From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: bvraghav@iitk.ac.in (B.V. Raghav)
Newsgroups: gmane.emacs.help
Subject: Re: w3m SSL handling error
Date: Thu, 20 Oct 2016 12:37:01 +0530
Organization: Indian Institute of Technology, Kanpur
Message-ID: <87lgxj8pnu.fsf@ram.bvr.dp.lan>
References: <87insr1kfy.fsf@ram.bvr.dp.lan>
	<20161017030047852203188@bob.proulx.com>
	<87lgxnjgua.fsf@ram.bvr.dp.lan>
	<20161017125340282252917@bob.proulx.com>
	<874m4axjm4.fsf@ram.bvr.dp.lan>
	<20161019160527696379108@bob.proulx.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1476947323 27283 195.159.176.226 (20 Oct 2016 07:08:43 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 20 Oct 2016 07:08:43 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
To: help-gnu-emacs@gnu.org
Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Thu Oct 20 09:08:38 2016
Return-path: <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geh-help-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bx7Sl-00054H-Vi
	for geh-help-gnu-emacs@m.gmane.org; Thu, 20 Oct 2016 09:08:28 +0200
Original-Received: from localhost ([::1]:52834 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bx7So-0003W8-6E
	for geh-help-gnu-emacs@m.gmane.org; Thu, 20 Oct 2016 03:08:30 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38946)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bvraghav@iitk.ac.in>) id 1bx7RY-0002zD-Aj
	for help-gnu-emacs@gnu.org; Thu, 20 Oct 2016 03:07:13 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bvraghav@iitk.ac.in>) id 1bx7RU-0006LF-7R
	for help-gnu-emacs@gnu.org; Thu, 20 Oct 2016 03:07:12 -0400
Original-Received: from mail2.iitk.ac.in ([202.3.77.186]:47654)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bvraghav@iitk.ac.in>) id 1bx7RT-00069D-SU
	for help-gnu-emacs@gnu.org; Thu, 20 Oct 2016 03:07:08 -0400
Original-Received: from smtp.cc.iitk.ac.in (smtp.cc.iitk.ac.in [172.31.1.22])
	by mail2.iitk.ac.in (Postfix) with ESMTP id 9F0361000180
	for <help-gnu-emacs@gnu.org>; Thu, 20 Oct 2016 12:37:01 +0530 (IST)
Original-Received: from ram.bvr.dp.lan.iitk.ac.in (unknown [172.20.240.122])
	(Authenticated sender: bvraghav)
	by smtp.cc.iitk.ac.in (Postfix) with ESMTPA id 9B12E56
	for <help-gnu-emacs@gnu.org>; Thu, 20 Oct 2016 12:37:01 +0530 (IST)
In-Reply-To: <20161019160527696379108@bob.proulx.com> (Bob Proulx's message of
	"Wed, 19 Oct 2016 16:08:48 -0600")
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 202.3.77.186
X-BeenThere: help-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Users list for the GNU Emacs text editor <help-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-gnu-emacs>,
	<mailto:help-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-gnu-emacs/>
List-Post: <mailto:help-gnu-emacs@gnu.org>
List-Help: <mailto:help-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-gnu-emacs>,
	<mailto:help-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "help-gnu-emacs"
	<help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.help:111574
Archived-At: <http://permalink.gmane.org/gmane.emacs.help/111574>

Bob Proulx <bob@proulx.com> writes:


> Why aren't you using 1.0.2j-1?  That is a big difference!  

My my! I totally missed that. In fact I apologise for not having
bothered about it!

# apt update && apt full-upgrade

$ apt-cache policy libssl1.0.2 
libssl1.0.2:
  Installed: 1.0.2j-1
  Candidate: 1.0.2j-1
  Version table:
 *** 1.0.2j-1 500
        500 http://mirror.cse.iitk.ac.in/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

It is not up to date. But the result is the same. Is there some cache
clear etc. required?

$ w3m https://www.emacswiki.org/
SSL error: error:0906D06C:PEM routines:PEM_read_bio:no start line

This is one more preposterous

$ gnutls-cli-debug www.emacswiki.org
GnuTLS debug client 3.5.4
Checking www.emacswiki.org:443
                             for SSL 3.0 (RFC6101) support... no
                        whether we need to disable TLS 1.2... yes
                        whether we need to disable TLS 1.1... yes
                        whether we need to disable TLS 1.0... yes
                        whether %NO_EXTENSIONS is required... yes
                               whether %COMPAT is required... yes
                             for TLS 1.0 (RFC2246) support...
Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS 1.2 no

With other domains, I run the command
$ gnutls-cli --tofu domain.tld

and it succeeds in connecting with following Certificate[#] info:
 - subject `CN=domain.tld', issuer `C=IN,O=IIT Kanpur,OU=Computer
 Center,CN=ironport1.iitk.ac.in', serial ...

but fails to terminate `properly':

*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.

Does this seem to have a bearing on my problem?

-- 
Raghav