From unknown Fri Jun 20 07:17:26 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#13374 <13374@debbugs.gnu.org> To: bug#13374 <13374@debbugs.gnu.org> Subject: Status: 24.?; open-gnutls-stream insecurity Reply-To: bug#13374 <13374@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:17:26 +0000 retitle 13374 24.?; open-gnutls-stream insecurity reassign 13374 emacs submitter 13374 Oleksii Shevchuk severity 13374 important thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 07 11:52:28 2013 Received: (at submit) by debbugs.gnu.org; 7 Jan 2013 16:52:28 +0000 Received: from localhost ([127.0.0.1]:34432 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsFw3-00065o-1V for submit@debbugs.gnu.org; Mon, 07 Jan 2013 11:52:28 -0500 Received: from eggs.gnu.org ([208.118.235.92]:53020) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Ts9pN-0004KV-2A for submit@debbugs.gnu.org; Mon, 07 Jan 2013 05:21:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ts9pB-0002wH-9T for submit@debbugs.gnu.org; Mon, 07 Jan 2013 05:21:00 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,T_DKIM_INVALID autolearn=unavailable version=3.3.2 Received: from lists.gnu.org ([208.118.235.17]:59014) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ts9pB-0002wB-6B for submit@debbugs.gnu.org; Mon, 07 Jan 2013 05:20:57 -0500 Received: from eggs.gnu.org ([208.118.235.92]:36115) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ts9p8-0005k9-0x for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 05:20:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Ts9p4-0002v5-VI for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 05:20:53 -0500 Received: from mail-we0-f175.google.com ([74.125.82.175]:53970) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Ts9p4-0002uy-A7 for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 05:20:50 -0500 Received: by mail-we0-f175.google.com with SMTP id z53so9743490wey.6 for ; Mon, 07 Jan 2013 02:20:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:subject:date:message-id:mime-version :content-type; bh=8pGQHbFJ9ax5BJclbdUg7IGVabDaypH9ZOyEjF939Rw=; b=B0Zo0O//cw5DqlEuC1b4GTxwi8GYrDxyRWIZ2fKD2akUNaBlZ5RhieiRXAHy6hUdFF mHIlCBkQIizikqXTVmybIFY2yH1EVKCTuEZ+a4FH/z/uEJP8ifPyZwQMM/Ktbfm8E96I DY8nc+fQlXpiqIYPitTXhxaQ8P0ljhyZQGZWMbYfq2khWkufY2b81cWvVtIUyAVvFuaZ Cf4Wd4EPZWPcfpCbJg8FXtuQK2fuHkvEgSeXFLR2VSb0WODhEqudSy2NwHKYpT31HSdw mbvyZ2eeR1Rrg3F2Muv1R+BODtX6zXvIhEeSQoW2/rk7d3Axa+YpxFr/kI/UCCc1ii3k 97Pg== X-Received: by 10.180.87.102 with SMTP id w6mr8257613wiz.19.1357554049138; Mon, 07 Jan 2013 02:20:49 -0800 (PST) Received: from localhost ([109.86.168.179]) by mx.google.com with ESMTPS id fv2sm11398561wib.4.2013.01.07.02.20.48 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 07 Jan 2013 02:20:48 -0800 (PST) From: Oleksii Shevchuk To: bug-gnu-emacs@gnu.org Subject: 24.?; open-gnutls-stream insecurity Date: Mon, 07 Jan 2013 12:20:45 +0200 Message-ID: <87mwwlz43m.fsf@Black.ICE> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 208.118.235.17 X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 07 Jan 2013 11:52:25 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -6.1 (------) Hi list! open-gnutls-stream wrapper doesn't pass :verify-hostname-error t :verify-error t to gnutls-negotiate. So MitM is possible when you use gnus and other packages. Even with :verify-hostname-error t :verify-error t gnutls-negotiate doesn't produce error with selfsigned CA certificate, when :type 'gnutls-x509pki passed. I use next in my .gnus: (defun open-gnutls-stream (name buffer host service) (gnutls-negotiate :process (open-network-stream name buffer host service) :hostname host :verify-hostname-error t :verify-error t)) Works for me. // ---- In GNU Emacs 24.3.50.1 (x86_64-pc-linux-gnu, X toolkit) of 2013-01-06 on BlackICE Bzr revision: cyd@gnu.org-20130106025857-h1wkwx5cwvekj4l1 Windowing system distributor `The X.Org Foundation', version 11.0.11300000 System Description: Gentoo Base System release 2.2 Configured using: `configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 --disable-dependency-tracking --program-suffix=-emacs-24-vcs --program-transform-name=s/emacs-[0-9].