From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Dmitry Gutov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 11:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19404@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.141890354712739 (code B ref -1); Thu, 18 Dec 2014 11:53:01 +0000 Received: (at submit) by debbugs.gnu.org; 18 Dec 2014 11:52:27 +0000 Received: from localhost ([127.0.0.1]:49505 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1Zd5-0003JP-2j for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:27 -0500 Received: from eggs.gnu.org ([208.118.235.92]:47413) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1Zd1-0003JG-Su for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y1Zcw-0002eV-J9 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:23 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41731) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1Zcw-0002eR-GK for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:18 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49109) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1Zcq-00048S-VC for bug-gnu-emacs@gnu.org; Thu, 18 Dec 2014 06:52:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y1Zcl-0002cz-TQ for bug-gnu-emacs@gnu.org; Thu, 18 Dec 2014 06:52:12 -0500 Received: from mail-wi0-x234.google.com ([2a00:1450:400c:c05::234]:39834) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1Zcl-0002cn-Ly for bug-gnu-emacs@gnu.org; Thu, 18 Dec 2014 06:52:07 -0500 Received: by mail-wi0-f180.google.com with SMTP id n3so1524050wiv.1 for ; Thu, 18 Dec 2014 03:52:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:message-id:mime-version:content-type; bh=WKGVJ5ymphu8Di3HsdmZSXjrhV4HrgFmjy5tNjQmAq8=; b=sjDX8hq3lspDMsXl+LMxj83l9VJ6jX4CeBrY1vqZnoW50ob8wIvxRr/yTX5WUNeOkQ 7ZJ98SVWTKqeNvqFxZawKhlNSCSWYePDIZ5Nc56qlTgKSzOyGcCvVJzlsPaWVRs8APGs 8JDnfZH+YnhQB7YmMgvLwbQg09SWeJkt9e7166qMocUSTyyKov0lR2yLtVsELt0ONqTA kY15jQwQ2DFW9kHSMwptQZed67zen20roomiY8FN6BDhojdhynXtM4Qthv/0evnUBlZe 1XYs+Vro+U6cGC+WJt0bfayE5DbSR2YUvoEoGft+S1UiRPzuuyNiYM75lfn3vyGbBveK ITKQ== X-Received: by 10.180.21.178 with SMTP id w18mr23235386wie.78.1418903524668; Thu, 18 Dec 2014 03:52:04 -0800 (PST) Received: from axl ([82.102.93.58]) by mx.google.com with ESMTPSA id f7sm9682208wiz.13.2014.12.18.03.52.03 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 18 Dec 2014 03:52:03 -0800 (PST) From: Dmitry Gutov Date: Thu, 18 Dec 2014 13:52:01 +0200 Message-ID: <86ppbhrx9a.fsf@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) And has been doing that ever since NSM patches were installed, IIRC. Am I doing something wrong? Looks like this: Certificate information Issued by: news.gmane.org Issued to: Gmane Hostname: news.gmane.org Public key: RSA, signature: RSA-SHA1 Protocol: TLS1.0, key: DHE-RSA, cipher: AES-128-CBC, mac: SHA1 Security level: Weak Valid: From 2011-12-04 to 2014-12-03 The TLS connection to news.gmane.org:nntp is insecure for the following reasons: certificate signer was not found (self-signed) certificate could not be verified In GNU Emacs 25.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 3.10.8) of 2014-12-18 on axl Repository revision: 18d4bdf135524f33173caa2ef2164345bd09017d Windowing system distributor `The X.Org Foundation', version 11.0.11501000 System Description: Ubuntu 14.04.1 LTS From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 14:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Dmitry Gutov Cc: 19404@debbugs.gnu.org Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14189142132618 (code B ref 19404); Thu, 18 Dec 2014 14:51:01 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 14:50:13 +0000 Received: from localhost ([127.0.0.1]:49604 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1cP6-0000gA-OZ for submit@debbugs.gnu.org; Thu, 18 Dec 2014 09:50:13 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:41117) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1cP4-0000g1-35 for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 09:50:11 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y1cOl-00084j-9V; Thu, 18 Dec 2014 15:49:51 +0100 From: Lars Magne Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJ1BMVEVZFDV/lbOy0uhfPWKt AABxcZSnvsxOK1dlUn6RorbT7Pxyh6qQsM2q5H/gAAACUUlEQVQ4jX2TwWvbMBTGBevIYaec25NZ Cy07NmvDLoM+mYpeArOK3d2Ka0hOga449zmLoKcNxVSlp8Jg1aljCwy8SzIGDfMfNT3JSZuw7oFl 6/vp+54kMIFHivwPsCwKIbBTyuwrcEBSkBWQHEe/ckgGe74LyL7ElELkgC/Vh/6hFP7LJtA4Pxky WQFQzfik3+S+bPosip8nMQJDs/3tDALXxK+aAdFyYZfBfLtax/8+h9b6ZkmLOkZEoPXJvUqPrVIB ra/bQ86jHFXP1JYm5lkuJB7BwU6WiAXGde09sFpQThxZziJlWXoubjzTr2cAkZl2j/T65X1zI0+s 4ebpUZy0O5UBwcRFfW50siOttpzBRVm0mV22fKWcXJakXlZoffuwBfDJ815YhRRFfc2iTWABMFyM NTbAFNp+wz5A7vQ/ReFAYUx3bO81ULsalQr8LMsp22/BcBmsYdTueIVeGbC6CH4pKAOlXIeHQOYX DZBq7hAzMMzbG4FUx3Zf9VU8R92eUCVtL5C5BeM6Rn21YEOZ65BKJU63PSyZKkU3KlA3XchbJKbF NGdQUgWJMxSEV1eiDLhjuUyuxmjghHMXpnKA7yyR+UdcPwqJEH2OJEpArrBYMtQLLgywZBQpA+jw zYE9V2iBwLTA/A7Pbl99O3AGQXpoMVtrNcLs/Pb8By1GPDQaSdOeDQvOR62zVj+knJv1YmBAmhoS ZkJkvfdC0LBv9DS1AOOy3uBdrbsrGthUDBwwZNBN07PaaZo+GaBcOVL3QWqnOynZmc8Xq/sYmNVf g3sU9QiIWK0AAAAASUVORK5CYII= X-Now-Playing: Chicks On Speed's _Artstravaganza_: "Time (Dancing in the Strobe-Light (Edit))" X-Hashcash: 1:23:141218:19404@debbugs.gnu.org::031UVbg7E9dfhlB9:0000000000000000000000000000000000000000V1TX X-Hashcash: 1:23:141218:dgutov@yandex.ru::yy9WEeDPwhKboW2D:0asqa Date: Thu, 18 Dec 2014 15:49:50 +0100 In-Reply-To: <86ppbhrx9a.fsf@yandex.ru> (Dmitry Gutov's message of "Thu, 18 Dec 2014 13:52:01 +0200") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Y1cOl-00084j-9V X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419518991.42309@tn2ZnRI1Hv0Ryy82usExCA X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Dmitry Gutov writes: > And has been doing that ever since NSM patches were installed, IIRC. > > Am I doing something wrong? Nope. It's a self-signed certificate. Press "A" to accept. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Wed Aug 20 05:16:23 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.503 (Entity 5.503) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Dmitry Gutov Subject: bug#19404: closed (Re: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane) Message-ID: References: <86k31p6m0e.fsf@yandex.ru> <86ppbhrx9a.fsf@yandex.ru> X-Gnu-PR-Message: they-closed 19404 X-Gnu-PR-Package: emacs Reply-To: 19404@debbugs.gnu.org Date: Thu, 18 Dec 2014 15:01:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1418914862-4197-1" This is a multi-part message in MIME format... ------------=_1418914862-4197-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #19404: 25.0.50; Gnus shows self-signed certificate warning when connecting= to Gmane which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 19404@debbugs.gnu.org. --=20 19404: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D19404 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1418914862-4197-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 19404-done) by debbugs.gnu.org; 18 Dec 2014 15:00:45 +0000 Received: from localhost ([127.0.0.1]:50207 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1cZJ-000157-E3 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 10:00:45 -0500 Received: from mail-wi0-f172.google.com ([209.85.212.172]:41307) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1cZB-00014t-HI for 19404-done@debbugs.gnu.org; Thu, 18 Dec 2014 10:00:41 -0500 Received: by mail-wi0-f172.google.com with SMTP id n3so2050723wiv.11 for <19404-done@debbugs.gnu.org>; Thu, 18 Dec 2014 07:00:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=O/9JkChM/U5t4AZfkjv6/3EUpNe74y/5r+PtQEiz0cg=; b=conF5EXv3bylZ0W7cgLAMcC2yfOlHQNfgTYsPtgdBh+eoRcLN8kPXQjNdP5yF23yiD X+jeJQNWNAFJwKT/N+p4Lfvvd9AGYPS1Q5jgplkeTp3DMTzd5NwAMxg/WqBi2nWW+2aD Z23xduo2KMlMalwZ4sVrGC1kLnigrOuMJtBseTSeU/b2Y1eM4/XQRFMPwlGXApbS6gR6 WTWNG7/onfAF5a8I1vWTI4MUtRX91NY9fL42iDBM1dfXjP9EXvJkjzulSYhdfJCGEvgi rppkdt6Iiu7zS/Dz6+hTAf16v4bLO/YhIQvzG0TSEPKBvHQVxFPWvUN4LyZb0aNnNDGZ 52WQ== X-Received: by 10.180.81.7 with SMTP id v7mr5943911wix.74.1418914836741; Thu, 18 Dec 2014 07:00:36 -0800 (PST) Received: from axl (static-nbl2-118.cytanet.com.cy. [212.31.107.118]) by mx.google.com with ESMTPSA id s4sm25068344wiy.13.2014.12.18.07.00.35 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 18 Dec 2014 07:00:36 -0800 (PST) From: Dmitry Gutov To: Lars Magne Ingebrigtsen Subject: Re: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane References: <86ppbhrx9a.fsf@yandex.ru> Date: Thu, 18 Dec 2014 17:00:33 +0200 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Thu, 18 Dec 2014 15:49:50 +0100") Message-ID: <86k31p6m0e.fsf@yandex.ru> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19404-done Cc: 19404-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Lars Magne Ingebrigtsen writes: > Nope. It's a self-signed certificate. Press "A" to accept. Okay. Thanks for the answer. ------------=_1418914862-4197-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 Dec 2014 11:52:27 +0000 Received: from localhost ([127.0.0.1]:49505 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1Zd5-0003JP-2j for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:27 -0500 Received: from eggs.gnu.org ([208.118.235.92]:47413) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1Zd1-0003JG-Su for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y1Zcw-0002eV-J9 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:23 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41731) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1Zcw-0002eR-GK for submit@debbugs.gnu.org; Thu, 18 Dec 2014 06:52:18 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49109) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1Zcq-00048S-VC for bug-gnu-emacs@gnu.org; Thu, 18 Dec 2014 06:52:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Y1Zcl-0002cz-TQ for bug-gnu-emacs@gnu.org; Thu, 18 Dec 2014 06:52:12 -0500 Received: from mail-wi0-x234.google.com ([2a00:1450:400c:c05::234]:39834) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Y1Zcl-0002cn-Ly for bug-gnu-emacs@gnu.org; Thu, 18 Dec 2014 06:52:07 -0500 Received: by mail-wi0-f180.google.com with SMTP id n3so1524050wiv.1 for ; Thu, 18 Dec 2014 03:52:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:message-id:mime-version:content-type; bh=WKGVJ5ymphu8Di3HsdmZSXjrhV4HrgFmjy5tNjQmAq8=; b=sjDX8hq3lspDMsXl+LMxj83l9VJ6jX4CeBrY1vqZnoW50ob8wIvxRr/yTX5WUNeOkQ 7ZJ98SVWTKqeNvqFxZawKhlNSCSWYePDIZ5Nc56qlTgKSzOyGcCvVJzlsPaWVRs8APGs 8JDnfZH+YnhQB7YmMgvLwbQg09SWeJkt9e7166qMocUSTyyKov0lR2yLtVsELt0ONqTA kY15jQwQ2DFW9kHSMwptQZed67zen20roomiY8FN6BDhojdhynXtM4Qthv/0evnUBlZe 1XYs+Vro+U6cGC+WJt0bfayE5DbSR2YUvoEoGft+S1UiRPzuuyNiYM75lfn3vyGbBveK ITKQ== X-Received: by 10.180.21.178 with SMTP id w18mr23235386wie.78.1418903524668; Thu, 18 Dec 2014 03:52:04 -0800 (PST) Received: from axl ([82.102.93.58]) by mx.google.com with ESMTPSA id f7sm9682208wiz.13.2014.12.18.03.52.03 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 18 Dec 2014 03:52:03 -0800 (PST) From: Dmitry Gutov To: bug-gnu-emacs@gnu.org Subject: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Date: Thu, 18 Dec 2014 13:52:01 +0200 Message-ID: <86ppbhrx9a.fsf@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) And has been doing that ever since NSM patches were installed, IIRC. Am I doing something wrong? Looks like this: Certificate information Issued by: news.gmane.org Issued to: Gmane Hostname: news.gmane.org Public key: RSA, signature: RSA-SHA1 Protocol: TLS1.0, key: DHE-RSA, cipher: AES-128-CBC, mac: SHA1 Security level: Weak Valid: From 2011-12-04 to 2014-12-03 The TLS connection to news.gmane.org:nntp is insecure for the following reasons: certificate signer was not found (self-signed) certificate could not be verified In GNU Emacs 25.