From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#35787: 26.2; gnutls: accessing raw server certificate data Date: Tue, 24 Sep 2019 07:44:22 +0200 Message-ID: <87d0fq45ah.fsf@gnus.org> References: <87r270dj2l.fsf@mouse.gnus.org> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="1439"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 35787@debbugs.gnu.org To: Julian Scheid Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Sep 24 07:45:15 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iCddT-0000Bp-2L for geb-bug-gnu-emacs@m.gmane.org; Tue, 24 Sep 2019 07:45:15 +0200 Original-Received: from localhost ([::1]:40986 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iCddR-0002YN-QL for geb-bug-gnu-emacs@m.gmane.org; Tue, 24 Sep 2019 01:45:13 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55485) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iCddH-0002Y4-TP for bug-gnu-emacs@gnu.org; Tue, 24 Sep 2019 01:45:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iCddG-0000vP-6n for bug-gnu-emacs@gnu.org; Tue, 24 Sep 2019 01:45:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:56861) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iCddG-0000vJ-2w for bug-gnu-emacs@gnu.org; Tue, 24 Sep 2019 01:45:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iCddF-0004cJ-VI for bug-gnu-emacs@gnu.org; Tue, 24 Sep 2019 01:45:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 24 Sep 2019 05:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 35787 X-GNU-PR-Package: emacs Original-Received: via spool by 35787-submit@debbugs.gnu.org id=B35787.156930387017675 (code B ref 35787); Tue, 24 Sep 2019 05:45:01 +0000 Original-Received: (at 35787) by debbugs.gnu.org; 24 Sep 2019 05:44:30 +0000 Original-Received: from localhost ([127.0.0.1]:37446 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iCdcj-0004b1-LZ for submit@debbugs.gnu.org; Tue, 24 Sep 2019 01:44:30 -0400 Original-Received: from quimby.gnus.org ([80.91.231.51]:55854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iCdch-0004ar-Su for 35787@debbugs.gnu.org; Tue, 24 Sep 2019 01:44:28 -0400 Original-Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iCdcc-0001iv-LY; Tue, 24 Sep 2019 07:44:26 +0200 In-Reply-To: (Lars Ingebrigtsen's message of "Tue, 09 Jul 2019 15:44:42 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:167068 Archived-At: Lars Ingebrigtsen writes: > There's gnutls-peer-status, and that could also be amended to return the > full certificate. But, again, that's also called for virtually any TLS > connection. This has been added now in conjunction with the more extensive NSM checks. gnutls-peer-status now returns the entire certificate in Emacs 27. (:certificates ((:version 3 :serial-number "01:a7:8a:7f:5e:bb:b7:ba:02:00:00:00:00:42:ff:= ed" :issuer "C=3DUS,O=3DGoogle Trust Services,CN=3DGTS CA 1O1" :valid-from = "2019-09-05" :valid-to "2019-11-28" :subject "C=3DUS,ST=3DCalifornia,L=3DMo= untain View,O=3DGoogle LLC,CN=3Dwww.google.com" :public-key-algorithm "EC/E= CDSA" :certificate-security-level "High" :signature-algorithm "RSA-SHA256" = :public-key-id "sha1:11:9e:12:6c:be:0c:66:5e:8f:94:c4:61:7a:98:ae:e5:ba:7b:= 20:98" :certificate-id "sha1:e3:70:d8:55:59:f9:0b:64:da:d4:52:22:55:ac:c1:2= 3:57:d4:a3:c6" :pem "-----BEGIN CERTIFICATE-----\nMIIEvjCCA6agAwIBAgIQAaeKf= 