all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* org-caldav: problems connecting to owndrive
@ 2014-05-07 13:43 Seb Frank
  2014-05-07 14:39 ` Ian Barton
  2014-05-07 14:55 ` Ian Barton
  0 siblings, 2 replies; 3+ messages in thread
From: Seb Frank @ 2014-05-07 13:43 UTC (permalink / raw)
  To: emacs-orgmode@gnu.org

[-- Attachment #1: Type: text/plain, Size: 1224 bytes --]

Hi there,

I've been trying to setup org-caldav to sync to my owndrive calendar.

Setup is

#+begin_src emacs-lisp
(setq org-caldav-url "
https://my.owndrive.com/remote.php/caldav/calendars/myusername")
(setq org-caldav-calendar-id "myid")
(setq org-caldav-inbox "~/org/test.org")
#+end_src

When I try org-caldav-sync, it fails with:

Contacting host: my.owndrive.com:443
gnutls.c: [0] (Emacs) fatal error: Public key signature verification has
failed.
gnutls.el: (err=[-89] Public key signature verification has failed.) boot:
(:priority NORMAL :hostname my.owndrive.com :loglevel 0 :min-prime-bits 256
:trustfiles nil :crlfiles nil :keylist nil :verify-flags nil :verify-error
nil :callbacks nil)
edebug-signal: GnuTLS error: #<process my.owndrive.com>, -89

Testing this with gnutls on the command line confirms the problem:
% gnutls-cli -V -p 443 my.owndrive.com
...
- Status: The certificate is NOT trusted. The signature in the certificate
is invalid.
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

Does anyone know if there is a way to tell org-caldav or url-dav to use an
untrusted certificate?

Thanks,
  Seb

[-- Attachment #2: Type: text/html, Size: 1709 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: org-caldav: problems connecting to owndrive
  2014-05-07 13:43 org-caldav: problems connecting to owndrive Seb Frank
@ 2014-05-07 14:39 ` Ian Barton
  2014-05-07 14:55 ` Ian Barton
  1 sibling, 0 replies; 3+ messages in thread
From: Ian Barton @ 2014-05-07 14:39 UTC (permalink / raw)
  To: Seb Frank, emacs-orgmode@gnu.org

On 07/05/14 14:43, Seb Frank wrote:
> Hi there,
>
> I've been trying to setup org-caldav to sync to my owndrive calendar.
>
> Setup is
>
> #+begin_src emacs-lisp
> (setq org-caldav-url
> "https://my.owndrive.com/remote.php/caldav/calendars/myusername")
> (setq org-caldav-calendar-id "myid")
> (setq org-caldav-inbox "~/org/test.org <http://test.org>")
> #+end_src
>
> When I try org-caldav-sync, it fails with:
>
> Contacting host: my.owndrive.com:443 <http://my.owndrive.com:443>
> gnutls.c: [0] (Emacs) fatal error: Public key signature verification has
> failed.
> gnutls.el: (err=[-89] Public key signature verification has failed.)
> boot: (:priority NORMAL :hostname my.owndrive.com
> <http://my.owndrive.com> :loglevel 0 :min-prime-bits 256 :trustfiles nil
> :crlfiles nil :keylist nil :verify-flags nil :verify-error nil
> :callbacks nil)
> edebug-signal: GnuTLS error: #<process my.owndrive.com
> <http://my.owndrive.com>>, -89
>
> Testing this with gnutls on the command line confirms the problem:
> % gnutls-cli -V -p 443 my.owndrive.com <http://my.owndrive.com>
> ...
> - Status: The certificate is NOT trusted. The signature in the
> certificate is invalid.
> *** Verifying server certificate failed...
> *** Fatal error: Error in the certificate.
> *** Handshake has failed
> GnuTLS error: Error in the certificate.
>
> Does anyone know if there is a way to tell org-caldav or url-dav to use
> an untrusted certificate?
>

Hi Seb,

I think you need to handle it at the gnutls level. Have a look at 
http://blog.tremily.us/posts/X.509_certificates/

Particularly:

GnuTLS

In GnuTLS, you set the list of trusted CAs using 
gnutls_certificate_set_x509_trust_file. By convention this function is 
pointed to the /etc/ssl/certs/ca-certificates.crt file mentioned above

Ian.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: org-caldav: problems connecting to owndrive
  2014-05-07 13:43 org-caldav: problems connecting to owndrive Seb Frank
  2014-05-07 14:39 ` Ian Barton
@ 2014-05-07 14:55 ` Ian Barton
  1 sibling, 0 replies; 3+ messages in thread
From: Ian Barton @ 2014-05-07 14:55 UTC (permalink / raw)
  To: Seb Frank, emacs-orgmode@gnu.org

On 07/05/14 14:43, Seb Frank wrote:

> Testing this with gnutls on the command line confirms the problem:
> % gnutls-cli -V -p 443 my.owndrive.com <http://my.owndrive.com>
> ...
> - Status: The certificate is NOT trusted. The signature in the
> certificate is invalid.
> *** Verifying server certificate failed...
> *** Fatal error: Error in the certificate.
> *** Handshake has failed
> GnuTLS error: Error in the certificate.
>

Just tried this from here and it works OK:

- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(ARCFOUR-128)-(SHA1)
- Session ID: 
4C:60:0C:E8:9B:1A:9E:06:07:E6:76:08:74:B3:32:71:5F:9C:90:4F:BB:37:11:D3:B1:29:B4:E4:B5:6E:6C:9E
- Ephemeral EC Diffie-Hellman parameters
  - Using curve: SECP256R1
  - Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
- Channel binding 'tls-unique': 60fb61844dfc5bf9d2c35875
- Handshake was completed

- Simple Client Mode:

Maybe you need to update your certs list?

Ian.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-05-07 14:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-07 13:43 org-caldav: problems connecting to owndrive Seb Frank
2014-05-07 14:39 ` Ian Barton
2014-05-07 14:55 ` Ian Barton

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.