*/emacs-24-vcs/ --infodir=/usr/share/info/emacs-24-vcs --enable-locallisppath=/etc/emacs:/usr/share/emacs/site-lisp --with-crt-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.7.2/../../../../lib64 --with-gameuser=games --without-compress-info --without-hesiod --without-kerberos --without-kerberos5 --with-gpm --with-dbus --with-gnutls --with-xml2 --without-selinux --with-wide-int --with-sound --with-x --without-ns --without-gconf --with-gsettings --without-toolkit-scroll-bars --with-gif --with-jpeg --with-png --with-rsvg --with-tiff --with-xpm --without-imagemagick --with-xft --without-libotf --without-m17n-flt --with-x-toolkit=lucid --without-xaw3d GENTOO_PACKAGE=app-editors/emacs-vcs-24.3.9999 EBZR_BRANCH=trunk EBZR_REVNO=111428' Important settings: value of $LC_ALL: ru_RU.UTF-8 value of $LANG: russian locale-coding-system: utf-8-unix default enable-multibyte-characters: t From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 07 20:05:12 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 01:05:12 +0000 Received: from localhost ([127.0.0.1]:55803 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsNcu-0008SG-8E for submit@debbugs.gnu.org; Mon, 07 Jan 2013 20:05:12 -0500 Received: from fencepost.gnu.org ([208.118.235.10]:51051 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsNcr-0008S6-7m for 13374@debbugs.gnu.org; Mon, 07 Jan 2013 20:05:10 -0500 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1TsNco-0003RM-W3; Mon, 07 Jan 2013 20:05:07 -0500 From: Glenn Morris To: Ted Zlatanov Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity References: <87mwwlz43m.fsf@Black.ICE> X-Spook: Mossad weapons of mass destruction codes CipherTAC-2000 X-Ran: ]{]e$?sPt"42c?Ffl);Irv\Rw*5|m\`9'x1_+j~:q$`~=c~M?GgT^Z]U9VZI2u+8hyfDm% X-Hue: black X-Debbugs-No-Ack: yes X-Attribution: GM Date: Mon, 07 Jan 2013 20:05:06 -0500 In-Reply-To: <87mwwlz43m.fsf@Black.ICE> (Oleksii Shevchuk's message of "Mon, 07 Jan 2013 12:20:45 +0200") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.0 (-----) Hi Ted, Could you look at this report, with a view to possibly changing it in emacs-24 branch, if appropriate? Thanks. Oleksii Shevchuk wrote: > open-gnutls-stream wrapper doesn't pass :verify-hostname-error t > :verify-error t to gnutls-negotiate. So MitM is possible when you use > gnus and other packages. > > Even with :verify-hostname-error t :verify-error t gnutls-negotiate > doesn't produce error with selfsigned CA certificate, when :type > 'gnutls-x509pki passed. > > I use next in my .gnus: > > (defun open-gnutls-stream (name buffer host service) > (gnutls-negotiate :process (open-network-stream name buffer host service) > :hostname host > :verify-hostname-error t :verify-error t)) > From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 07 23:20:20 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 04:20:20 +0000 Received: from localhost ([127.0.0.1]:55910 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsQfi-0004b8-KV for submit@debbugs.gnu.org; Mon, 07 Jan 2013 23:20:19 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:40044) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsQfc-0004ax-8q for 13374@debbugs.gnu.org; Mon, 07 Jan 2013 23:20:13 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1TsQfQ-0007UC-Uq; Tue, 08 Jan 2013 05:20:00 +0100 From: Lars Magne Ingebrigtsen To: Glenn Morris Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity References: <87mwwlz43m.fsf@Black.ICE> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXCWzz8ABnmBBr7ABb+ ABz9ABv8ABibhpTLAAACCklEQVQ4jdWUQXLbMAxFWcXTfdtkr1Ce7CNIWLs2yH0jSus2JHH/I/SD suNOblDYHoF8/gQFgHTi7iY3O2EQo1zZoX1c3x2MOTHQY747nAzC0hVowSzY4fTVvZhzXBvQJMn7 p/WM0fmYJOxh7gE/2f8L3vzNC/+C87OcH5uXLH1XEPP7MXjvn9e0Ze/z9AHej6OXMF/8XAemgQwg yekyjAyH0zaORDTOBqagjOFr4aCyUANULe2R/OBlmCmTb0Y0KADhX965B3Osks4Ai0smxcRDgaKB L7acOslEEADAacDtYNJFRgNQ3sAA17GKH/uut0EL3ll0KKqKfP9hLl0QhakZgkdk7NeCGeUL0Z/c CFOxlJQNcXl7jfpNNt0lUMSt2IawzMKPoh8gpE0TFuEAmsTEsLkAhDzbqMgwMMddQLOLJaoCoFOz wuNdwq6gq2vMpBLOrOsV6OwCKrxBoiVG1rKQgUkngCKKt0tWYJ6XvCsQHC+CLUYchkhate0XUjs+ 60pLtsqr4pdnqkzXZrisW3viAQVXyjuIubRzFFKsloVJteVK1pjagYSsVsTgWW+duB88HErbYs3M DQSJl3sLlyp4y8/dXrH3EiwPV/Dz1udPek7YlwFbHncCvke7F7r+RXgrpoj7peJO4g69605zoJAM BKbfTdEum+6NJ0ucu1UGjdGSglIVu0v+AhAGEY9WLNI7AAAAAElFTkSuQmCC X-Now-Playing: Kissing the Pink's _What Noise?_ Date: Tue, 08 Jan 2013 05:20:00 +0100 In-Reply-To: (Glenn Morris's message of "Mon, 07 Jan 2013 20:05:06 -0500") Message-ID: User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1TsQfQ-0007UC-Uq X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1358223601.0699@0M/8yzPZCDmJD+Kk/TkMBw X-Spam-Status: No X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org, Ted Zlatanov X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -0.5 (/) Glenn Morris writes: > Could you look at this report, with a view to possibly changing it in > emacs-24 branch, if appropriate? Thanks. Well, the issue is what we do when we get a certificate we can't validate. The traditional thing to do is to query the user for whether to connect anyway, and whether to record a permanent exception for that certificate. The code to do that hasn't been written yet. It's very common for SMTP and IMAP servers to use self-signed certificates, so just forcing ":validate t" for all connections would essentially mean that Emacs would be unusable for reading/sending email (using encryption) before that code has been written. