* bug#13406: 24.2.92; gnus fails imap connection with TLS
@ 2013-01-10 16:34 Rainer Orth
2013-01-11 14:09 ` Ted Zlatanov
0 siblings, 1 reply; 4+ messages in thread
From: Rainer Orth @ 2013-01-10 16:34 UTC (permalink / raw)
To: 13406
On Solaris 11.1/x86, I cannot connect to our imap server with TLS
anymore:
.emacs has
(setq gnus-secondary-select-methods
'((nnimap "cebitec"
(nnimap-address "<imap server elided>")
(nnimap-stream ssl))))
In *Messages*, I find
Opening nnimap server on cebitec...
Opening connection to <imap server elided> via tls...
gnutls.c: [0] (Emacs) fatal error: Decryption has failed.
gnutls.el: (err=[-24] Decryption has failed.) boot: (:priority NORMAL :hostname <imap server elided> :loglevel 0 :min-prime-bits 256 :trustfiles nil :crlfiles nil :keylist nil :verify-flags nil :verify-error nil :verify-hostname-error nil :callbacks nil)
Unable to open server nnimap+cebitec due to: GnuTLS error: #<process *nnimap*>, -24
Opening nnimap server on cebitec...done
No new newsgroups
Checking new news...
Reading active file via nnnil...done
Reading active file from cebitec via nnimap...done
Reading active file via nndraft...done
Checking new news...done
Warning: Unable to open server nnimap+cebitec due to: GnuTLS error: #<process *nnimap*>, -24
gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason. [2 times]
libgnutls.so.26 from gnutls 2.8.6 is bundled with the OS.
In GNU Emacs 24.2.92.1 (i386-pc-solaris2.11, GTK+ Version 2.20.1)
of 2013-01-10 on fuego
Windowing system distributor `Oracle Corporation, based on X.Org Foundation sources', version 11.0.11202000
Configured using:
`configure '--prefix=/vol/gnu' '--without-gif''
Important settings:
value of $LC_ALL:
value of $LC_COLLATE:
value of $LC_CTYPE: iso_8859_1
value of $LC_MESSAGES:
value of $LC_MONETARY:
value of $LC_NUMERIC:
value of $LC_TIME:
value of $LANG: C
locale-coding-system: iso-latin-1-unix
default enable-multibyte-characters: t
Major mode: Fundamental
Minor modes in effect:
desktop-save-mode: t
tooltip-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
C-v C-v <escape> < C-x b * c <backspace> s c <tab>
<return> <escape> x g n u s <return> C-x b * <tab>
M <tab> <return> <escape> x r e p o <tab> r <tab> <return>
g n u s SPC f a C-g C-x C-f ~ / . e m <tab> <return>
C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n
C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n
C-n C-n C-n C-x k <return> C-x 5 2 <switch-frame> <escape>
x r e p o r <tab> <return>
Recent messages:
Opening nnimap server on cebitec...done
No new newsgroups
Checking new news...
Reading active file via nnnil...done
Reading active file from cebitec via nnimap...done
Reading active file via nndraft...done
Checking new news...done
Warning: Unable to open server nnimap+cebitec due to: GnuTLS error: #<process *nnimap*>, -24
gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason. [2 times]
Making completion list... [2 times]
Quit
Load-path shadows:
/vol/gnu/share/emacs/site-lisp/psgml/psgml-edit hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-edit
/vol/gnu/share/emacs/site-lisp/psgml/psgml-charent hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-charent
/vol/gnu/share/emacs/site-lisp/psgml/psgml-dtd hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-dtd
/vol/gnu/share/emacs/site-lisp/psgml/psgml-parse hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-parse
/vol/gnu/share/emacs/site-lisp/psgml/psgml-api hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-api
/vol/gnu/share/emacs/site-lisp/psgml/psgml-info hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-info
/vol/gnu/share/emacs/site-lisp/psgml/psgml-other hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml-other
/vol/gnu/share/emacs/site-lisp/psgml/psgml hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.0/psgml
/vol/gnu/share/emacs/site-lisp/psgml/psgml-other hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-other
/vol/gnu/share/emacs/site-lisp/psgml/psgml-edit hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-edit
/vol/gnu/share/emacs/site-lisp/psgml/psgml hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml
/vol/gnu/share/emacs/site-lisp/psgml/psgml-api hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-api
/vol/gnu/share/emacs/site-lisp/psgml/psgml-info hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-info
/vol/gnu/share/emacs/site-lisp/psgml/psgml-dtd hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-dtd
/vol/gnu/share/emacs/site-lisp/psgml/psgml-charent hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-charent
/vol/gnu/share/emacs/site-lisp/psgml/psgml-parse hides /vol/gnu/share/emacs/site-lisp/psgml/1.2.5/psgml-parse
/vol/gnu/share/emacs/site-lisp/info-look hides /vol/gnu/src/emacs/emacs-24.2.92/lisp/info-look
Features:
(shadow sort mail-extr emacsbug sendmail help-mode gnus-topic nndraft
nnmh nnagent nnml gnutls network-stream auth-source eieio byte-opt
bytecomp byte-compile cconv starttls nnimap parse-time tls utf7 netrc
nnfolder nnnil gnus-agent gnus-srvr gnus-score score-mode nnvirtual
gnus-msg gnus-art mm-uu mml2015 epg-config mm-view mml-smime smime
password-cache dig mailcap nntp gnus-cache gnus-sum nnoo gnus-group
gnus-undo nnmail mail-source gnus-start gnus-spec gnus-int gnus-range
message idna format-spec rfc822 mml easymenu mml-sec mm-decode mm-bodies
mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev
gmm-utils mailheader gnus-win gnus gnus-ems nnheader gnus-util
mail-utils mm-util mail-prsvr wid-edit dired tex-site go-mode-load
desktop time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel
x-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list
newcomment lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham
georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese hebrew greek romanian slovak czech european ethiopic
indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple
abbrev minibuffer loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote make-network-process
dbusbind dynamic-setting system-font-setting font-render-setting
move-toolbar gtk x-toolkit x multi-tty emacs)
--
-----------------------------------------------------------------------------
Rainer Orth, Center for Biotechnology, Bielefeld University
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#13406: 24.2.92; gnus fails imap connection with TLS
2013-01-10 16:34 bug#13406: 24.2.92; gnus fails imap connection with TLS Rainer Orth
@ 2013-01-11 14:09 ` Ted Zlatanov
2013-01-15 10:24 ` Rainer Orth
0 siblings, 1 reply; 4+ messages in thread
From: Ted Zlatanov @ 2013-01-11 14:09 UTC (permalink / raw)
To: Rainer Orth; +Cc: 13406
On Thu, 10 Jan 2013 17:34:08 +0100 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE> wrote:
RO> On Solaris 11.1/x86, I cannot connect to our imap server with TLS
RO> anymore:
RO> .emacs has
RO> (setq gnus-secondary-select-methods
RO> '((nnimap "cebitec"
RO> (nnimap-address "<imap server elided>")
RO> (nnimap-stream ssl))))
RO> In *Messages*, I find
RO> Opening nnimap server on cebitec...
