GNU bug report logs - #23027
25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Subject: bug#23027: closed (Re: bug#23027: 25.1.50; Emacs refuses to talk
 to eternal-september because they now use an MD5 certificate, apparently)
Date: Fri, 29 Apr 2016 12:44:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#23027: 25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 23027 <at> debbugs.gnu.org.

-- 
23027: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=23027
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Anssi Saari <as <at> sci.fi>
Cc: 23027-close <at> debbugs.gnu.org
Subject: Re: bug#23027: 25.1.50;
 Emacs refuses to talk to eternal-september because they now use an
 MD5 certificate, apparently
Date: Fri, 29 Apr 2016 14:43:03 +0200

Anssi Saari <as <at> sci.fi> writes:

> Some comments on this issue (I originally reported this on
> gnu.emacs.gnus). The machine in question runs Ubuntu 14.04 LTS and
> seems to have two versions of GnuTLS installed, 2.6 and 2.8, 2.6 is
> the default. If I force GnuTLS 2.8 then I have no issue.

Yes, I upgraded this laptop to the newest Ubuntu, and the problem went
away.  So I guess eternal-september uses something too new for the
previous Ubuntu version.

I'll close the bug.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Message part 3 (message/rfc822, inline)]

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 25.1.50;
 Emacs refuses to talk to eternal-september because they now use an
 MD5 certificate, apparently
Date: Wed, 16 Mar 2016 11:54:17 +0100

Anssi Saari <as <at> sci.fi> writes:

> And with a wild guess after visiting an ssl checker website I think I
> might need MD5 for signature checking. gnutls.el mentions
> GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 but I don't know how to specify that
> from Gnus.

Here's an easy test case:

(open-network-stream
 "nntpd" (get-buffer-create "*foo*")
 "news.eternal-september.org" "nntp"
 :type 'starttls
 :end-of-command "^\\([2345]\\|[.]\\).*\n"
 :capability-command "HELP\r\n"
 :success "^3"
 :starttls-function
 (lambda (capabilities)
   (if (not (string-match "STARTTLS" capabilities))
       nil
     "STARTTLS\r\n")))

First of all, I think the error message is lacking.  It should say more
about what's failing.

As to the bug -- gnutls by default now refuses to deal with MD5
certificates.  We could override that, and instead let the network
security manager notify the user that the connection isn't safe.

I think that's a better solution, but others may differ.




In GNU Emacs 25.1.50.26 (x86_64-unknown-linux-gnu, GTK+ Version 3.4.2)
 of 2016-03-12 built on stories
Repository revision: 63efcc268635dea78c6bd80749eae4ee2c72d717
Windowing system distributor 'The X.Org Foundation', version 11.0.11204000
System Description:	Debian GNU/Linux 7.9 (wheezy)

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GSETTINGS NOTIFY GNUTLS
LIBXML2 FREETYPE LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11

Important settings:
  value of $LANG: en_US
  locale-coding-system: iso-latin-1-unix

Major mode: Group

Minor modes in effect:
  gnus-agent-group-mode: t
  shell-dirtrack-mode: t
  diff-auto-refine-mode: t
  gnus-topic-mode: t
  gnus-undo-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t

Recent messages:
Auto-saving...done
Mark set [2 times]
Sending...
Mark set [2 times]
Sending news via ^$\|\(^gnu\.emacs\.announce$\)\|\(^gnu\.emacs\.bug$\)\|\(^gnu\.emacs\.help$\)\|\(^gnu\.emacs\.sources$\)\|\(^gnu\.gcc\.announce$\)\|\(^gnu\.utils\.bug$\)\|\(^gnu\.utils\.help$\)\|\(^gnu\.gnustep\.announce$\)\|\(^gnu\.gnustep\.bugs$\)\|\(^gnu\.gnustep\.discuss$\)\|\(^gnu\.gnustep\.help$\)\|\(^gnu\.emacs\.gnews$\)\|\(^gnu\.emacs\.vm\.bug$\)\|\(^gnu\.emacs\.vm\.info$\)\|\(^gnu\.emacs\.vms$\)\|\(^gnu\.gnusenet\.config$\)\|\(^comp\.emacs$\)\|\(^comp\.emacs\.xemacs$\) using nnvirtual...
Mark set
Saving file /home/larsi/Mail/archive/sent/2016w11...
Wrote /home/larsi/Mail/archive/sent/2016w11
Sending...done
Making completion list...

