Reported by: sb <at> dod.no
Date: Mon, 17 Feb 2014 17:52:01 UTC
Severity: normal
Tags: fixed
Found in version 24.3
Fixed in version 25.1
Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 16784 in the body.
You can then email your comments to 16784 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org:bug#16784; Package emacs.
(Mon, 17 Feb 2014 17:52:02 GMT) Full text and rfc822 format available.sb <at> dod.no:bug-gnu-emacs <at> gnu.org.
(Mon, 17 Feb 2014 17:52:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: sb <at> dod.no To: bug-gnu-emacs <at> gnu.org Subject: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Mon, 17 Feb 2014 18:50:32 +0100
Entering news.gmane.no nntp groups in gnus fails on Windows, because it tries to upgrade the connection using STARTTLS and fails because the news.gmane.org certificate is self signed. I did (setq gnutls-log-level 1) in the scratch buffer, and tried entering a group, and saw the following in the messages buffer: Opening nntp server on news.gmane.org...done gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly terminated. gnutls.c: [1] (Emacs) allocating credentials gnutls.c: [1] (Emacs) gnutls callbacks gnutls.c: [1] (Emacs) gnutls_init gnutls.c: [1] (Emacs) got non-default priority string: NORMAL gnutls.c: [1] (Emacs) setting the priority string news.gmane.org certificate could not be verified. gnutls.c: [1] (Emacs) certificate signer was not found: news.gmane.org gnutls.c: [1] (Emacs) certificate validation failed: news.gmane.org gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly terminated. apply: Server closed connection I'm using the following GNU-TLS: gnutls-3.0.9-w32-bin.zip (from http://sourceforge.net/projects/ezwinports/files/) (unzipped, and the dlls dropped into the emacs-24.3/bin/ directory) In GNU Emacs 24.3.1 (i386-mingw-nt6.2.9200) of 2013-03-17 on MARVIN Windowing system distributor `Microsoft Corp.', version 6.2.9200 Configured using: `configure --with-gcc (4.7) --cflags -ID:/devel/emacs/libs/libXpm-3.5.8/include -ID:/devel/emacs/libs/libXpm-3.5.8/src -ID:/devel/emacs/libs/libpng-dev_1.4.3-1/include -ID:/devel/emacs/libs/zlib-dev_1.2.5-2/include -ID:/devel/emacs/libs/giflib-4.1.4-1/include -ID:/devel/emacs/libs/jpeg-6b-4/include -ID:/devel/emacs/libs/tiff-3.8.2-1/include -ID:/devel/emacs/libs/gnutls-3.0.9/include -ID:/devel/emacs/libs/libiconv-1.13.1-1-dev/include -ID:/devel/emacs/libs/libxml2-2.7.8/include/libxml2' Important settings: value of $LANG: NOR locale-coding-system: cp1252 default enable-multibyte-characters: t Major mode: Article Minor modes in effect: diff-auto-refine-mode: t display-time-mode: t tooltip-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t buffer-read-only: t line-number-mode: t transient-mark-mode: t Recent input: e l l SPC m e SPC t o SPC t r y SPC a g a i n s t SPC t h e SPC g n u s SPC d e l i v e r e d SPC w i t h SPC C-p C-a M-f C-k C-k C-k . SPC <return> <return> I S-SPC t h i n k SPC I S-SPC w i l l SPC j s u t SPC <backspace> <backspace> <backspace> <backspace> u s t SPC r e p o r t t <backspace> SPC t h e SPC b u g SPC o n SPC <backspace> SPC m y SPC s y s t e m SPC a s SPC i t SPC i s . M-x g n u s <backspace> <backspace> <backspace> <backspace> e m a c s - r e p <tab> C-g M-v M-x r e p o r t - e m a c s - b u g <return> C-x o <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> C-x b C-x o C-x b <return> <up> <up> <up> <down> SPC C-x o C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n C-n <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> <down> C-SPC C-e M-w M-x <up> <return> Recent messages: Mark set [3 times] Auto-saving...done Auto-saving...done Mark set byte-code: End of buffer Mark set [3 times] browse-url-at-point: No URL found Auto-saving...done Quit byte-code: Command attempted to use minibuffer while in minibuffer Load-path shadows: c:/Users/sb/git/gnus/lisp/password-cache