* gnutls-verify-error issues
@ 2016-07-12 1:35 Hubert Chathi
0 siblings, 0 replies; 4+ messages in thread
From: Hubert Chathi @ 2016-07-12 1:35 UTC (permalink / raw)
To: help-gnu-emacs
There seems to be something weird going on with the gnutls-verify-error
variable. It is initially set to:
(("muchlearning\\.org"
(:trustfiles))
("news\\.gmane\\.org" nil)
(".*"
(:trustfiles :hostname)))
i.e. it verifies all domains strictly except for a couple of domains
that need to be more lax.
However, after it's made a few connections, the value changes, and
eventually becomes unusable for some domains. e.g. it may look like this:
(("muchlearning\\.org"
(:trustfiles))
("news\\.gmane\\.org" nil
(:trustfiles :hostname)
(:trustfiles :hostname)
. #2)
(".*"
(:trustfiles :hostname)
. #1))
and it won't be able to connect to news.gmane.org any more.
I'm currently using emacs 24.4 from Debian (package version 24.4+1-5,
which is the current version from Debian stable).
--
Hubert Chathi - Email/Jabber: hubert@uhoreg.ca - https://www.uhoreg.ca/
PGP/GnuPG key: 4096R/113A1368 (Key available at pool.sks-keyservers.net)
Fingerprint: F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: gnutls-verify-error issues
[not found] <mailman.1147.1468287386.26859.help-gnu-emacs@gnu.org>
@ 2016-07-12 1:48 ` Emanuel Berg
2016-07-12 14:00 ` Ted Zlatanov
1 sibling, 0 replies; 4+ messages in thread
From: Emanuel Berg @ 2016-07-12 1:48 UTC (permalink / raw)
To: help-gnu-emacs
Hubert Chathi <hubert@uhoreg.ca> writes:
> There seems to be something weird going on
> with the gnutls-verify-error variable.
This is not in any way an answer to you
question, however I'd like to mention I've had
problems with the TLS the past two months and
it might be related - all details:
https://lists.gnu.org/archive/html/info-gnus-english/2016-05/msg00002.html
--
underground experts united .... http://user.it.uu.se/~embe8573
Emacs Gnus Blogomatic ......... http://user.it.uu.se/~embe8573/blogomatic
- so far: 56 Blogomatic articles -
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: gnutls-verify-error issues
[not found] <mailman.1147.1468287386.26859.help-gnu-emacs@gnu.org>
2016-07-12 1:48 ` Emanuel Berg
@ 2016-07-12 14:00 ` Ted Zlatanov
2016-07-13 3:08 ` Hubert Chathi
1 sibling, 1 reply; 4+ messages in thread
From: Ted Zlatanov @ 2016-07-12 14:00 UTC (permalink / raw)
To: help-gnu-emacs
On Mon, 11 Jul 2016 21:35:57 -0400 Hubert Chathi <hubert@uhoreg.ca> wrote:
HC> There seems to be something weird going on with the gnutls-verify-error
HC> variable. It is initially set to:
HC> (("muchlearning\\.org"
HC> (:trustfiles))
HC> ("news\\.gmane\\.org" nil)
HC> (".*"
HC> (:trustfiles :hostname)))
HC> i.e. it verifies all domains strictly except for a couple of domains
HC> that need to be more lax.
HC> However, after it's made a few connections, the value changes, and
HC> eventually becomes unusable for some domains. e.g. it may look like this:
HC> (("muchlearning\\.org"
HC> (:trustfiles))
HC> ("news\\.gmane\\.org" nil
HC> (:trustfiles :hostname)
HC> (:trustfiles :hostname)
HC> . #2)
HC> (".*"
HC> (:trustfiles :hostname)
HC> . #1))
HC> and it won't be able to connect to news.gmane.org any more.
HC> I'm currently using emacs 24.4 from Debian (package version 24.4+1-5,
HC> which is the current version from Debian stable).
I am not aware of any code in Emacs that would modify
`gnutls-verify-error' and haven't seen this issue. But it could be a
bug. In particular this line *could* be the cuplrit in gnutls.el:
(when verify-hostname-error
(push :hostname verify-error))
Are you able to put a debug statement in there and try again?
Or give a recipe to duplicate the issue?
Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: gnutls-verify-error issues
2016-07-12 14:00 ` Ted Zlatanov
@ 2016-07-13 3:08 ` Hubert Chathi
0 siblings, 0 replies; 4+ messages in thread
From: Hubert Chathi @ 2016-07-13 3:08 UTC (permalink / raw)
To: help-gnu-emacs
On Tue, 12 Jul 2016 10:00:41 -0400, Ted Zlatanov <tzz@lifelogs.com> said:
> I am not aware of any code in Emacs that would modify
> `gnutls-verify-error' and haven't seen this issue. But it could be a
> bug. In particular this line *could* be the cuplrit in gnutls.el:
> (when verify-hostname-error (push :hostname verify-error))
> Are you able to put a debug statement in there and try again?
I changed those lines to:
(when verify-hostname-error
(message "hostname error")
(push :hostname verify-error))
But there was no extra message in *Messages*.
But then I tried modifying the lambda in the (let* ... (verify-error
...)) expression in gnutls-negotiate to read
(lambda (check)
(when (string-match (car check) hostname)
(copy-sequence (cdr check))))
(I added the copy-sequence call), and now it seems to be working as it
should, so it looks like *something* in that function is modifying the
value.
> Or give a recipe to duplicate the issue?
For me, just setting the value of gnutls-verify-error to (("muchlearning\\.org"
(:trustfiles))
("news\\.gmane\\.org" nil
(:trustfiles :hostname))
(".*"
(:trustfiles :hostname))), and then accessing news.gmane.org in Gnus
via NNTP over TLS results in the value of gnutls-verify-error changing.
--
Hubert Chathi - Email/Jabber: hubert@uhoreg.ca - https://www.uhoreg.ca/
PGP/GnuPG key: 4096R/113A1368 (Key available at pool.sks-keyservers.net)
Fingerprint: F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-07-13 3:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-12 1:35 gnutls-verify-error issues Hubert Chathi
[not found] <mailman.1147.1468287386.26859.help-gnu-emacs@gnu.org>
2016-07-12 1:48 ` Emanuel Berg
2016-07-12 14:00 ` Ted Zlatanov
2016-07-13 3:08 ` Hubert Chathi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).