From mboxrd@z Thu Jan  1 00:00:00 1970
From: Seb Frank <sebsfrank@gmail.com>
Subject: org-caldav: problems connecting to owndrive
Date: Wed, 7 May 2014 09:43:23 -0400
Message-ID: <CAMF4YiM=2qYoTvjrjTvdN_c=Am7r4S1=R2NytUtsGsLE39BK7A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary=089e01537e1859275604f8cf8cbd
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37977)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sebsfrank@gmail.com>) id 1Wi285-0001h2-W7
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 09:43:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <sebsfrank@gmail.com>) id 1Wi284-0003BO-Qg
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 09:43:25 -0400
Received: from mail-ie0-x22f.google.com ([2607:f8b0:4001:c03::22f]:44545)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sebsfrank@gmail.com>) id 1Wi284-0003BG-L5
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 09:43:24 -0400
Received: by mail-ie0-f175.google.com with SMTP id rl12so1001547iec.34
	for <emacs-orgmode@gnu.org>; Wed, 07 May 2014 06:43:23 -0700 (PDT)
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: "emacs-orgmode@gnu.org" <emacs-orgmode@gnu.org>

--089e01537e1859275604f8cf8cbd
Content-Type: text/plain; charset=UTF-8

Hi there,

I've been trying to setup org-caldav to sync to my owndrive calendar.

Setup is

#+begin_src emacs-lisp
(setq org-caldav-url "
https://my.owndrive.com/remote.php/caldav/calendars/myusername")
(setq org-caldav-calendar-id "myid")
(setq org-caldav-inbox "~/org/test.org")
#+end_src

When I try org-caldav-sync, it fails with:

Contacting host: my.owndrive.com:443
gnutls.c: [0] (Emacs) fatal error: Public key signature verification has
failed.
gnutls.el: (err=[-89] Public key signature verification has failed.) boot:
(:priority NORMAL :hostname my.owndrive.com :loglevel 0 :min-prime-bits 256
:trustfiles nil :crlfiles nil :keylist nil :verify-flags nil :verify-error
nil :callbacks nil)
edebug-signal: GnuTLS error: #<process my.owndrive.com>, -89

Testing this with gnutls on the command line confirms the problem:
% gnutls-cli -V -p 443 my.owndrive.com
...
- Status: The certificate is NOT trusted. The signature in the certificate
is invalid.
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

Does anyone know if there is a way to tell org-caldav or url-dav to use an
untrusted certificate?

Thanks,
  Seb

--089e01537e1859275604f8cf8cbd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div><div><div>Hi there,<br><br>I&#39;ve been tr=
ying to setup org-caldav to sync to my owndrive calendar.<br><br></div>Setu=
p is<br><br>
#+begin_src emacs-lisp<br>(setq org-caldav-url &quot;<a href=3D"https://my.=
owndrive.com/remote.php/caldav/calendars/myusername">https://my.owndrive.co=
m/remote.php/caldav/calendars/myusername</a>&quot;)<br>(setq org-caldav-cal=
endar-id &quot;myid&quot;)<br>
(setq org-caldav-inbox &quot;~/org/<a href=3D"http://test.org">test.org</a>=
&quot;)<br>#+end_src<br><br></div>When I try org-caldav-sync, it fails with=
:<br><br>Contacting host: <a href=3D"http://my.owndrive.com:443">my.owndriv=
e.com:443</a><br>
gnutls.c: [0] (Emacs) fatal error: Public key signature verification has fa=
iled.<br>gnutls.el: (err=3D[-89] Public key signature verification has fail=
ed.) boot: (:priority NORMAL :hostname <a href=3D"http://my.owndrive.com">m=
y.owndrive.com</a> :loglevel 0 :min-prime-bits 256 :trustfiles nil :crlfile=
s nil :keylist nil :verify-flags nil :verify-error nil :callbacks nil)<br>
edebug-signal: GnuTLS error: #&lt;process <a href=3D"http://my.owndrive.com=
">my.owndrive.com</a>&gt;, -89<br><br></div>Testing this with gnutls on the=
 command line confirms the problem:<br>% gnutls-cli -V -p 443 <a href=3D"ht=
tp://my.owndrive.com">my.owndrive.com</a><br>
...<br>- Status: The certificate is NOT trusted. The signature in the certi=
ficate is invalid.<br>*** Verifying server certificate failed...<br>*** Fat=
al error: Error in the certificate.<br>*** Handshake has failed<br>GnuTLS e=
rror: Error in the certificate.<br>
<br></div>Does anyone know if there is a way to tell org-caldav or url-dav =
to use an untrusted certificate?<br><br>Thanks,<br></div>=C2=A0 Seb<br></di=
v>

