unofficial mirror of help-gnu-emacs@gnu.org
 help / color / mirror / Atom feed
* Special configuration needed for eww + gnutls? [emacs 28.1]
@ 2022-04-14 16:34 Kaushal Modi
  2022-04-15  2:04 ` Jude DaShiell
  0 siblings, 1 reply; 6+ messages in thread
From: Kaushal Modi @ 2022-04-14 16:34 UTC (permalink / raw)
  To: Help Gnu Emacs mailing list

[-- Attachment #1: Type: text/plain, Size: 605 bytes --]

Hello,

I am able to browse websites using eww, but for any website I try to
visit, I get a prompt like this:

When I visiting orgmode.org, I see this (see attachment)
When I try to visit my blog (https://scripter.co), I see a similar
warning (see second attachment).

Note that the https certificates are valid for both of the above
sites. Normal browsers show the HTTPS Secure lock sign without any
warnings.

I have left the value of gnutls-algorithm-priority at its default
value of nil. Is there a suggested default value for this that would
prevent those warnings in eww?

Thanks!


--
Kaushal Modi

[-- Attachment #2: image.png --]
[-- Type: image/png, Size: 42311 bytes --]

[-- Attachment #3: image.png --]
[-- Type: image/png, Size: 42757 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Special configuration needed for eww + gnutls? [emacs 28.1]
  2022-04-14 16:34 Special configuration needed for eww + gnutls? [emacs 28.1] Kaushal Modi
@ 2022-04-15  2:04 ` Jude DaShiell
  2022-04-15 16:53   ` Kaushal Modi
  0 siblings, 1 reply; 6+ messages in thread
From: Jude DaShiell @ 2022-04-15  2:04 UTC (permalink / raw)
  To: Kaushal Modi, Help Gnu Emacs mailing list

have you got this in one of your initialization files:
(setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.3")


On Thu, 14 Apr 2022, Kaushal Modi wrote:

> Hello,
>
> I am able to browse websites using eww, but for any website I try to
> visit, I get a prompt like this:
>
> When I visiting orgmode.org, I see this (see attachment)
> When I try to visit my blog (https://scripter.co), I see a similar
> warning (see second attachment).
>
> Note that the https certificates are valid for both of the above
> sites. Normal browsers show the HTTPS Secure lock sign without any
> warnings.
>
> I have left the value of gnutls-algorithm-priority at its default
> value of nil. Is there a suggested default value for this that would
> prevent those warnings in eww?
>
> Thanks!
>
>
> --
> Kaushal Modi
>



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Special configuration needed for eww + gnutls? [emacs 28.1]
  2022-04-15  2:04 ` Jude DaShiell
@ 2022-04-15 16:53   ` Kaushal Modi
  2022-04-15 17:28     ` Robert Pluim
  0 siblings, 1 reply; 6+ messages in thread
From: Kaushal Modi @ 2022-04-15 16:53 UTC (permalink / raw)
  To: Jude DaShiell; +Cc: Help Gnu Emacs mailing list

On Thu, Apr 14, 2022 at 10:04 PM Jude DaShiell <jdashiel@panix.com> wrote:
>
> have you got this in one of your initialization files:
> (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.3")

No, gnutls-algorithm-priority is nil at its default value.

If I evaluate this in an emacs -Q session:

(progn
  (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.3")
  (eww "https://scripter.co"))

I see the eww buffer pop up but then stay stuck at "Contacting host:
scripter.co:443".

And if I evaluate

(progn
  (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.2")
  (eww "https://scripter.co"))

I see

Contacting host: scripter.co:443
#<buffer  *http scripter.co:443*-871644>
gnutls.c: [0] (Emacs) Received alert:  Error in protocol version

If this info is useful, pkg-config --modversion gnutls returns 3.3.29.
(and so C-h v libgnutls-version also returns 30329).

Does this work for you in an emacs -Q session?

  (eww "https://scripter.co")

Thanks!



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Special configuration needed for eww + gnutls? [emacs 28.1]
  2022-04-15 16:53   ` Kaushal Modi
@ 2022-04-15 17:28     ` Robert Pluim
  2022-04-15 18:00       ` Kaushal Modi
  0 siblings, 1 reply; 6+ messages in thread
From: Robert Pluim @ 2022-04-15 17:28 UTC (permalink / raw)
  To: Kaushal Modi; +Cc: Jude DaShiell, Help Gnu Emacs mailing list

>>>>> On Fri, 15 Apr 2022 12:53:51 -0400, Kaushal Modi <kaushal.modi@gmail.com> said:

    Kaushal> On Thu, Apr 14, 2022 at 10:04 PM Jude DaShiell <jdashiel@panix.com> wrote:
    >> 
    >> have you got this in one of your initialization files:
    >> (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.3")

    Kaushal> No, gnutls-algorithm-priority is nil at its default value.