hides c:/ProgramFiles/emacs-24.3/lisp/password-cache c:/Users/sb/git/gnus/lisp/md4 hides c:/ProgramFiles/emacs-24.3/lisp/md4 c:/Users/sb/git/gnus/lisp/hex-util hides c:/ProgramFiles/emacs-24.3/lisp/hex-util c:/Users/sb/git/gnus/lisp/format-spec hides c:/ProgramFiles/emacs-24.3/lisp/format-spec c:/Users/sb/git/gnus/lisp/color hides c:/ProgramFiles/emacs-24.3/lisp/color c:/Users/sb/git/gnus/lisp/dns-mode hides c:/ProgramFiles/emacs-24.3/lisp/textmodes/dns-mode c:/Users/sb/git/gnus/lisp/tls hides c:/ProgramFiles/emacs-24.3/lisp/net/tls c:/Users/sb/git/gnus/lisp/sasl hides c:/ProgramFiles/emacs-24.3/lisp/net/sasl c:/Users/sb/git/gnus/lisp/sasl-ntlm hides c:/ProgramFiles/emacs-24.3/lisp/net/sasl-ntlm c:/Users/sb/git/gnus/lisp/sasl-digest hides c:/ProgramFiles/emacs-24.3/lisp/net/sasl-digest c:/Users/sb/git/gnus/lisp/sasl-cram hides c:/ProgramFiles/emacs-24.3/lisp/net/sasl-cram c:/Users/sb/git/gnus/lisp/ntlm hides c:/ProgramFiles/emacs-24.3/lisp/net/ntlm c:/Users/sb/git/gnus/lisp/netrc hides c:/ProgramFiles/emacs-24.3/lisp/net/netrc c:/Users/sb/git/gnus/lisp/hmac-md5 hides c:/ProgramFiles/emacs-24.3/lisp/net/hmac-md5 c:/Users/sb/git/gnus/lisp/hmac-def hides c:/ProgramFiles/emacs-24.3/lisp/net/hmac-def c:/Users/sb/git/gnus/lisp/dns hides c:/ProgramFiles/emacs-24.3/lisp/net/dns c:/Users/sb/git/gnus/lisp/dig hides c:/ProgramFiles/emacs-24.3/lisp/net/dig c:/Users/sb/git/gnus/lisp/uudecode hides c:/ProgramFiles/emacs-24.3/lisp/mail/uudecode c:/Users/sb/git/gnus/lisp/hashcash hides c:/ProgramFiles/emacs-24.3/lisp/mail/hashcash c:/Users/sb/git/gnus/lisp/binhex hides c:/ProgramFiles/emacs-24.3/lisp/mail/binhex c:/Users/sb/git/gnus/lisp/yenc hides c:/ProgramFiles/emacs-24.3/lisp/gnus/yenc c:/Users/sb/git/gnus/lisp/utf7 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/utf7 c:/Users/sb/git/gnus/lisp/starttls hides c:/ProgramFiles/emacs-24.3/lisp/gnus/starttls c:/Users/sb/git/gnus/lisp/spam hides c:/ProgramFiles/emacs-24.3/lisp/gnus/spam c:/Users/sb/git/gnus/lisp/spam-wash hides c:/ProgramFiles/emacs-24.3/lisp/gnus/spam-wash c:/Users/sb/git/gnus/lisp/spam-stat hides c:/ProgramFiles/emacs-24.3/lisp/gnus/spam-stat c:/Users/sb/git/gnus/lisp/spam-report hides c:/ProgramFiles/emacs-24.3/lisp/gnus/spam-report c:/Users/sb/git/gnus/lisp/smime hides c:/ProgramFiles/emacs-24.3/lisp/gnus/smime c:/Users/sb/git/gnus/lisp/smiley hides c:/ProgramFiles/emacs-24.3/lisp/gnus/smiley c:/Users/sb/git/gnus/lisp/sieve hides c:/ProgramFiles/emacs-24.3/lisp/gnus/sieve c:/Users/sb/git/gnus/lisp/sieve-mode hides c:/ProgramFiles/emacs-24.3/lisp/gnus/sieve-mode c:/Users/sb/git/gnus/lisp/sieve-manage hides c:/ProgramFiles/emacs-24.3/lisp/gnus/sieve-manage c:/Users/sb/git/gnus/lisp/score-mode hides c:/ProgramFiles/emacs-24.3/lisp/gnus/score-mode c:/Users/sb/git/gnus/lisp/rtree hides c:/ProgramFiles/emacs-24.3/lisp/gnus/rtree c:/Users/sb/git/gnus/lisp/rfc2231 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/rfc2231 c:/Users/sb/git/gnus/lisp/rfc2104 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/rfc2104 c:/Users/sb/git/gnus/lisp/rfc2047 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/rfc2047 c:/Users/sb/git/gnus/lisp/rfc2045 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/rfc2045 c:/Users/sb/git/gnus/lisp/rfc1843 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/rfc1843 c:/Users/sb/git/gnus/lisp/registry hides c:/ProgramFiles/emacs-24.3/lisp/gnus/registry c:/Users/sb/git/gnus/lisp/qp hides c:/ProgramFiles/emacs-24.3/lisp/gnus/qp c:/Users/sb/git/gnus/lisp/pop3 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/pop3 c:/Users/sb/git/gnus/lisp/plstore hides c:/ProgramFiles/emacs-24.3/lisp/gnus/plstore c:/Users/sb/git/gnus/lisp/nnweb hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnweb c:/Users/sb/git/gnus/lisp/nnvirtual hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnvirtual c:/Users/sb/git/gnus/lisp/nntp hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nntp c:/Users/sb/git/gnus/lisp/nnspool hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnspool c:/Users/sb/git/gnus/lisp/nnrss hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnrss c:/Users/sb/git/gnus/lisp/nnregistry hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnregistry c:/Users/sb/git/gnus/lisp/nnoo hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnoo c:/Users/sb/git/gnus/lisp/nnnil hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnnil c:/Users/sb/git/gnus/lisp/nnml hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnml c:/Users/sb/git/gnus/lisp/nnmh hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnmh c:/Users/sb/git/gnus/lisp/nnmbox hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnmbox c:/Users/sb/git/gnus/lisp/nnmairix hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnmairix c:/Users/sb/git/gnus/lisp/nnmaildir hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnmaildir c:/Users/sb/git/gnus/lisp/nnmail hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnmail c:/Users/sb/git/gnus/lisp/nnir hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnir c:/Users/sb/git/gnus/lisp/nnimap hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnimap c:/Users/sb/git/gnus/lisp/nnheader hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnheader c:/Users/sb/git/gnus/lisp/nngateway hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nngateway c:/Users/sb/git/gnus/lisp/nnfolder hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnfolder c:/Users/sb/git/gnus/lisp/nneething hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nneething c:/Users/sb/git/gnus/lisp/nndraft hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nndraft c:/Users/sb/git/gnus/lisp/nndoc hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nndoc c:/Users/sb/git/gnus/lisp/nndir hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nndir c:/Users/sb/git/gnus/lisp/nndiary hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nndiary c:/Users/sb/git/gnus/lisp/nnbabyl hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnbabyl c:/Users/sb/git/gnus/lisp/nnagent hides c:/ProgramFiles/emacs-24.3/lisp/gnus/nnagent c:/Users/sb/git/gnus/lisp/mml2015 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mml2015 c:/Users/sb/git/gnus/lisp/mml1991 hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mml1991 c:/Users/sb/git/gnus/lisp/mml hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mml c:/Users/sb/git/gnus/lisp/mml-smime hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mml-smime c:/Users/sb/git/gnus/lisp/mml-sec hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mml-sec c:/Users/sb/git/gnus/lisp/mm-view hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-view c:/Users/sb/git/gnus/lisp/mm-uu hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-uu c:/Users/sb/git/gnus/lisp/mm-util hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-util c:/Users/sb/git/gnus/lisp/mm-url hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-url c:/Users/sb/git/gnus/lisp/mm-partial hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-partial c:/Users/sb/git/gnus/lisp/mm-extern hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-extern c:/Users/sb/git/gnus/lisp/mm-encode hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-encode c:/Users/sb/git/gnus/lisp/mm-decode hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-decode c:/Users/sb/git/gnus/lisp/mm-bodies hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-bodies c:/Users/sb/git/gnus/lisp/mm-archive hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mm-archive c:/Users/sb/git/gnus/lisp/messcompat hides c:/ProgramFiles/emacs-24.3/lisp/gnus/messcompat c:/Users/sb/git/gnus/lisp/message hides c:/ProgramFiles/emacs-24.3/lisp/gnus/message c:/Users/sb/git/gnus/lisp/mailcap hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mailcap c:/Users/sb/git/gnus/lisp/mail-source hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mail-source c:/Users/sb/git/gnus/lisp/mail-prsvr hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mail-prsvr c:/Users/sb/git/gnus/lisp/mail-parse hides c:/ProgramFiles/emacs-24.3/lisp/gnus/mail-parse c:/Users/sb/git/gnus/lisp/legacy-gnus-agent hides c:/ProgramFiles/emacs-24.3/lisp/gnus/legacy-gnus-agent c:/Users/sb/git/gnus/lisp/ietf-drums hides c:/ProgramFiles/emacs-24.3/lisp/gnus/ietf-drums c:/Users/sb/git/gnus/lisp/html2text hides c:/ProgramFiles/emacs-24.3/lisp/gnus/html2text c:/Users/sb/git/gnus/lisp/gssapi hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gssapi c:/Users/sb/git/gnus/lisp/gravatar hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gravatar c:/Users/sb/git/gnus/lisp/gnus hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus c:/Users/sb/git/gnus/lisp/gnus-win hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-win c:/Users/sb/git/gnus/lisp/gnus-vm hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-vm c:/Users/sb/git/gnus/lisp/gnus-uu hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-uu c:/Users/sb/git/gnus/lisp/gnus-util hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-util c:/Users/sb/git/gnus/lisp/gnus-undo hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-undo c:/Users/sb/git/gnus/lisp/gnus-topic hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-topic c:/Users/sb/git/gnus/lisp/gnus-sync hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-sync c:/Users/sb/git/gnus/lisp/gnus-sum hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-sum c:/Users/sb/git/gnus/lisp/gnus-start hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-start c:/Users/sb/git/gnus/lisp/gnus-srvr hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-srvr c:/Users/sb/git/gnus/lisp/gnus-spec hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-spec c:/Users/sb/git/gnus/lisp/gnus-sieve hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-sieve c:/Users/sb/git/gnus/lisp/gnus-setup hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-setup c:/Users/sb/git/gnus/lisp/gnus-score hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-score c:/Users/sb/git/gnus/lisp/gnus-salt hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-salt c:/Users/sb/git/gnus/lisp/gnus-registry hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-registry c:/Users/sb/git/gnus/lisp/gnus-range hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-range c:/Users/sb/git/gnus/lisp/gnus-picon hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-picon c:/Users/sb/git/gnus/lisp/gnus-notifications hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-notifications c:/Users/sb/git/gnus/lisp/gnus-msg hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-msg c:/Users/sb/git/gnus/lisp/gnus-mlspl hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-mlspl c:/Users/sb/git/gnus/lisp/gnus-ml hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-ml c:/Users/sb/git/gnus/lisp/gnus-mh hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-mh c:/Users/sb/git/gnus/lisp/gnus-logic hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-logic c:/Users/sb/git/gnus/lisp/gnus-kill hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-kill c:/Users/sb/git/gnus/lisp/gnus-int hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-int c:/Users/sb/git/gnus/lisp/gnus-html hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-html c:/Users/sb/git/gnus/lisp/gnus-group hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-group c:/Users/sb/git/gnus/lisp/gnus-gravatar hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-gravatar c:/Users/sb/git/gnus/lisp/gnus-fun hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-fun c:/Users/sb/git/gnus/lisp/gnus-ems hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-ems