From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Konstantin Kliakhandler Newsgroups: gmane.emacs.bugs Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Date: Sat, 2 Jul 2016 10:09:50 +0300 Message-ID: References: <87y46ahz23.fsf@gmail.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=001a114c23b42f2ed10536a1cba4 X-Trace: ger.gmane.org 1467478590 15302 80.91.229.3 (2 Jul 2016 16:56:30 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 2 Jul 2016 16:56:30 +0000 (UTC) To: 23759@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jul 02 18:56:17 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1bJODI-00028i-Kz for geb-bug-gnu-emacs@m.gmane.org; Sat, 02 Jul 2016 18:56:16 +0200 Original-Received: from localhost ([::1]:39361 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJODH-0004IS-Rk for geb-bug-gnu-emacs@m.gmane.org; Sat, 02 Jul 2016 12:56:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43320) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJODA-0004IB-E8 for bug-gnu-emacs@gnu.org; Sat, 02 Jul 2016 12:56:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bJOD4-0000Mv-1X for bug-gnu-emacs@gnu.org; Sat, 02 Jul 2016 12:56:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:50730) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJOD3-0000Ml-RK for bug-gnu-emacs@gnu.org; Sat, 02 Jul 2016 12:56:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bJOD3-0004Iy-J2 for bug-gnu-emacs@gnu.org; Sat, 02 Jul 2016 12:56:01 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: <87y46ahz23.fsf@gmail.com> Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 02 Jul 2016 16:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146747851316485 (code B ref 23759); Sat, 02 Jul 2016 16:56:01 +0000 Original-Received: (at 23759) by debbugs.gnu.org; 2 Jul 2016 16:55:13 +0000 Original-Received: from localhost ([127.0.0.1]:34834 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bJOCG-0004Hm-81 for submit@debbugs.gnu.org; Sat, 02 Jul 2016 12:55:12 -0400 Original-Received: from mail-wm0-f53.google.com ([74.125.82.53]:38862) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bJF4B-0005UB-RE for 23759@debbugs.gnu.org; Sat, 02 Jul 2016 03:10:17 -0400 Original-Received: by mail-wm0-f53.google.com with SMTP id r201so53762285wme.1 for <23759@debbugs.gnu.org>; Sat, 02 Jul 2016 00:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=yhzrOxOpIMr378+kVLpvG5UUU0NDNIe9T3ykjR9aFAQ=; b=qTKoOUgLpVsoKBojBOzOZpnc9OPJcbcIbX9VuYlBfu8XwMcwgLdLGC3ukDD/gaRJNW 7JPWzQ38N+9kT+ZF4bWNp6OxmU3gCpX0CieDV+tA2PfdLaESAu8mFSD0OptZOMSizDjr /0T/cdtEjIQJmqPZnmEiId4gQ4bFNYnTVWWsDpIzVLFVSTFxNjXCDAy44qoWP/R9Ptew Ygq18NpoLJpKlDVWqMbzYwFkaPXGAwUtgcwHpsqyO9KMLG8jWtrfpmRBazMjD+KXDasB 7dWbmlyX1R8/YxziWIkCAazNXmVAqk4Za5LxqvCBRojDUfi3bq0w/tDHp1t5foL4w8do N2tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yhzrOxOpIMr378+kVLpvG5UUU0NDNIe9T3ykjR9aFAQ=; b=jheyRF2gVtc0zjSuSGbyYpSjVZHm4x3mcCkA3J5WKdIQ3/HAdWkb+iRhKrLhWmAw7Y igcUlOMzT+qsVRdp1p3wOMyyMUGWutzKOgcNaqaV+H7ntts+oJmqFMbqQLt7xWKbR71m z+uqQezjXuDvjETw7nxFAAQmt7+k00pD82I3w1k5RzjYnK+qGkRhEdhSTrYvjBs+XNYx uut4pOK9ebbaZlVuA1doIxvZzHXYxYo3RddKSxsortGZJE9c2n+m7tUhyuJ7BlgjiXHr AheuV3h6N3fcQeqvZDIpHXphXv18sc6ux/EO4/c6DPElnUp/fGjdweQn7jvUOlh6YwTd cc8A== X-Gm-Message-State: ALyK8tKX5UxE/Ifk/JFiEbPWdYzks7VdKZpRzsi2+pmQ/eTQHw2C1wu6VBHoiHFi4smNB2+llFPIW0t1p9eE+grl X-Received: by 10.28.148.1 with SMTP id w1mr1866925wmd.63.1467443410039; Sat, 02 Jul 2016 00:10:10 -0700 (PDT) Original-Received: by 10.28.99.214 with HTTP; Sat, 2 Jul 2016 00:09:50 -0700 (PDT) X-Mailman-Approved-At: Sat, 02 Jul 2016 12:55:10 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:120299 Archived-At: --001a114c23b42f2ed10536a1cba4 Content-Type: multipart/alternative; boundary=001a114c23b42f2ecb0536a1cba2 --001a114c23b42f2ecb0536a1cba2 Content-Type: text/plain; charset=UTF-8 Hello, First, I apologize for the double posting - I realize that I sent the previous message with a messed up subject and this caused it not to be grouped with the rest of the messages in this bug, and to not appear in the tracker. I hope this second one will work now. I am using emacs on OSX 10.12 from https://emacsformacosx.com/builds: (emacs-version) "GNU Emacs 25.1.50.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603)) of 2016-05-30" And experience the same problem when running emacs -Q. Furthermore, I diagnosed the cause to be incorrect building of formatted-cmd in open-tls-stream from the given arguments. Attached is a patch that fixes the problem on my end. To make the patch smaller, I did not reindent the whole function - I hope this is alright. Finally, I'd like to reply to: > Fran gmail.com> writes: > If Cygwin is installed, open-tls-stream works, because gnutls-cli and > openssl > > are available. It has worked for some time. I routinely use this feature > to > > enable ERC to connect to servers using TLS using function erc-tls. > At some point, tls.el will be deprecated. Why aren't you just using > Emacs with the built-in TLS support? In my honest opinion, a feature is either deprecated or not, and while it is not yet deprecated, bugs should not be ignored. I hope you would agree at least to the point of testing the patch and incorporating it if it works well :-) Fuller description of the problem and the fix: The problem: `open-tls-stream' replaces %t with exactly one element, which is nil if none of gnutls-trustfiles is readable, and the first element of gnutls-trustfiles is more than one is readable. The Solution: In the patch I make the test iterate on all the trustfiles as a user might have more than one relevant. In addition, I made the default setting for tls-program have entries that do not explicitly specify the trustfile. One thing to note here perhaps, is that if (gnutls-trustfiles) returns an empty list and one has the %t substitution in one of the tls-program entries, then that entry will not be run at all. I feel that this is reasonable since by setting --x509cafile nil one makes gnutls-cli fail anyway. Finally, I'm experiencing the above behavior, as far as I can tell, by default in e.g. erc-tls. What is the proper way to move to the built in TLS? Is it likely to be something in my config or in the implementation of ERC? Thanks, Kosta --001a114c23b42f2ecb0536a1cba2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello,