--089e01537e1859275604f8cf8cbd--

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Barton <lists@wilkesley.net>
Subject: Re: org-caldav: problems connecting to owndrive
Date: Wed, 07 May 2014 15:39:15 +0100
Message-ID: <536A4593.9050905@wilkesley.net>
References: <CAMF4YiM=2qYoTvjrjTvdN_c=Am7r4S1=R2NytUtsGsLE39BK7A@mail.gmail.com>
Reply-To: ian@manor-farm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53069)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lists@wilkesley.net>) id 1Wi30G-0001IJ-4h
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 10:39:28 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lists@wilkesley.net>) id 1Wi30B-0006bC-5a
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 10:39:24 -0400
Received: from mail2.wilkesley.net ([109.74.196.44]:37232
	helo=li40-130.members.linode.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lists@wilkesley.net>) id 1Wi30A-0006b4-Vk
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 10:39:19 -0400
In-Reply-To: <CAMF4YiM=2qYoTvjrjTvdN_c=Am7r4S1=R2NytUtsGsLE39BK7A@mail.gmail.com>
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: Seb Frank <sebsfrank@gmail.com>, "emacs-orgmode@gnu.org" <emacs-orgmode@gnu.org>

On 07/05/14 14:43, Seb Frank wrote:
> Hi there,
>
> I've been trying to setup org-caldav to sync to my owndrive calendar.
>
> Setup is
>
> #+begin_src emacs-lisp
> (setq org-caldav-url
> "https://my.owndrive.com/remote.php/caldav/calendars/myusername")
> (setq org-caldav-calendar-id "myid")
> (setq org-caldav-inbox "~/org/test.org <http://test.org>")
> #+end_src
>
> When I try org-caldav-sync, it fails with:
>
> Contacting host: my.owndrive.com:443 <http://my.owndrive.com:443>
> gnutls.c: [0] (Emacs) fatal error: Public key signature verification has
> failed.
> gnutls.el: (err=[-89] Public key signature verification has failed.)
> boot: (:priority NORMAL :hostname my.owndrive.com
> <http://my.owndrive.com> :loglevel 0 :min-prime-bits 256 :trustfiles nil
> :crlfiles nil :keylist nil :verify-flags nil :verify-error nil
> :callbacks nil)
> edebug-signal: GnuTLS error: #<process my.owndrive.com
> <http://my.owndrive.com>>, -89
>
> Testing this with gnutls on the command line confirms the problem:
> % gnutls-cli -V -p 443 my.owndrive.com <http://my.owndrive.com>
> ...
> - Status: The certificate is NOT trusted. The signature in the
> certificate is invalid.
> *** Verifying server certificate failed...
> *** Fatal error: Error in the certificate.
> *** Handshake has failed
> GnuTLS error: Error in the certificate.
>
> Does anyone know if there is a way to tell org-caldav or url-dav to use
> an untrusted certificate?
>

Hi Seb,

I think you need to handle it at the gnutls level. Have a look at 
http://blog.tremily.us/posts/X.509_certificates/

Particularly:

GnuTLS

In GnuTLS, you set the list of trusted CAs using 
gnutls_certificate_set_x509_trust_file. By convention this function is 
pointed to the /etc/ssl/certs/ca-certificates.crt file mentioned above

Ian.

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Barton <lists@wilkesley.net>
Subject: Re: org-caldav: problems connecting to owndrive
Date: Wed, 07 May 2014 15:55:49 +0100
Message-ID: <536A4975.9020206@wilkesley.net>
References: <CAMF4YiM=2qYoTvjrjTvdN_c=Am7r4S1=R2NytUtsGsLE39BK7A@mail.gmail.com>
Reply-To: ian@manor-farm.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56584)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lists@wilkesley.net>) id 1Wi3GI-0004aQ-Cm
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 10:56:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lists@wilkesley.net>) id 1Wi3GB-00040M-84
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 10:55:58 -0400
Received: from mail2.wilkesley.net ([109.74.196.44]:37264
	helo=li40-130.members.linode.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lists@wilkesley.net>) id 1Wi3GB-00040B-1j
	for emacs-orgmode@gnu.org; Wed, 07 May 2014 10:55:51 -0400
In-Reply-To: <CAMF4YiM=2qYoTvjrjTvdN_c=Am7r4S1=R2NytUtsGsLE39BK7A@mail.gmail.com>
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: Seb Frank <sebsfrank@gmail.com>, "emacs-orgmode@gnu.org" <emacs-orgmode@gnu.org>

On 07/05/14 14:43, Seb Frank wrote:

> Testing this with gnutls on the command line confirms the problem:
> % gnutls-cli -V -p 443 my.owndrive.com <http://my.owndrive.com>
> ...
> - Status: The certificate is NOT trusted. The signature in the
> certificate is invalid.
> *** Verifying server certificate failed...
> *** Fatal error: Error in the certificate.
> *** Handshake has failed
> GnuTLS error: Error in the certificate.
>

Just tried this from here and it works OK:

- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(ARCFOUR-128)-(SHA1)
- Session ID: 
4C:60:0C:E8:9B:1A:9E:06:07:E6:76:08:74:B3:32:71:5F:9C:90:4F:BB:37:11:D3:B1:29:B4:E4:B5:6E:6C:9E
- Ephemeral EC Diffie-Hellman parameters
  - Using curve: SECP256R1
  - Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
- Channel binding 'tls-unique': 60fb61844dfc5bf9d2c35875
- Handshake was completed

- Simple Client Mode:

Maybe you need to update your certs list?

Ian.