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 07 23:27:30 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 04:27:30 +0000 Received: from localhost ([127.0.0.1]:55914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsQmf-0004lk-LS for submit@debbugs.gnu.org; Mon, 07 Jan 2013 23:27:30 -0500 Received: from fencepost.gnu.org ([208.118.235.10]:53054 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsQmc-0004lc-Ln for 13374@debbugs.gnu.org; Mon, 07 Jan 2013 23:27:27 -0500 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1TsQmZ-00086u-GB; Mon, 07 Jan 2013 23:27:23 -0500 From: Glenn Morris To: Lars Magne Ingebrigtsen Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity References: <87mwwlz43m.fsf@Black.ICE> X-Spook: Ansar al-Islam Mole subversive MIT-LL nitrate CESID JPL X-Ran: 9JivwERlz]%O@+L9/2(?+OAy!ToB};s7uPR|T;i4loll^8[UvPu'zBVO>~Qwtb]$?~ X-Hue: blue X-Debbugs-No-Ack: yes X-Attribution: GM Date: Mon, 07 Jan 2013 23:27:23 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 08 Jan 2013 05:20:00 +0100") Message-ID: <3fhamscn9w.fsf@fencepost.gnu.org> User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org, Ted Zlatanov X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.0 (-----) Lars Magne Ingebrigtsen wrote: > Well, the issue is what we do when we get a certificate we can't > validate. > > The traditional thing to do is to query the user for whether to connect > anyway, and whether to record a permanent exception for that > certificate. > > The code to do that hasn't been written yet. > > It's very common for SMTP and IMAP servers to use self-signed > certificates, so just forcing ":validate t" for all connections would > essentially mean that Emacs would be unusable for reading/sending email > (using encryption) before that code has been written. Ah well, ok, thanks for the explanation. It sounds then like it's probably better to leave this for trunk rather than try and force it into 24.3 at this relatively late stage. From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 07 23:43:05 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 04:43:05 +0000 Received: from localhost ([127.0.0.1]:55945 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsR1k-0005A1-Pn for submit@debbugs.gnu.org; Mon, 07 Jan 2013 23:43:05 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:39110) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsR1i-00059j-GZ for 13374@debbugs.gnu.org; Mon, 07 Jan 2013 23:43:03 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1TsR1Z-0007jt-1K; Tue, 08 Jan 2013 05:42:53 +0100 From: Lars Magne Ingebrigtsen To: Glenn Morris Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEU1RG9xfKOOpbwJBQgo J0clFCxIXI/k5uLT6dMLAAACLUlEQVQ4jW2TMW/jMAyFmZyhOfId1NnGoVkDqMqsXpjMCSxltg+F 9nrx379HWUoD9DjyEx8faZpsDnfXOfpH0ArsfXpO75flAZ7Si0QFxxYZ3a6vn8FNnkKtLfkKXFuA bv8HuqeSDNw5bit4KU0yeBviuwAzZW8VOG5CvGU7qJmLLxqs88zs13fLYxByMQq4FDPLXEYBGM6B eVvB8gCBh8h+Wp5KMmic92dWavkq2X++APhTYOIxfe1p/tQCIg/Bq0S6q8uYk9YC4skGzyrpsqy+ I1IyoMPofHZK7zGfSUlPRNTiC7rBWVRd/y5LZ1RKkx6JJg3g7jbwKW5n0UFJ2jGUAeLNHkKzwcKx X+TT2NAl0YCVAKROXuuUAdHGwFW8hnDVqymT1pgMyX1os3md9KTbLj2C7BHKNHW66/vZkMIQBRwA 3m95Mm0wwihpcfUGEA4GsqOSESiNacx20fWHuxudSHp6UqAiZbHWn9ZtXxuW1yRtVoDL+W1tUAJG Q6U/wJ++/wXgSXLYlE7iC1dy7Hd2sOGSkr9QMlOdwzqDE4pXGGHfwMA6iVziIF9E9bsYA3safcMF SFyxUwGsOJvKwEEpKJLzghiKqpQd8JRgl73SH6iYakWwkfF1SGG/O9DqKtqs7mkjV9JwBWFwIQYQ kl9af/g6R8BH5DOLtoDdSCvA+QCgMzOkurx5VVzh4qO0kR6JcqwAWSwLFWakR9gaLooafwdiIYf/ DgrJVf8AH5AEItfIuioAAAAASUVORK5CYII= X-Now-Playing: Bel Kanto's _Birds of Passage_ Date: Tue, 08 Jan 2013 05:42:52 +0100 In-Reply-To: <3fhamscn9w.fsf@fencepost.gnu.org> (Glenn Morris's message of "Mon, 07 Jan 2013 23:27:23 -0500") Message-ID: User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1TsR1Z-0007jt-1K X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1358224973.71521@ROBqnFLGcQ9VR02lvHbLGg X-Spam-Status: No X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org, Ted Zlatanov X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -1.9 (-) Glenn Morris writes: > Ah well, ok, thanks for the explanation. It sounds then like it's > probably better to leave this for trunk rather than try and force it > into 24.3 at this relatively late stage. Definitely. Deciding on policies for handling opportunistic STARTTLS upgrades combined with certificate failures has to be decided on, too. That is, even if the user hasn't requested a TLS connection, Emacs will auto-negotiate a STARTTLS connection now for virtually all protocol types now. If that "fails" because the certificate is self-signed or expired, do we then want to bother the user by prompting for an action? The user hasn't requested encryption and validation, but then this question comes out of the blue? So, er, someone (ahem) has to go through all the permutations of connection types and failure modes, and write up some stuff. We should also have certificate management code in there somewhere so that the user may be alerted if a privately signed certificate changes, perhaps... