GNU bug report logs - #16193
24.3; Enable TLS certificate checking by default

Previous Next

Package: emacs;

Reported by: "William G. Gardella" <wgg2 <at> member.fsf.org>

Date: Thu, 19 Dec 2013 19:21:01 UTC

Severity: important

Tags: fixed, security

Merged with 16978, 18600

Found in versions 24.3, 24.3.94

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 16193 <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: "William G. Gardella" <wgg2 <at> member.fsf.org>
Cc: 16193 <at> debbugs.gnu.org
Subject: Re: bug#16193: 24.3; Enable TLS certificate checking by default
Date: Thu, 19 Dec 2013 15:23:23 -0500

On Thu, 19 Dec 2013 19:20:04 +0000 "William G. Gardella" <wgg2 <at> member.fsf.org> wrote: 

WGG> How to reproduce: use `open-network-stream' on any TLS connection to a
WGG> server with an invalid, expired, or self-signed certificate.

WGG> What I expect to happen: Emacs asks the user or signals on `error' or
WGG> `user-error', terminating the connection attempt, or queries the user if
WGG> they wish to continue.

Please try setting `gnutls-verify-error' through customize in the Emacs
trunk.  Set it to t to always error on verification issues.

I plan to change it to t (or some variation thereof, e.g. sit-for-a-bit)
after the upcoming release, but didn't want to break people's setups.
Also there's no way to make it interactive due to the way Emacs
constructs the GnuTLS connection.  It has to error out completely.

WGG> Recommended solutions:

WGG> 2. Ensure that `tls-checktrust' actually works on an Emacs where
WGG> libgnutls is linked in.  (As far as I can tell, gnutls makes no
WGG> reference to this variable, although `gnutls-negotiate' does seem to
WGG> have some low-level facility for checking certificates, and there is the
WGG> `gnutls-trustfiles' variable).

Please check that it works for you as described above.  If yes, we'll
close this ticket.

WGG> 3. Document the default behavior in locations highly visible to users,
WGG> i.e. not just in the elisp manual, which is primarily for people writing
WGG> elisp, but also in the manuals of major `open-network-stream'-using
WGG> packages, such as ERC and smtpmail.  This is still an inferior solution
WGG> as users are unlikely to consult these manuals if nothing seems to be
WGG> wrong.

After the upcoming release, yes.

Ted
This bug report was last modified 10 years and 181 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.