all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: thomas@m3y3r.de
To: 32658@debbugs.gnu.org
Subject: bug#32658: 26.1; Cannot connect to TLS websites
Date: Fri, 07 Sep 2018 11:22:06 +0200	[thread overview]
Message-ID: <861sa5zmpt.fsf@DESKTOP-DQBDJ0U.i-did-not-set--mail-host-address--so-tickle-me> (raw)


when I try to connect to an TLS enabled website on this Windows 10
machine, I get an error message.

I tried with the packages gnutls version 3.6.0 on emacs 26.1 and I did
upgrade the gnutls version to the 3.6.3 but still no success.

I did set gnutls-log-level to 5 here is the log with emacs 26.1 and
upgrade gnutls library to 3.6.3:

Contacting host: lwn.net:80
5 (#o5, #x5, ?\C-e)
Contacting host: lwn.net:443
gnutls.c: [1] (Emacs) connecting to host: lwn.net
gnutls.c: [1] (Emacs) allocating credentials
gnutls.c: [2] (Emacs) allocating x509 credentials
gnutls.c: [2] (Emacs) using default verification flags
gnutls.c: [3] ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:321

gnutls.c: [audit] There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft Root Authority.

gnutls.c: [3] ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:321

gnutls.c: [audit] There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.

gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945

gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945

gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945

gnutls.c: [3] ASSERT: dn.c[_gnutls_x509_compare_raw_dn]:988

gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945

gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895

gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945

gnutls.c: [3] ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:321

gnutls.c: [audit] There was a non-CA certificate in the trusted list: CN=Root Agency.

gnutls.c: [1] (Emacs) gnutls callbacks
gnutls.c: [1] (Emacs) gnutls_init
gnutls.c: [5] REC[0000000005a734f0]: Allocating epoch #0

gnutls.c: [1] (Emacs) got non-default priority string: NORMAL:%DUMBFW
gnutls.c: [1] (Emacs) setting the priority string
gnutls.c: [2] added 5 protocols, 29 ciphersuites, 15 sig algos and 8 groups into priority list

gnutls.c: [audit] Note that the security level of the Diffie-Hellman key exchange has been lowered to 256 bits and this may allow decryption of the session data

gnutls.c: [5] REC[0000000005a734f0]: Allocating epoch #1

gnutls.c: [4] HSK[0000000005a734f0]: Adv. version: 3.3

gnutls.c: [2] Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)

gnutls.c: [2] Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)

gnutls.c: [2] Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)

gnutls.c: [2] Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)

gnutls.c: [2] Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)

gnutls.c: [2] Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)

gnutls.c: [2] Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)

gnutls.c: [2] Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)

gnutls.c: [2] Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)

gnutls.c: [2] Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)

gnutls.c: [2] Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)

gnutls.c: [2] Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)

gnutls.c: [2] Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)

gnutls.c: [2] Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)

gnutls.c: [2] Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)

gnutls.c: [2] Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)

gnutls.c: [2] Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)

gnutls.c: [2] Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)

gnutls.c: [2] Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Maximum Record Size/1) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (OCSP Status Request/5) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension OCSP Status Request/5 (5 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Supported Groups/10) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sent group SECP256R1 (0x17)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group SECP384R1 (0x18)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group SECP521R1 (0x19)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group X25519 (0x1d)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE2048 (0x100)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE3072 (0x101)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE4096 (0x102)

gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE8192 (0x104)

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Supported Groups/10 (18 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Supported EC Point Formats/11 (2 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (SRP/12) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Signature Algorithms/13) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (4.1) RSA-SHA256

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.9) RSA-PSS-SHA256

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (4.3) ECDSA-SHA256

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.7) EdDSA-Ed25519

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (5.1) RSA-SHA384

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.10) RSA-PSS-SHA384

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (5.3) ECDSA-SHA384

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (6.1) RSA-SHA512

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.11) RSA-PSS-SHA512

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (6.3) ECDSA-SHA512

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (2.1) RSA-SHA1

gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (2.3) ECDSA-SHA1

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Signature Algorithms/13 (32 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (SRTP/14) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Heartbeat/15) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (ALPN/16) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Encrypt-then-MAC/22 (0 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Extended Master Secret/23) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Extended Master Secret/23 (0 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Session Ticket/35) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Session Ticket/35 (0 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Key Share/51) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Supported Versions/43) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Post Handshake Auth/49) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Safe Renegotiation/65281 (1 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Server Name Indication/0) for 'client hello'

gnutls.c: [2] HSK[0000000005a734f0]: sent server name: 'lwn.net'

gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Server Name Indication/0 (12 bytes)