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 08 09:43:40 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 14:43:40 +0000 Received: from localhost ([127.0.0.1]:56408 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaOu-0003Ac-2L for submit@debbugs.gnu.org; Tue, 08 Jan 2013 09:43:39 -0500 Received: from z.lifelogs.com ([173.255.230.239]:58855) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaOm-0003AO-6s for 13374@debbugs.gnu.org; Tue, 08 Jan 2013 09:43:34 -0500 Received: from heechee (c-65-96-148-157.hsd1.ma.comcast.net [65.96.148.157]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: tzz) by z.lifelogs.com (Postfix) with ESMTPSA id 41AA56E562; Tue, 8 Jan 2013 14:43:23 +0000 (UTC) From: Ted Zlatanov To: Lars Magne Ingebrigtsen Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Tue, 08 Jan 2013 09:43:22 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 08 Jan 2013 05:42:52 +0100") Message-ID: <871udvhh11.fsf@lifelogs.com> User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , Glenn Morris , 13374@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: 0.0 (/) On Tue, 08 Jan 2013 05:42:52 +0100 Lars Magne Ingebrigtsen wrote: LMI> Glenn Morris writes: >> Ah well, ok, thanks for the explanation. It sounds then like it's >> probably better to leave this for trunk rather than try and force it >> into 24.3 at this relatively late stage. LMI> Definitely. LMI> Deciding on policies for handling opportunistic STARTTLS upgrades LMI> combined with certificate failures has to be decided on, too. LMI> That is, even if the user hasn't requested a TLS connection, Emacs will LMI> auto-negotiate a STARTTLS connection now for virtually all protocol LMI> types now. If that "fails" because the certificate is self-signed or LMI> expired, do we then want to bother the user by prompting for an action? LMI> The user hasn't requested encryption and validation, but then this LMI> question comes out of the blue? LMI> So, er, someone (ahem) has to go through all the permutations of LMI> connection types and failure modes, and write up some stuff. We should LMI> also have certificate management code in there somewhere so that the LMI> user may be alerted if a privately signed certificate changes, LMI> perhaps... I propose to set up a verification list with the following format: #+begin_src lisp ((".*\\.gmail.com" . (:verify-hostname-error t :verify-error t)) (".*\\.yahoo.com" . t) ; everything (".*" . nil)) ; nothing #+end_src It should default to nil (in other words, we'll ship 24.3 with the same insecure behavior it has right now). But we can recommend to the users to turn it on, and see how well it works in practice, and write the necessary prompts and customization logic that Lars outlined. I think that's OK for 24.3 since it's a completely unobtrusive change that opens the road for improvements. The main reason I didn't turn cert and hostname verification on sooner is that I wasn't certain that our knowledge of platform CA store filenames and general logic were good enough. But it was always the long-term plan, and I'm glad Oleksii brought it up. Thanks Ted From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 08 09:49:45 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 14:49:45 +0000 Received: from localhost ([127.0.0.1]:56422 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaUq-0003Jm-JX for submit@debbugs.gnu.org; Tue, 08 Jan 2013 09:49:44 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:40882) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaUn-0003JW-GY for 13374@debbugs.gnu.org; Tue, 08 Jan 2013 09:49:43 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1TsaUb-0000hA-6o; Tue, 08 Jan 2013 15:49:29 +0100 From: Lars Magne Ingebrigtsen To: Glenn Morris Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEUMBATeqW8dDQyFRiYJ AgNFIxlw756WAAACWUlEQVQ4jU2U0dKjIAyFs4gPQB3v+XFzX8lw7+z4ABQm7/8qe4K2/TPTCnxy coxEKpHIRfxRcqzaXovsQfZM9SR/kAUuXLCK2MNCf88rjsMfp9MLIMifv8LPX/A8T/qF+AMe/oT+ Aa2R6Hi9QfYzN+hhbaCfNyDfWzO149L6AP9PSoOhO9PxC+xL9p8NX3Aeeyh0vG37D5AmZaOv4wss ncJS6oZy+CHmL1fyIAJ12TbcagM8nwYCm6mj9QR05Xh6A+U8Z8kUdtEW2wWwH4J+3kVSCAob668d 4qew9h5C65nLBcjAepLkcwshce43OAw8Dpqi2STSoncOA0+6q0oUnY6yZ2/JaZA/SK6VNhZReDTA j4RADpGSXs0mmhJKMt07FsGdrzFhHKfwmKqNXyicJvpZMXZcsSPzuAk1gwY5MZCag1TPWGHYTozr bhNVprAO2amH5hLUX9XF7UnOqnvJQsMM9ZrcXikZWCC6aaYYU2op0rRUN8C6hbyJJlVkwSNswwaO 5GMKZZMCL9FhA81QdTTvC8C6FXUmNOpmLUNuD3Vacm/om8ZptJB1EaUlPOcyKgR91muUmDgseG/3 +hckeJOKJkRKck65YRTZpDar6YyhcwlVTDFZsyJ5D6Iu9kiz6zgseid3hIm00iDOXcbbY1hRpa4x RbQIF1tHwHxLTQmPmiq31BdbxevNrmFHJ25O61TQ4FjHN0FQwIQzSQ1PVSe5YyklbwknpVEvrLW/ gRTOzL0hORfmykOlGNmKUeRQ3G2GcHrKjt9WzLkISdF9Hd8Jewhpo26q8h9KyKVWSAThEwAAAABJ RU5ErkJggg== X-Now-Playing: Colourbox's _Colourbox (MAD315CD)_: "Baby I Love You So 12"" Date: Tue, 08 Jan 2013 15:49:28 +0100 In-Reply-To: <871udvhh11.