GNU bug report logs -
#10904
24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake
Previous Next
Reported by: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>
Date: Mon, 27 Feb 2012 23:57:02 UTC
Severity: normal
Found in version 24.0.93
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Ted Zlatanov <tzz <at> lifelogs.com> writes:
> On Sun, 08 Apr 2012 13:46:56 -0400 Thomas Fitzsimmons <fitzsim <at> fitzsim.org> wrote:
>
> TF> The loop happens when the GnuTLS handshake fails for some reason, within
> TF> a network process. I use the attached patch to limit the number of
> TF> iterations. I'm not familiar enough with the Emacs process code to
> TF> suggest a fix though.
>
> Thanks again for the help and provided patch. I modified it to keep the
> number of handshakes tried per connection, not globally. Please try
> it. I will also propose it on emacs-devel for inclusion in the upcoming
> 24.1 release.
I tried trunk against my IMAP server and the applied patch prevents the
infinite loop. At the default gnutls-log-level, a connection attempt
fails with:
Warning: Opening nnimap server on <imap_server_hostname>...failed: ; Unable to open server nnimap+<imap_server_hostname> due to: GnuTLS error: #<process *nnimap*>, -9
gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason.
A nice improvement would be to detect when the server uses a ciphersuite
that GnuTLS's default priority list ("NORMAL") rejects, warn the user,
and ask if they want to retry with a more permissive list
("PERFORMANCE"). But that's a separate enhancement -- for now your
patch fixes the infinite loop and setting gnutls-algorithm-priority to
"performance" works around the server's weak ciphersuite.
Thanks,
Thomas
This bug report was last modified 7 years and 40 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.