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 3.10.8) of 2014-12-18 on axl Repository revision: 18d4bdf135524f33173caa2ef2164345bd09017d Windowing system distributor `The X.Org Foundation', version 11.0.11501000 System Description: Ubuntu 14.04.1 LTS ------------=_1418914862-4197-1-- From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 15:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14189182229992 (code B ref 19404); Thu, 18 Dec 2014 15:58:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 15:57:02 +0000 Received: from localhost ([127.0.0.1]:50283 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1dRj-0002ai-2j for submit@debbugs.gnu.org; Thu, 18 Dec 2014 10:57:02 -0500 Received: from mtaout21.012.net.il ([80.179.55.169]:50400) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1dRd-0002aV-UQ for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 10:56:57 -0500 Received: from conversion-daemon.a-mtaout21.012.net.il by a-mtaout21.012.net.il (HyperSendmail v2007.08) id <0NGS00C00C7RSP00@a-mtaout21.012.net.il> for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 17:56:52 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout21.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGS00CMACASSE10@a-mtaout21.012.net.il>; Thu, 18 Dec 2014 17:56:52 +0200 (IST) Date: Thu, 18 Dec 2014 17:56:48 +0200 From: Eli Zaretskii In-reply-to: X-012-Sender: halo1@inter.net.il Message-id: <838ui5uf27.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: Lars Magne Ingebrigtsen > Date: Thu, 18 Dec 2014 15:49:50 +0100 > Cc: 19404@debbugs.gnu.org > > Dmitry Gutov writes: > > > And has been doing that ever since NSM patches were installed, IIRC. > > > > Am I doing something wrong? > > Nope. It's a self-signed certificate. Press "A" to accept. Really? How can you tell it's self-signed? Back when I had a problem with GnuTLS not picking up root certificates, NSM said the same thing: Certificate information Issued by: Google Internet Authority G2 Issued to: Google Inc Hostname: accounts.google.com Public key: RSA, signature: RSA-SHA1 Protocol: TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD Security level: Medium Valid: From 2014-12-03 to 2015-03-03 The TLS connection to accounts.google.com:443 is insecure for the following reasons: certificate signer was not found (self-signed) certificate could not be verified How this one is different, and are you sure Dmitry shouldn't check his certificate bundle? Also, what about this bit: Valid: From 2011-12-04 to 2014-12-03 ^^^^^^^^^^ From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 16:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141891879311050 (code B ref 19404); Thu, 18 Dec 2014 16:07:01 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 16:06:33 +0000 Received: from localhost ([127.0.0.1]:50291 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1day-0002s8-U3 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 11:06:33 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:40970) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1daw-0002rx-6l for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 11:06:31 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y1dad-0001Lg-Fe; Thu, 18 Dec 2014 17:06:11 +0100 From: Lars Magne Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEVuqebo9PkjQYcXLWcP GkFTg742XKDF46dxAAACTklEQVQ4jV2TwXLiMAyG5V3Ss02bnLcOzXkbezh3G8M5LthnYrDe/xFW chLKrmYcJvrQbymSANgEwPkYAAKOUH3Ctwm4fqpiVb7BI8ibaQZqe5SPQB4WvzrLB/AkNmLxN39U M67+alIfa8COTlxBVGINeH6nh7ysAc37GjDn1iw3KLv6X+bcSgji9HIPWHN7ygGcE5+r/57b1jlS utdW33NTrJW/a7v7VUU5Of9d290orx8fEuYXK5RQclEd6fL/bHgpP3AMIccxYnKIGNhqOuMbOGOt m4yxbjCzXfkxQHmdyG9WO9HRO9gnrbXXttc6YdIdYkOamIAcWk/toFfrtnTwChynJ9f/A3R3gyI7 0U3tI6A7CnjlR7+gBXBW9r2AxHqm37J6WwDXYUyXKEPiz0WEgRsKwLT/0u0DsA78+HS61OJS+xHG RrIuXe6OSsj656Qkf1whpWiN2UNr3V6KRp48AUGglorAAc7OGTE9q+RBCWCwZakP2DjTC9Eo9Ln2 BKKsWeoXWOeOUtSCQJGKUvrW2BEO1DPlR48elSelSAlQbwDGXemn4k/d5qgR89UMBxqfM4N9hTkk HKtIf4jW/ebR5QDgZus+B6RO5ZMrK0LX8/DWaMxb5BZi0GWob3QDGSZj8gxyxFDm6pVnD68FaO54 uDnWSrwSHSkVwCgEnuqKh/eLlQxi6SEB3sMLLwTNhTU9Yr9EBN40EiIXJbeAjmoKvMtK3RCvlMRx BroAFtrsEVuufwVEeDe2AxaloYtpAVjADrlKAjmc+sQVUshfb/DJW4AXykwAAAAASUVORK5CYII= X-Now-Playing: Various's _Sky Records (Kollektion 01)_: "Cluster - Prothese" X-Hashcash: 1:23:141218:dgutov@yandex.ru::AQUUSH6bcz/6Wqw2:0MMSV X-Hashcash: 1:23:141218:eliz@gnu.org::1AV3oFXX51ls3Uzw:00000nT0N X-Hashcash: 1:23:141218:19404@debbugs.gnu.org::jvCLkHAOym8x7ZYW:0000000000000000000000000000000000000002ygrA Date: Thu, 18 Dec 2014 17:06:10 +0100 In-Reply-To: <838ui5uf27.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 18 Dec 2014 17:56:48 +0200") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Y1dad-0001Lg-Fe X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419523572.16243@Di26zZL1RGJhaac263z2wQ X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Eli Zaretskii writes: >> Nope. It's a self-signed certificate. Press "A" to accept. > > Really? How can you tell it's self-signed? Because I installed it myself. :-) > Also, what about this bit: > > Valid: From 2011-12-04 to 2014-12-03 > ^^^^^^^^^^ That's odd. In that case there should be an additional warning for an expired certificate, but gnutls doesn't seem to offer one. Ted, do you know anything about that? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 17:29:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141892370019510 (code B ref 19404); Thu, 18 Dec 2014 17:29:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 17:28:20 +0000 Received: from localhost ([127.0.0.1]:50435 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1es4-00054Z-VR for submit@debbugs.gnu.org; Thu, 18 Dec 2014 12:28:20 -0500 Received: from mtaout20.012.net.il ([80.179.55.166]:52392) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1erz-00054K-5W for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 12:28:15 -0500 Received: from conversion-daemon.a-mtaout20.012.net.il by a-mtaout20.012.net.il (HyperSendmail v2007.08) id <0NGS00100G8VDR00@a-mtaout20.012.net.il> for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 19:28:10 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout20.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGS001VNGIX8E50@a-mtaout20.012.net.il>; Thu, 18 Dec 2014 19:28:10 +0200 (IST) Date: Thu, 18 Dec 2014 19:28:05 +0200 From: Eli Zaretskii In-reply-to: X-012-Sender: halo1@inter.net.il Message-id: <83vbl8uau2.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: Lars Magne Ingebrigtsen > Cc: dgutov@yandex.ru, 19404@debbugs.gnu.org > Date: Thu, 18 Dec 2014 17:06:10 +0100 > > Eli Zaretskii writes: > > >> Nope. It's a self-signed certificate. Press "A" to accept. > > > > Really? How can you tell it's self-signed? > > Because I installed it myself. :-) OK, let me rephrase: How can a user, a mere mortal, like myself or Dmitry, tell that this certificate is OK, while the one I was presented in my problem is not? From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 17:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141892522122142 (code B ref 19404); Thu, 18 Dec 2014 17:54:01 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 17:53:41 +0000 Received: from localhost ([127.0.0.1]:50466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1fGe-0005l1-Kn for submit@debbugs.gnu.org; Thu, 18 Dec 2014 12:53:40 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:35294) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1fGY-0005kn-71 for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 12:53:38 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y1fG8-0006vg-Bu; Thu, 18 Dec 2014 18:53:08 +0100 From: Lars Magne Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEW0Al1XBiWYMFBuDypJ CRmIFDVBCBZgDCRYqWUPAAACMElEQVQ4jWWSQXeiQAzHs9LRa/u6zzMP6p0tgle3TvHKU5ErrUO8 2oLw9TfJDNRu85SB/Cb/ZJIBEAuRba34qRMfYGH9qiXHEXNgYGIfnKlkn2E9wwqmTDa7wQ9AIFIY ARw5JPEHvyqzGqB7pS+vQ2wkJKd/sdzQs8OeP+6I5E5r3/BCMhzDFVx964+Fz8jjNtgd+/ZiI0me 8lNpRnYULcIIDCugrGqJJwcoLdY2iQYokQ4m5tXSmIiTGPAyRFfc7FVALeeXEgalqwCzE5BKIomZ XiyIlQM1KCn7WDsADlRw0AzSk4BzApnNUUGLfMS04oS4TTg7gwiWXLHqLIiTibJSAE98xn13zlhc JSEM4ECVFXt2846iXE8ZUBOWiIdkUTKo4CVsTwQ6euW7EOegDGldAMPMTBjkMs5E01p3Gib4TD6E OaUoST3aSNvX1PT6Q1+OMD+Dt0JpZIempTDEP/gyhXkFXiqAJmu0HTC+ewJkpErTVevttPBtAnNy ZRuZF+IuAHsZqeHzcdx2rBa8kWectgO/pJE+PPLHAa3x+xMrPeRwhZXGwWjXREQfPuF+hjf2rFJZ dQP3x1uAmV30llrizGS3b1tb50+A/wPjOT1Iv8tXNFVj9C04N23X9zQn1Bz9BQJrdKeM7rX+Caj8 bf/xewTnzyCgX2FB3w7gRN0vLiqPuLumicObqqxZUCwgNUMbRqD/NmEAq612wMjTvzNNv4kDKLX+ FpHPKHXTBP8Asp0rd6AX3DMAAAAASUVORK5CYII= X-Now-Playing: Godflesh's _A World Lit Only By Fire_: "Forgive Our Fathers" X-Hashcash: 1:23:141218:dgutov@yandex.ru::7o4q51Mi8EfZEo5g:0A1DK X-Hashcash: 1:23:141218:eliz@gnu.org::8jMVfVaqHP8Y9Mim:00000SKqC X-Hashcash: 1:23:141218:19404@debbugs.gnu.org::2+HbplVrv6GRjwgH:0000000000000000000000000000000000000001uSBA Date: Thu, 18 Dec 2014 18:53:07 +0100 In-Reply-To: <83vbl8uau2.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 18 Dec 2014 19:28:05 +0200") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Y1fG8-0006vg-Bu X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419529988.53798@9O4WXYBKA4w0IEAbqKKMDQ X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Eli Zaretskii writes: > OK, let me rephrase: How can a user, a mere mortal, like myself or > Dmitry, tell that this certificate is OK, while the one I was > presented in my problem is not? That's not generally possible. Unfortunately there's no difference between a certificate signed by a CA that you don't happen to have in your CA bundle, and a self-signed certificate. Unless I've misunderstood something. I think that's one of many unfortunate design choices made when the certificate system was set up. So the "(self-signed)" string we have in our warnings should perhaps be changed to "(possibly self-signed)". -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Dmitry Gutov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 17:57:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii , Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141892539022448 (code B ref 19404); Thu, 18 Dec 2014 17:57:01 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 17:56:30 +0000 Received: from localhost ([127.0.0.1]:50474 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1fJO-0005px-06 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 12:56:30 -0500 Received: from mail-wi0-f172.google.com ([209.85.212.172]:43512) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1fJL-0005pi-Go for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 12:56:28 -0500 Received: by mail-wi0-f172.google.com with SMTP id n3so2600196wiv.17 for <19404@debbugs.gnu.org>; Thu, 18 Dec 2014 09:56:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=7oxCAFCLuNww+Jz9cOR9/aejU+3qJEOJrHipE+s37s4=; b=I3hzsflDT1DayOz9yz6wfy/r3yuIqOreY7fzT9TYSCFyBLTrT32z8p71LwrRdhcnlV 0XwXvXAU3clDOExm6JGhJ4a6BzibXMc14lIqo4g+rjkhPtJnEkatS4BSU4yNZgzI6dB/ iuMK+s3CE1YK3C9jVBfSUniwQ2ET290xGICIMGufdhmNvSI99WPzRqs43Jpo13Z47pz/ Hq91uL6ll7cqQvwSm90tYFIcb8lcqJkUNKYeiwDC1s7Of8w13nvds7cxGw6nFLege3km LXs+d6MCzBWKGx2ASFS2Jd0w8CrXdHdtz675zObzJ56fF+7f7wQa4x2+I5Jg4Zc8/9gp PWGQ== X-Received: by 10.194.80.68 with SMTP id p4mr6936787wjx.108.1418925386782; Thu, 18 Dec 2014 09:56:26 -0800 (PST) Received: from [192.168.0.185] (static-nbl2-118.cytanet.com.cy. [212.31.107.118]) by mx.google.com with ESMTPSA id d5sm9763090wjb.34.2014.12.18.09.56.25 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Dec 2014 09:56:26 -0800 (PST) Message-ID: <54931548.3060705@yandex.ru> Date: Thu, 18 Dec 2014 19:56:24 +0200 From: Dmitry Gutov User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> In-Reply-To: <83vbl8uau2.fsf@gnu.