RO> Opening connection to <imap server elided> via tls...
RO> gnutls.c: [0] (Emacs) fatal error: Decryption has failed.
RO> gnutls.el: (err=[-24] Decryption has failed.) boot: (:priority NORMAL :hostname <imap server elided> :loglevel 0 :min-prime-bits 256 :trustfiles nil :crlfiles nil :keylist nil :verify-flags nil :verify-error nil :verify-hostname-error nil :callbacks nil)
RO> Unable to open server nnimap+cebitec due to: GnuTLS error: #<process *nnimap*>, -24
RO> Opening nnimap server on cebitec...done
RO> No new newsgroups
RO> Checking new news...
RO> Reading active file via nnnil...done
RO> Reading active file from cebitec via nnimap...done
RO> Reading active file via nndraft...done
RO> Checking new news...done
RO> Warning: Unable to open server nnimap+cebitec due to: GnuTLS error: #<process *nnimap*>, -24
RO> gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason. [2 times]
RO> libgnutls.so.26 from gnutls 2.8.6 is bundled with the OS.
Can you try from the command line, with `gnutls-cli'?
Thanks
Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#13406: 24.2.92; gnus fails imap connection with TLS
2013-01-11 14:09 ` Ted Zlatanov
@ 2013-01-15 10:24 ` Rainer Orth
2013-01-16 14:09 ` Ted Zlatanov
0 siblings, 1 reply; 4+ messages in thread
From: Rainer Orth @ 2013-01-15 10:24 UTC (permalink / raw)
To: 13406
Ted Zlatanov <tzz@lifelogs.com> writes:
> Can you try from the command line, with `gnutls-cli'?
gnutls-cli isn't installed on Solaris 11, so I built the upstream
version of gnutls 2.8.6 myself. With the unchanged version, imap with
TLS works fine. I've then dug up the build receipe on opensolaris.org
and found that the fix for CVE-2012-1573 is wrong: while upstream
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d;hp=cfea38b5482c21fe6ddffaddc59a0040f80bd578
uses a ciphertext.size < hash_size test, Solaris has
http://src.opensolaris.org/source/xref/jds/spec-files/branches/gnome-2-30-s11update/patches/gnutls-02-cve-2012-1573.diff
> hash_size instead.
So the report is invalid and I'll report upstream.
Rainer
--
-----------------------------------------------------------------------------
Rainer Orth, Center for Biotechnology, Bielefeld University
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#13406: 24.2.92; gnus fails imap connection with TLS
2013-01-15 10:24 ` Rainer Orth
@ 2013-01-16 14:09 ` Ted Zlatanov
0 siblings, 0 replies; 4+ messages in thread
From: Ted Zlatanov @ 2013-01-16 14:09 UTC (permalink / raw)
To: Rainer Orth; +Cc: 13406, 13406-done
On Tue, 15 Jan 2013 11:24:29 +0100 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE> wrote:
RO> Ted Zlatanov <tzz@lifelogs.com> writes:
>> Can you try from the command line, with `gnutls-cli'?
RO> gnutls-cli isn't installed on Solaris 11, so I built the upstream
RO> version of gnutls 2.8.6 myself. With the unchanged version, imap with
RO> TLS works fine. I've then dug up the build receipe on opensolaris.org
RO> and found that the fix for CVE-2012-1573 is wrong: while upstream
RO> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d;hp=cfea38b5482c21fe6ddffaddc59a0040f80bd578
RO> uses a ciphertext.size < hash_size test, Solaris has
RO> http://src.opensolaris.org/source/xref/jds/spec-files/branches/gnome-2-30-s11update/patches/gnutls-02-cve-2012-1573.diff
>> hash_size instead.
RO> So the report is invalid and I'll report upstream.
Thank you for the thoroughness, it saves us a lot of work! Marking this
bug as done.
Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-16 14:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-10 16:34 bug#13406: 24.2.92; gnus fails imap connection with TLS Rainer Orth
2013-01-11 14:09 ` Ted Zlatanov
2013-01-15 10:24 ` Rainer Orth
2013-01-16 14:09 ` Ted Zlatanov
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).