From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: flitterio@gmail.com (Francis Litterio) Newsgroups: gmane.emacs.bugs Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Date: Sun, 12 Jun 2016 17:32:56 -0400 Message-ID: <87y46ahz23.fsf@gmail.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1465767328 16009 80.91.229.3 (12 Jun 2016 21:35:28 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 12 Jun 2016 21:35:28 +0000 (UTC) To: 23759@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Jun 12 23:35:17 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1bCD2K-0002cu-Dk for geb-bug-gnu-emacs@m.gmane.org; Sun, 12 Jun 2016 23:35:16 +0200 Original-Received: from localhost ([::1]:52783 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD2J-0000WF-Eq for geb-bug-gnu-emacs@m.gmane.org; Sun, 12 Jun 2016 17:35:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45914) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD2B-0000Tm-V7 for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:35:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCD26-0002Vz-Oi for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:35:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:54243) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD26-0002Vu-Ko for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:35:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bCD26-0002yU-Gi for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:35:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: flitterio@gmail.com (Francis Litterio) Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 12 Jun 2016 21:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.146576726611388 (code B ref -1); Sun, 12 Jun 2016 21:35:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 12 Jun 2016 21:34:26 +0000 Original-Received: from localhost ([127.0.0.1]:38347 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCD1W-0002xb-DW for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:26 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:54873) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCD1U-0002xN-ML for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:25 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCD1N-0002JT-UQ for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:19 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:45129) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD1N-0002JL-RS for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45844) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD1K-0000Qs-RG for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:34:16 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCD1F-0002Il-Lz for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:34:14 -0400 Original-Received: from mail-yw0-x231.google.com ([2607:f8b0:4002:c05::231]:33834) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD1F-0002Ie-G5 for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:34:09 -0400 Original-Received: by mail-yw0-x231.google.com with SMTP id c72so110911731ywb.1 for ; Sun, 12 Jun 2016 14:34:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=OGxyf9tr1FS9NlLjBA1wFoGAQ2IyBk/Jbrsw1drrloQ=; b=yuEp6ZmAWpQcachWxOYkK9yCcdT3IhDUd1zpYcPA50LKGVFa6Lx6UcykE7CSZ0Emh+ 6R/LplIFO2KXjrXOIto1J052avqqI4kN4ijTfM5jUNmL6I/TG0oemwLmoQsPiwkJSQjV bCbcMKv13Q5FTC/hRNJkRLgNGl5bcrnB6aRECqUNs/sx8Z1lraGFncW8Mif54JmNcjmP WJOEvculwUJGC6HUZzXJqbxxicrxWBeix+yQOl6C5PAd7XPr9c6PO0pHYrDzj9JwWSkb DKXWB+5CwXwoZxHTTpvSegCXX2fsELgWuxBcEwIlL6YxAp6qPXGOw0XjQolA5oU7kYTt lU1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=OGxyf9tr1FS9NlLjBA1wFoGAQ2IyBk/Jbrsw1drrloQ=; b=IGkZtye3xUu4LNEo1sbOW3/lnsmLE6BfPMcxzBAcAFzIQdMn+nqHOS3d7UBQxXSx8w eccK3IvcwmgqCz4pRcRGhUoQsX4IszpBtNaHMMoEDOgN93XymUmMJY4yap0GHzG14UwP YDoMtDDLPMfKBw9s2CqAUt36QRdOAldXVXzQIJE3rbwypPAplTqE4hUMMLpq3hY863+k gmZ4oCqWBuTfGXNljB1KVGAKOgLRYuyoi5o59wH4JdNV1vrDszEFqJzirjGDd8THHhFV 4oX14Mzhxj8xPZAncdzWTlV/Qx3kueCnLoipb7DeGPdB82BDDRKGj8PtDroYEP4YkbsI fI1g== X-Gm-Message-State: ALyK8tI1edRxCWmWaQM/5yPIV+wuxYhv6tIvIu+u9/OK8uK0Ft4Gx0b4gpjyH/67DlGUsw== X-Received: by 10.13.245.194 with SMTP id e185mr6240300ywf.306.1465767248397; Sun, 12 Jun 2016 14:34:08 -0700 (PDT) Original-Received: from puppy.gmail.com (125.sub-70-192-38.myvzw.com. [70.192.38.125]) by smtp.gmail.com with ESMTPSA id b123sm10034869ywe.4.2016.06.12.14.34.06 for (version=TLSv1/SSLv3 cipher=OTHER); Sun, 12 Jun 2016 14:34:07 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:119471 Archived-At: Using Emacs built from the latest mainline source on Windows 7 (with all up= dates applied), I see this problem: 1. Launch Emacs using: emacs.exe -Q 2. Evaluate this form in buffer *scratch*: (progn (require 'tls) (open-tls-stream "foo" nil "irc.oftc.net" 6697)) After the connection is established, buffer *Messages* shows two failed con= nection attempts using gnutls-cli, followed by a successful connection using openss= l: Opening TLS connection to =91irc.oftc.net=92... Opening TLS connection with =91gnutls-cli --x509cafile nil -p 6697 irc.of= tc.net=92...failed Opening TLS connection with =91gnutls-cli --x509cafile nil -p 6697 irc.of= tc.net --protocols ssl3=92...failed Opening TLS connection with =91openssl s_client -connect irc.oftc.net:669= 7 -no_ssl2 -ign_eof=92...done Opening TLS connection to =91irc.oftc.net=92...done Notice switch "--x509cafile nil" passed to gnutls-cli, which cause it to fa= il both times. The root cause has to do with variable tls-program, which has this value: ("gnutls-cli --x509cafile %t -p %p %h" "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3" "openssl s_client -connect %h:%p -no_ssl2 -ign_eof") The docstring for tls-program says that %t is replaced "with a file name co= ntaining trusted certificates". The names of trusted certificate files come from va= riable gnutls-trustfiles, which has this value: ("/etc/ssl/certs/ca-certificates.crt" "/etc/pki/tls/certs/ca-bundle.crt" "/etc/ssl/ca-bundle.pem" "/usr/ssl/certs/ca-bundle.crt" "/usr/local/share/certs/ca-root-nss.crt") The docstring for gnutlsw-trustfiles says: The files may not exist, in which case they will be ignored. These files do not exist on my Windows system, but the %t in the strings li= sted in variable tls-program is replaced by "nil", which creates a malformed gnutls= -cli command. I can work around the problem by setting variable tls-program to this list,= which is the above list without the "--x509cafile %t" in the gnutls-cli commands: ("gnutls-cli -p %p %h" "gnutls-cli -p %p %h --protocols ssl3" "openssl s_client -connect %h:%p -no_ssl2 -ign_eof") If the no trusted cert file is available, the gnutls-cli command needs to b= e constructed more intelligently, so as not to create a malformed command. This problem = seems to be localized in this code in function open-tls-stream in lisp/net/tls.el: (with-current-buffer buffer (message "Opening TLS connection to `%s'..." host) (while (and (not done) (setq cmd (pop cmds))) (let ((process-connection-type tls-process-connection-type) (formatted-cmd (format-spec cmd (format-spec-make ?t (car (gnutls-trustfiles)) ?h host ?p (if (integerp port) (int-to-string port) port))))) (message "Opening TLS connection with `%s'..." formatted-cmd) (setq process (start-process name buffer shell-file-name shell-command-switch formatted-cmd)) -- Fran Litterio In GNU Emacs 25.1.50.1 (i686-pc-mingw32) of 2016-05-28 built on PUPPY Repository revision: 549470fdf234acb4da7941e3bb9b28ed63a51876 Windowing system distributor 'Microsoft Corp.', version 6.1.7601 Recent messages: Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el... Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el... Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el... Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el Mark set Mark saved where search started Mark set [2 times] Type "q" to delete help window. Configured using: 'configure --prefix=3D/c/apps/emacs --without-x --without-xpm --without-png --without-jpeg --without-tiff --without-gif' Configured features: SOUND NOTIFY ACL TOOLKIT_SCROLL_BARS Important settings: value of $LANG: C.ISO-8859-1 locale-coding-system: cp1252 Major mode: Emacs-Lisp Minor modes in effect: erc-list-mode: t erc-menu-mode: t erc-ring-mode: t erc-networks-mode: t erc-pcomplete-mode: t erc-track-mode: t erc-track-minor-mode: t erc-match-mode: t erc-button-mode: t erc-fill-mode: t erc-netsplit-mode: t erc-irccontrols-mode: t erc-noncommands-mode: t erc-move-to-prompt-mode: t erc-readonly-mode: t diff-auto-refine-mode: t show-paren-mode: t save-place-mode: t icomplete-mode: t savehist-mode: t shell-dirtrack-mode: t tooltip-mode: t global-eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t file-name-shadow-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t abbrev-mode: t Load-path shadows: None found. Features: (shadow mail-extr emacsbug skeleton gud mm-archive url-http url-gw url-cache url-auth url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util jka-compr face-remap tabify imenu edmacro kmacro eieio-opt speedbar sb-image ezimage dframe find-func help-fns rect vc-git misearch multi-isearch server sort gnus-draft gnus-agent gnus-srvr nnvirtual nndraft nnmh gnus-msg gnus-cite canlock gnus-async gnus-score score-mode gnus-art mm-uu mml2015 mm-view mml-smime smime dig mailcap gnus-cache gnus-sum fpl-moo fpl-react cl erc-sasl erc-notify erc-truncate erc-log erc-dcc erc-list erc-menu erc-join erc-ring erc-networks erc-pcomplete erc-track erc-match erc-button erc-fill erc-stamp erc-netsplit erc-goodies erc erc-backend erc-compat thingatpt source-safe ediff-merg ediff-wind ediff-diff ediff-mult ediff-help ediff-init ediff-util ediff grep sh-script smie executable python tramp-sh json map ielm pp sgml-mode csharp-mode cc-langs smtpmail sendmail nntp gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source utf7 netrc parse-time gnus-spec gnus-int gnus-range message rfc822 mml mml-sec epa derived epg mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader gnus-win nnoo gnus nnheader subr-x gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums mail-utils mm-util mail-prsvr wid-edit etags vc vc-dispatcher dired-aux hexl smerge-mode diff-mode easy-mmode paren man info compile apropos tramp tramp-compat tramp-loaddefs trampver ucs-normalize format-spec advice saveplace icomplete xref project savehist browse-url shell pcomplete warnings arc-mode archive-mode ange-ftp socks network-stream puny nsm starttls tls gnutls dired dired-loaddefs cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs comint ansi-color ring calc-ext calc calc-loaddefs calc-macs time-stamp finder-inf package epg-config url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs password-cache url-vars seq byte-opt gv bytecomp byte-compile cl-extra help-mode easymenu cconv cl-loaddefs pcase cl-lib time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese charscript case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote w32notify w32 multi-tty make-network-process emacs) Memory information: ((conses 8 524945 95746) (symbols 32 46666 0) (miscs 32 274 2594) (strings 16 105202 34595) (string-bytes 1 3339203) (vectors 8 72445) (vector-slots 4 1840040 248756) (floats 8 547 954) (intervals 28 15501 2890) (buffers 528 53))