgnus/contrib/compface hides /home/larsi/src/emacs/trunk/lisp/image/compface

Features:
(etags grep crm js imenu cc-mode cc-fonts cc-guess cc-menus cc-cmds
cc-styles cc-align cc-engine cc-vars cc-defs shadow emacsbug ffap
log-edit pcvs-util vc-bzr vc-src vc-sccs vc-svn vc-rcs vc-dir ewoc
bug-reference tramp-cache tramp tramp-compat tramp-loaddefs trampver
ucs-normalize advice sh-script smie executable nndir nnspool nnagent
view sgml-mode cal-move cal-menu calendar cal-loaddefs compile pp
dired-aux jukebox humanely-sort lyric-wiki discogs json dae musicbrainz
scan scrobble tellstick wave cddb captitle expect mailalias smtpmail
sendmail ecomplete shell pcomplete comint whitespace map flow-fill
edebug pulse find-func thingatpt xref project ring misearch
multi-isearch rect vc-git diff-mode canlock server eww vc vc-dispatcher
gnus-html url-queue help-fns url-cache gnus-picon sort gnus-cite smiley
ansi-color shr-color color mm-archive gnus-async gnus-dup qp gnus-ml
gmane spam-gmane dns mm-url disp-table gnus-fun gnus-mdrtn pop3 nndoc
nnmbox nndraft utf-7 gnus-topic nnmh nnml nnfolder copyright vc-cvs
network-stream nsm starttls nnir spam-report spam spam-stat gnus-uu yenc
gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg gnus-art
mm-uu mml2015 mm-view mml-smime smime dig nntp gnus-cache gnus-sum
gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source
utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message
format-spec rfc822 mml mml-sec epa epg mailabbrev gmm-utils mailheader
gnus-win gnus nnheader gnus-util rmail rmail-loaddefs mail-utils movie
mkv shr svg imdb dom pvr debug debbugs-gnu easy-mmode derived debbugs
soap-client mm-decode mm-bodies mm-encode url-http tls gnutls url-auth
mail-parse rfc2231 rfc2047 rfc2045 ietf-drums url-gw puny url url-proxy
url-privacy url-expand url-methods url-history url-cookie url-domsuf
url-util mailcap warnings rng-xsd rng-dt rng-util xsd-regexp xml ido seq
flyspell ispell benchmark w3m browse-url doc-view subr-x dired
dired-loaddefs image-mode timezone w3m-hist w3m-fb w3m-ems wid-edit
w3m-ccl ccl w3m-favicon w3m-image w3m-proc w3m-util add-log mail-extr
mm-util mail-prsvr jka-compr cl finder-inf package epg-config
url-handlers url-parse auth-source cl-seq eieio byte-opt bytecomp
byte-compile cl-extra help-mode easymenu cconv eieio-core cl-macs gv
eieio-loaddefs cl-loaddefs pcase cl-lib password-cache url-vars
time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list newcomment elisp-mode
lisp-mode prog-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese charscript case-table epa-hook jka-cmpr-hook help simple abbrev
obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face
macroexp files text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget hashtable-print-readable backquote inotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 4017886 588255)
 (symbols 48 182111 167)
 (miscs 40 1919 6615)
 (strings 32 428804 188127)
 (string-bytes 1 39326307)
 (vectors 16 80710)
 (vector-slots 8 2226075 151559)
 (floats 8 10862 7051)
 (intervals 56 775148 4913)
 (buffers 976 482)
 (heap 1024 528882 474767))

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

[Lars Magne Ingebrigtsen]

And furthermore, the form bugs out with the following, which should also
be fixed:

Debugger entered--Lisp error: (error "Process nntpd<4> not running")
  process-send-string(#<process nntpd<4>> "HELP.\n")
  network-stream-command(#<process nntpd<4>> "HELP.\n" "^\\([2345]\\|[.]\\).*\n")
  network-stream-open-starttls("nntpd" #<buffer *foo*> "news.eternal-september.org" "nntp" (:type starttls :end-of-command "^\\([2345]\\|[.]\\).*\n" :capability-command "HELP.\n" :success "^3" :starttls-function (lambda (capabilities) (if (not (string-match "STARTTLS" capabilities)) nil "STARTTLS.\n"))))
  open-network-stream("nntpd" #<buffer *foo*> "news.eternal-september.org" "nntp" :type starttls :end-of-command "^\\([2345]\\|[.]\\).*\n" :capability-command "HELP.\n" :success "^3" :starttls-function (lambda (capabilities) (if (not (string-match "STARTTLS" capabilities)) nil "STARTTLS.\n")))
  eval((open-network-stream "nntpd" (get-buffer-create "*foo*") "news.eternal-september.org" "nntp" :type (quote starttls) :end-of-command "^\\([2345]\\|[.]\\).*\n" :capability-command "HELP.\n" :success "^3" :starttls-function (function (lambda (capabilities) (if (not (string-match "STARTTLS" capabilities)) nil "STARTTLS.\n")))) nil)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