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 12/18/2014 07:28 PM, Eli Zaretskii wrote: > OK, let me rephrase: How can a user, a mere mortal, like myself or > Dmitry, tell that this certificate is OK, while the one I was > presented in my problem is not? Web browser vendors have simply decided that a self-signed certificate is never okay. That's why I'm surprised by the answer to this report. Also because obtaining a properly signed certificate is relatively easy these days. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 17:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141892542822526 (code B ref 19404); Thu, 18 Dec 2014 17:58:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 17:57:08 +0000 Received: from localhost ([127.0.0.1]:50478 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1fJw-0005rB-KV for submit@debbugs.gnu.org; Thu, 18 Dec 2014 12:57:08 -0500 Received: from mtaout23.012.net.il ([80.179.55.175]:55073) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1fJq-0005qb-WC for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 12:57:02 -0500 Received: from conversion-daemon.a-mtaout23.012.net.il by a-mtaout23.012.net.il (HyperSendmail v2007.08) id <0NGS00800HRQN600@a-mtaout23.012.net.il> for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 19:56:57 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout23.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGS008F3HUXLZ20@a-mtaout23.012.net.il>; Thu, 18 Dec 2014 19:56:57 +0200 (IST) Date: Thu, 18 Dec 2014 19:56:52 +0200 From: Eli Zaretskii In-reply-to: X-012-Sender: halo1@inter.net.il Message-id: <83r3vwu9i3.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: Lars Magne Ingebrigtsen > Cc: dgutov@yandex.ru, 19404@debbugs.gnu.org > Date: Thu, 18 Dec 2014 18:53:07 +0100 > > Eli Zaretskii writes: > > > OK, let me rephrase: How can a user, a mere mortal, like myself or > > Dmitry, tell that this certificate is OK, while the one I was > > presented in my problem is not? > > That's not generally possible. Too bad. > Unfortunately there's no difference between a certificate signed by > a CA that you don't happen to have in your CA bundle, and a > self-signed certificate. Unless I've misunderstood something. > > I think that's one of many unfortunate design choices made when the > certificate system was set up. > > So the "(self-signed)" string we have in our warnings should perhaps be > changed to "(possibly self-signed)". Is this text returned by GnuTLS, or do we produce it in Emacs? If the latter, can _we_ somehow distinguish between the two cases and add some text to that effect? From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 18:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141892907228403 (code B ref 19404); Thu, 18 Dec 2014 18:58:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 18:57:52 +0000 Received: from localhost ([127.0.0.1]:50529 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1gGl-0007O2-VV for submit@debbugs.gnu.org; Thu, 18 Dec 2014 13:57:52 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:54658) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1gGi-0007Nr-Fo for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 13:57:50 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y1gGP-0007hz-Sb; Thu, 18 Dec 2014 19:57:30 +0100 From: Lars Magne Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <83r3vwu9i3.fsf@gnu.org> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEX7+vUgHRoLCQji3NSN iIL////+//4JCAYHBgQEAgFEcs/RAAACSElEQVQ4jW2TPY/jIBCGZ4UvdVhzSk/jK0Gg1MaQ3JWR snFtadf5AW5Ie6tIJu1V9r+9gcRJ1trxF8zjdz7AhsVhZi90AQIyOM78O5MfBRAD7QHeAcg7CAGC rA9vVOAoc9DumHRLI53Nl8z8PJi8IQBaQbu3RubWaFvapdns6TbqLeZ4y6l0uXnJrMvpRrJ6AUSL ChUbq9TWZoSoUgHd1qiwGcfkz5axRUNEJqoZqM3yAEShYAaw1maNGcwcyLxpCHHqdQb2+RZLyqzk M4ACLCkJvoAPugEidBkFzwCX7wCKOKgSeKyupOsalCoz/lWhadkeG6HXFf+i0NTWbWzugz+DWtO8 3TWLuHzPgBhq2x8Ed87q4gYEKO2osfUO97DRtupuIN4oa9ojLrtAwYrfAKXMiYYcsVCCOyq7CQAs oAGCh1K6zCYBx6lQRAhCiFAW7oII0PCDwbtTWcGLCbgIMC/Wpsiq53eF00kT/ary3vOu6K7AXd34 MH3nT2HqwzptnXP4CZkQTn03EewjdmKVe43+0BW+8N01VDLzK6D5vve9L/gd0FVI5gP3/nRNPn5+ Xp1DAsH7okuhwiVNw2R9z/0EcBbC5TIkPxZ1zTGOSE4hjOOk6booQTDiq0l2ugXz3PMCoh+vyzD2 U5aYPwIMPiC6h8JGQl+kUOlMAEtEAZbgIxhjLMeYcX/Nb4MDxlZJEW0wLpf6LI3UltknMFbaSnlm TEqNv/YD/KuMo3/OZ2YqPFws9zJpYqrbAFuBh//JBiw3fAdwv/4D4BZXzkD5JOgAAAAASUVORK5C YII= X-Now-Playing: Concretism's _Town Planning_: "The Cursed Streets" X-Hashcash: 1:23:141218:19404@debbugs.gnu.org::5nzXclWPSlcNBOCB:00000000000000000000000000000000000000003u2x X-Hashcash: 1:23:141218:dgutov@yandex.ru::j+++pnBku01P5HJ1:0E08n X-Hashcash: 1:23:141218:eliz@gnu.org::1pd5oXmNEHRo05Q8:00000rrwt Date: Thu, 18 Dec 2014 19:57:28 +0100 In-Reply-To: <83r3vwu9i3.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 18 Dec 2014 19:56:52 +0200") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Y1gGP-0007hz-Sb X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419533850.24287@My5UkLnxTkTH410zM/fAKA X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Eli Zaretskii writes: > Is this text returned by GnuTLS, or do we produce it in Emacs? We produce it in Emacs. > If the latter, can _we_ somehow distinguish between the two cases and > add some text to that effect? These are our translation to text from the GnuTLS error messages (which we have previously translated to symbols). I had hoped that the :not-ca case would help, but I've never seen it in the wild. if (EQ (status_symbol, intern (":invalid"))) return build_string ("certificate could not be verified"); if (EQ (status_symbol, intern (":revoked"))) return build_string ("certificate was revoked (CRL)"); if (EQ (status_symbol, intern (":self-signed"))) return build_string ("certificate signer was not found (self-signed)"); if (EQ (status_symbol, intern (":not-ca"))) return build_string ("certificate signer is not a CA"); if (EQ (status_symbol, intern (":insecure"))) return build_string ("certificate was signed with an insecure algorithm"); if (EQ (status_symbol, intern (":not-activated"))) return build_string ("certificate is not yet activated"); if (EQ (status_symbol, intern (":expired"))) return build_string ("certificate has expired"); if (EQ (status_symbol, intern (":no-host-match"))) return build_string ("certificate host does not match hostname"); -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 19:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19404@debbugs.gnu.org Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141892986729734 (code B ref 19404); Thu, 18 Dec 2014 19:12:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 19:11:07 +0000 Received: from localhost ([127.0.0.1]:50540 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1gTY-0007jS-3I for submit@debbugs.gnu.org; Thu, 18 Dec 2014 14:11:07 -0500 Received: from fely.am-1.org ([78.47.74.50]:45258) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1gTS-0007iy-FR for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 14:11:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=ipXsfVDHjD6hgMzlWYlnrk2rf9prhwGfLAeDrD1oprM=; b=n2ijqBwUWqXVkglivetYNUxexmZTo2uGpHEqK44MPPLpQJR2AQPkjAhlxmaqSHIP7Fskjb/7Kt4s8m183bGgjRCdb6mQPMC0IlT93VNpVktWhSxJlsSGmnAPK0zkKqcV+b8lfMjn3Rc1Uv4ENrXItXztEO56wxtGediJ2qW8sK0=; Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1gTQ-0005eR-PV for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 19:10:56 +0000 Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1gTJ-00040S-7z for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 02:10:49 +0700 From: Ivan Shmakov References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <83r3vwu9i3.fsf@gnu.org> Mail-Followup-To: 19404@debbugs.gnu.org Date: Thu, 18 Dec 2014 19:10:48 +0000 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Thu, 18 Dec 2014 19:57:28 +0100") Message-ID: <87388cixjb.fsf@violet.siamics.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) >>>>> Lars Magne Ingebrigtsen writes: >>>>> Eli Zaretskii writes: [=E2=80=A6] >> If the latter, can _we_ somehow distinguish between the two cases >> and add some text to that effect? > These are our translation to text from the GnuTLS error messages > (which we have previously translated to symbols). I had hoped that > the :not-ca case would help, but I've never seen it in the wild. [=E2=80=A6] > if (EQ (status_symbol, intern (":self-signed"))) > return build_string ("certificate signer was not found (self-signed)"); > if (EQ (status_symbol, intern (":not-ca"))) > return build_string ("certificate signer is not a CA"); Presumably the former is returned when the certificate is signed by an unknown CA, which /typically/ =E2=80=93 but by no means /necessarily/ =E2=80=93 implies a self-signed certificate. It=E2=80=99s of course possible for the peer=E2=80=99s certificate to be signed by a CA not known (or not trusted) by the user. The latter would mean that the signing party is not a CA. That is: the signer=E2=80=99s own certificate lacks the CA flag. (The certificate will be also the peer=E2=80=99s own one in the self-signed case.) [=E2=80=A6] --=20 FSF associate member #7257 http://boycottsystemd.org/ =E2=80=A6 3013 B6A0= 230E 334A From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 20:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org, Eli Zaretskii , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14189340154361 (code B ref 19404); Thu, 18 Dec 2014 20:21:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 20:20:15 +0000 Received: from localhost ([127.0.0.1]:50574 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1hYU-00018H-Pf for submit@debbugs.gnu.org; Thu, 18 Dec 2014 15:20:15 -0500 Received: from randomsample.de ([5.45.97.173]:46861) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1hYS-000188-Qb for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 15:20:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=jkQlEMj3vSFBnQgOZyBQVeItNYSrk+uSA38PkbXfclo=; b=OHrRTy05Nbx+TsvhenkcJOCMO+ogw9lcRaCDc7S0gJFO3MkXnMU0S+BFoHd8XKtc6rUHF3i5MFt5lQAqGxp7h9p1qSyRrjvQfwIoAh2O8/HMu4CnVhhwWUNcXFvotPQs; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1hYQ-00068l-Gf; Thu, 18 Dec 2014 21:20:10 +0100 From: David Engster In-Reply-To: (Lars Magne Ingebrigtsen's message of "Thu, 18 Dec 2014 18:53:07 +0100") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Date: Thu, 18 Dec 2014 21:20:05 +0100 Message-ID: <871tnwoglm.