167t7oCAAAAAEL/7TANBgkqhkiG9w0BAQsFADBC\nMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR2= 9vZ2xlIFRydXN0IFNlcnZpY2VzMRMw\nEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MDkwNTIwMjE= yNFoXDTE5MTEyODIwMjEy\nNFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx= FjAUBgNVBAcT\nDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTD= nd3\ndy5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFozpcPL0RPFq\nPdxp= YCEudxkn/IWJU5JU81Dqp1psOvVqWHB8TcvLlscPbx04BNsJZsZaSSQF5Ky0\nSeJchxHrL6OCA= lMwggJPMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF\nBQcDATAMBgNVHRMBAf8EAj= AAMB0GA1UdDgQWBBSvLWUz0DGNZtkyyKkyvQ6rfHKS\nTDAfBgNVHSMEGDAWgBSY0fhuEOvPm+x= gnxiQG6DrfQn9KzBkBggrBgEFBQcBAQRY\nMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBr= aS5nb29nL2d0czFvMTArBggr\nBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xL= mNydDAZBgNVHREE\nEjAQgg53d3cuZ29vZ2xlLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECAjAMBg= orBgEE\nAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RT\nM= U8xLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AGPy283oO8wszwtyhCdX\nazOkjWF3j7= 11pjixx2hUS9iNAAABbQNNrJ0AAAQDAEcwRQIgTSJms2pYhhK9fqeT\nFxFez+JhDdItCIQQWgz= aBPkJv/oCIQCLfR4jtnTlM4Q+3DsnJkUpOLyVGe1+szyo\n3iGIVKtrnwB1AHR+2oMxrTMQkSGc= ziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABbQNN\nrLoAAAQDAEYwRAIgTz5ZYxnof80pqG73hkNRX= 8ypL7Zhawts2vNE/rhOHIQCIAfn\nIxrHwf9Jx0DyD7A4cjtgaunpuAy8ICUjysICyQ16MA0GCS= qGSIb3DQEBCwUAA4IB\nAQBEKhT92shr4RdM4Yc26VkNOxR4FjbDJHRltJkrxIu/VwFdyrsRfA3= WtawRl7xM\n27C99PvwS2Z6XzqKM+GuxfS5qBRxV3RTQVFDeJYgXqkXwCT1YnpRo98cDcBcOlac= \nrXz+3KzDWrz323xG8NyYSoqDtDUvUF5B0JttNYh2UuxVh3yqOmYjEQvH0kxp+Elc\nLV7Xq47= alFBvD8nLARX9mqLFXjaiMNLPihX/Oo3AJd+kXuDeJz6igUsf9UeIcbRc\n4ZOLQk5ysB/+k9B8= w3B2DIXMyy+UWt3XNX7pKMDVEhLm2esXAsjgMziu0n3UwLKG\n1KJj8WrPtP2Xvq/dixvp08ui\= n-----END CERTIFICATE-----\n") (:version 3 :serial-number "01:e3:b4:9a:a1:8d:8a:a9:81:25:69:50:b8" :issu= er "OU=3DGlobalSign Root CA - R2,O=3DGlobalSign,CN=3DGlobalSign" :valid-fro= m "2017-06-15" :valid-to "2021-12-15" :subject "C=3DUS,O=3DGoogle Trust Ser= vices,CN=3DGTS CA 1O1" :public-key-algorithm "RSA" :certificate-security-le= vel "Medium" :signature-algorithm "RSA-SHA256" :public-key-id "sha1:02:8d:a= 9:cf:40:24:76:cc:18:27:6a:db:ac:85:c5:a3:e8:9d:66:a2" :certificate-id "sha1= :df:e2:07:0c:79:e7:ff:36:a9:25:ff:a3:27:ff:e3:de:ec:f8:f9:c2" :pem "-----BE= GIN CERTIFICATE-----\nMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BA= QsFADBMMSAw\nHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYm= Fs\nU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\nMTUwM= DAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\nU2VydmljZXMxEz= ARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDQGM9= F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv\nUA0Qk28FgICfKqC9EksC4T2fWBYk/jCf= C3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr\nmBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL= +dEaltN11BmsK+eQmMF++Ac\nxGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP= 0aM3T4I+DsaxmK\nFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyB= ABk7X\nrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV\nHQ= 8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud\nEwEB/wQIMAY= BAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G\nA1UdIwQYMBaAFJviB1dn= HB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl\nBggrBgEFBQcwAYYZaHR0cDovL29jc= 