[Lars Magne Ingebrigtsen]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Here's an easy test case:
>
> (open-network-stream
>  "nntpd" (get-buffer-create "*foo*")
>  "news.eternal-september.org" "nntp"
>  :type 'starttls
>  :end-of-command "^\\([2345]\\|[.]\\).*\n"
>  :capability-command "HELP\r\n"
>  :success "^3"
>  :starttls-function
>  (lambda (capabilities)
>    (if (not (string-match "STARTTLS" capabilities))
>        nil
>      "STARTTLS\r\n")))
>
> First of all, I think the error message is lacking.  It should say more
> about what's failing.

I've now fixed this...

> As to the bug -- gnutls by default now refuses to deal with MD5
> certificates.  We could override that, and instead let the network
> security manager notify the user that the connection isn't safe.

This apparently has nothing to do with MD5?  Included below is what
s_client says about the TLS connection.  It's ECDSA...

Hm...  but there is a self signed certificate in the chain.  Uhm...
using GNUTLS_VERIFY_DISABLE_CA_SIGN doesn't help, I still get
GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM.  Hm...

Is it possible that the gnutls installation is just too old or
something?  Weird.

[larsi@stories /usr/include/gnutls]$ openssl s_client -connect news.eternal-september.org:nntps
CONNECTED(00000003)
depth=1 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support@cacert.org
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=news.eternal-september.org
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
 1 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGLDCCBBSgAwIBAgIDEdYnMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTE2MDMxMTAzMzUyMFoXDTE2MDkwNzAzMzUyMFowJTEj
MCEGA1UEAxMabmV3cy5ldGVybmFsLXNlcHRlbWJlci5vcmcwggIgMA0GCSqGSIb3
DQEBAQUAA4ICDQAwggIIAoIB/yjsWrb5ftbIGzSCTRyYRyH+CcwR2FkVXaK331KM
8bULtWrbOGj8Ig5iMSP1+y7GQxX5WPErSduJI2fnp//TElb0FlmqShkNesSc3os1
Jng+aSbpYmnHhR0QHLt+wB9PG1WslD2fsyCHQnkAMNF7wtDyZ3N5YJveQHd9OjR1
LC4GwlHNWaRh2b1IEY/glO5+xXnrXMJLYLWv6Qj5rWpPNb/pn2hQT06sCdOLd/zP
MND0/G7cg4KSasRCFEMl8sMO4/013ZelBoBYQRkJs7LQFKfk4I3Xv97BZu0w/VNu
yQUShJDzaa9+JWM56eLP52rkK4uic++z3kF9ehhE5UrEMFDPusBcyJ+GehSvJXx/
YUq8QejYvKL+7K+nAvQDioUjc3GfvW3CoFbuH4vTK+4H2N9BAsUi3NbSmCxAVYuy
FNJgapAvPrJrgsQshHWJcHdcDbIFBmTqsemK/9Fs2CPFPGr0ckmhu+zDkUBWGqoK
JTW1nKU+Szf5+NVgNf9GxVv3HoLtRibAAH1eRVGursZc5Sy9p9pRuFVEwBkJUpC6
P+2u8b768VJsruQOwccWy4+QH0Mq/xxVKP5b4Fq3tP0CSBhsJD88QdgptCgHArKw
axJ8DlcOwY7BhcCEMpjN4lArZZMERWHCYEhIvdHMVCXZD8aLnoio4YhdFGdEpvgN
/sUCAwEAAaOCAREwggENMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMDQG
A1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3
CgMDMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2Fj
ZXJ0Lm9yZy8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3Jn
L3Jldm9rZS5jcmwwTwYDVR0RBEgwRoIabmV3cy5ldGVybmFsLXNlcHRlbWJlci5v
cmegKAYIKwYBBQUHCAWgHAwabmV3cy5ldGVybmFsLXNlcHRlbWJlci5vcmcwDQYJ
KoZIhvcNAQENBQADggIBAK9hEHAl5w+8s/ZISK2LBv3mvPBmOEfcwhhCBzlDn5S1
/sUot+tPVv1AUF5Z7p21E9HiLRr69C038imk8wD9kTIGakW+o4izC57lpMCklKFc
Qfqi/YQmCIeIbXQAxaMdANyz/HpajhhHtOmSYjcUrXWFds/Bm1hJzHb+rFSFnL7Y
GN2gogeLzgEcTZMPIrmzoCGqkal4+guWnj3Fc5bXWgc9CBbVHOV9WAyFhhRPwbVl
w87uVpGjHoA2epzirdtc6KcLZCymCCCHYHTUJ8F9f6W/IJtIKdtw4G2/1z7lz2v3
Coo7mXKY8n/tgCUUBZfcCalkL//5MCdf746XM9uJxdibDSnf8vdpQKx4Otf0W3h7
/zGIntpuUxWwwGCCdknTVagT2+XhhpHqBPgQYKm87zmbzweg2RMqRzXIq81+Gxz0
UkKHyJJsec421m+smZDdsjYMvc+FWsbuKXjnjzDwEj2TuxPYIaUJQAvj+ZnlBP8Y
fXZYD/ykrH9v4YGO7BtGRi0NY3Hs1tMIOSo2Ran0LmeQbGFpDPLvgUzg3Ta9RkYY
9FY6Bm6WHd5EVVXdL/m5OlC+50FqXWpkizmVsm6SpWcKzUSn1rQpTqd4wegsg1fw
CurbHkgkP56yPFj8SdXfNdP34YBXEiSI4ZEFM9CS/wsVKm8SE4TnIRDjN39i7ad1
-----END CERTIFICATE-----
subject=/CN=news.eternal-september.org
issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
---
No client certificate CA names sent
---
SSL handshake has read 4358 bytes and written 416 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4086 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 79FA1DD8A295D1D96475BE1818E88C3C28059A074AA8B743871B48243C203072
    Session-ID-ctx: 
    Master-Key: 156AF5671933E472B5B2E5ACAED0FB40B6F4EE997F9F2DABA13F548E9B64DB4565C4FD9B7D9539AF0D7A77B64E3942F4
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 65 10 86 c0 3b 81 89 d6-b6 63 74 7a c6 9d 9b 3b   e...;....ctz...;
    0010 - a8 38 e2 4a dc 47 96 f6-90 b5 37 6b 33 dc 73 2b   .8.J.G....7k3.s+
    0020 - 9c fb 97 e9 fc de 22 70-b7 da 76 0b 92 f3 94 72   ......"p..v....r
    0030 - 49 c5 ac 15 9f a3 5f 1e-e9 c6 19 b1 ed 16 1d 50   I....._........P
    0040 - 8a 0a 74 70 8e 97 ed 09-04 99 3d 75 cd 4d 46 15   ..tp......=u.MF.
    0050 - 93 b1 31 50 e0 28 bc b3-dd da 46 2c ac 00 47 88   ..1P.(....F,..G.
    0060 - a5 c3 b1 ad e1 86 d8 f3-85 c8 c3 9e c5 cf bb 9d   ................
    0070 - 93 14 8d c6 de c9 ff 7e-f6 45 99 35 cb 83 41 ab   .......~.E.5..A.
    0080 - 97 06 11 85 4a ee 76 a5-f4 1b 11 17 98 dd ec aa   ....J.v.........
    0090 - f2 48 d4 b6 2d 2e 16 a9-53 03 c1 96 96 31 ba ab   .H..-...S....1..