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 08 Jan 2013 09:43:22 -0500") Message-ID: User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1TsaUb-0000hA-6o X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1358261369.33896@X4YzzItPBPnLMQK8QZVrIw X-Spam-Status: No X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -1.9 (-) Ted Zlatanov writes: > It should default to nil (in other words, we'll ship 24.3 with the same > insecure behavior it has right now). But we can recommend to the users > to turn it on, and see how well it works in practice, and write the > necessary prompts and customization logic that Lars outlined. I think we should just leave things as is for 24.3, since it's too close to release, and fix this properly for 24.5. Instituting an option like that (which will have to be abandoned later) as a stop-gap I feel isn't all that helpful. I think. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 08 10:25:25 2013 Received: (at submit) by debbugs.gnu.org; 8 Jan 2013 15:25:25 +0000 Received: from localhost ([127.0.0.1]:56902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Tsb3N-0004D0-9e for submit@debbugs.gnu.org; Tue, 08 Jan 2013 10:25:25 -0500 Received: from eggs.gnu.org ([208.118.235.92]:34692) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Tsb3I-0004Ck-8y for submit@debbugs.gnu.org; Tue, 08 Jan 2013 10:25:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Tsb34-0003cP-Cj for submit@debbugs.gnu.org; Tue, 08 Jan 2013 10:25:10 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-101.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, RP_MATCHES_RCVD,USER_IN_WHITELIST autolearn=unavailable version=3.3.2 Received: from lists.gnu.org ([208.118.235.17]:50162) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tsb34-0003c6-9I for submit@debbugs.gnu.org; Tue, 08 Jan 2013 10:25:06 -0500 Received: from eggs.gnu.org ([208.118.235.92]:45990) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tsb2z-0001hB-8k for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 10:25:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Tsb2u-0003O9-KV for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 10:25:01 -0500 Received: from plane.gmane.org ([80.91.229.3]:44811) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tsb2u-0003O1-Dj for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 10:24:56 -0500 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Tsb36-0002lx-65 for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 16:25:08 +0100 Received: from c-65-96-148-157.hsd1.ma.comcast.net ([65.96.148.157]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 08 Jan 2013 16:25:08 +0100 Received: from tzz by c-65-96-148-157.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 08 Jan 2013 16:25:08 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: bug-gnu-emacs@gnu.org To: bug-gnu-emacs@gnu.org From: Ted Zlatanov Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity Date: Tue, 08 Jan 2013 10:24:43 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Lines: 18 Message-ID: <87hamrg0jo.fsf@lifelogs.com> References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> Mime-Version: 1.0 Content-Type: text/plain X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-65-96-148-157.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:ml3Tvip/Dq2I+9LQagv0W9bcPqc= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 208.118.235.17 X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: bug-gnu-emacs@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.0 (-----) On Tue, 08 Jan 2013 15:49:28 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: >> It should default to nil (in other words, we'll ship 24.3 with the same >> insecure behavior it has right now). But we can recommend to the users >> to turn it on, and see how well it works in practice, and write the >> necessary prompts and customization logic that Lars outlined. LMI> I think we should just leave things as is for 24.3, since it's too close LMI> to release, and fix this properly for 24.5. Instituting an option like LMI> that (which will have to be abandoned later) as a stop-gap I feel isn't LMI> all that helpful. LMI> I think. OK with me. Is there a way to mark the bug is deferred so? Maybe a fix-version? Ted From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 08 12:06:21 2013 Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 17:06:21 +0000 Received: from localhost ([127.0.0.1]:57003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Tscd3-0006cd-3L for submit@debbugs.gnu.org; Tue, 08 Jan 2013 12:06:21 -0500 Received: from ironport2-out.teksavvy.com ([206.248.154.182]:46929) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Tscd1-0006cR-EH