GNU bug report logs - #16978
24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities

Previous Next

Package: emacs;

Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>

Date: Mon, 10 Mar 2014 07:00:02 UTC

Severity: important

Tags: fixed, security

Merged with 16193, 18600

Found in versions 24.3, 24.3.94

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log


View this message in rfc822 format

From: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
To: 16978 <at> debbugs.gnu.org
Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities
Date: Fri, 21 Mar 2014 21:49:03 +0100
On Thu, 20 Mar 2014 09:43:50 -0400, Ted Zlatanov <tzz <at> lifelogs.com> said:

TZ> For storage of the certificates, I think
TZ> ~/.emacs.d/certs/hostname.somextension is the right place.  I
TZ> asked this on gnutls-devel a while ago so we can revisit the
TZ> discussion when we have the UI worked out.

Hi Ted,

GnuTLS uses the file ~/.gnutls/known_hosts.  I did not look into
this, but why do want to duplicate that functionality in Emacs?

JL> P.S. Self-signed certs are unusable now [...]

TZ> Hmm.  That seems a Gnus bug :) Can you submit it separately, to
TZ> keep the books clean, after testing with the latest Gnus?

Done: http://debbugs.gnu.org/17061

JL> P.P.S. I’m using imap.el, which knows of various ways to
JL> establish SSL/TLS connections, but gnutls.el is not among them.

TZ> I think you're on an old Gnus then, which is strange considering
TZ> you're testing with a recent Emacs.  What's `M-x gnus-version'?

v5.13 and Ma Gnus v0.10.  I’m using imap among `mail-sources' via
imap.el, not nnimap.  (The latter is on my todo list.)

Best wishes
Jens





This bug report was last modified 10 years and 179 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.