    Start Time: 1461506257
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

[Lars Magne Ingebrigtsen]

[larsi@stories ~/src/emacs/trunk]$ gnutls-cli -p nntps news.eternal-september.org
Resolving 'news.eternal-september.org'...
Connecting to '213.239.209.88:563'...
*** Fatal error: The signature algorithm is not supported.
*** Handshake has failed
GnuTLS error: The signature algorithm is not supported.

That's not very helpful.

However, on a newer machine it says:

- Certificate[1] info:
 - subject `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', issuer `O=Root CA,OU=http://www.cacert.org,CN=CA Cert Signing Authority,EMAIL=support@cacert.org', RSA key 4096 bits, signed using RSA-MD5 (broken!), activated `2003-03-30 12:29:49 UTC', expires `2033-03-29 12:29:49 UTC', SHA-1 fingerprint `135cec36f49cb8e93b1ab270cd80884676ce8f33'

So there's the MD5.

So it like fails on several levels: On older machines, the GnuTLS
library is too old, and on newer machines, it refuses the connection
because of the MD5...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

[Anssi Saari]

Some comments on this issue (I originally reported this on 
gnu.emacs.gnus). The machine in question runs Ubuntu 14.04 LTS and seems 
to have two versions of GnuTLS installed, 2.6 and 2.8, 2.6 is the 
default. If I force GnuTLS 2.8 then I have no issue.

bug#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

[Lars Ingebrigtsen]

Anssi Saari <as@sci.fi> writes:

> Some comments on this issue (I originally reported this on
> gnu.emacs.gnus). The machine in question runs Ubuntu 14.04 LTS and
> seems to have two versions of GnuTLS installed, 2.6 and 2.8, 2.6 is
> the default. If I force GnuTLS 2.8 then I have no issue.

Yes, I upgraded this laptop to the newest Ubuntu, and the problem went
away.  So I guess eternal-september uses something too new for the
previous Ubuntu version.

I'll close the bug.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no