c:/Users/sb/git/gnus/lisp/gnus-eform hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-eform c:/Users/sb/git/gnus/lisp/gnus-dup hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-dup c:/Users/sb/git/gnus/lisp/gnus-draft hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-draft c:/Users/sb/git/gnus/lisp/gnus-dired hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-dired c:/Users/sb/git/gnus/lisp/gnus-diary hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-diary c:/Users/sb/git/gnus/lisp/gnus-demon hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-demon c:/Users/sb/git/gnus/lisp/gnus-delay hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-delay c:/Users/sb/git/gnus/lisp/gnus-cus hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-cus c:/Users/sb/git/gnus/lisp/gnus-cite hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-cite c:/Users/sb/git/gnus/lisp/gnus-cache hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-cache c:/Users/sb/git/gnus/lisp/gnus-bookmark hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-bookmark c:/Users/sb/git/gnus/lisp/gnus-bcklg hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-bcklg c:/Users/sb/git/gnus/lisp/gnus-async hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-async c:/Users/sb/git/gnus/lisp/gnus-art hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-art c:/Users/sb/git/gnus/lisp/gnus-agent hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gnus-agent c:/Users/sb/git/gnus/lisp/gmm-utils hides c:/ProgramFiles/emacs-24.3/lisp/gnus/gmm-utils c:/Users/sb/git/gnus/lisp/flow-fill hides c:/ProgramFiles/emacs-24.3/lisp/gnus/flow-fill c:/Users/sb/git/gnus/lisp/ecomplete hides c:/ProgramFiles/emacs-24.3/lisp/gnus/ecomplete c:/Users/sb/git/gnus/lisp/deuglify hides c:/ProgramFiles/emacs-24.3/lisp/gnus/deuglify c:/Users/sb/git/gnus/lisp/compface hides c:/ProgramFiles/emacs-24.3/lisp/gnus/compface c:/Users/sb/git/gnus/lisp/canlock hides c:/ProgramFiles/emacs-24.3/lisp/gnus/canlock c:/Users/sb/git/gnus/lisp/auth-source hides c:/ProgramFiles/emacs-24.3/lisp/gnus/auth-source c:/Users/sb/git/gnus/lisp/.dir-locals hides c:/ProgramFiles/emacs-24.3/lisp/gnus/.dir-locals c:/Users/sb/git/gnus/lisp/time-date hides c:/ProgramFiles/emacs-24.3/lisp/calendar/time-date c:/Users/sb/git/gnus/lisp/parse-time hides c:/ProgramFiles/emacs-24.3/lisp/calendar/parse-time c:/Users/sb/apps/share/emacs/site-lisp/icalendar hides c:/ProgramFiles/emacs-24.3/lisp/calendar/icalendar Features: (shadow emacsbug shr-color color shr browse-url gnus-dup org-clock org-w3m org-wl org-vm org-rmail org-mhe org-mew org-irc org-habit org-jsinfo org-infojs org-html org-exp ob-exp org-exp-blocks org-agenda org-info org-gnus org-docview org-bibtex bibtex org-bbdb org-install org ob-tangle ob-ref ob-lob ob-table org-footnote org-src ob-comint ob-keys org-pcomplete pcomplete org-list org-faces org-entities noutline outline org-version ob-emacs-lisp ob org-compat org-macs ob-eval org-loaddefs find-func nnagent magit-key-mode magit view help-mode grep compile comint epa derived epg diff-mode autorevert git-rebase-mode thingatpt git-commit-mode server log-edit ring pcvs-util add-log dired url-http url-gw url-cache url-auth time-stamp vc-git pp canlock bbdb-message sendmail flow-fill mm-archive sort gnus-cite ansi-color mail-extr u-appt appt diary-lib diary-loaddefs cal-menu calendar cal-loaddefs gnus-bcklg gnus-async qp gnus-ml spam-gmane dns mm-url edmacro kmacro gnus-topic nnml nndraft nnmh utf-7 rfc2104 gnutls bbdb-gnus bbdb-mua network-stream warnings starttls gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-cache gnus-demon nntp gnus-diary nndiary spam-report spam spam-stat bbdb-com crm bbdb bbdb-site timezone gnus-uu yenc gnus-msg gnus-art mm-uu mml2015 epg-config mm-view mml-smime smime dig supercite regi gnus-sync json advice advice-preload gnus-load