From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.bugs Subject: bug#28458: 26.0.50; Does Emacs support SAN (subject alternate names)? Date: Mon, 18 Sep 2017 14:46:36 +0200 Message-ID: <877ewwdvir.fsf@gmail.com> References: <874ls58oc8.fsf@mouse.gnus.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1505738994 8700 195.159.176.226 (18 Sep 2017 12:49:54 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 18 Sep 2017 12:49:54 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Cc: 28458@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Sep 18 14:49:48 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dtvUi-0001wQ-4f for geb-bug-gnu-emacs@m.gmane.org; Mon, 18 Sep 2017 14:49:48 +0200 Original-Received: from localhost ([::1]:36462 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dtvUp-000082-AG for geb-bug-gnu-emacs@m.gmane.org; Mon, 18 Sep 2017 08:49:55 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36954) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dtvS7-0006iX-7l for bug-gnu-emacs@gnu.org; Mon, 18 Sep 2017 08:47:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dtvS2-0005Qp-8Z for bug-gnu-emacs@gnu.org; Mon, 18 Sep 2017 08:47:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:36993) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dtvS2-0005Qj-4b for bug-gnu-emacs@gnu.org; Mon, 18 Sep 2017 08:47:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dtvS1-0000Ef-Ry for bug-gnu-emacs@gnu.org; Mon, 18 Sep 2017 08:47:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Robert Pluim Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 18 Sep 2017 12:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28458 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 28458-submit@debbugs.gnu.org id=B28458.1505738813889 (code B ref 28458); Mon, 18 Sep 2017 12:47:01 +0000 Original-Received: (at 28458) by debbugs.gnu.org; 18 Sep 2017 12:46:53 +0000 Original-Received: from localhost ([127.0.0.1]:45674 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dtvRp-0000EC-Jw for submit@debbugs.gnu.org; Mon, 18 Sep 2017 08:46:53 -0400 Original-Received: from mail-wr0-f177.google.com ([209.85.128.177]:48943) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dtvRk-0000Du-Ie for 28458@debbugs.gnu.org; Mon, 18 Sep 2017 08:46:48 -0400 Original-Received: by mail-wr0-f177.google.com with SMTP id 108so380309wra.5 for <28458@debbugs.gnu.org>; Mon, 18 Sep 2017 05:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:gmane-reply-to-list:date:in-reply-to :message-id:user-agent:mime-version; bh=vvT06hYjegtsNFRncQkUkY2e8hudxm4MTvdEzQ0qtfY=; b=XmhK3NwEEPBmWCgzrmeAjPttyfHVbIquVzGoM/OO2TomQ2tWgMzMVBnsFlgV5NSgdr 4pWI3OTSZQyGeD5ze7yJW7+KrLscohxC8oorUA10GO6Hdl9WdQFEP/4bOE6hCfjFhvUP znmCgXe/oenNr9wMoKVEvvSmi13ZTK+DWHe6NKmzBp6AiIwO7PNd+ShB28kFb7dITXEu sqf5yoT39v+dg3JcoLcuMMdndio+LlwrGl2DyiaUk0H4FKnHZhTf86IqB4uQCP3Gvf4A NwKMhM6a4Fa85yvb+FRQkU+3ugDwyzQUX0nlgR3ESHw5ymy6vFVB4ObA4cTJlS5n8n2u VTow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=vvT06hYjegtsNFRncQkUkY2e8hudxm4MTvdEzQ0qtfY=; b=AI1RnpVz1iXXHrZHn2KNIJhsHnZBzM0dYBW309iA/39m4Ek23VREnOgtt7cdmfhEJF AOxm2HuESEQdaejoy8I+HsLeOgkS6mfmAeJna6obrss9jWeXlEdl0ZcBErfR1+EdOaOr TrCZKuJt9Aq6fzL3pZY4U/cmJ4rj3vMIz5xHgvDdiQ+C/xtD5/+sbuG4R/Ig+EwKuEyO OtmttyMsi9Y9RLKtHh2Jmx7v2KfQPhFMdKcA8pPUoHv1LLEfEUM8FjGMK1CQh3gtMY/+ BBthqcAjoilULQiehgJTcwibVWLAJd3SOUUyTKfRQCaBUK4IZj5adeqb6zNtotEFM5rI NbQg== X-Gm-Message-State: AHPjjUhnAeMbQwf64VaThFoW/MCcym2RNr+2kwa9BnSK2Bf2EHcFRDjk X1+ew4iJSOQk6SDwHhU= X-Google-Smtp-Source: ADKCNb6RPVv0GbH+RVZpqh8KPIbr+Tli38ULvgDrFywIkGu2RxXtv2ibKO2v8/Jfn3VThXSURBeLlA== X-Received: by 10.223.187.211 with SMTP id z19mr29835612wrg.97.1505738798438; Mon, 18 Sep 2017 05:46:38 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id c11sm6539240wrb.14.2017.09.18.05.46.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Sep 2017 05:46:37 -0700 (PDT) Gmane-Reply-To-List: yes In-Reply-To: <874ls58oc8.fsf@mouse.gnus.org> (Lars Ingebrigtsen's message of "Thu, 14 Sep 2017 14:19:19 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:137047 Archived-At: Lars Ingebrigtsen writes: > I've been seeing some warnings about invalid TLS certificates lately > that seem kinda unlikely. I mean, it's from major sites that shouldn't > have broken TLS certificates. And the error is always that the host > name doesn't match the name of the certificate. > > Which made me wonder: Does gnutls.c support SAN (subject alternate > names), which is a way to list oodles of host names in a single > certificate? I can't find any mention of this in the code... > Good question. Example sites/certificates? (I have a vague memory of there being more than one way to do SAN, perhaps we're looking at the wrong field) Regards Robert