First, I apologize for = the double posting - I realize that I sent the previous message with a mess= ed up subject and this caused it not to be grouped with the rest of the mes= sages in this bug, and to not appear in the tracker. I hope this second one= will work now.

I am using emacs on OSX 10.12 from= https://em= acsformacosx.com/builds:=C2=A0

(emacs-ver= sion)
"GNU Emacs 25.1.50.1 (x86_64-apple-darwin13= .4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603))
=C2=A0of = 2016-05-30"

And experience the same pro= blem when running emacs -Q. Furthermore, I diagnosed the cause to be incorr= ect building of formatted-cmd in open-tls-stream from the given arguments. = Attached is a patch that fixes the problem on my end. To make the patch sma= ller, I did not reindent the whole function - I hope this is alright.=C2=A0=

Finally, I'd like to reply to:
=C2= =A0
Fran <flitterio <at> gmail.com> writes:
> If Cygwin is installed, open-tls-stream works, because gnutls-= cli and openssl
> are available. It has worked for some time. I routi= nely use this feature to
> enable ERC to connect to servers using TLS= using function erc-tls.
=C2=A0
At some point, tls.el will b= e deprecated. Why aren't you just using
Emacs with the built-in TLS= support?

In my honest opinion, a feature i= s either deprecated or not, and while it is not yet deprecated, bugs should= not be ignored. I hope you would agree at least to the point of testing th= e patch and incorporating it if it works well :-)

= Fuller description of the problem and the fix:

The= problem: `open-tls-stream' replaces %t with exactly one element, which= is nil if none of gnutls-trustfiles is readable, and the first element of = gnutls-trustfiles is more than one is readable.
The Solution: In = the patch I make the test iterate on all the trustfiles as a user might hav= e more than one relevant. In addition, I made the default setting for tls-p= rogram have entries that do not explicitly specify the trustfile.

One thing to note here perhaps, is that if (gnutls-trustfil= es) returns an empty list and one has the %t substitution in one of the tls= -program entries, then that entry will not be run at all. I feel that this = is reasonable since by setting --x509cafile nil one makes gnutls-cli fail a= nyway.=C2=A0

Finally, I'm experiencing the abo= ve behavior, as far as I can tell, by default in e.g. erc-tls. What is the = proper way to move to the built in TLS? Is it likely to be something in my = config or in the implementation of ERC?