bbdb-autoloads magit-autoloads info git-rebase-mode-autoloads git-commit-mode-autoloads finder-inf package cl-macs gv desktop cl cl-lib nnir gnus-sum gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source tls utf7 netrc parse-time gnus-spec gnus-int gnus-range message format-spec rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader gnus-win gnus gnus-ems gnus-compat url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util url-parse auth-source eieio byte-opt bytecomp byte-compile cconv password-cache url-vars mailcap wid-edit nnoo nnheader gnus-util mm-util help-fns mail-prsvr mail-utils gnus-setup nxml-psgml-compatibility easy-mmode filladapt time jka-compr time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp w32-common-fns disp-table w32-win w32-vars tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process w32 multi-tty emacs)
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Tue, 18 Feb 2014 15:43:02 GMT) Full text and rfc822 format available.Message #8 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Ted Zlatanov <tzz <at> lifelogs.com> To: sb <at> dod.no Cc: 16784 <at> debbugs.gnu.org Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Tue, 18 Feb 2014 10:43:00 -0500
On Mon, 17 Feb 2014 18:50:32 +0100 sb <at> dod.no wrote: s> Entering news.gmane.no nntp groups in gnus fails on Windows, because it s> tries to upgrade the connection using STARTTLS and fails because the s> news.gmane.org certificate is self signed. Steinar also posted some suggestions in the original thread: SB> I would like one of the following solutions: SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for SB> NNTP connections SB> 2. The possibility to tell GNU-TLS not to be so stringent about SB> certificate verification I'll respond as soon as I'm able :) Ted
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Thu, 20 Mar 2014 14:48:01 GMT) Full text and rfc822 format available.Message #11 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Ted Zlatanov <tzz <at> lifelogs.com> To: sb <at> dod.no Cc: Lars Magne Ingebrigtsen <larsi <at> gnus.org>, 16784 <at> debbugs.gnu.org Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Thu, 20 Mar 2014 10:48:25 -0400
On Tue, 18 Feb 2014 10:43:00 -0500 Ted Zlatanov <tzz <at> lifelogs.com> wrote:
TZ> On Mon, 17 Feb 2014 18:50:32 +0100 sb <at> dod.no wrote:
s> Entering news.gmane.no nntp groups in gnus fails on Windows, because it
s> tries to upgrade the connection using STARTTLS and fails because the
s> news.gmane.org certificate is self signed.
SB> I would like one of the following solutions:
SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for
SB> NNTP connections
I think Lars has to give an opinion here.
SB> 2. The possibility to tell GNU-TLS not to be so stringent about
SB> certificate verification
The latest Emacs trunk has this:
(defcustom gnutls-verify-error nil
"If non-nil, this should be a list of checks per hostname regex or t."
:group 'gnutls
:version "24.4"
:type '(choice
(const t)
(repeat :tag "List of hostname regexps with flags for each"
(list
(choice :tag "Hostname"
(const ".*" :tag "Any hostname")
regexp)
(set (const :trustfiles)
(const :hostname))))))
So basically customize that variable and add :trustfiles and :hostname
for the respective verifications, or nil to disable them.
Also note that internally, we use some default flags for
`gnutls-negotiate'. From the docstring:
VERIFY-FLAGS is a numeric OR of verification flags only for
`gnutls-x509pki' connections. See GnuTLS' x509.h for details;
here's a recent version of the list.
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256
It must be omitted, a number, or nil; if omitted or nil it
defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
This is the current default, except as modified by the GnuTLS priority
string. I would expect callers such as Gnus to modify this, but not
normal users.