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Lars Magne Ingebrigtsen writes: > Eli Zaretskii writes: > >> OK, let me rephrase: How can a user, a mere mortal, like myself or >> Dmitry, tell that this certificate is OK, while the one I was >> presented in my problem is not? > > That's not generally possible. Unfortunately there's no difference > between a certificate signed by a CA that you don't happen to have in > your CA bundle, and a self-signed certificate. Unless I've > misunderstood something. > > I think that's one of many unfortunate design choices made when the > certificate system was set up. > > So the "(self-signed)" string we have in our warnings should perhaps be > changed to "(possibly self-signed)". Just to make a few things clear: A 'self-signed' certificate simply means that a certificate is signed with its own private key. You can easily identify them by looking at the 'Issuer' and 'Subject' - they are identical: openssl s_client -connect news.gmane.org:563 [...] Certificate chain 0 s:/C=NO/ST=Some-State/O=Gmane/CN=news.gmane.org i:/C=NO/ST=Some-State/O=Gmane/CN=news.gmane.org If you connect to a service secured with such a certificate, you'll be greeted with a certificate chain with a depth of '0', only containing this one certificate (so it's actually not a chain). Self-signed certificates are by default never trustworthy, since anyone can create them. The only way to have a certificate that is trusted by default is to have it signed by a trustworthy certificate authority (CA). The issuer must hence be different from the subject. Technically, such a certificate authority presents itself also as a certificate, but one that is only used to sign other certificates; it is never used directly as a server certificate. So in this case, you will actually have *a chain* of certificates with a trusted "root CA" at the top (there can be many intermediate certificate). That CA at the top presents itself as a self-signed certificate, and it is only made trustworthy because it is marked as such by another authority (Mozilla, Debian, etc.) in some kind of certificate storage. I don't know GnuTLS, but my guess(!) would be like this: > if (EQ (status_symbol, intern (":invalid"))) > return build_string ("certificate could not be verified"); This means that the root CA is not trusted, or that some intermediate certificate is missing, so that you do not have a chain of trust. > if (EQ (status_symbol, intern (":self-signed"))) > return build_string ("certificate signer was not found (self-signed)"); Self-signed, never trusted by default. > if (EQ (status_symbol, intern (":not-ca"))) > return build_string ("certificate signer is not a CA"); The root certificate is not a CA, meaning it misses some extensions that are necessary for a CA. It's no wonder you've never seen this. I can only imagine this to happen with very old (version 1) CAs. -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 20:31:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14189346565436 (code B ref 19404); Thu, 18 Dec 2014 20:31:01 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 20:30:56 +0000 Received: from localhost ([127.0.0.1]:50583 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1him-0001PW-U6 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 15:30:56 -0500 Received: from mtaout23.012.net.il ([80.179.55.175]:60000) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1hih-0001PK-In for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 15:30:51 -0500 Received: from conversion-daemon.a-mtaout23.012.net.il by a-mtaout23.012.net.il (HyperSendmail v2007.08) id <0NGS00800OYTZW00@a-mtaout23.012.net.il> for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 22:30:46 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout23.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGS008TVOZ9Z700@a-mtaout23.012.net.il>; Thu, 18 Dec 2014 22:30:46 +0200 (IST) Date: Thu, 18 Dec 2014 22:30:42 +0200 From: Eli Zaretskii In-reply-to: X-012-Sender: halo1@inter.net.il Message-id: <83oar0u2dp.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <83r3vwu9i3.fsf@gnu.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: Lars Magne Ingebrigtsen > Cc: dgutov@yandex.ru, 19404@debbugs.gnu.org > Date: Thu, 18 Dec 2014 19:57:28 +0100 > > Eli Zaretskii writes: > > > Is this text returned by GnuTLS, or do we produce it in Emacs? > > We produce it in Emacs. > > > If the latter, can _we_ somehow distinguish between the two cases and > > add some text to that effect? > > These are our translation to text from the GnuTLS error messages (which > we have previously translated to symbols). I had hoped that the :not-ca > case would help, but I've never seen it in the wild. What about the "self-signed" part, why is that being reported for certificates whose authority could not be verified, like in my use case? That's not "self-signed" in my book. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 20:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: David Engster Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14189359807508 (code B ref 19404); Thu, 18 Dec 2014 20:53:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 20:53:00 +0000 Received: from localhost ([127.0.0.1]:50587 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1i4C-0001x2-82 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 15:53:00 -0500 Received: from mtaout20.012.net.il ([80.179.55.166]:52025) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1i48-0001wr-Ti for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 15:52:58 -0500 Received: from conversion-daemon.a-mtaout20.012.net.il by a-mtaout20.012.net.il (HyperSendmail v2007.08) id <0NGS00200PX6QC00@a-mtaout20.012.net.il> for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 22:52:55 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout20.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGS002HPQ06ML30@a-mtaout20.012.net.il>; Thu, 18 Dec 2014 22:52:55 +0200 (IST) Date: Thu, 18 Dec 2014 22:52:51 +0200 From: Eli Zaretskii In-reply-to: <871tnwoglm.fsf@engster.org> X-012-Sender: halo1@inter.net.il Message-id: <83ioh8u1cs.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: David Engster > Cc: Eli Zaretskii , 19404@debbugs.gnu.org, dgutov@yandex.ru > Date: Thu, 18 Dec 2014 21:20:05 +0100 > > Just to make a few things clear: A 'self-signed' certificate simply > means that a certificate is signed with its own private key. You can > easily identify them by looking at the 'Issuer' and 'Subject' - they are > identical: > > openssl s_client -connect news.gmane.org:563 > > [...] > > Certificate chain > 0 s:/C=NO/ST=Some-State/O=Gmane/CN=news.gmane.org > i:/C=NO/ST=Some-State/O=Gmane/CN=news.gmane.org > > If you connect to a service secured with such a certificate, you'll be > greeted with a certificate chain with a depth of '0', only containing > this one certificate (so it's actually not a chain). Self-signed > certificates are by default never trustworthy, since anyone can create > them. Do you understand why I got the same "self-signed" indication for a certificate whose chain couldn't be verified because the root certificates were not available? E.g., remove or rename your bundle, then try "M-x eww" to some HTTPS address -- you will see the "self-signed" indication in that case as well. Why does this happen? > I don't know GnuTLS, but my guess(!) would be like this: > > > if (EQ (status_symbol, intern (":invalid"))) > > return build_string ("certificate could not be verified"); > > This means that the root CA is not trusted, or that some intermediate > certificate is missing, so that you do not have a chain of trust. > > > if (EQ (status_symbol, intern (":self-signed"))) > > return build_string ("certificate signer was not found (self-signed)"); > > Self-signed, never trusted by default. But we get both of these when the chain couldn't be verified. Why? From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 21:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141893887212164 (code B ref 19404); Thu, 18 Dec 2014 21:42:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 21:41:12 +0000 Received: from localhost ([127.0.0.1]:50597 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1iop-0003A7-8L for submit@debbugs.gnu.org; Thu, 18 Dec 2014 16:41:11 -0500 Received: from randomsample.de ([5.45.97.173]:46929) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1ioe-00039P-9E for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 16:41:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=EB6m0HN1+6XQpHbjqJXxx39vBgWCSitauTnpsAnPacc=; b=jhyOZewQ1JD9/JSbYkxjqK5sxJzT8GdNJcbMs2t/P0ml3f5jX/2sCRhKO0C5ifmIdMi5KTZpL8Yo+ghVATJMaE6ZVPfNv6/DhwR47sDxCHmjIUOoinLzbiK8W7Zqg0Hy; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1ioc-0006r6-Mh; Thu, 18 Dec 2014 22:40:58 +0100 From: David Engster In-Reply-To: <83ioh8u1cs.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 18 Dec 2014 22:52:51 +0200") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Mail-Copies-To: never Date: Thu, 18 Dec 2014 22:40:56 +0100 Message-ID: <87lhm4myaf.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Eli Zaretskii writes: >> From: David Engster >> Cc: Eli Zaretskii , 19404@debbugs.gnu.org, dgutov@yandex= .ru >> Date: Thu, 18 Dec 2014 21:20:05 +0100 > >>=20 >> Just to make a few things clear: A 'self-signed' certificate simply >> means that a certificate is signed with its own private key. You can >> easily identify them by looking at the 'Issuer' and 'Subject' - they are >> identical: >>=20 >> openssl s_client -connect news.gmane.org:563 >>=20 >> [...] >>=20 >> Certificate chain >> 0 s:/C=3DNO/ST=3DSome-State/O=3DGmane/CN=3Dnews.gmane.org >> i:/C=3DNO/ST=3DSome-State/O=3DGmane/CN=3Dnews.gmane.org >>=20 >> If you connect to a service secured with such a certificate, you'll be >> greeted with a certificate chain with a depth of '0', only containing >> this one certificate (so it's actually not a chain). Self-signed >> certificates are by default never trustworthy, since anyone can create >> them. > > Do you understand why I got the same "self-signed" indication for a > certificate whose chain couldn't be verified because the root > certificates were not available? E.g., remove or rename your bundle, > then try "M-x eww" to some HTTPS address -- you will see the > "self-signed" indication in that case as well. Why does this happen? I see now that :self-signed is mapped to GNUTLS_CERT_SIGNER_NOT_FOUND. This however does not mean that a certificate is self-signed. See http://www.gnutls.org/manual/gnutls.html#gnutls_005fcertificate_005fstatus_= 005ft It simply means: "The certificate=E2=80=99s issuer is not known. This is the case if the issuer is not included in the trusted certificate list." It *could* be self-signed. I don't know the best way in libgnutls to detect this. You probably have to compare issuer and subject, or similar. -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 21:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141893942813026 (code B ref 19404); Thu, 18 Dec 2014 21:51:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 21:50:28 +0000 Received: from localhost ([127.0.0.1]:50601 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1ixn-0003O2-T7 for submit@debbugs.gnu.org; Thu, 18 Dec 2014 16:50:28 -0500 Received: from randomsample.de ([5.45.97.173]:46937) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1ixl-0003Nt-Ee for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 16:50:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=fL8MXAlaFLD1UZkgetMNwTwv4h2gCphJ+fcUhkvvdto=; b=I3+6RBpqHiS37tvByA4XDKfuYvLU85JpEQ/uET/cFsF3rwwjU1KEneZ5wTC928SZ1PywsYgM5mVQRIhaYLi/IeOY4TMvWnB4ZAfPeESwT7w0OtXZYUt1ZHIbENiQJ1kt; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1ixk-0006wU-Fj; Thu, 18 Dec 2014 22:50:24 +0100 From: David Engster In-Reply-To: <87lhm4myaf.fsf@engster.org> (David Engster's message of "Thu, 18 Dec 2014 22:40:56 +0100") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Date: Thu, 18 Dec 2014 22:50:22 +0100 Message-ID: <87bnn0mxup.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) David Engster writes: > It *could* be self-signed. I don't know the best way in libgnutls to > detect this. You probably have to compare issuer and subject, or > similar. So my guess would be: use gnutls_x509_crt_get_dn2 or maybe gnutls_x509_crt_get_subject and compare to gnutls_certificate_get_issuer. If equal -> self-signed. But that could be wrong. Best place is to ask on the GnuTLS list. -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 22:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19404@debbugs.gnu.org Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141894030714412 (code B ref 19404); Thu, 18 Dec 2014 22:06:01 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 22:05:07 +0000 Received: from localhost ([127.0.0.1]:50607 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1jBy-0003kN-DX for submit@debbugs.gnu.org; Thu, 18 Dec 2014 17:05:06 -0500 Received: from fely.am-1.org ([78.47.74.50]:45275) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1jBv-0003kE-W9 for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 17:05:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=/qWyX3CtRSmgjpHwcwJSfE3GHBtNQRhTiQsxABpDMzU=; b=Iy/tQlEiWiKSmd2SPrdQ52rJT3briw8YfxPkQfi9mlFOwYOkylr3d1HzpjwVl6sgnlE5MNzN70THWV3IrtUemKa+8hOs7LfK7sSN9j/+aTjwUI5jwsNdr7PisoJC/4RZ8LBSzyO7MbPaMLFWdOhLEgbcg+3en975exdQvJz/dAI=; Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1jBu-0006t7-5x for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 22:05:02 +0000 Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1jBm-00068H-PB for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 05:04:54 +0700 From: Ivan Shmakov References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <87bnn0mxup.fsf@engster.org> Mail-Followup-To: 19404@debbugs.gnu.org Date: Thu, 18 Dec 2014 22:04:53 +0000 In-Reply-To: <87bnn0mxup.fsf@engster.org> (David Engster's message of "Thu, 18 Dec 2014 22:50:22 +0100") Message-ID: <87y4q4hawq.fsf@violet.siamics.