for 13374@debbugs.gnu.org; Tue, 08 Jan 2013 12:06:19 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtkGAG6Zu09FxIzd/2dsb2JhbABEgXuyFoEIghUBAQQBViMFCws0EhQYDSSIHAW6CZBEA4hCmnGBWIMH X-IronPort-AV: E=Sophos;i="4.75,637,1330923600"; d="scan'208";a="212065062" Received: from 69-196-140-221.dsl.teksavvy.com (HELO pastel.home) ([69.196.140.221]) by ironport2-out.teksavvy.com with ESMTP/TLS/ADH-AES256-SHA; 08 Jan 2013 12:06:08 -0500 Received: by pastel.home (Postfix, from userid 20848) id 9B95F59230; Tue, 8 Jan 2013 12:06:08 -0500 (EST) From: Stefan Monnier To: Lars Magne Ingebrigtsen Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity Message-ID: References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> Date: Tue, 08 Jan 2013 12:06:08 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 08 Jan 2013 15:49:28 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 13374 Cc: Oleksii Shevchuk , Glenn Morris , 13374@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -1.9 (-) >> It should default to nil (in other words, we'll ship 24.3 with the same >> insecure behavior it has right now). But we can recommend to the users >> to turn it on, and see how well it works in practice, and write the >> necessary prompts and customization logic that Lars outlined. > I think we should just leave things as is for 24.3, since it's too close > to release, and fix this properly for 24.5. I tend to agree, although, if the patch is sufficiently trivial, it could be accepted (e.g. define a new custom var, with nil default value and splice it somewhere in the code where nil makes no difference). > Instituting an option like that (which will have to be abandoned > later) as a stop-gap I feel isn't all that helpful. If the option will have to be abandoned, then it's indeed a loser, but I thought the idea is that this option will stay and the added code in 24.4 will "simply" be handling errors more cleverly and prompting the user to update this option on-the-fly. Stefan From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 05 11:52:28 2013 Received: (at control) by debbugs.gnu.org; 5 Mar 2013 16:52:28 +0000 Received: from localhost ([127.0.0.1]:60900 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UCv6H-00056e-Ut for submit@debbugs.gnu.org; Tue, 05 Mar 2013 11:52:27 -0500 Received: from fencepost.gnu.org ([208.118.235.10]:46302 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UCv6G-00056V-5z for control@debbugs.gnu.org; Tue, 05 Mar 2013 11:52:24 -0500 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1UCv5u-00027S-N9 for control@debbugs.gnu.org; Tue, 05 Mar 2013 11:52:02 -0500 Date: Tue, 05 Mar 2013 11:52:02 -0500 Message-Id: Subject: control message for bug 13877 To: X-Mailer: mail (GNU Mailutils 2.1) From: Glenn Morris X-Spam-Score: -4.8 (----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -4.8 (----) forcemerge 13374 13877 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 14 08:20:38 2013 Received: (at 13374) by debbugs.gnu.org; 14 Mar 2013 12:20:39 +0000 Received: from localhost ([127.0.0.1]:53027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UG798-0007TZ-Rc for submit@debbugs.gnu.org; Thu, 14 Mar 2013 08:20:38 -0400 Received: from mail-vc0-f180.google.com ([209.85.220.180]:47274) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UG793-0007TH-Rg for 13374@debbugs.gnu.org; Thu, 14 Mar 2013 08:20:33 -0400 Received: by mail-vc0-f180.google.com with SMTP id m17so281771vca.25 for <13374@debbugs.gnu.org>; Thu, 14 Mar 2013 05:19:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=x-received:from:to:cc:subject:organization:references:x-face :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=/ihMoOzLkFjWBEZh09AsHN+u8zlEjwhYh0UZvDb5Avg=; b=L9P+q3CrUW2s1DRPFGX7D7FkuvU1DDUXuvc8ANIURb0u8kbJS8W1yDMQ7ANsPfQcTR 90Gqs294ueUpgWHR1nghokl/PQqHrqcK/bHeOK6wVC/0D9H+uUW90Al2lYP5pF2JAacb FR8iFvCbzpQuahUE1F8vF78pdNor70qiQMlkI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:organization:references:x-face :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:x-gm-message-state; bh=/ihMoOzLkFjWBEZh09AsHN+u8zlEjwhYh0UZvDb5Avg=; b=egtoMNtBcN4vMt9yQqiAIYAIAIhuoGNF7ct0PNWMtOzG73ZRLDdQbfcKBYktSqi6NV 6jVdRyCP+baxeH0NGKvHETQk1keg2hEPnreBTeTrDCiI3pRPrqmc71KJ8CeEaTjw/tuy /cR7GghrMBtfkr5FPQptvnqnjs8YFkMIYSzGLtozSUUHgpq5LNRhC30X2m8H5gXzolL2 T1kYYK4Vh2SXKgnzPZ+g+yeyq9gstDGcmk6YedsSIAEDCmeexqbKVM9HWm1zuQCyQLRH 7TB/eCw418z7NwCBFzLE9OWP5ADTBwmw1BGt67jxIu9KkOKl+guSxPUKgXt8SKMkvgNC YSog== X-Received: by 10.52.177.161 with SMTP id cr1mr1030936vdc.64.1363263553465; Thu, 14 Mar 2013 05:19:13 -0700 (PDT) Received: from heechee (pool-72-70-84-108.bstnma.east.verizon.net. [72.70.84.108]) by mx.google.com with ESMTPS id cl9sm1089863vdb.3.2013.03.14.05.19.11 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 14 Mar 2013 05:19:12 -0700 (PDT) From: Ted Zlatanov To: Glenn Morris Subject: Re: bug#13877: 24.3; gnutls.el: Enable Certificate Checks Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <0evc953i3u.fsf@fencepost.gnu.