bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist

[Ted Zlatanov <tzz@lifelogs.com>]

On Tue, 5 Jul 2016 10:49:38 -0400 Noam Postavsky <npostavs@users.sourceforge.net> wrote: 

NP> I think gnutls is broken on master for OSX currently, see
NP> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23503

Unfortunately I don't have access to Mac OS X anymore (I did until
recently) so I can't verify or fix that issue.

On Tue, 5 Jul 2016 19:54:53 +0300 Konstantin Kliakhandler <kosta@slumpy.org> wrote: 

KK> On 5 July 2016 at 17:36, Ted Zlatanov <tzz@lifelogs.com> wrote:
>> [Kosta's patch] replaces the specific call with a generic call (no CA file
>> specified). This is probably less secure because it will use the system
>> CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so
>> I'd rather not make it the first thing attempted.

KK> the patch would work just as well if instead the line without --x509cafile was
KK> at the bottom of the list. Well, it would work worse for some users, but
KK> the key word is that it would work - except that now now it would take
KK> several more attempts to connect on my computer and on OPs (instead of just
KK> not connecting at all for OP).

Unfortunately it's less secure in the default case. I agree that it's
faster and more convenient. Perhaps there can be a way to say "if this
%t is empty, remove the preceding --argument as well" in the format
string? That would simplify the whole thing, like so:

"gnutls-cli --x509cafile %T -p %p %h"

...becomes "gnutls-cli -p PORT HOST" when the %T parameter is nil. Just
an idea...

KK> Personally, I also think that the default as defined in my current patch is
KK> preferable, since anyone who messes around with the certificates would edit
KK> this variable e.g. to set there --strict-tofu or the like (I did. It is a
KK> bit more annoying to use, but since I rarely open a new domain in emacs,
KK> it's not a big deal).

Many users don't know about these settings, and many don't have the
right GnuTLS libraries installed but think they do (so they are using
this library accidentally). I think it's good to be cautious here and
provide safe defaults.

The TOFU stuff is an interesting use case. The Emacs NSM (see
`network-security-level' and friends) tries to address this area to some
degree, but there's lots of work to be done.

KK> Anyway, I do concede that the second version is more secure. Attached is a
KK> patch that I hope is more to your liking. I put the the call that do not
KK> use an explicit certificate at the bottom of the list, even below the call
KK> to openssl s_client. I'm not sure what are the implications, as I don't
KK> know the relative merits of openssl s_client vs gnutls-cli. If you are
KK> inclined to educate me, please do as a short googling did not reveal the
KK> answers.

I'd group all the gnutls-cli calls together so it's more predictable and
easier to read. Otherwise it's fine IMHO. I know we have many security
experts here, perhaps they'll comment.

I am also concerned that SSLv3 is explicitly in the defaults. See
http://disablessl3.com/ etc.--I think that should be removed if
possible. I'll bring it up on emacs-devel.

>> Once the libraries are installed, you're all set, they'll be used
>> automatically.

KK> From what both of you said, I still am not sure what is meant by "native
KK> support". However, for various reasons I don't like the version provided in
KK> homebrew. I prefer the version from https://emacsformacosx.com.

OK, talk to the people that build that version :) Homebrew is what I
used when I had access to Mac OS X, and it worked well for me.

As Noam said, if `gnutls-available-p' returns t, you've got the native C
bindings to GnuTLS working. IMHO after the 25.1 release, opening a
secure network connection without `gnutls-available-p' should be an
annoying warning. I'll bring it up on emacs-devel.

Ted