Than= ks,
Kosta

--001a114c23b42f2ecb0536a1cba2-- --001a114c23b42f2ed10536a1cba4 Content-Type: application/octet-stream; name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Disposition: attachment; filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_iq4elcyt0 RnJvbSAwNTdmYzkxNThlODE2ZTUyMjBiOTMwM2EyYjYzNGVhYjFkN2M3MzVlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5 Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1 YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyNSArKysr KysrKysrKysrKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTcgaW5zZXJ0aW9ucygrKSwg OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90 bHMuZWwKaW5kZXggZjEyMTlmZC4uNzg5MGFjMCAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVs CisrKyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzcsOSArNzcsMTEgQEAgYW5kIGBnbnV0bHMtY2xp JyAodmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKICAgOmdyb3VwICd0bHMpCiAKIChkZWZjdXN0b20g dGxzLXByb2dyYW0KLSAgJygiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCisg ICcoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0 IC1wICVwICVoIgogICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXBy b3RvY29scyBzc2wzIgotICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19z c2wyIC1pZ25fZW9mIikKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVjdCAlaDolcCAtbm9f c3NsMiAtaWduX2VvZiIKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0 ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikKICAgIkxpc3Qgb2Ygc3RyaW5ncyBjb250YWluaW5n IGNvbW1hbmRzIHRvIHN0YXJ0IFRMUyBzdHJlYW0gdG8gYSBob3N0LgogRWFjaCBlbnRyeSBpbiB0 aGUgbGlzdCBpcyB0cmllZCB1bnRpbCBhIGNvbm5lY3Rpb24gaXMgc3VjY2Vzc2Z1bC4KICVoIGlz IHJlcGxhY2VkIHdpdGggdGhlIHNlcnZlciBob3N0bmFtZSwgJXAgd2l0aCB0aGUgcG9ydCB0bwpA QCAtOTMsMTQgKzk1LDE4IEBAIHN1Y2Nlc3NmdWwgbmVnb3RpYXRpb24uIgogICA6dHlwZQogICAn KGNob2ljZQogICAgIChjb25zdCA6dGFnICJEZWZhdWx0IGxpc3Qgb2YgY29tbWFuZHMiCi0JICAg KCJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKKwkgICAoImdudXRscy1jbGkg LXAgJXAgJWgiCisgICAgICAgICAgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg JWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s cyBzc2wzIgorICAgICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5v X3NzbDIgLWlnbl9lb2YiCiAJICAgICJvcGVuc3NsIHNfY2xpZW50IC1DQWZpbGUgJXQgLWNvbm5l Y3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKSkKICAgICAobGlzdCA6dGFnICJDaG9vc2UgY29t bWFuZHMiCiAJICA6dmFsdWUKLQkgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg JWgiCisJICAoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgICAgICAgICJnbnV0bHMtY2xpIC0t eDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKIAkgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQg LXAgJXAgJWggLS1wcm90b2NvbHMgc3NsMyIKLQkgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVj dCAlaDolcCAtbm9fc3NsMiAtaWduX2VvZiIpCisgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50 IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIgorCSAgICJvcGVuc3NsIHNfY2xpZW50 IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQogCSAgKHNldCA6 aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRhZyAiLi4uIicgZGVzY3Jp cHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFnICJPdGhlciIgKHN0cmlu ZykpCkBAIC0yMjcsMTIgKzIzMywxNSBAQCBGb3VydGggYXJnIFBPUlQgaXMgYW4gaW50ZWdlciBz cGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0aC1jdXJyZW50LWJ1ZmZl ciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25uZWN0aW9uIHRvIGAlcycu Li4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChzZXRxIGNtZCAocG9wIGNt ZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxzLXByb2Nlc3MtY29ubmVj dGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251dGxzLXRydXN0ZmlsZXMp KQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hpbGUgKGFuZCAobm90IGRv bmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAgICAgICAgKGxldCAoKHBy b2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rpb24tdHlwZSkKIAkgICAg ICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJY21kCiAJCShmb3JtYXQt c3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRscy10cnVzdGZpbGVzKSkK KyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0CiAJCSA/cCAoaWYgKGlu dGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAtMjY5LDcgKzI3OCw3IEBA IEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcgYSBwb3J0IHRvIGNvbm5l Y3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsgbW92ZSBwb2ludCB0byBz dGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQtb2YtZGF0YSkpKQotCSAg ICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUgcHJvY2VzcykpKSkpKQog ICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRscy1jaGVja3RydXN0Ci0t IAoyLjcuNCAoQXBwbGUgR2l0LTY2KQoK --001a114c23b42f2ed10536a1cba4--