From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Date: Mon, 17 Mar 2014 17:33:56 -0400 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <87siqg7bnf.fsf@lifelogs.com> References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1395092048 15178 80.91.229.3 (17 Mar 2014 21:34:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 17 Mar 2014 21:34:08 +0000 (UTC) Cc: 16978@debbugs.gnu.org To: Jens Lechtenboerger Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Mar 17 22:34:17 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WPfAm-0000Ri-13 for geb-bug-gnu-emacs@m.gmane.org; Mon, 17 Mar 2014 22:34:16 +0100 Original-Received: from localhost ([::1]:60322 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WPfAl-0003qE-La for geb-bug-gnu-emacs@m.gmane.org; Mon, 17 Mar 2014 17:34:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43978) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WPfAe-0003q4-1G for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:34:13 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WPfAY-0004Uq-MP for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:34:07 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38114) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WPfAY-0004Ul-JK for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:34:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WPfAY-0005n2-AD for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:34:02 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 17 Mar 2014 21:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139509198722167 (code B ref 16978); Mon, 17 Mar 2014 21:34:02 +0000 Original-Received: (at 16978) by debbugs.gnu.org; 17 Mar 2014 21:33:07 +0000 Original-Received: from localhost ([127.0.0.1]:39296 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WPf9e-0005lT-TZ for submit@debbugs.gnu.org; Mon, 17 Mar 2014 17:33:07 -0400 Original-Received: from mail-qc0-f170.google.com ([209.85.216.170]:35990) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WPf9d-0005lL-6j for 16978@debbugs.gnu.org; Mon, 17 Mar 2014 17:33:05 -0400 Original-Received: by mail-qc0-f170.google.com with SMTP id e9so6804197qcy.15 for <16978@debbugs.gnu.org>; Mon, 17 Mar 2014 14:33:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:user-agent :mail-copies-to:gmane-reply-to-list:date:message-id:mime-version :content-type; bh=1pciT17CiQlAhP8PiYEgHbcMtNXv6r/63/KIRZSarGk=; b=ud5mOj7dE7ikyTOyS9EBrV3xwW90qwzknY0sq0nUZKZhLsmGUtKZOCuwTjE6hzwuVG A3jHQJd6PEFbx7aK9FnfK5t2TKz8ABSBVEtj4dZxHknqV3MtAEIWRUjI4bTrHvoXJ4GJ 5G9pXpY4NypFWKlXCUufx52Ft22wETe3rc7MQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :user-agent:mail-copies-to:gmane-reply-to-list:date:message-id :mime-version:content-type; bh=1pciT17CiQlAhP8PiYEgHbcMtNXv6r/63/KIRZSarGk=; b=Ln8JNYX+kQ2zS8xL9Lvhc4xg/wNaL9ciqEQJv5I7tHWwKim3R440/+3eOK/FlrksVt yVZaDDQhy1ZD7gS5JGgh8S9pButxStc8aMF5xWh4fQy3wjwtJvSVued6qOaWxYndEfym keaMd8ntcI1ipysrCSmFLbAiW97WznN1+MByCOtr2ZMP3flvA8p4ttFNvLZsrUY0bhZ9 Gy+q41rvbdk3+MTuuGA5k30UG978AM23emjCudBVz9kqXY3C4n31v2Zb9xITR8OM6tRi zFasD5cVYIwvB8cSxIkZtLwbGrVUqIAlGxdwAQQIchNAfJ13Tfu+yG+LcgotBG4MWK5Q uTSA== X-Gm-Message-State: ALoCoQlVZXJRCqkFjXuDbBzbzMqaKwoiEZSp4QWLbsK1yPRF23hhx8ALm4wfNciDkSdH34eRSscO X-Received: by 10.140.22.39 with SMTP id 36mr29451731qgm.59.1395091984584; Mon, 17 Mar 2014 14:33:04 -0700 (PDT) Original-Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id s6sm47170513qad.22.2014.03.17.14.33.03 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 17 Mar 2014 14:33:03 -0700 (PDT) User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:86924 Archived-At: On Tue, 11 Mar 2014 18:04:25 +0100 Jens Lechtenboerger wrote: JL> I'm now on GNU Emacs 24.3.50.1. I can't get gnutls-verify-error to JL> work. So far I only tried that with NNTPS, not SMTP. If I set JL> gnutls-verify-error to t, the TCP connection to port 563 is closed JL> immediately (on the wire I see FIN/ACK immediately after the JL> three-way handshake; no TLS related data at all). JL> Afterwards, the server is shown as offline in the server buffer. JL> gnus-server-open-server fails as long as gnutls-verify-error is t. Hi Jens, I've tested this: (require 'gnutls) (setq gnutls-verify-error t) (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") (open-gnutls-stream "tls" "tls-buffer" "localhost" "imaps") I just made a small change to allow the t in the above, so please update to the latest. Can you please run `gnutls-serv' with the right options and hit it directly, and see if that replicates the issue? Thanks Ted