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) >>>>> David Engster writes: >>>>> David Engster writes: >> It *could* be self-signed. I don't know the best way in libgnutls to >> detect this. You probably have to compare issuer and subject, or >> similar. > So my guess would be: use gnutls_x509_crt_get_dn2 or maybe > gnutls_x509_crt_get_subject and compare to > gnutls_certificate_get_issuer. If equal -> self-signed. But that > could be wrong. Best place is to ask on the GnuTLS list. If anything, it=E2=80=99s the respective public key fingerprints that are to be compared. --=20 FSF associate member #7257 http://boycottsystemd.org/ =E2=80=A6 3013 B6A0= 230E 334A From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Dec 2014 22:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19404@debbugs.gnu.org Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141894287018351 (code B ref 19404); Thu, 18 Dec 2014 22:48:02 +0000 Received: (at 19404) by debbugs.gnu.org; 18 Dec 2014 22:47:50 +0000 Received: from localhost ([127.0.0.1]:50613 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1jrK-0004lv-Et for submit@debbugs.gnu.org; Thu, 18 Dec 2014 17:47:50 -0500 Received: from randomsample.de ([5.45.97.173]:46972) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1jrH-0004lk-JL for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 17:47:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:To:From; bh=dlvKwtStrqHnmn1xrUaOs+8YMTbpzJlTZHVGRTLPzGI=; b=asXXmz4WritoXRKu++Q66jPmO/Gz2wkcsXfKUTMBRe2r+SKTvCrMHZhudKJkmW01FoY1vQlu4bB9XBT+YYgph4uUAsv7qYsQMR9ikgUXrJERoLjqwzY5cYSqZBwE0eGT; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y1jrG-0007RP-DC for 19404@debbugs.gnu.org; Thu, 18 Dec 2014 23:47:46 +0100 From: David Engster In-Reply-To: <87y4q4hawq.fsf@violet.siamics.net> (Ivan Shmakov's message of "Thu, 18 Dec 2014 22:04:53 +0000") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <87bnn0mxup.fsf@engster.org> <87y4q4hawq.fsf@violet.siamics.net> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Mail-Copies-To: never Date: Thu, 18 Dec 2014 23:47:44 +0100 Message-ID: <87zjaklgmn.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ivan Shmakov writes: >>>>>> David Engster writes: >>>>>> David Engster writes: > > >> It *could* be self-signed. I don't know the best way in libgnutls to > >> detect this. You probably have to compare issuer and subject, or > >> similar. > > > So my guess would be: use gnutls_x509_crt_get_dn2 or maybe > > gnutls_x509_crt_get_subject and compare to > > gnutls_certificate_get_issuer. If equal -> self-signed. But that > > could be wrong. Best place is to ask on the GnuTLS list. > > If anything, it=E2=80=99s the respective public key fingerprints that > are to be compared. Sorry, I don't get it. Which respective public key fingerprints? There's just one certificate. -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 08:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: David Engster Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141897774614079 (code B ref 19404); Fri, 19 Dec 2014 08:30:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 08:29:06 +0000 Received: from localhost ([127.0.0.1]:50754 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1svm-0003ew-Km for submit@debbugs.gnu.org; Fri, 19 Dec 2014 03:29:06 -0500 Received: from mtaout24.012.net.il ([80.179.55.180]:35617) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1svg-0003eS-JY for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 03:29:01 -0500 Received: from conversion-daemon.mtaout24.012.net.il by mtaout24.012.net.il (HyperSendmail v2007.08) id <0NGT00B00LNFR900@mtaout24.012.net.il> for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 10:21:04 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout24.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGT00B3MLV48T20@mtaout24.012.net.il>; Fri, 19 Dec 2014 10:21:04 +0200 (IST) Date: Fri, 19 Dec 2014 10:28:52 +0200 From: Eli Zaretskii In-reply-to: <87bnn0mxup.fsf@engster.org> X-012-Sender: halo1@inter.net.il Message-id: <83egrwt54r.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <87bnn0mxup.fsf@engster.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: David Engster > Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru > Date: Thu, 18 Dec 2014 22:50:22 +0100 > > David Engster writes: > > It *could* be self-signed. I don't know the best way in libgnutls to > > detect this. You probably have to compare issuer and subject, or > > similar. > > So my guess would be: use gnutls_x509_crt_get_dn2 or maybe > gnutls_x509_crt_get_subject and compare to > gnutls_certificate_get_issuer. If equal -> self-signed. But that could > be wrong. Best place is to ask on the GnuTLS list. Thanks, I think we should do that (and also ask). I'm afraid if we are too vague or even inaccurate in these prompts (as some Web browsers already are), too many people will become annoyed and will simply disregard them, and either always automatically accept the "Always" alternative, or even disable these checks completely. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 08:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: David Engster Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141897782014277 (code B ref 19404); Fri, 19 Dec 2014 08:31:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 08:30:20 +0000 Received: from localhost ([127.0.0.1]:50758 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1swx-0003i7-GM for submit@debbugs.gnu.org; Fri, 19 Dec 2014 03:30:19 -0500 Received: from mtaout22.012.net.il ([80.179.55.172]:60077) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1swv-0003hx-Q6 for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 03:30:14 -0500 Received: from conversion-daemon.a-mtaout22.012.net.il by a-mtaout22.012.net.il (HyperSendmail v2007.08) id <0NGT00E00M4IIH00@a-mtaout22.012.net.il> for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 10:30:12 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout22.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGT00E5GMACCO30@a-mtaout22.012.net.il>; Fri, 19 Dec 2014 10:30:12 +0200 (IST) Date: Fri, 19 Dec 2014 10:30:09 +0200 From: Eli Zaretskii In-reply-to: <87lhm4myaf.fsf@engster.org> X-012-Sender: halo1@inter.net.il Message-id: <83d27gt52m.fsf@gnu.org> MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8BIT References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: David Engster > Cc: 19404@debbugs.gnu.org, larsi@gnus.org, dgutov@yandex.ru > Date: Thu, 18 Dec 2014 22:40:56 +0100 > > I see now that :self-signed is mapped to > GNUTLS_CERT_SIGNER_NOT_FOUND. Then the text we produce is misleading, IMO. > http://www.gnutls.org/manual/gnutls.html#gnutls_005fcertificate_005fstatus_005ft > > It simply means: "The certificate’s issuer is not known. This is the > case if the issuer is not included in the trusted certificate list." I suggest that we say something like this, indeed. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 12:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 19404@debbugs.gnu.org, David Engster , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141899116619002 (code B ref 19404); Fri, 19 Dec 2014 12:13:01 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 12:12:46 +0000 Received: from localhost ([127.0.0.1]:50881 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1wQH-0004wP-00 for submit@debbugs.gnu.org; Fri, 19 Dec 2014 07:12:45 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:56403) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1wQE-0004wE-5r for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 07:12:43 -0500 Received: from 46.156.3.236.tmi.telenormobil.no ([46.156.3.236] helo=building.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y1wPu-0007Ag-3n; Fri, 19 Dec 2014 13:12:22 +0100 From: Lars Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> Date: Fri, 19 Dec 2014 13:11:46 +0100 In-Reply-To: <83d27gt52m.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 19 Dec 2014 10:30:09 +0200") Message-ID: <87h9wrj0u5.fsf@building.gnus.org> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-MailScanner-ID: 1Y1wPu-0007Ag-3n X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419595943.94089@Frj7Sl8lupuHOmrgKZTQZA X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Eli Zaretskii writes: >> It simply means: "The certificate=92s issuer is not known. This is the >> case if the issuer is not included in the trusted certificate list." > > I suggest that we say something like this, indeed. However, this means nothing to people who don't know what it already means, while "self-signed" is something that more people understand. But the suggestion to only suggest that the certificate may be self-signed if the issuer and host name are the same may help a bit. There's quite a few self-signed sites out there where that's not the case, though. --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Dmitry Gutov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 12:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen , Eli Zaretskii Cc: 19404@debbugs.gnu.org, David Engster Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141899162025021 (code B ref 19404); Fri, 19 Dec 2014 12:21:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 12:20:20 +0000 Received: from localhost ([127.0.0.1]:50904 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1wXb-0006VU-HM for submit@debbugs.gnu.org; Fri, 19 Dec 2014 07:20:20 -0500 Received: from mail-wi0-f174.google.com ([209.85.212.174]:55571) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1wXZ-0006VM-8K for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 07:20:17 -0500 Received: by mail-wi0-f174.google.com with SMTP id h11so1698961wiw.13 for <19404@debbugs.gnu.org>; Fri, 19 Dec 2014 04:20:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=WM+Wl4q2YcoMxs3ZkYl2OPup5HBvehiaReTEaDqYBLM=; b=F5OzkLA7ExcCk0/UpRJ/G2d8K89GWuGHZsaoanTh+SoU1JBRpIDAXrlag+eFh1OzXt eEmFvdJ3hs1G9N98Mk2XgnilcNOt69q3syZ31+iGflhs7d87zo1AzUOtvz+e5D+YRTz/ XsLPKc6sMquYCgj6b+xVBmdLNI7ug2uP55kAtbHlQg5GnrTQ9RCcdpk8QRXeyMKwWynC HP8n21FTxqIDv2diJpzUqalVYSyICm/kUdBlbmUqI80v7kOKyXRwD1H5D61PtCRQhkGa XX0dBuYbRYOMFm34tQXUd5L4NjSbvi/fYqNdGwkVLzSI6FWeiR2WledbQ6BEe34H3I2V KrEg== X-Received: by 10.180.186.40 with SMTP id fh8mr5448304wic.40.1418991616687; Fri, 19 Dec 2014 04:20:16 -0800 (PST) Received: from [192.168.1.2] ([82.102.93.54]) by mx.google.com with ESMTPSA id 18sm12508726wjr.46.2014.12.19.04.20.14 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Dec 2014 04:20:16 -0800 (PST) Message-ID: <549417FD.30001@yandex.ru> Date: Fri, 19 Dec 2014 14:20:13 +0200 From: Dmitry Gutov User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> In-Reply-To: <87h9wrj0u5.fsf@building.gnus.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 12/19/2014 02:11 PM, Lars Ingebrigtsen wrote: > There's quite a few self-signed sites out there where that's not the > case, though. "certificate’s issuer is not known" would be fine in this case. Users shouldn't rely on "self-signed" as some proof of validity anyway. Strictly speaking, it's still insecure, even if only one party may be listening. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 14:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 19404@debbugs.gnu.org, deng@randomsample.de, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141900002411067 (code B ref 19404); Fri, 19 Dec 2014 14:41:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 14:40:24 +0000 Received: from localhost ([127.0.0.1]:50979 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1yj5-0002sL-Sb for submit@debbugs.gnu.org; Fri, 19 Dec 2014 09:40:23 -0500 Received: from mtaout23.012.net.il ([80.179.55.175]:51230) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1yiw-0002ry-V5 for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 09:40:15 -0500 Received: from conversion-daemon.a-mtaout23.012.net.il by a-mtaout23.012.net.il (HyperSendmail v2007.08) id <0NGU00B002VTN400@a-mtaout23.012.net.il> for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 16:40:09 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout23.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGU00B4G3EWCU70@a-mtaout23.012.net.il>; Fri, 19 Dec 2014 16:40:08 +0200 (IST) Date: Fri, 19 Dec 2014 16:40:06 +0200 From: Eli Zaretskii In-reply-to: <87h9wrj0u5.fsf@building.gnus.org> X-012-Sender: halo1@inter.net.il Message-id: <83388bu2ih.fsf@gnu.org> MIME-version: 1.0 Content-type: text/plain; charset=windows-1252 Content-transfer-encoding: 8BIT References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: Lars Ingebrigtsen > Cc: David Engster , 19404@debbugs.gnu.org, dgutov@yandex.ru > Date: Fri, 19 Dec 2014 13:11:46 +0100 > MailScanner-NULL-Check: 1419595943.94089@Frj7Sl8lupuHOmrgKZTQZA > > Eli Zaretskii writes: > > >> It simply means: "The certificate’s issuer is not known. This is the > >> case if the issuer is not included in the trusted certificate list." > > > > I suggest that we say something like this, indeed. > > However, this means nothing to people who don't know what it already > means The first sentence sounds very clear to me, even to someone who knows nothing about this. We could reword the second sentence to say something like Please make sure your trusted certificate database is installed and up to date. This should at least give enough "food" to talk to some sysadmin, if the user doesn't know where the certificates are kept or how to update them. > while "self-signed" is something that more people understand. But it's a lie in this case, or at least might be. > But the suggestion to only suggest that the certificate may be > self-signed if the issuer and host name are the same may help a bit. > There's quite a few self-signed sites out there where that's not the > case, though. Then how come they are "self-signed"? At least the domain should be the same, no? From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 14:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Dmitry Gutov Cc: 19404@debbugs.gnu.org, larsi@gnus.org, deng@randomsample.de Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141900036911641 (code B ref 19404); Fri, 19 Dec 2014 14:47:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 14:46:09 +0000 Received: from localhost ([127.0.0.1]:50984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1yoi-00031h-G6 for submit@debbugs.gnu.org; Fri, 19 Dec 2014 09:46:08 -0500 Received: from mtaout20.012.net.il ([80.179.55.166]:46119) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y1yof-00031X-MG for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 09:46:06 -0500 Received: from conversion-daemon.a-mtaout20.012.net.il by a-mtaout20.012.net.il (HyperSendmail v2007.08) id <0NGU0090034N6D00@a-mtaout20.012.net.il> for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 16:46:04 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout20.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGU008JZ3ORNPA0@a-mtaout20.012.net.il>; Fri, 19 Dec 2014 16:46:04 +0200 (IST) Date: Fri, 19 Dec 2014 16:46:02 +0200 From: Eli Zaretskii In-reply-to: <549417FD.30001@yandex.ru> X-012-Sender: halo1@inter.net.il Message-id: <83zjajsno5.fsf@gnu.org> MIME-version: 1.0 Content-type: text/plain; charset=windows-1252 Content-transfer-encoding: 8BIT References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <549417FD.30001@yandex.ru> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > Date: Fri, 19 Dec 2014 14:20:13 +0200 > From: Dmitry Gutov > CC: David Engster , 19404@debbugs.gnu.org > > On 12/19/2014 02:11 PM, Lars Ingebrigtsen wrote: > > > There's quite a few self-signed sites out there where that's not the > > case, though. > > "certificate’s issuer is not known" would be fine in this case. "certificate’s issuer is not known or couldn't be verified" is even better. > Users shouldn't rely on "self-signed" as some proof of validity anyway. Agreed. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 16:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 19404@debbugs.gnu.org, Eli Zaretskii , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141900812824571 (code B ref 19404); Fri, 19 Dec 2014 16:56:01 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 16:55:28 +0000 Received: from localhost ([127.0.0.1]:51699 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y20ps-0006OF-2m for submit@debbugs.gnu.org; Fri, 19 Dec 2014 11:55:28 -0500 Received: from randomsample.de ([5.45.97.173]:47705) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y20pp-0006O5-QA for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 11:55:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=8PAV52reF7Wor3cJnjXlOsv3reu5Ove7UvWERnDjtrE=; b=obnYlRS9Cfh7kjFjDbJGdf5khDib6wzQeHuVPPNOi5HEuHxyjyYHupEZGTJJCD0lwoilYYmK6lyS//MUN2h6VmaPAk+0YTutyKrErZuto/GvqJshD9Gnaw0HaxrHFX0w; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y20po-0001V8-CF; Fri, 19 Dec 2014 17:55:24 +0100 From: David Engster In-Reply-To: <87h9wrj0u5.fsf@building.gnus.org> (Lars Ingebrigtsen's message of "Fri, 19 Dec 2014 13:11:46 +0100") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Date: Fri, 19 Dec 2014 17:55:19 +0100 Message-ID: <87vbl7lgug.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Lars Ingebrigtsen writes: > Eli Zaretskii writes: > >>> It simply means: "The certificate=E2=80=99s issuer is not known. This i= s the >>> case if the issuer is not included in the trusted certificate list." >> >> I suggest that we say something like this, indeed. > > However, this means nothing to people who don't know what it already > means, while "self-signed" is something that more people understand. You wish... > But the suggestion to only suggest that the certificate may be > self-signed if the issuer and host name are the same may help a bit. > There's quite a few self-signed sites out there where that's not the > case, though. The host name has nothing to do with a certificate being self-signed or not. Forget actual servers for a moment and look only at the certificate. There's an 'issuer' and a 'subject'. Both contain identities in the form of a string like /C=3DNO/ST=3DSome-State/O=3DGmane/CN=3Dnews.gmane.org As you can see, part of that string is the "common name" (CN), which can be a hostname (maybe with a wildcard), an email address, etc. Whoever has the private key for that certificate claims the identity for that CN. The 'issuer' is the identity who signed that certificate with its own private key. In real life this should mean that the issuer made sure that the person who created that certificate with this CN is actually the administrator for that server, or the person with that e-mail address. If a certificate is "self-signed", this means that issuer and subject are the same entity, i.e., the string in there is identical. There are some rules how these strings must be compared. I think(!) that if you simply compare them byte by byte, you should err on the side of safety. But I would assume there is a function for that in GnuTLS that adheres to RFC5280 for comparing such things. As to what messages we should emit in such cases, I think we should simply say what Firefox says: "The certificate is not trusted because it is self-signed." -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 17:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14190094474973 (code B ref 19404); Fri, 19 Dec 2014 17:18:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 17:17:27 +0000 Received: from localhost ([127.0.0.1]:51759 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y21B9-0001I9-0Q for submit@debbugs.gnu.org; Fri, 19 Dec 2014 12:17:27 -0500 Received: from randomsample.de ([5.45.97.173]:47723) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y21B7-0001I1-3e for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 12:17:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=KuxqXni7SdU/4GynpW68trJaTARtyoi2Wbb14W1SFMg=; b=cBIDygbTLNGabRH58NemErERI44vamTj8P/hEeXTbeGuJSdot4vdSgCe8jDMj3hGAuZe/tRb3j3y90IxZrg8WQVMkC8i7/5UNEafnnhqUxtmj2t4Ur9QCvK/L2eABg/k; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y21B6-0001hF-Jc; Fri, 19 Dec 2014 18:17:24 +0100 From: David Engster In-Reply-To: <87vbl7lgug.fsf@engster.org> (David Engster's message of "Fri, 19 Dec 2014 17:55:19 +0100") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87vbl7lgug.fsf@engster.org> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Date: Fri, 19 Dec 2014 18:17:22 +0100 Message-ID: <87ioh7lftp.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) David Engster writes: > If a certificate is "self-signed", this means that issuer and subject > are the same entity, i.e., the string in there is identical. There are > some rules how these strings must be compared. I think(!) that if you > simply compare them byte by byte, you should err on the side of > safety. But I would assume there is a function for that in GnuTLS that > adheres to RFC5280 for comparing such things. I've asked on the GnuTLS mailing list. -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Dec 2014 17:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19404@debbugs.gnu.org Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14190103596545 (code B ref 19404); Fri, 19 Dec 2014 17:33:02 +0000 Received: (at 19404) by debbugs.gnu.org; 19 Dec 2014 17:32:39 +0000 Received: from localhost ([127.0.0.1]:51789 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y21Pr-0001hV-Ci for submit@debbugs.gnu.org; Fri, 19 Dec 2014 12:32:39 -0500 Received: from fely.am-1.org ([78.47.74.50]:45394) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y21Pp-0001hN-JP for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 12:32:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=y4iUGtSzwfvEqORxTUpBt9A4APlwfs5TnbCx0hmdfwM=; b=C6l2NV/Ec6CquKjsfpIPZRoZBT872Oeow/VIx119jev9v0EK+nNbTXxN+SamfzuDs2MyGrXXbUBkwDhEFbSaREesSexApvhwxLxJ9Mbg17V7qgMcQ/KvIqNrsGWlLsmQTx9cVEUxrA2Nb+lLl2u4zhpPByLLyhfE9cCNtp3bRmQ=; Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y21Pn-0006lm-Tz for 19404@debbugs.gnu.org; Fri, 19 Dec 2014 17:32:36 +0000 Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y21Pg-0000QX-RF for 19404@debbugs.gnu.org; Sat, 20 Dec 2014 00:32:28 +0700 From: Ivan Shmakov References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <87bnn0mxup.fsf@engster.org> <87y4q4hawq.fsf@violet.siamics.net> <87zjaklgmn.fsf@engster.org> Mail-Followup-To: 19404@debbugs.gnu.org Date: Fri, 19 Dec 2014 17:32:28 +0000 In-Reply-To: <87zjaklgmn.fsf@engster.org> (David Engster's message of "Thu, 18 Dec 2014 23:47:44 +0100") Message-ID: <87mw6jh7f7.fsf@violet.siamics.