From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems Date: Sun, 08 Jul 2018 16:23:54 +0200 Message-ID: <87zhz1n6v9.fsf@mouse.gnus.org> References: <87fu1apchn.fsf@gmail.com> <87sh4zlr6e.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1531059739 16671 195.159.176.226 (8 Jul 2018 14:22:19 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 8 Jul 2018 14:22:19 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 31946@debbugs.gnu.org To: Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Jul 08 16:22:14 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcAZp-0004EO-KH for geb-bug-gnu-emacs@m.gmane.org; Sun, 08 Jul 2018 16:22:13 +0200 Original-Received: from localhost ([::1]:37176 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcAbw-00027E-Lo for geb-bug-gnu-emacs@m.gmane.org; Sun, 08 Jul 2018 10:24:24 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40894) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcAbd-00026l-QA for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcAbb-0000EM-TF for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:43332) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fcAbb-0000E6-Po for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fcAbb-0007kg-Ib for bug-gnu-emacs@gnu.org; Sun, 08 Jul 2018 10:24:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 08 Jul 2018 14:24:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31946 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.153105984229776 (code B ref 31946); Sun, 08 Jul 2018 14:24:03 +0000 Original-Received: (at 31946) by debbugs.gnu.org; 8 Jul 2018 14:24:02 +0000 Original-Received: from localhost ([127.0.0.1]:51226 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcAbY-0007k5-SA for submit@debbugs.gnu.org; Sun, 08 Jul 2018 10:24:02 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:34611) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcAbX-0007jx-0N for 31946@debbugs.gnu.org; Sun, 08 Jul 2018 10:23:59 -0400 Original-Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=marnie) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fcAbU-0003EO-6a; Sun, 08 Jul 2018 16:23:58 +0200 In-Reply-To: <87sh4zlr6e.fsf@gmail.com> (Noam Postavsky's message of "Tue, 03 Jul 2018 21:34:33 -0400") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:148340 Archived-At: Noam Postavsky writes: > But in Emacs, I'm getting this from gnutls_x509_crt_get_issuer_dn(): > > "C=US,O=VeriSign\\, Inc.,OU=Class 3 Public Primary Certification Authority" > > and this from gnutls_x509_crt_get_dn(): > > "C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 > VeriSign\\, Inc. - For authorized use only,CN=VeriSign Class 3 Public > Primary Certification Authority - G5" Ah, I see... > So gnutls is getting this non-matching issuer from somewhere, but it's > unclear to me where. Hm... Oh! I see that gnutls has gotten several variations on these functions now. For instance: https://www.gnutls.org/reference/gnutls-x509.html#gnutls-x509-crt-get-issuer-dn3 It says: "When the flag GNUTLS_X509_DN_FLAG_COMPAT is specified, the output format will match the format output by previous to 3.5.6 versions of GnuTLS which was not not fully RFC4514-compliant." Which I would interpret to mean that the dn3 version of these functions now return the RFC4515-compliant strings. Perhaps we should call these newer functions instead of the _dn functions? I guess more #ifdefs and configure checks will be needed... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no