GNU bug report logs - #19098
24.4.51; gnutls.c doesn't handle wildcard certificates

Previous Next

Package: emacs;

Reported by: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Date: Tue, 18 Nov 2014 18:03:02 UTC

Severity: normal

Tags: notabug

Found in version 24.4.51

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: 19098 <at> debbugs.gnu.org
Subject: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates
Date: Mon, 08 Dec 2014 21:11:49 +0100

Ted Zlatanov <tzz <at> lifelogs.com> writes:

> and is caused by the GNUTLS_CERT_INVALID flag. But I don't see a hint
> anywhere that it does not work with wildcard certs (you have to
> explicitly disable them, so the assumption is that they work by
> default).  Also, if you set `gnutls-verify-error' to t, do you get the
> corresponding error in the non-NSM flow?  "$HOSTNAME certificate could
> not be verified."

Yes:

Debugger entered--Lisp error: (error "Certificate validation failed 33.media.tumblr.com, verification code 2")
  gnutls-boot(#<process nntpd<4>> gnutls-x509pki (:priority "NORMAL" :hostname "33.media.tumblr.com" :loglevel 0 :min-prime-bits 256 :trustfiles ("/etc/ssl/certs/ca-certificates.crt") :crlfiles nil :keylist nil :verify-flags nil :verify-error t :callbacks nil))

So I think the certificate just couldn't be verified, so this bug report
is, like, totally bogus, man.

Closing.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 10 years and 208 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.