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) >>>>> David Engster writes: >>>>> Ivan Shmakov writes: >>>>> David Engster writes: [=E2=80=A6] >>> So my guess would be: use gnutls_x509_crt_get_dn2 or maybe >>> gnutls_x509_crt_get_subject and compare to >>> gnutls_certificate_get_issuer. If equal -> self-signed. But that >>> could be wrong. Best place is to ask on the GnuTLS list. >> If anything, it=E2=80=99s the respective public key fingerprints that a= re to >> be compared. > Sorry, I don't get it. Which respective public key fingerprints? > There's just one certificate. Public key fingerprint is a property of, well, the public key, =E2=80=93 not the certificate. But I stand corrected; as it seems, while OpenPGP signatures =E2=80=93 including those binding user IDs to public keys [1] =E2=80=93 allow for the signer (issuer) to be identified with a =E2=80=9Ckey ID=E2=80=9D (the = low 64 bits SHA-1 of the respective public key=E2=80=99s fingerprint), X.509 certificates do not offer such an option (e.=C2=A0g., [2].) So I guess we should indeed check the DNs. [1] urn:ietf:rfc:4880, section 11.1 =E2=80=9CTransferable Public Keys=E2=80= =9D. [2] https://cipherious.wordpress.com/2013/05/13/constructing-an-x-509-certi= ficate-using-asn-1/ --=20 FSF associate member #7257 np. The Talisman =E2=80=94 Iron Maiden =E2=80= =A6 B6A0 230E 334A From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 20 Dec 2014 14:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 19404@debbugs.gnu.org, Eli Zaretskii , David Engster , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141908496527426 (code B ref 19404); Sat, 20 Dec 2014 14:17:02 +0000 Received: (at 19404) by debbugs.gnu.org; 20 Dec 2014 14:16:05 +0000 Received: from localhost ([127.0.0.1]:52232 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2KpB-00078H-2L for submit@debbugs.gnu.org; Sat, 20 Dec 2014 09:16:05 -0500 Received: from mail-qg0-f41.google.com ([209.85.192.41]:56772) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2Kp8-000786-40 for 19404@debbugs.gnu.org; Sat, 20 Dec 2014 09:16:02 -0500 Received: by mail-qg0-f41.google.com with SMTP id j5so1821281qga.14 for <19404@debbugs.gnu.org>; Sat, 20 Dec 2014 06:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=iWdvDrRynj5m+bUiQ01HmLDkqJaqfWXKaCG68CxyOng=; b=LjR2jL33uuDZkhkk9KyDfXimnWNV+0lGwzvL87Hn59ZdAPZgsGakAGanl8w2qnMm9c ilUgJdO5T3F4zTaxRWNCpdFIJAZ8BJcfFc/a6POidksepgplE9FnBCxikUkPpL36Q3GG 48FB8uopar+JOwwl8MqdeG+nUrwgnw0SlXxPw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=iWdvDrRynj5m+bUiQ01HmLDkqJaqfWXKaCG68CxyOng=; b=hgQeDV+ngxG2DyHefpu5xkE7ke8c5IDwaFpTOnRKrUGAOY1AkpHj1GUunFHec09qKP T8Y+k4qNyHe62RDNqwZYDwCzXDhOSKft3vKeeFTkOuE7W32Ou00TCO1iwoJkrHRaaabD W2Ju2TMOTXT9aE+ZO8eFEYptS79rdOGot1RQ/IgXDOh7dIvWQmnv7IkT29r0JaMejg8q vemgR096E3H6pV55cIfoG+CNguFpvU2MfIUaAUr2rKoPOFGQRQ6h+CCYOW2SH4iR7GwS 58nYGslo8iGUbf6AnIapohq4Tp180oNgPOzLF/AnRr71ZYKaagQpIxHnpuX8kGb8rt2D 0pjA== X-Gm-Message-State: ALoCoQnCe6x7NlGc022UyDH9ENVHk0FQWC+jD2KaSEgxpCLUqE5SVLpiORbHBno5CxZUVa+LHQGf X-Received: by 10.140.94.229 with SMTP id g92mr21746536qge.77.1419084961641; Sat, 20 Dec 2014 06:16:01 -0800 (PST) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id k66sm12070907qgd.21.2014.12.20.06.16.00 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Sat, 20 Dec 2014 06:16:01 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86ppbhrx9a.fsf@yandex.ru> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Sat, 20 Dec 2014 09:17:05 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Thu, 18 Dec 2014 18:53:07 +0100, Thu, 18 Dec 2014 21:20:05 +0100, Fri, 19 Dec 2014 17:55:19 +0100, Fri, 19 Dec 2014 16:40:06 +0200") Message-ID: <87ioh6s8wu.fsf_-_@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) If I understand correctly, it seems 1) the :self-signed message and symbol need to be changed, and 2) we're waiting for the GnuTLS developers to tell us the best way to detect a self-signed certificate. For (1) I propose using :unknown-ca and "the certificate was signed by an unknown and therefore untrusted authority" Ted From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 20 Dec 2014 14:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Ted Zlatanov Cc: 19404@debbugs.gnu.org, larsi@gnus.org, deng@randomsample.de, dgutov@yandex.ru Reply-To: Eli Zaretskii Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141908685730234 (code B ref 19404); Sat, 20 Dec 2014 14:48:01 +0000 Received: (at 19404) by debbugs.gnu.org; 20 Dec 2014 14:47:37 +0000 Received: from localhost ([127.0.0.1]:52244 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2LJg-0007ra-Nc for submit@debbugs.gnu.org; Sat, 20 Dec 2014 09:47:36 -0500 Received: from mtaout22.012.net.il ([80.179.55.172]:53825) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2LJd-0007rN-7Z for 19404@debbugs.gnu.org; Sat, 20 Dec 2014 09:47:34 -0500 Received: from conversion-daemon.a-mtaout22.012.net.il by a-mtaout22.012.net.il (HyperSendmail v2007.08) id <0NGV00700YAEU200@a-mtaout22.012.net.il> for 19404@debbugs.gnu.org; Sat, 20 Dec 2014 16:47:31 +0200 (IST) Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout22.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NGV007OVYF6SL20@a-mtaout22.012.net.il>; Sat, 20 Dec 2014 16:47:31 +0200 (IST) Date: Sat, 20 Dec 2014 16:47:26 +0200 From: Eli Zaretskii In-reply-to: <87ioh6s8wu.fsf_-_@lifelogs.com> X-012-Sender: halo1@inter.net.il Message-id: <837fxms7i9.fsf@gnu.org> References: <86ppbhrx9a.fsf@yandex.ru> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87ioh6s8wu.fsf_-_@lifelogs.com> X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) > From: Ted Zlatanov > Cc: David Engster , Eli Zaretskii , 19404@debbugs.gnu.org, dgutov@yandex.ru > Date: Sat, 20 Dec 2014 09:17:05 -0500 > > For (1) I propose using :unknown-ca and "the certificate was signed by > an unknown and therefore untrusted authority" Sounds good to me, thanks. From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 20 Dec 2014 21:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: David Engster Cc: 19404@debbugs.gnu.org, Eli Zaretskii , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141911192120831 (code B ref 19404); Sat, 20 Dec 2014 21:46:01 +0000 Received: (at 19404) by debbugs.gnu.org; 20 Dec 2014 21:45:21 +0000 Received: from localhost ([127.0.0.1]:53323 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2Rpw-0005Pv-P3 for submit@debbugs.gnu.org; Sat, 20 Dec 2014 16:45:21 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:42142) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2Rpt-0005Pl-JV for 19404@debbugs.gnu.org; Sat, 20 Dec 2014 16:45:18 -0500 Received: from [31.15.33.252] (helo=building.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y2RpY-00011i-QV; Sat, 20 Dec 2014 22:44:57 +0100 From: Lars Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87ioh6s8wu.fsf_-_@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAKlBMVEV9fWglLC5dYVT///90 cWgcEwu+wI9VOiXR09FVSEqdh256fHr39+N7c1PLtqGVAAACR0lEQVQ4jc3RzWsaQRQA8AkspcGL I1nEWxSteBZKDnswy0CxuXQKD+mt9DANaiFKl8FATwGRsIesKMu09BAKBrSHBkqhLj0tiIc5N6f+ L33rrqaCufddZpnfvo+ZIdUHgvyncBoKocPlhX6qj/p6MVgsE2hNhBDBdDKfNmcz/AhEAqHGJQyt qmVZYah1e11KnLpL92JHj1arddn88sBUR7syBjuiPwhJlZEaY6xGyLdgPk3i+PACoWYYjJFUKgim 2xCl1CLYJEz3EjAMhOAfuI2BGQRbpO4rbQBrERLsgHisVPCrmMB1MQZmFwrRUoKzuM/tGgqrsE35 CkvOA3K8BazOJeAUGFtQZHngcBJVmu1twTOz48CwiGOw/BbUzU4Dup6UktIVGGugUnYOPIrhrTOG cYaU/GCM+3xVCk9nr6BMpcPfjwEgAYMphVCR0HN4t+xTMwZCbCVVoQLRr51G9GIsgbpJe8MSHuJF 0+G8ppQqR5dYZHXIyowJjc/t6jXAIQcox7dboB1fAWQeudZbBIpwhWCwPKcqD/DE1Tf5BD6tMkpc KQ/O3AXNyqTUPfTOXb3AXg5ccXMDVEn/scYGDd+BA2+TMaY5Kb8ub/D6pgpGP03wE+AyK39H+712 szwqAfgfk4zsS1/KP3fy3F3cdc0NmLlsxqMf2suBG1pvuuM12GaOniG4WuvQetf1GjSGOnBnNOZp HcVyFthB8P15dFd1wCczc2k8iBiIyaXo9/sThJN9NazkKU23dV/se8z+IcTrqNQD8RfZJYBmcg/k 3AAAAABJRU5ErkJggg== X-Now-Playing: burn's _308 (Glowing)_: "Boris!Heavy_Rocks_2011!05-Missing_Pieces" Date: Sat, 20 Dec 2014 22:44:54 +0100 In-Reply-To: <87ioh6s8wu.fsf_-_@lifelogs.com> (Ted Zlatanov's message of "Sat, 20 Dec 2014 09:17:05 -0500") Message-ID: <874msqq9m1.fsf@building.gnus.org> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Y2RpY-00011i-QV X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419716699.12955@q9VTj372xq/WTeVc29X5vg X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > If I understand correctly, it seems 1) the :self-signed message and > symbol need to be changed, and 2) we're waiting for the GnuTLS > developers to tell us the best way to detect a self-signed certificate. > > For (1) I propose using :unknown-ca and "the certificate was signed by > an unknown and therefore untrusted authority" Sounds good. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 21 Dec 2014 17:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 19404@debbugs.gnu.org, dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.14191822058865 (code B ref 19404); Sun, 21 Dec 2014 17:17:01 +0000 Received: (at 19404) by debbugs.gnu.org; 21 Dec 2014 17:16:45 +0000 Received: from localhost ([127.0.0.1]:53984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2k7Z-0002Iu-3A for submit@debbugs.gnu.org; Sun, 21 Dec 2014 12:16:45 -0500 Received: from randomsample.de ([5.45.97.173]:49385) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2k7X-0002Im-G1 for 19404@debbugs.gnu.org; Sun, 21 Dec 2014 12:16:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=cxQBjuj3uvLbCEgS2dxFH77SnnAlcPf5VN4qZB3CHCA=; b=kffJyyK649VMBHTQBF/1VR0KQOxulSqq+GjnMgWcpXdyl3XZaCb08V4taph3dRnydqaov8nkYrEaWqqGmSa0sVbTeLXFLd5uVonn0BGxqajjSPRGLa52iSf1uQ6RsL5x; Received: from ip4d154cb9.dynamic.kabel-deutschland.de ([77.21.76.185] helo=spaten) by randomsample.de with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1Y2k7V-00032e-DU; Sun, 21 Dec 2014 18:16:41 +0100 From: David Engster In-Reply-To: <87ioh7lftp.fsf@engster.org> (David Engster's message of "Fri, 19 Dec 2014 18:17:22 +0100") References: <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87vbl7lgug.fsf@engster.org> <87ioh7lftp.fsf@engster.org> User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.91 (gnu/linux) Date: Sun, 21 Dec 2014 18:16:35 +0100 Message-ID: <87h9woylcc.fsf@engster.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) David Engster writes: > David Engster writes: >> If a certificate is "self-signed", this means that issuer and subject >> are the same entity, i.e., the string in there is identical. There are >> some rules how these strings must be compared. I think(!) that if you >> simply compare them byte by byte, you should err on the side of >> safety. But I would assume there is a function for that in GnuTLS that >> adheres to RFC5280 for comparing such things. > > I've asked on the GnuTLS mailing list. Nick answered, and it's really simple: call gnutls_x509_crt_check_issuer on the certificate itself (meaning: provide the certificate in question for both arguments). -David From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 24 Dec 2014 13:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 19404@debbugs.gnu.org, David Engster , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.141942670623496 (code B ref 19404); Wed, 24 Dec 2014 13:12:02 +0000 Received: (at 19404) by debbugs.gnu.org; 24 Dec 2014 13:11:46 +0000 Received: from localhost ([127.0.0.1]:56351 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y3lj4-00066p-9m for submit@debbugs.gnu.org; Wed, 24 Dec 2014 08:11:45 -0500 Received: from mail-ig0-f179.google.com ([209.85.213.179]:37507) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y3liz-00066d-Ke for 19404@debbugs.gnu.org; Wed, 24 Dec 2014 08:11:41 -0500 Received: by mail-ig0-f179.google.com with SMTP id r2so6957860igi.12 for <19404@debbugs.gnu.org>; Wed, 24 Dec 2014 05:11:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=i+xkNEVYUqTvJmxRBp/qoLQbXSpr1njWTUn149vkaRY=; b=ZbmxuFS974NfChxbk//6KjXXsVvkwJdMiRLDDoA9RL21j+u0d0M7YiaCkC6o0TcLxa mDvS9SCVYdzFsWY1GP/T4jbIA7ecnQ0PAvMh8SSrNbTbnjsjkvU33s3WyA28o1LXddP8 DA55tIsWvCfcMdCgG9DGSb1EDrfYmKHMShk44= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=i+xkNEVYUqTvJmxRBp/qoLQbXSpr1njWTUn149vkaRY=; b=VAXhcLLA3y8bYIRPfLDBQCIITvDFGlsVMb4MQyD0yMfcIwcE4UIaB3a16x47DXioQd 1IMDyKXPYC8TArIZj9ZS5AygNoJ0idlJNMX1o8bNS6Y351x6FTQ3B/lZXak+RoJTe/8Y LPOgvZZMAHXK1YbE4MocQMgGAB9I5I7DO43Hzj5FY3MBannPT5xa/qOKyvnF2t0hnBXl Um9W6S011TkNngbSkhQxO3XFZDe7C4UNYKKRaR08wbcmmOgF9gdmWw6ZDiRwPG/L0FfZ 8pA4H56GZ8SHk0HnmHChP3qkZ+svSZElGUzwcbSV8RNdtmpvlNEhw4TLIXyS/OQS8iiz 3UYA== X-Gm-Message-State: ALoCoQn2E0cz+NqNcQ5xYvEaNrBbK+QBKIUvaDqKKTKQI0CYxGDBQooVeZlrAMKjlkEEWIiXi6c5 X-Received: by 10.42.103.7 with SMTP id k7mr26093908ico.33.1419426697057; Wed, 24 Dec 2014 05:11:37 -0800 (PST) Received: from bug.local ([50.153.236.5]) by mx.google.com with ESMTPSA id f7sm7758982igc.22.2014.12.24.05.11.35 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Dec 2014 05:11:36 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86ppbhrx9a.fsf@yandex.ru> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87ioh6s8wu.fsf_-_@lifelogs.com> <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87vbl7lgug.fsf@engster.org> <87ioh7lftp.fsf@engster.org> <874msqq9m1.fsf@building.gnus.