From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Noam Postavsky Newsgroups: gmane.emacs.bugs Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems Date: Tue, 03 Jul 2018 21:34:33 -0400 Message-ID: <87sh4zlr6e.fsf@gmail.com> References: <87fu1apchn.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1530668016 2441 195.159.176.226 (4 Jul 2018 01:33:36 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 4 Jul 2018 01:33:36 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) Cc: 31946@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Jul 04 03:33:32 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1faWfi-0000YD-Hq for geb-bug-gnu-emacs@m.gmane.org; Wed, 04 Jul 2018 03:33:30 +0200 Original-Received: from localhost ([::1]:43515 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1faWhp-0005TG-T7 for geb-bug-gnu-emacs@m.gmane.org; Tue, 03 Jul 2018 21:35:41 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:60568) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1faWhH-0005DG-Sj for bug-gnu-emacs@gnu.org; Tue, 03 Jul 2018 21:35:13 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1faWhC-0007Kf-V8 for bug-gnu-emacs@gnu.org; Tue, 03 Jul 2018 21:35:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:37848) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1faWhC-0007KW-Rm for bug-gnu-emacs@gnu.org; Tue, 03 Jul 2018 21:35:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1faWhC-0007vR-Ky for bug-gnu-emacs@gnu.org; Tue, 03 Jul 2018 21:35:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Noam Postavsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 04 Jul 2018 01:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31946 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.153066809130424 (code B ref 31946); Wed, 04 Jul 2018 01:35:02 +0000 Original-Received: (at 31946) by debbugs.gnu.org; 4 Jul 2018 01:34:51 +0000 Original-Received: from localhost ([127.0.0.1]:45740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1faWgx-0007uU-UD for submit@debbugs.gnu.org; Tue, 03 Jul 2018 21:34:51 -0400 Original-Received: from mail-it0-f45.google.com ([209.85.214.45]:51478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1faWgs-0007uC-Am for 31946@debbugs.gnu.org; Tue, 03 Jul 2018 21:34:46 -0400 Original-Received: by mail-it0-f45.google.com with SMTP id o5-v6so5716124itc.1 for <31946@debbugs.gnu.org>; Tue, 03 Jul 2018 18:34:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=Q5N+/nsmay7YcLiT6gaTCd5rXaJcm0OieFRr9C+dzSU=; b=EOX6Qy2QjDeVr8gRKKtm0gjbJWWpn/azS6+sLYAAUMrfpmJQqxxA8/UyjCRo7VHNuM uatWqKxzMnCzalORHeB7IcxHGwmLb804VuCkjjFJUSJQh5//QZ4cU+RmbPKV5Zq17fNy PPopLcD8YntOz5iEoQgMCkfjAYu49KUCozDzFCxTyvReizjjXSltcmaIr5NUk+v/Myzr tg0Mr9VWnyBRuEqppf9dQSiFyStSdF2MlfYucww4jYWBBx6tz4C8fXk4K64VS9N1d/mW CpB7du++Cvf9nOP9yfOwc7Rm68g0tPTcmz40UkSDwn1PPIPhzFhZKXkiYzmRxO3iBXy8 6oEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=Q5N+/nsmay7YcLiT6gaTCd5rXaJcm0OieFRr9C+dzSU=; b=cxTzm3cvzS3pJ/AOUuNUmoWZyVyshPGXwvAiXtRfPWyqIF1746qZ1YYQO6X6/OTfF9 ot37513LD6dnAnds4UZ6bDzkrbB2YQmWfDCzCx3q7FJxTzACi6ijLVQNsphEY3mriaK+ A7O3TBf0P/eIc4LNHsocPqGqxyLJ1t2NvvCHlbtY0MVnFA9tSwayE456XzdM7WI0ZkSM z99xknfjFHIcRXKbPieHLqmYoPnKN27ejfGm9GvMARhhP1X48LQWy2nxTpcTS6A8ncAR GOpi/CrdoEbCCswAO+yrVwHtYOC9TmSQEZXHNS+KqZQJPuorW8vNFNNjOOWcKBv+tiut O6Zg== X-Gm-Message-State: APt69E2Mpdq3zzz7R/ob5sDzZxLDoAJs8vw14zn8mMc5rbmzw9VaGONc YuGrNob2WFEaVM78EAP/+Dv/Sw== X-Google-Smtp-Source: AAOMgpfm/hZdXuWfk15gqyKWFYHsFbLTEJudPkSIdz4vzHr/5cFTo0F2hONegcykwhnrvJm52cpdJA== X-Received: by 2002:a24:6285:: with SMTP id d127-v6mr344021itc.52.1530668076661; Tue, 03 Jul 2018 18:34:36 -0700 (PDT) Original-Received: from zebian (cbl-45-2-119-34.yyz.frontiernetworks.ca. [45.2.119.34]) by smtp.googlemail.com with ESMTPSA id h81-v6sm4224312ith.2.2018.07.03.18.34.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 03 Jul 2018 18:34:35 -0700 (PDT) In-Reply-To: (Lars Ingebrigtsen's message of "Tue, 03 Jul 2018 17:08:50 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:148165 Archived-At: Lars Ingebrigtsen writes: > Hm... this URL > > https://www.usps.com/business/web-tools-apis/welcome.htm > > now gives a warning about a SHA1 intermediary certificate, while > Chromium and Firefox seems fine with it, so there may be a bug in the > SHA1 check. Haven't had time to debug. According to the show certificate info in Firefox, it's the root certificate which has SHA1. Firefox shows both the issuer and subject name as: CN = VeriSign Class 3 Public Primary Certification Authority - G5 OU = "(c) 2006 VeriSign, Inc. - For authorized use only" OU = VeriSign Trust Network O = "VeriSign, Inc." C = US But in Emacs, I'm getting this from gnutls_x509_crt_get_issuer_dn(): "C=US,O=VeriSign\\, Inc.,OU=Class 3 Public Primary Certification Authority" and this from gnutls_x509_crt_get_dn(): "C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5" So gnutls is getting this non-matching issuer from somewhere, but it's unclear to me where.