    Kaushal> If I evaluate this in an emacs -Q session:

    Kaushal> (progn
    Kaushal>   (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.3")
    Kaushal>   (eww "https://scripter.co"))

    Kaushal> I see the eww buffer pop up but then stay stuck at "Contacting host:
    Kaushal> scripter.co:443".

    Kaushal> And if I evaluate

    Kaushal> (progn
    Kaushal>   (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.2")
    Kaushal>   (eww "https://scripter.co"))

    Kaushal> I see

    Kaushal> Contacting host: scripter.co:443
    Kaushal> #<buffer  *http scripter.co:443*-871644>
    Kaushal> gnutls.c: [0] (Emacs) Received alert:  Error in protocol version

    Kaushal> If this info is useful, pkg-config --modversion gnutls returns 3.3.29.
    Kaushal> (and so C-h v libgnutls-version also returns 30329).

scripter.co works for me with GnuTLS 3.7.1

This might be the Letʼs Encrypt cross-signing certificate expiry
issue, which is fixed in GnuTLS >= 3.6.14 See eg
<https://blog.germancoding.com/2021/04/16/lets-encrypt-and-expired-root-certificates/>

(although Iʼm wondering why itʼs taken so long for you to notice)

Robert
-- 



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Special configuration needed for eww + gnutls? [emacs 28.1]
  2022-04-15 17:28     ` Robert Pluim
@ 2022-04-15 18:00       ` Kaushal Modi
  2022-04-17 14:14         ` Robert Pluim
  0 siblings, 1 reply; 6+ messages in thread
From: Kaushal Modi @ 2022-04-15 18:00 UTC (permalink / raw)
  To: Robert Pluim; +Cc: Jude DaShiell, Help Gnu Emacs mailing list

On Fri, Apr 15, 2022 at 1:28 PM Robert Pluim <rpluim@gmail.com> wrote:
>
> scripter.co works for me with GnuTLS 3.7.1
>
> This might be the Letʼs Encrypt cross-signing certificate expiry
> issue, which is fixed in GnuTLS >= 3.6.14 See eg
> <https://blog.germancoding.com/2021/04/16/lets-encrypt-and-expired-root-certificates/>

Thanks!

> (although Iʼm wondering why itʼs taken so long for you to notice)

It just means that I haven't used eww in a long time (at least since
April 2021) 😁

I tried updating gnutls locally on my machine (where I don't have root
privileges)
- Tried to update gnutls, but it failed because I don't have libnettle.
- Tried to install libnettle, but if failed because
"downloads/nettle-3.7.3/examples/nettle-openssl.c:408: undefined
reference to `EVP_MD_CTX_new'"

I guess I will have to ask the sysadmin to update the gnutls lib.

Thanks for your help! This explains why eww works for me the last time
it worked (> 2 years back) and why it doesn't work now.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Special configuration needed for eww + gnutls? [emacs 28.1]
  2022-04-15 18:00       ` Kaushal Modi
@ 2022-04-17 14:14         ` Robert Pluim
  0 siblings, 0 replies; 6+ messages in thread
From: Robert Pluim @ 2022-04-17 14:14 UTC (permalink / raw)
  To: Kaushal Modi; +Cc: Jude DaShiell, Help Gnu Emacs mailing list

>>>>> On Fri, 15 Apr 2022 14:00:01 -0400, Kaushal Modi <kaushal.modi@gmail.com> said:

    Kaushal> I tried updating gnutls locally on my machine (where I don't have root
    Kaushal> privileges)
    Kaushal> - Tried to update gnutls, but it failed because I don't have libnettle.
    Kaushal> - Tried to install libnettle, but if failed because
    Kaushal> "downloads/nettle-3.7.3/examples/nettle-openssl.c:408: undefined
    Kaushal> reference to `EVP_MD_CTX_new'"

    Kaushal> I guess I will have to ask the sysadmin to update the gnutls lib.

    Kaushal> Thanks for your help! This explains why eww works for me the last time
    Kaushal> it worked (> 2 years back) and why it doesn't work now.

I guess if you really,really want to use eww on that machine, you
could install gnutls-cli in your home directory somewhere, and
persuade emacs to use it instead of the built-in support (either by
explicitly disabling gnutls when configuring or by overriding
`gnutls-available-p'). Donʼt use the resulting emacs for anything
important, though 🙂

Robert
-- 



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-04-17 14:14 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-14 16:34 Special configuration needed for eww + gnutls? [emacs 28.1] Kaushal Modi
2022-04-15  2:04 ` Jude DaShiell
2022-04-15 16:53   ` Kaushal Modi
2022-04-15 17:28     ` Robert Pluim
2022-04-15 18:00       ` Kaushal Modi
2022-04-17 14:14         ` Robert Pluim

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).