Ted
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Thu, 20 Mar 2014 14:59:02 GMT) Full text and rfc822 format available.Message #14 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Lars Magne Ingebrigtsen <larsi <at> gnus.org> To: sb <at> dod.no Cc: 16784 <at> debbugs.gnu.org Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Thu, 20 Mar 2014 15:58:02 +0100
Ted Zlatanov <tzz <at> lifelogs.com> writes: > SB> I would like one of the following solutions: > SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for > SB> NNTP connections > > I think Lars has to give an opinion here. I think we should always do encryption, even though we can't do validation. > So basically customize that variable and add :trustfiles and :hostname > for the respective verifications, or nil to disable them. When doing opportunistic upgrades (where the user hasn't asked for the connection to be encrypted), bothering the user with warnings about not being able to establish the identity of the server doesn't make much sense. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Fri, 21 Mar 2014 10:23:02 GMT) Full text and rfc822 format available.Message #17 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Ted Zlatanov <tzz <at> lifelogs.com> To: Lars Magne Ingebrigtsen <larsi <at> gnus.org> Cc: 16784 <at> debbugs.gnu.org, sb <at> dod.no Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Fri, 21 Mar 2014 06:23:16 -0400
On Thu, 20 Mar 2014 15:58:02 +0100 Lars Magne Ingebrigtsen <larsi <at> gnus.org> wrote: LMI> Ted Zlatanov <tzz <at> lifelogs.com> writes: SB> I would like one of the following solutions: SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for SB> NNTP connections >> >> I think Lars has to give an opinion here. LMI> I think we should always do encryption, even though we can't do validation. So the answer is "no" to Steinar's question. I have to agree, although it may be noisier, in 2014 it's the right way. >> So basically customize that variable and add :trustfiles and :hostname >> for the respective verifications, or nil to disable them. LMI> When doing opportunistic upgrades (where the user hasn't asked for the LMI> connection to be encrypted), bothering the user with warnings about not LMI> being able to establish the identity of the server doesn't make much LMI> sense. I can only suggest overriding `gnutls-log-level' but that doesn't make much sense if you're planning to use that connection, in which case you care about those warnings. Do we need a way to defer GnuTLS warnings (put them in a variable temporarily)? Ted
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Fri, 21 Mar 2014 10:35:02 GMT) Full text and rfc822 format available.Message #20 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Steinar Bang <sb <at> dod.no> To: Lars Magne Ingebrigtsen <larsi <at> gnus.org> Cc: 16784 <at> debbugs.gnu.org Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Fri, 21 Mar 2014 11:33:59 +0100
>>>>> Lars Magne Ingebrigtsen <larsi <at> gnus.org>: > Ted Zlatanov <tzz <at> lifelogs.com> writes: SB> I would like one of the following solutions: SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for SB> NNTP connections >> I think Lars has to give an opinion here. > I think we should always do encryption, even though we can't do validation. The reason I asked for this, is that if an ecryption I didn't ask for causes the connection to fail, I would like to be able to turn it off and have my unsafe connection. I would rather have an unsafe conncetion than no connection (which is what I seem to have right now on Windows).
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Mon, 24 Mar 2014 12:15:02 GMT) Full text and rfc822 format available.Message #23 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Lars Magne Ingebrigtsen <larsi <at> gnus.org> To: 16784 <at> debbugs.gnu.org Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Mon, 24 Mar 2014 13:14:12 +0100
Steinar Bang <sb <at> dod.no> writes: >>>>>> Lars Magne Ingebrigtsen <larsi <at> gnus.org>: > >> Ted Zlatanov <tzz <at> lifelogs.com> writes: > SB> I would like one of the following solutions: > SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for > SB> NNTP connections > >>> I think Lars has to give an opinion here. > >> I think we should always do encryption, even though we can't do validation. > > The reason I asked for this, is that if an ecryption I didn't ask for > causes the connection to fail, I would like to be able to turn it off > and have my unsafe connection. Yeah, but I's saying that the connection shouldn't fail. >"? If you didn't ask for encryption, but Emacs decides to do STARTTLS anyway, then Emacs should not do identity validation. Except perhaps just issue a message saying "couldn't validate TLS identity" or something at the most. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:bug#16784; Package emacs,gnus.
(Mon, 08 Dec 2014 20:08:02 GMT) Full text and rfc822 format available.Message #26 received at 16784 <at> debbugs.gnu.org (full text, mbox):
From: Lars Magne Ingebrigtsen <larsi <at> gnus.org> To: sb <at> dod.no Cc: 16784 <at> debbugs.gnu.org Subject: Re: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate Date: Mon, 08 Dec 2014 21:07:10 +0100
sb <at> dod.no writes: > Entering news.gmane.no nntp groups in gnus fails on Windows, because it > tries to upgrade the connection using STARTTLS and fails because the > news.gmane.org certificate is self signed. This should now be fixed due to the NSM stuff, I think? So I'm closing this report. Please reopen if this is still a problem. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
Lars Magne Ingebrigtsen <larsi <at> gnus.org>
to control <at> debbugs.gnu.org.
(Mon, 08 Dec 2014 20:08:02 GMT) Full text and rfc822 format available.Lars Magne Ingebrigtsen <larsi <at> gnus.org>
to control <at> debbugs.gnu.org.
(Mon, 08 Dec 2014 20:08:03 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Tue, 06 Jan 2015 12:24:07 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.