Load-path shadows:
/home/larsi/src/clock.el/clock hides /home/larsi/lisp/clock
/home/larsi/src/cddb.el/expect hides /home/larsi/lisp/expect
/home/larsi/src/pvr.el/pvr hides /home/larsi/lisp/pvr
~/pgnus/contrib/vcard hides /home/larsi/lisp/vcard
/home/larsi/src/cddb.el/captitle hides /home/larsi/lisp/captitle
~/lisp/zenirc-2.112/src/zenirc-example hides /home/larsi/lisp/zenirc-example
/home/larsi/lisp/dom hides /home/larsi/src/emacs/trunk/lisp/dom
~/pgnus/contrib/compface hides /home/larsi/src/emacs/trunk/lisp/image/compface

Features:
(etags grep crm js imenu cc-mode cc-fonts cc-guess cc-menus cc-cmds
cc-styles cc-align cc-engine cc-vars cc-defs shadow emacsbug ffap
log-edit pcvs-util vc-bzr vc-src vc-sccs vc-svn vc-rcs vc-dir ewoc
bug-reference tramp-cache tramp tramp-compat tramp-loaddefs trampver
ucs-normalize advice sh-script smie executable nndir nnspool nnagent
view sgml-mode cal-move cal-menu calendar cal-loaddefs compile pp
dired-aux jukebox humanely-sort lyric-wiki discogs json dae musicbrainz
scan scrobble tellstick wave cddb captitle expect mailalias smtpmail
sendmail ecomplete shell pcomplete comint whitespace map flow-fill
edebug pulse find-func thingatpt xref project ring misearch
multi-isearch rect vc-git diff-mode canlock server eww vc vc-dispatcher
gnus-html url-queue help-fns url-cache gnus-picon sort gnus-cite smiley
ansi-color shr-color color mm-archive gnus-async gnus-dup qp gnus-ml
gmane spam-gmane dns mm-url disp-table gnus-fun gnus-mdrtn pop3 nndoc
nnmbox nndraft utf-7 gnus-topic nnmh nnml nnfolder copyright vc-cvs
network-stream nsm starttls nnir spam-report spam spam-stat gnus-uu yenc
gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg gnus-art
mm-uu mml2015 mm-view mml-smime smime dig nntp gnus-cache gnus-sum
gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source
utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message
format-spec rfc822 mml mml-sec epa epg mailabbrev gmm-utils mailheader
gnus-win gnus nnheader gnus-util rmail rmail-loaddefs mail-utils movie
mkv shr svg imdb dom pvr debug debbugs-gnu easy-mmode derived debbugs
soap-client mm-decode mm-bodies mm-encode url-http tls gnutls url-auth
mail-parse rfc2231 rfc2047 rfc2045 ietf-drums url-gw puny url url-proxy
url-privacy url-expand url-methods url-history url-cookie url-domsuf
url-util mailcap warnings rng-xsd rng-dt rng-util xsd-regexp xml ido seq
flyspell ispell benchmark w3m browse-url doc-view subr-x dired
dired-loaddefs image-mode timezone w3m-hist w3m-fb w3m-ems wid-edit
w3m-ccl ccl w3m-favicon w3m-image w3m-proc w3m-util add-log mail-extr
mm-util mail-prsvr jka-compr cl finder-inf package epg-config
url-handlers url-parse auth-source cl-seq eieio byte-opt bytecomp
byte-compile cl-extra help-mode easymenu cconv eieio-core cl-macs gv
eieio-loaddefs cl-loaddefs pcase cl-lib password-cache url-vars
time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list newcomment elisp-mode
lisp-mode prog-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese charscript case-table epa-hook jka-cmpr-hook help simple abbrev
obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face
macroexp files text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget hashtable-print-readable backquote inotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 4017886 588255)
 (symbols 48 182111 167)
 (miscs 40 1919 6615)
 (strings 32 428804 188127)
 (string-bytes 1 39326307)
 (vectors 16 80710)
 (vector-slots 8 2226075 151559)
 (floats 8 10862 7051)
 (intervals 56 775148 4913)
 (buffers 976 482)
 (heap 1024 528882 474767))

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.