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Cookie/44) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (ClientHello Padding/21) for 'client hello'

gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Pre Shared Key/41) for 'client hello'

gnutls.c: [4] HSK[0000000005a734f0]: CLIENT HELLO was queued [201 bytes]

gnutls.c: [5] REC[0000000005a734f0]: Preparing Packet Handshake(22) with length: 201 and min pad: 0

gnutls.c: [5] REC[0000000005a734f0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 206

gnutls.c: [3] ASSERT: buffers.c[_gnutls_writev_emu]:464

gnutls.c: [2] WRITE: -1 returned from 0000000005f1ae30, errno: 11

gnutls.c: [3] (Emacs) retry: Resource temporarily unavailable, try again.
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again.
gnutls.c: [3] ASSERT: buffers.c[_gnutls_writev_emu]:464

gnutls.c: [2] WRITE: -1 returned from 0000000005f1ae30, errno: 11

gnutls.c: [3] (Emacs) retry: Resource temporarily unavailable, try again.
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again.
gnutls.c: [2] (Emacs) Deallocating x509 credentials
gnutls.c: [5] REC[0000000005a734f0]: Start of epoch cleanup

gnutls.c: [5] REC[0000000005a734f0]: End of epoch cleanup

gnutls.c: [5] REC[0000000005a734f0]: Epoch #0 freed

gnutls.c: [5] REC[0000000005a734f0]: Epoch #1 freed

I'm not sure why the write get's an EAGAIN.
Another setup special is that I login into this Windows 10 machine as a
normal user without admin permissions. Most people doesn't do that and
only have one account with admin permission. maybe this is somehow
related, maybe not.


In GNU Emacs 26.1 (build 1, x86_64-w64-mingw32)
 of 2018-05-30 built on CIRROCUMULUS
Repository revision: 07f8f9bc5a51f5aa94eb099f3e15fbe0c20ea1ea
Windowing system distributor 'Microsoft Corp.', version 10.0.17134
Recent messages:
gnutls.c: [5] REC[0000000005a734f0]: Start of epoch cleanup

gnutls.c: [5] REC[0000000005a734f0]: End of epoch cleanup

gnutls.c: [5] REC[0000000005a734f0]: Epoch #0 freed

gnutls.c: [5] REC[0000000005a734f0]: Epoch #1 freed

scroll-down-command: Beginning of buffer [7 times]
Making completion list...

Configured using:
 'configure --without-dbus --host=x86_64-w64-mingw32
 --without-compress-install 'CFLAGS=-O2 -static -g3''

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY ACL GNUTLS LIBXML2 ZLIB
TOOLKIT_SCROLL_BARS THREADS LCMS2

Important settings:
  value of $LANG: DE
  locale-coding-system: cp1252

Major mode: Messages

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message dired dired-loaddefs rfc822 mml
mml-sec epa derived epg epg-config mm-decode mm-bodies mm-encode
mailabbrev gmm-utils mailheader sendmail misearch multi-isearch
network-stream starttls url-http tls gnutls mail-parse rfc2231 url-gw
nsm rmc url-cache url-auth eww easymenu puny mm-url gnus nnheader
gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums mail-utils
wid-edit mm-util mail-prsvr url-queue url url-proxy url-privacy
url-expand url-methods url-history url-cookie url-domsuf url-util
url-parse auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache url-vars mailcap shr svg xml seq byte-opt gv bytecomp
byte-compile cconv dom browse-url format-spec cl-loaddefs cl-lib
elec-pair time-date mule-util tooltip eldoc electric uniquify ediff-hook
vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win
w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt
fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow isearch timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese composite charscript charprop case-table epa-hook jka-cmpr-hook
help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote w32notify w32 lcms2 multi-tty make-network-process emacs)

Memory information:
((conses 16 127886 9148)
 (symbols 56 23472 1)
 (miscs 48 88 141)
 (strings 32 39033 926)
 (string-bytes 1 1042801)
 (vectors 16 17742)
 (vector-slots 8 533924 11674)
 (floats 8 78 408)
 (intervals 56 446 0)
 (buffers 992 14))





             reply	other threads:[~2018-09-07  9:22 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-07  9:22 thomas [this message]
2018-09-30 21:33 ` bug#32658: gnutls + non-blocking url-retrieve thomas
2018-10-01  6:03   ` Eli Zaretskii
2018-10-01 20:48     ` thomas
2018-10-05 18:25       ` Noam Postavsky
2018-10-03 14:15     ` thomas
2018-10-07 13:42       ` thomas
2019-05-16 13:14         ` Noam Postavsky
2019-09-24  5:18           ` Lars Ingebrigtsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=861sa5zmpt.fsf@DESKTOP-DQBDJ0U.i-did-not-set--mail-host-address--so-tickle-me \
    --to=thomas@m3y3r.de \
    --cc=32658@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.