From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Thomas Fitzsimmons Newsgroups: gmane.emacs.bugs Subject: bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake Date: Mon, 09 Apr 2012 23:07:34 -0400 Message-ID: References: <87haxk3dce.fsf@lifelogs.com> <87hax6wakn.fsf@lifelogs.com> <87sjgdoi43.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1334027292 24497 80.91.229.3 (10 Apr 2012 03:08:12 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 10 Apr 2012 03:08:12 +0000 (UTC) Cc: Lars Magne Ingebrigtsen , 10904@debbugs.gnu.org To: Ted Zlatanov Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Apr 10 05:08:11 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SHRRB-0004Gt-0e for geb-bug-gnu-emacs@m.gmane.org; Tue, 10 Apr 2012 05:08:09 +0200 Original-Received: from localhost ([::1]:51118 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SHRRA-00085F-Ao for geb-bug-gnu-emacs@m.gmane.org; Mon, 09 Apr 2012 23:08:08 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:40260) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SHRR7-00084y-KE for bug-gnu-emacs@gnu.org; Mon, 09 Apr 2012 23:08:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SHRR5-0000wD-QU for bug-gnu-emacs@gnu.org; Mon, 09 Apr 2012 23:08:05 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:51180) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SHRR5-0000w9-N0 for bug-gnu-emacs@gnu.org; Mon, 09 Apr 2012 23:08:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1SHRS2-0006rB-Bq for bug-gnu-emacs@gnu.org; Mon, 09 Apr 2012 23:09:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Thomas Fitzsimmons Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 10 Apr 2012 03:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 10904 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 10904-submit@debbugs.gnu.org id=B10904.133402732726328 (code B ref 10904); Tue, 10 Apr 2012 03:09:02 +0000 Original-Received: (at 10904) by debbugs.gnu.org; 10 Apr 2012 03:08:47 +0000 Original-Received: from localhost ([127.0.0.1]:47718 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SHRRn-0006qb-6Z for submit@debbugs.gnu.org; Mon, 09 Apr 2012 23:08:47 -0400 Original-Received: from mail-iy0-f172.google.com ([209.85.210.172]:50032) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1SHRRk-0006qT-Ok for 10904@debbugs.gnu.org; Mon, 09 Apr 2012 23:08:46 -0400 Original-Received: by iazz13 with SMTP id z13so6368163iaz.3 for <10904@debbugs.gnu.org>; Mon, 09 Apr 2012 20:07:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-type:x-gm-message-state; bh=uWd4AtZ8kntS+Z6XZ58xJVYXxCLQW5AuymlQzVfOMWc=; b=AstTYQC9BrOJBFWVonO8qD+5Gd1gMmm7En7afvqRZ0zohiBL7TXS8WdGK7s2/0ZUKf C1VwmnKCT0Pcaz9RpZPiJY0UiWMTcIrx3gZA2TfJKzH8+JjCQRYpGUcrlmGmjbAzIijk 0aBGeyzVDFMKMbartr3y6LqP7HJ3f5zgHAuP1DS4W+lRPIdlziAVd70khBDl1xfj4uqk EgY1098qeWNZMkKTLcIPXunfhoCXoURttts6uBksO4HcuXtnqSKCZSVRipwNaay9rolC +T0lilToGJfuhwh1R2Evo3uCZfiOCWWoKpDeRDXVSPJ219hK8KAg9Tjs84fXdJfUCYMg AHmw== Original-Received: by 10.42.180.66 with SMTP id bt2mr5539998icb.56.1334027264935; Mon, 09 Apr 2012 20:07:44 -0700 (PDT) Original-Received: from ducky.fitzsim.org (69-165-165-189.dsl.teksavvy.com. [69.165.165.189]) by mx.google.com with ESMTPS id k8sm42228692igz.4.2012.04.09.20.07.43 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 09 Apr 2012 20:07:44 -0700 (PDT) In-Reply-To: <87sjgdoi43.fsf@lifelogs.com> (Ted Zlatanov's message of "Sun, 08 Apr 2012 20:37:32 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) X-Gm-Message-State: ALoCoQkyxfl/mlhkCqaWD4Wj3ePoYHQUCna5IsVVcu/1crw4NQ8UmWQpDiMVFbJNJeeNWZMepoUx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:58676 Archived-At: Ted Zlatanov writes: > On Sun, 08 Apr 2012 13:46:56 -0400 Thomas Fitzsimmons wrote: > > TF> The loop happens when the GnuTLS handshake fails for some reason, within > TF> a network process. I use the attached patch to limit the number of > TF> iterations. I'm not familiar enough with the Emacs process code to > TF> suggest a fix though. > > Thanks again for the help and provided patch. I modified it to keep the > number of handshakes tried per connection, not globally. Please try > it. I will also propose it on emacs-devel for inclusion in the upcoming > 24.1 release. I tried trunk against my IMAP server and the applied patch prevents the infinite loop. At the default gnutls-log-level, a connection attempt fails with: Warning: Opening nnimap server on ...failed: ; Unable to open server nnimap+ due to: GnuTLS error: #, -9 gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason. A nice improvement would be to detect when the server uses a ciphersuite that GnuTLS's default priority list ("NORMAL") rejects, warn the user, and ask if they want to retry with a more permissive list ("PERFORMANCE"). But that's a separate enhancement -- for now your patch fixes the infinite loop and setting gnutls-algorithm-priority to "performance" works around the server's weak ciphersuite. Thanks, Thomas