From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates Date: Mon, 08 Dec 2014 21:11:49 +0100 Message-ID: References: <878uj6c38m.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1418069601 29257 80.91.229.3 (8 Dec 2014 20:13:21 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 8 Dec 2014 20:13:21 +0000 (UTC) To: 19098@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Dec 08 21:13:16 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xy4gE-0000Uj-Mk for geb-bug-gnu-emacs@m.gmane.org; Mon, 08 Dec 2014 21:13:14 +0100 Original-Received: from localhost ([::1]:35920 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xy4gE-0004jq-7Z for geb-bug-gnu-emacs@m.gmane.org; Mon, 08 Dec 2014 15:13:14 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49509) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xy4g7-0004jc-6j for bug-gnu-emacs@gnu.org; Mon, 08 Dec 2014 15:13:11 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xy4g2-0000Fh-Bo for bug-gnu-emacs@gnu.org; Mon, 08 Dec 2014 15:13:07 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:60929) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xy4g2-0000FZ-83 for bug-gnu-emacs@gnu.org; Mon, 08 Dec 2014 15:13:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Xy4g1-0007BG-Q5 for bug-gnu-emacs@gnu.org; Mon, 08 Dec 2014 15:13:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 08 Dec 2014 20:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19098 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 19098-submit@debbugs.gnu.org id=B19098.141806953127520 (code B ref 19098); Mon, 08 Dec 2014 20:13:01 +0000 Original-Received: (at 19098) by debbugs.gnu.org; 8 Dec 2014 20:12:11 +0000 Original-Received: from localhost ([127.0.0.1]:58139 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xy4fC-00079o-Ob for submit@debbugs.gnu.org; Mon, 08 Dec 2014 15:12:11 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:46713) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xy4fA-00079e-Km for 19098@debbugs.gnu.org; Mon, 08 Dec 2014 15:12:09 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xy4er-0006C7-Pl for 19098@debbugs.gnu.org; Mon, 08 Dec 2014 21:11:49 +0100 X-Now-Playing: David Bowie's _The Next Day_: "Where Are We Now?" X-Hashcash: 1:23:141208:19098@debbugs.gnu.org::UOqAjFkrpZtdVhw+:0000000000000000000000000000000000000000s92f In-Reply-To: <878uj6c38m.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 19 Nov 2014 16:03:21 -0500") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-MailScanner-ID: 1Xy4er-0006C7-Pl MailScanner-NULL-Check: 1418674309.93011@f1ujfqxuCEK14W9ludFkDA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:97032 Archived-At: Ted Zlatanov writes: > and is caused by the GNUTLS_CERT_INVALID flag. But I don't see a hint > anywhere that it does not work with wildcard certs (you have to > explicitly disable them, so the assumption is that they work by > default). Also, if you set `gnutls-verify-error' to t, do you get the > corresponding error in the non-NSM flow? "$HOSTNAME certificate could > not be verified." Yes: Debugger entered--Lisp error: (error "Certificate validation failed 33.media.tumblr.com, verification code 2") gnutls-boot(#> gnutls-x509pki (:priority "NORMAL" :hostname "33.media.tumblr.com" :loglevel 0 :min-prime-bits 256 :trustfiles ("/etc/ssl/certs/ca-certificates.crt") :crlfiles nil :keylist nil :verify-flags nil :verify-error t :callbacks nil)) So I think the certificate just couldn't be verified, so this bug report is, like, totally bogus, man. Closing. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no