From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ivan Shmakov Newsgroups: gmane.emacs.bugs Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Date: Fri, 19 Dec 2014 17:32:28 +0000 Message-ID: <87mw6jh7f7.fsf@violet.siamics.net> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <87bnn0mxup.fsf@engster.org> <87y4q4hawq.fsf@violet.siamics.net> <87zjaklgmn.fsf@engster.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1419010405 28544 80.91.229.3 (19 Dec 2014 17:33:25 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 19 Dec 2014 17:33:25 +0000 (UTC) To: 19404@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Dec 19 18:33:15 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Y21QR-0002a8-BL for geb-bug-gnu-emacs@m.gmane.org; Fri, 19 Dec 2014 18:33:15 +0100 Original-Received: from localhost ([::1]:59957 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y21QQ-0008K6-RC for geb-bug-gnu-emacs@m.gmane.org; Fri, 19 Dec 2014 12:33:14 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56673) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y21QJ-0008JA-Uj for bug-gnu-emacs@gnu.org; Fri, 19 Dec 2014 12:33:12 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y21QF-0008Cr-CN for bug-gnu-emacs@gnu.org; Fri, 19 Dec 2014 12:33:07 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:42423) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y21QF-0008Cd-11 for bug-gnu-emacs@gnu.org; Fri, 19 Dec 2014 12:33:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Y21QE-0001iF-GE for bug-gnu-emacs@gnu.org; Fri, 19 Dec 2014 12:33:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 17:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14190103596545 (code B ref 19404); Fri, 19 Dec 2014 17:33:02 +0000 Original-Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 17:32:39 +0000 Original-Received: from localhost ([127.0.0.1]:51789 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y21Pr-0001hV-Ci for submit@debbugs.gnu.org; Fri, 19 Dec 2014 12:32:39 -0500 Original-Received: from fely.am-1.org ([78.47.74.50]:45394) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y21Pp-0001hN-JP for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 12:32:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=y4iUGtSzwfvEqORxTUpBt9A4APlwfs5TnbCx0hmdfwM=; b=C6l2NV/Ec6CquKjsfpIPZRoZBT872Oeow/VIx119jev9v0EK+nNbTXxN+SamfzuDs2MyGrXXbUBkwDhEFbSaREesSexApvhwxLxJ9Mbg17V7qgMcQ/KvIqNrsGWlLsmQTx9cVEUxrA2Nb+lLl2u4zhpPByLLyhfE9cCNtp3bRmQ=; Original-Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y21Pn-0006lm-Tz for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 17:32:36 +0000 Original-Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y21Pg-0000QX-RF for 19404@debbugs.gnu.org; Sat, 20 Dec 2014 00:32:28 +0700 Mail-Followup-To: 19404@debbugs.gnu.org In-Reply-To: <87zjaklgmn.fsf@engster.org> (David Engster's message of "Thu, 18 Dec 2014 23:47:44 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:97576 Archived-At: >>>>> David Engster writes: >>>>> Ivan Shmakov writes: >>>>> David Engster writes: [=E2=80=A6] >>> So my guess would be: use gnutls_x509_crt_get_dn2 or maybe >>> gnutls_x509_crt_get_subject and compare to >>> gnutls_certificate_get_issuer. If equal -> self-signed. But that >>> could be wrong. Best place is to ask on the GnuTLS list. >> If anything, it=E2=80=99s the respective public key fingerprints that a= re to >> be compared. > Sorry, I don't get it. Which respective public key fingerprints? > There's just one certificate. Public key fingerprint is a property of, well, the public key, =E2=80=93 not the certificate. But I stand corrected; as it seems, while OpenPGP signatures =E2=80=93 including those binding user IDs to public keys [1] =E2=80=93 allow for the signer (issuer) to be identified with a =E2=80=9Ckey ID=E2=80=9D (the = low 64 bits SHA-1 of the respective public key=E2=80=99s fingerprint), X.509 certificates do not offer such an option (e.=C2=A0g., [2].) So I guess we should indeed check the DNs. [1] urn:ietf:rfc:4880, section 11.1 =E2=80=9CTransferable Public Keys=E2=80= =9D. [2] https://cipherious.wordpress.com/2013/05/13/constructing-an-x-509-certi= ficate-using-asn-1/ --=20 FSF associate member #7257 np. The Talisman =E2=80=94 Iron Maiden =E2=80= =A6 B6A0 230E 334A