3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp\nMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2= dzcjIvZ3NyMi5jcmwwPwYDVR0g\nBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM= 6Ly9wa2kuZ29vZy9y\nZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9= XlQWNa7H\nTgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN\= nFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz\nmqepBCf5= o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW\nIRdAvKLWZu/axBVbz= Ymqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ\nUSpxu6x6td0V7SvJCCosirSmIa= tj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg=3D=3D\n-----END CERTIFICATE-----\n")) :certificate (:version 3 :serial-number "01:a7:8a:7f:5e:bb:b7:ba:02:00:00:00:00:42:ff:e= d" :issuer "C=3DUS,O=3DGoogle Trust Services,CN=3DGTS CA 1O1" :valid-from "= 2019-09-05" :valid-to "2019-11-28" :subject "C=3DUS,ST=3DCalifornia,L=3DMou= ntain View,O=3DGoogle LLC,CN=3Dwww.google.com" :public-key-algorithm "EC/EC= DSA" :certificate-security-level "High" :signature-algorithm "RSA-SHA256" := public-key-id "sha1:11:9e:12:6c:be:0c:66:5e:8f:94:c4:61:7a:98:ae:e5:ba:7b:2= 0:98" :certificate-id "sha1:e3:70:d8:55:59:f9:0b:64:da:d4:52:22:55:ac:c1:23= :57:d4:a3:c6" :pem "-----BEGIN CERTIFICATE-----\nMIIEvjCCA6agAwIBAgIQAaeKf1= 67t7oCAAAAAEL/7TANBgkqhkiG9w0BAQsFADBC\nMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29= vZ2xlIFRydXN0IFNlcnZpY2VzMRMw\nEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MDkwNTIwMjEy= NFoXDTE5MTEyODIwMjEy\nNFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExF= jAUBgNVBAcT\nDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDn= d3\ndy5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFozpcPL0RPFq\nPdxpY= CEudxkn/IWJU5JU81Dqp1psOvVqWHB8TcvLlscPbx04BNsJZsZaSSQF5Ky0\nSeJchxHrL6OCAl= MwggJPMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF\nBQcDATAMBgNVHRMBAf8EAjA= AMB0GA1UdDgQWBBSvLWUz0DGNZtkyyKkyvQ6rfHKS\nTDAfBgNVHSMEGDAWgBSY0fhuEOvPm+xg= nxiQG6DrfQn9KzBkBggrBgEFBQcBAQRY\nMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBra= S5nb29nL2d0czFvMTArBggr\nBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xLm= NydDAZBgNVHREE\nEjAQgg53d3cuZ29vZ2xlLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECAjAMBgo= rBgEE\nAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RT\nMU= 8xLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AGPy283oO8wszwtyhCdX\nazOkjWF3j71= 1pjixx2hUS9iNAAABbQNNrJ0AAAQDAEcwRQIgTSJms2pYhhK9fqeT\nFxFez+JhDdItCIQQWgza= BPkJv/oCIQCLfR4jtnTlM4Q+3DsnJkUpOLyVGe1+szyo\n3iGIVKtrnwB1AHR+2oMxrTMQkSGcz= iVPQnDCv/1eQiAIxjc1eeYQe8xWAAABbQNN\nrLoAAAQDAEYwRAIgTz5ZYxnof80pqG73hkNRX8= ypL7Zhawts2vNE/rhOHIQCIAfn\nIxrHwf9Jx0DyD7A4cjtgaunpuAy8ICUjysICyQ16MA0GCSq= GSIb3DQEBCwUAA4IB\nAQBEKhT92shr4RdM4Yc26VkNOxR4FjbDJHRltJkrxIu/VwFdyrsRfA3W= tawRl7xM\n27C99PvwS2Z6XzqKM+GuxfS5qBRxV3RTQVFDeJYgXqkXwCT1YnpRo98cDcBcOlac\= nrXz+3KzDWrz323xG8NyYSoqDtDUvUF5B0JttNYh2UuxVh3yqOmYjEQvH0kxp+Elc\nLV7Xq47a= lFBvD8nLARX9mqLFXjaiMNLPihX/Oo3AJd+kXuDeJz6igUsf9UeIcbRc\n4ZOLQk5ysB/+k9B8w= 3B2DIXMyy+UWt3XNX7pKMDVEhLm2esXAsjgMziu0n3UwLKG\n1KJj8WrPtP2Xvq/dixvp08ui\n= -----END CERTIFICATE-----\n") :key-exchange "ECDHE-RSA" :protocol "TLS1.3" :cipher "AES-256-GCM" :mac "A= EAD" :encrypt-then-mac nil) --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no