From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#9017: 24.0.50;
	gnutls.c: [0] (Emacs) fatal error: Key usage violation in certificate
	has been detected.
Date: Thu, 26 Jan 2012 09:40:22 -0600
Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?=
	=?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @
	Cienfuegos
Message-ID: <871uqma2vt.fsf@lifelogs.com>
References: <87ei22yzz3.fsf@niu.edu>
	<19995.2276.68599.608421@gargle.gargle.HOWL>
	<m3mxgkubk3.fsf@quimbies.gnus.org>
	<19995.3751.825437.128524@gargle.gargle.HOWL>
	<m3k4boq29t.fsf@quimbies.gnus.org>
	<19995.6586.299315.729607@gargle.gargle.HOWL>
	<m362n8n7hu.fsf@quimbies.gnus.org>
	<19997.45936.636066.132554@gargle.gargle.HOWL>
	<m3liw22ob3.fsf@quimbies.gnus.org>
	<19997.49819.733446.452844@gargle.gargle.HOWL>
	<87hb6n7ars.fsf@lifelogs.com> <m3sjq7fobb.fsf@quimbies.gnus.org>
	<20002.11953.120421.334092@gargle.gargle.HOWL>
	<m34o2ld9cw.fsf@quimbies.gnus.org>
	<20002.54164.83168.584630@gargle.gargle.HOWL>
	<m3wrfgopc7.fsf@quimbies.gnus.org>
	<20003.40556.788680.652938@gargle.gargle.HOWL>
	<87fwf3frvp.fsf@lifelogs.com> <87ipjzinar.fsf@gnus.org>
	<87wr8fbegb.fsf@lifelogs.com> <87mx9bh0lk.fsf@gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1327588911 6101 80.91.229.12 (26 Jan 2012 14:41:51 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Thu, 26 Jan 2012 14:41:51 +0000 (UTC)
Cc: 9017@debbugs.gnu.org, Roland Winkler <winkler@gnu.org>
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 26 15:41:47 2012
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RqQWG-0000EO-UJ
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 15:41:45 +0100
Original-Received: from localhost ([::1]:43055 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RqQWG-0004W2-5y
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 09:41:44 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:32801)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqQW8-0004VN-4U
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 09:41:41 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqQW1-00044n-VI
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 09:41:36 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:39742)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqQW1-00044A-S9
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 09:41:29 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqQWX-0002K9-NT
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 09:42:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Ted Zlatanov <tzz@lifelogs.com>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 26 Jan 2012 14:42:01 +0000
Resent-Message-ID: <handler.9017.B9017.13275889058908@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 9017
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 9017-submit@debbugs.gnu.org id=B9017.13275889058908
	(code B ref 9017); Thu, 26 Jan 2012 14:42:01 +0000
Original-Received: (at 9017) by debbugs.gnu.org; 26 Jan 2012 14:41:45 +0000
Original-Received: from localhost ([127.0.0.1]:45129 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1RqQWC-0002JY-SO
	for submit@debbugs.gnu.org; Thu, 26 Jan 2012 09:41:45 -0500
Original-Received: from cer-mailmxol2.jumptrading.com ([208.78.214.25]:12270)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <tzz@lifelogs.com>) id 1RqQW2-0002JA-Vd
	for 9017@debbugs.gnu.org; Thu, 26 Jan 2012 09:41:38 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap0EAN4iIU/AqF0N/2dsb2JhbABDr0uBcgEBBAF5EAsNFBoLDwEESQ4Fh3y4Jok9EAEIAQYEAwMEIgOCZR0OgQUiDAYCB4M0BIg/kleMdw
Original-Received: from unknown (HELO chiexchange02.w2k.jumptrading.com)
	([192.168.93.13])
	by cer-mailmxol2.jumptrading.com with ESMTP; 26 Jan 2012 14:42:18 +0000
Original-Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by
	chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP
	Server id 8.2.176.0; Thu, 26 Jan 2012 08:40:52 -0600
Original-Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.27.110]) by
	internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830); 
	Thu, 26 Jan 2012 08:40:52 -0600
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
In-Reply-To: <87mx9bh0lk.fsf@gnus.org> (Lars Ingebrigtsen's message of "Wed,
	25 Jan 2012 23:35:35 +0100")
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)
X-OriginalArrivalTime: 26 Jan 2012 14:40:52.0277 (UTC)
	FILETIME=[80B8B650:01CCDC38]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:56033
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/56033>

On Wed, 25 Jan 2012 23:35:35 +0100 Lars Ingebrigtsen <larsi@gnus.org> wrote: 

>> Either way it seems that `gnutls-algorithm-priority' will have to be one
>> of those string-or-alist-or-function variables, so you can disable
>> security altogether for specific hosts that need it.  I can add that
>> support if you think it's reasonable.

LI> I think the nice way to handle this would be to prompt the user here.
LI> With something like "The server provides buggy dhe-rsa credentials;
LI> connect anyway?" or something, which would result in "-dhe-rsa" being
LI> added to the variable.

LI> But as you point out, it should be on a per-host basis, probably...

OK, so by default it's a string and it works OK for most people.

When we get the key exception Roland had, we ask the user and then
convert `gnutls-algorithm-priority' to 
'((t old-value) (current-host "normal:-dhe-rsa")) or we create a new
entry if it's already an alist.

We also support a function, which gets the hostname as a parameter and
returns a string.

Cool?

Ted