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 24 Dec 2014 08:11:34 -0500 In-Reply-To: <874msqq9m1.fsf@building.gnus.org> (Lars Ingebrigtsen's message of "Sat, 20 Dec 2014 22:44:54 +0100, Sun, 21 Dec 2014 18:16:35 +0100") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (darwin) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain On Sat, 20 Dec 2014 22:44:54 +0100 Lars Ingebrigtsen wrote: LI> Ted Zlatanov writes: >> If I understand correctly, it seems 1) the :self-signed message and >> symbol need to be changed, and 2) we're waiting for the GnuTLS >> developers to tell us the best way to detect a self-signed certificate. >> >> For (1) I propose using :unknown-ca and "the certificate was signed by >> an unknown and therefore untrusted authority" LI> Sounds good. On Sun, 21 Dec 2014 18:16:35 +0100 David Engster wrote: DE> Nick answered, and it's really simple: call gnutls_x509_crt_check_issuer DE> on the certificate itself (meaning: provide the certificate in question DE> for both arguments). Please try the attached patch. I'm not able to test it myself because I'm traveling, but it should be fairly trivial and addresses both issues. Feel free to commit it with any changes you want, it's a tiny change. gnutls_x509_crt_check_issuer() has been in GnuTLS for all the versions we support, so there was no need for a version check. (there was a third issue, the expiration date was wrong, but that's not as urgent) Ted --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=self-signed.patch diff --git a/src/gnutls.c b/src/gnutls.c index bf9f132..500dbf3 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -154,6 +154,8 @@ enum extra_peer_verification (gnutls_session_t, gnutls_push_func)); DEF_GNUTLS_FN (int, gnutls_x509_crt_check_hostname, (gnutls_x509_crt_t, const char *)); +DEF_GNUTLS_FN (int, gnutls_x509_crt_check_issuer, + (gnutls_x509_crt_t, gnutls_x509_crt_t)); DEF_GNUTLS_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t)); DEF_GNUTLS_FN (int, gnutls_x509_crt_import, (gnutls_x509_crt_t, const gnutls_datum_t *, @@ -269,6 +271,7 @@ enum extra_peer_verification LOAD_GNUTLS_FN (library, gnutls_transport_set_pull_function); LOAD_GNUTLS_FN (library, gnutls_transport_set_push_function); LOAD_GNUTLS_FN (library, gnutls_x509_crt_check_hostname); + LOAD_GNUTLS_FN (library, gnutls_x509_crt_check_issuer); LOAD_GNUTLS_FN (library, gnutls_x509_crt_deinit); LOAD_GNUTLS_FN (library, gnutls_x509_crt_import); LOAD_GNUTLS_FN (library, gnutls_x509_crt_init); @@ -365,6 +368,7 @@ enum extra_peer_verification #define fn_gnutls_strerror gnutls_strerror #define fn_gnutls_transport_set_ptr2 gnutls_transport_set_ptr2 #define fn_gnutls_x509_crt_check_hostname gnutls_x509_crt_check_hostname +#define fn_gnutls_x509_crt_check_issuer gnutls_x509_crt_check_issuer #define fn_gnutls_x509_crt_deinit gnutls_x509_crt_deinit #define fn_gnutls_x509_crt_get_activation_time gnutls_x509_crt_get_activation_time #define fn_gnutls_x509_crt_get_dn gnutls_x509_crt_get_dn @@ -985,6 +989,10 @@ enum extra_peer_verification if (EQ (status_symbol, intern (":self-signed"))) return build_string ("certificate signer was not found (self-signed)"); + if (EQ (status_symbol, intern (":unknown-ca"))) + return build_string ("the certificate was signed by an unknown " + "and therefore untrusted authority"); + if (EQ (status_symbol, intern (":not-ca"))) return build_string ("certificate signer is not a CA"); @@ -1029,7 +1037,7 @@ enum extra_peer_verification warnings = Fcons (intern (":revoked"), warnings); if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND) - warnings = Fcons (intern (":self-signed"), warnings); + warnings = Fcons (intern (":unknown-ca"), warnings); if (verification & GNUTLS_CERT_SIGNER_NOT_CA) warnings = Fcons (intern (":not-ca"), warnings); @@ -1047,6 +1055,13 @@ enum extra_peer_verification CERTIFICATE_NOT_MATCHING) warnings = Fcons (intern (":no-host-match"), warnings); + /* This could get called in the INIT stage, when the certificate is + not yet set. */ + if (XPROCESS (proc)->gnutls_certificate != NULL && + gnutls_x509_crt_check_issuer(XPROCESS (proc)->gnutls_certificate, + XPROCESS (proc)->gnutls_certificate)) + warnings = Fcons (intern (":self-signed"), warnings); + if (!NILP (warnings)) result = list2 (intern (":warnings"), warnings); --=-=-=-- From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 15 Jan 2015 14:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 19404@debbugs.gnu.org, David Engster , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.142133311627304 (code B ref 19404); Thu, 15 Jan 2015 14:46:02 +0000 Received: (at 19404) by debbugs.gnu.org; 15 Jan 2015 14:45:16 +0000 Received: from localhost ([127.0.0.1]:57446 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YBlff-00076J-CN for submit@debbugs.gnu.org; Thu, 15 Jan 2015 09:45:15 -0500 Received: from mail-qg0-f43.google.com ([209.85.192.43]:50473) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YBlfc-000765-4X for 19404@debbugs.gnu.org; Thu, 15 Jan 2015 09:45:12 -0500 Received: by mail-qg0-f43.google.com with SMTP id z107so11956914qgd.2 for <19404@debbugs.gnu.org>; Thu, 15 Jan 2015 06:45:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=8sjAQHq8hmfBPqwOvqnlfhFMPSeDVLdTsHBPAM92wzo=; b=XMd4w80CPRJ2mdqjiwV2jmt+01WKSXymLzYu4M9qbCx8segpI6XEp7XfelvumEhxcn muVxQl2f8X51qGX5csiCsmkDbNNBGbzGggtbuVF5J6w4Il9WnZNnEcB/rPqQm7HSeqxL vRVkt/YdKvDGWgqPJwjvztPZfsXQ+uwdVrtKg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=8sjAQHq8hmfBPqwOvqnlfhFMPSeDVLdTsHBPAM92wzo=; b=hcwPDq0KGmZZZZ6S6xxIcczHC4fNjJ4H5Cq2RJScZHoITLsoo/BE+LEBLrhIXNuO+9 cO/FbY1M2MIIQExSOz1PYM2+ksVIGapqD6Tiv0Qf9GHDWU4DZ1aNvPFBFxTa2cyLSwu9 u+k5ZyNt0yu2QEFjk20k8NnvylH0qYhUcRiELciRvLwxwQrDl2SGZCTUUKbaDnoiXhLv nNmvbVFDBc2q6cTgIrM6ztS4Z5/lhM1sPfDwG9vxZ9CdIw2Jf51t98rWZuNRbkmdQ04n 8TyqRsGTJw2vC0ssFyhODmnh6jnJC5qKw2kongCUOa8VOnPdR5Y+DusBU2QT2Ue3VMqj aPdw== X-Gm-Message-State: ALoCoQkyxwit52o1xdxlM0celpvCgxGB/eR5WalKaou/YpRipwEJdUVo6lcUXkgLNFWPAt3zSGjn X-Received: by 10.140.89.164 with SMTP id v33mr15541775qgd.58.1421333106290; Thu, 15 Jan 2015 06:45:06 -0800 (PST) Received: from bug.local ([198.0.146.153]) by mx.google.com with ESMTPSA id w94sm1478770qgw.6.2015.01.15.06.45.04 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Jan 2015 06:45:05 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86ppbhrx9a.fsf@yandex.ru> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87ioh6s8wu.fsf_-_@lifelogs.com> <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87vbl7lgug.fsf@engster.org> <87ioh7lftp.fsf@engster.org> <874msqq9m1.fsf@building.gnus.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Thu, 15 Jan 2015 09:45:04 -0500 In-Reply-To: (Ted Zlatanov's message of "Wed, 24 Dec 2014 08:11:34 -0500") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (darwin) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) The main part is done: commit 3b7eed4ebb3c18799ec791d0c6bd53c019f48f73 Author: Ted Zlatanov Date: Thu Jan 15 09:41:58 2015 -0500 Flag :unknown-ca and :self-signed SSL certs (Bug#19404) Fixes: debbugs:19404 * gnutls.c (init_gnutls_functions): Import gnutls_x509_crt_check_issuer. (Fgnutls_peer_status): Use it to set the :self-signed flag. Rename the previous :self-signed to :unknown-ca. (Fgnutls_peer_status_warning_describe): Explain :unknown-ca flag. (I'm not sure about the Fixes: header, so I added the bug number in the first line of the commit message too.) On Wed, 24 Dec 2014 08:11:34 -0500 Ted Zlatanov wrote: TZ> (there was a third issue, the expiration date was wrong, but that's not TZ> as urgent) Lars, you added that date code, right? Could you check? I'll leave this bug open until that's fixed. Thanks! Ted From unknown Wed Aug 20 05:16:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 16 Jan 2015 00:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19404 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19404@debbugs.gnu.org Cc: David Engster , dgutov@yandex.ru Received: via spool by 19404-submit@debbugs.gnu.org id=B19404.142136783132163 (code B ref 19404); Fri, 16 Jan 2015 00:24:02 +0000 Received: (at 19404) by debbugs.gnu.org; 16 Jan 2015 00:23:51 +0000 Received: from localhost ([127.0.0.1]:58215 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YBuhb-0008Mg-Ia for submit@debbugs.gnu.org; Thu, 15 Jan 2015 19:23:51 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:60876) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YBuhZ-0008MV-Ia for 19404@debbugs.gnu.org; Thu, 15 Jan 2015 19:23:50 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1YBuhH-0004iG-LI; Fri, 16 Jan 2015 01:23:31 +0100 From: Lars Magne Ingebrigtsen References: <86ppbhrx9a.fsf@yandex.ru> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87ioh6s8wu.fsf_-_@lifelogs.com> <86ppbhrx9a.fsf@yandex.ru> <838ui5uf27.fsf@gnu.org> <83vbl8uau2.fsf@gnu.org> <871tnwoglm.fsf@engster.org> <83ioh8u1cs.fsf@gnu.org> <87lhm4myaf.fsf@engster.org> <83d27gt52m.fsf@gnu.org> <87h9wrj0u5.fsf@building.gnus.org> <87vbl7lgug.fsf@engster.org> <87ioh7lftp.fsf@engster.org> <874msqq9m1.fsf@building.gnus.org> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEUAAAB9KDeaLz8nDxbH TF3ulrADAQGmNUT4D02zAAACFklEQVQ4jZXTPY/cIBAGYKrtMVG2NrFEGw7JW18C4g+ArvXFEv1y RPP38w5mPy6pglb2ah7PMB7bQjzWSfz/Oj0nncpxLn09wTbOjtf6iN8v+he251Kn+4Wf6hbsCDwq fN5R3DtA4U85vLb7nrfOtu3RtLKqN8PFxVb29ZYieSkA86k4tw85AJfycXdSOc7ZTh2meXUW5+9Q 6UYxhLWelbU4qXdpZjQJG6BxJR+tJq0AuAUupQ2hmtZmtsZXtRbJjcxIIUJYV6qyeUL3X5RahVZO mlZNNUR1AnxzrkmJDLWiQDSVsObm24dzge9sRuoZwHG6Aq7OBnnuYCcfEW2otXj/qgDtyLAoDWgM 6RUZ2s9PEJBiGuAlULiiXbS1dOBdmmfwmUEyxNYG/OzwQ2g5SYBvIQDJB0DOOTLMegmp5ey9R8aH uwC80LPRpoXsO0QGzkgCs0PlDhFiMBI7YIkMET9qccIQbYAAmo+IppBipasktQ+oS/Kok3zCXGZn 11sGLfmAEPFAVlcGTNQ4mFPku5dfyz7gBRB4Dx4wSQWYBlBiyAx1VsVK0+GdyDc/gCrel/MBO8An LtUfLuy8ZIZiKPjkc6J6PF48kwPOva2/IYlyoT7YRHoA8RZvovzijEhe6xHvlaIoaAtj0hWv6gG/ OU6i7Pw3akwJr6k+KiUCYPclvwH445gMAw8HcKkyAPibctZwPhf8A9HEET8znNNOAAAAAElFTkSu QmCC X-Now-Playing: The Cure's _Pornography (1)_: "Siamese Twins" X-Hashcash: 1:23:150116:deng@randomsample.de::KRBecyQkiIAG7G5n:000000000000000000000000000000000000000002syp X-Hashcash: 1:23:150116:19404@debbugs.gnu.org::De/g9bhe8SSsdzy9:00000000000000000000000000000000000000007yGD X-Hashcash: 1:23:150116:dgutov@yandex.ru::smsoeYFjhabBrOVA:0FWfY Date: Fri, 16 Jan 2015 01:23:31 +0100 In-Reply-To: (Ted Zlatanov's message of "Thu, 15 Jan 2015 09:45:04 -0500") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1YBuhH-0004iG-LI X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1421972611.83073@ysTb1sNd24Bi7YICAbm6xg X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > TZ> (there was a third issue, the expiration date was wrong, but that's not > TZ> as urgent) > > Lars, you added that date code, right? Could you check? I'll leave > this bug open until that's fixed. I just checked the expiration on news.gmane.org, and it says: Valid: From 2015-01-13 to 2018-01-12 And I think that's right... Does anybody have a test case for an incorrect expiry? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no