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Thu, 14 Mar 2013 08:19:09 -0400 In-Reply-To: <0evc953i3u.fsf@fencepost.gnu.org> (Glenn Morris's message of "Tue, 05 Mar 2013 11:51:33 -0500") Message-ID: <878v5qcgxu.fsf@lifelogs.com> User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Gm-Message-State: ALoCoQlLLHPlnKC7E/6028mRYt3EUYBaXPL0n8ozsDzqZg8wf0R2xJwFft069cvoglK//TTZnGTO X-Spam-Score: 0.1 (/) X-Debbugs-Envelope-To: 13374 Cc: 13374@debbugs.gnu.org, 13877@debbugs.gnu.org, Moritz Ulrich X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.6 (--) On Tue, 05 Mar 2013 11:51:33 -0500 Glenn Morris wrote: GM> Moritz Ulrich wrote: >> Currently, gnutls.el doesn't check certificate signatures when used via >> `open-network-stream' with :type 'tls or `open-gnutls-stream'. GM> Please see http://debbugs.gnu.org/13374 GM> It was considered too complicated to fix this properly for 24.3. >> There is NO way to set :verify-host, :verify-flags, etc. for this call >> to `gnutls-negotiate' when using gnutls via high-level functions like >> `open-network-stream'. >> >> I consider this a bug, as Emacs won't check any certificates and >> therefore allow man in the middle attacks without even documenting this. >> >> It should at least be possible to pass :verify-* from >> `open-network-stream' down to `gnutls-negotiate'. That would be a simple >> yet effective solution. I would like to fix this properly now that 24.3 is out, but perhaps the emacs-devel mailing list is a better place to work on it? Ted From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 27 09:23:18 2013 Received: (at 13374) by debbugs.gnu.org; 27 Mar 2013 13:23:18 +0000 Received: from localhost ([127.0.0.1]:47234 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UKqJy-00068u-9L for submit@debbugs.gnu.org; Wed, 27 Mar 2013 09:23:18 -0400 Received: from mail-qc0-f175.google.com ([209.85.216.175]:47288) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1UKqJu-00068e-V0 for 13374@debbugs.gnu.org; Wed, 27 Mar 2013 09:23:16 -0400 Received: by mail-qc0-f175.google.com with SMTP id j3so3677968qcs.34 for <13374@debbugs.gnu.org>; Wed, 27 Mar 2013 06:20:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=x-received:from:to:cc:subject:organization:references:x-face :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=W2FdrxJlte4CriHVrJgzv5lowyE+gywCopK0zc8uoWw=; b=breidF3d0e+n+B0FWt2bYSY16sBKXVMbBESd0qJFo9KnKqYyA/n/xW0/W9SKS0rmK8 //jyq6wpRrdFRtfgpm+1XYof/kCQf8fT02NDk7Aw1oUUkr7MHMsL5+P1iRLsQFWuH7iV CgBsBWxIw4I6cIPQrKTQXcV4QNtMz3gz7O0Y8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:organization:references:x-face :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:x-gm-message-state; bh=W2FdrxJlte4CriHVrJgzv5lowyE+gywCopK0zc8uoWw=; b=XP7V8YWu5jn9jX2NcpGRnY4bb6CtCBFkjjFQQAPHdHgqMsgUzDcawjL+r9K0usE6Hw mr5XgNqBDar4aRrDLRXUwKaIKaiUjcXICOxua1zX+O1psLXdyfWdt37HzS1RahueY7qa N2RtHGUonRGgW1vvfDUkpHEwvASCtIWYbNRHNOUVe/3YmEtmpvhhxEV/iMbxc2oJsBW1 ZYIcXAjRfAl36SX4SdIdW2UPa3ntJJ0VZ9TZh5k0lw2j6meeNKh0SOyJ3EZVR2cQyvvg HAzwWpIB5tT0b8GbEdJ3VxByu3Wy29inRyBBOWFtXxT/mR4hpbTwfG/F7bwOMnR2jx6Z gl1Q== X-Received: by 10.224.188.82 with SMTP id cz18mr12082694qab.71.1364390449945; Wed, 27 Mar 2013 06:20:49 -0700 (PDT) Received: from heechee (pool-72-93-31-86.bstnma.east.verizon.net. [72.93.31.86]) by mx.google.com with ESMTPS id c2sm15982506qeg.6.2013.03.27.06.20.47 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Wed, 27 Mar 2013 06:20:48 -0700 (PDT) From: Ted Zlatanov To: Glenn Morris , Moritz Ulrich Subject: Re: bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <0evc953i3u.fsf@fencepost.gnu.org> <878v5qcgxu.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 27 Mar 2013 09:20:46 -0400 In-Reply-To: <878v5qcgxu.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 14 Mar 2013 08:19:09 -0400") Message-ID: <87zjxprnbl.fsf@lifelogs.com> User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Gm-Message-State: ALoCoQlkYY8IfKk46MfX9eiP3vRK4qFTq0SGGYD0CUsBiWhRgxrlNiTQRM52HSXZKlJRP8Yq8EMj X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 13374 Cc: 13374@debbugs.gnu.org, 13877@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.6 (--) On Thu, 14 Mar 2013 08:19:09 -0400 Ted Zlatanov wrote: TZ> On Tue, 05 Mar 2013 11:51:33 -0500 Glenn Morris wrote: GM> Moritz Ulrich wrote: >>> Currently, gnutls.el doesn't check certificate signatures when used via >>> `open-network-stream' with :type 'tls or `open-gnutls-stream'. GM> Please see http://debbugs.gnu.org/13374 GM> It was considered too complicated to fix this properly for 24.3. TZ> I would like to fix this properly now that 24.3 is out, but perhaps the TZ> emacs-devel mailing list is a better place to work on it? I started the discussion in emacs-devel. Please contribute your ideas and opinions. Ted From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 02 14:46:47 2013 Received: (at control) by debbugs.gnu.org; 2 Nov 2013 18:46:48 +0000 Received: from localhost ([127.0.0.1]:59848 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgDf-0001dr-I1 for submit@debbugs.gnu.org; Sat, 02 Nov 2013 14:46:47 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:33859 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgDd-0001di-FN for control@debbugs.gnu.org; Sat, 02 Nov 2013 14:46:45 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1VcgDd-0000z1-5Z for control@debbugs.gnu.org; Sat, 02 Nov 2013 14:46:45 -0400 Date: Sat, 02 Nov 2013 14:46:45 -0400 Message-Id: Subject: control message for bug 15792 To: X-Mailer: mail (GNU Mailutils 2.1) From: Glenn Morris X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) forcemerge 13374 15792 From unknown Fri Jun 20 07:17:26 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Did not alter fixed versions and reopened. Date: Sat, 02 Nov 2013 21:11:01 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # Did not alter fixed versions and reopened. thanks # This fakemail brought to you by your local debbugs # administrator From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 18 17:49:31 2013 Received: (at 13374-done) by debbugs.gnu.org; 18 Dec 2013 22:49:32 +0000 Received: from localhost ([127.0.0.1]:57817 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VtPvj-0002c5-In for submit@debbugs.gnu.org; Wed, 18 Dec 2013 17:49:31 -0500 Received: from mail-qc0-f178.google.com ([209.85.216.178]:51081) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VtPve-0002bu-CQ for 13374-done@debbugs.gnu.org; Wed, 18 Dec 2013 17:49:26 -0500 Received: by mail-qc0-f178.google.com with SMTP id i17so282336qcy.37 for <13374-done@debbugs.gnu.org>; Wed, 18 Dec 2013 14:49:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=mzN+23qg7wQyoynn7+A6rvjg1kavLhB42Lk0aNaGTEg=; b=XhhgJeg6UEkf5e8iIx/cQK8PZvNPUE+ePXVQJMyqqIx/O+EdM8CFgf/EHu8PTHRqc3 jfQpyKSIR6fcc+6aghxegyC/7yElTF6PCx3BzpWLwTc/ZI3ZgHGP+581BeOyoHtQLRqd 9xzJlZoZF93Z805S88SB3SPDhuC2+0JpOPdyA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=mzN+23qg7wQyoynn7+A6rvjg1kavLhB42Lk0aNaGTEg=; b=SopTyetmm5w3R4wtqjx+OfLMgIGu04aNlnEcm87t1qCHBKjYULSTTdz2UqZHTpljBf mnK7EdeJ5G+gEeA9wAVH5ygLDxKIReiWHFRLM2L89m5SsS8VyJ0UbDsyByo+Utk9/syV bDfRUgrBMUnmn2sUd1cAd0ylpjx7d8n7vQ+zvOxJZBC4ok1kZ17QhjN5GJZ5AfgHD27s 1CXNHUeHVXJC0KHR44Zk0VIKsecJkTnfDDww7JF4zPpbAz1jsieEkQU5i8tYvYWxzN+t /kGPH2ZE+vsAzsl/z3DYbR2L38Wf7rURj2DgpRQz29tDIC1rAZmzqKHjL34o29AU96z1 M5Aw== X-Gm-Message-State: ALoCoQlZQSdVd65QLHdxU1ZOKJvMucw8Wp5gW+DPfja9E/mcJ4YpWr73qskGBNNQeVKD1RVJCk62 X-Received: by 10.224.80.4 with SMTP id r4mr57541481qak.69.1387406961780; Wed, 18 Dec 2013 14:49:21 -0800 (PST) Received: from flea.lifelogs.com (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id r5sm4224715qan.4.2013.12.18.14.49.20 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Dec 2013 14:49:20 -0800 (PST) From: Ted Zlatanov To: Stefan Monnier Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 18 Dec 2013 17:50:39 -0500 In-Reply-To: (Stefan Monnier's message of "Tue, 08 Jan 2013 12:06:08 -0500") Message-ID: <87r499ixj4.fsf@flea.lifelogs.com> User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 13374-done Cc: Oleksii Shevchuk , Lars Magne Ingebrigtsen , 13374-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, 08 Jan 2013 12:06:08 -0500 Stefan Monnier wrote: >>> It should default to nil (in other words, we'll ship 24.3 with the same >>> insecure behavior it has right now). But we can recommend to the users >>> to turn it on, and see how well it works in practice, and write the >>> necessary prompts and customization logic that Lars outlined. >> I think we should just leave things as is for 24.3, since it's too close >> to release, and fix this properly for 24.5. SM> I tend to agree, although, if the patch is sufficiently trivial, it SM> could be accepted (e.g. define a new custom var, with nil default value SM> and splice it somewhere in the code where nil makes no difference). >> Instituting an option like that (which will have to be abandoned >> later) as a stop-gap I feel isn't all that helpful. SM> If the option will have to be abandoned, then it's indeed a loser, but SM> I thought the idea is that this option will stay and the added code in SM> 24.4 will "simply" be handling errors more cleverly and prompting the SM> user to update this option on-the-fly. This is done for the upcoming release. Marking this as done. Ted From unknown Fri Jun 20 07:17:26 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 16 Jan 2014 12:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator