GNU bug report logs - #23027
25.1.50; Emacs refuses to talk to eternal-september because they now use an MD5 certificate, apparently

Previous Next

Package: emacs;

Reported by: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Date: Wed, 16 Mar 2016 10:55:02 UTC

Severity: normal

Found in version 25.1.50

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 25.1.50;
 Emacs refuses to talk to eternal-september because they now use an
 MD5 certificate, apparently
Date: Wed, 16 Mar 2016 11:54:17 +0100

Anssi Saari <as <at> sci.fi> writes:

> And with a wild guess after visiting an ssl checker website I think I
> might need MD5 for signature checking. gnutls.el mentions
> GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 but I don't know how to specify that
> from Gnus.

Here's an easy test case:

(open-network-stream
 "nntpd" (get-buffer-create "*foo*")
 "news.eternal-september.org" "nntp"
 :type 'starttls
 :end-of-command "^\\([2345]\\|[.]\\).*\n"
 :capability-command "HELP\r\n"
 :success "^3"
 :starttls-function
 (lambda (capabilities)
   (if (not (string-match "STARTTLS" capabilities))
       nil
     "STARTTLS\r\n")))

First of all, I think the error message is lacking.  It should say more
about what's failing.

As to the bug -- gnutls by default now refuses to deal with MD5
certificates.  We could override that, and instead let the network
security manager notify the user that the connection isn't safe.

I think that's a better solution, but others may differ.




In GNU Emacs 25.1.50.26 (x86_64-unknown-linux-gnu, GTK+ Version 3.4.2)
 of 2016-03-12 built on stories
Repository revision: 63efcc268635dea78c6bd80749eae4ee2c72d717
Windowing system distributor 'The X.Org Foundation', version 11.0.11204000
System Description:	Debian GNU/Linux 7.9 (wheezy)

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GSETTINGS NOTIFY GNUTLS
LIBXML2 FREETYPE LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11

Important settings:
  value of $LANG: en_US
  locale-coding-system: iso-latin-1-unix

Major mode: Group

Minor modes in effect:
  gnus-agent-group-mode: t
  shell-dirtrack-mode: t
  diff-auto-refine-mode: t
  gnus-topic-mode: t
  gnus-undo-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t

Recent messages:
Auto-saving...done
Mark set [2 times]
Sending...
Mark set [2 times]
Sending news via ^$\|\(^gnu\.emacs\.announce$\)\|\(^gnu\.emacs\.bug$\)\|\(^gnu\.emacs\.help$\)\|\(^gnu\.emacs\.sources$\)\|\(^gnu\.gcc\.announce$\)\|\(^gnu\.utils\.bug$\)\|\(^gnu\.utils\.help$\)\|\(^gnu\.gnustep\.announce$\)\|\(^gnu\.gnustep\.bugs$\)\|\(^gnu\.gnustep\.discuss$\)\|\(^gnu\.gnustep\.help$\)\|\(^gnu\.emacs\.gnews$\)\|\(^gnu\.emacs\.vm\.bug$\)\|\(^gnu\.emacs\.vm\.info$\)\|\(^gnu\.emacs\.vms$\)\|\(^gnu\.gnusenet\.config$\)\|\(^comp\.emacs$\)\|\(^comp\.emacs\.xemacs$\) using nnvirtual...
Mark set
Saving file /home/larsi/Mail/archive/sent/2016w11...
Wrote /home/larsi/Mail/archive/sent/2016w11
Sending...done
Making completion list...

Load-path shadows:
/home/larsi/src/clock.el/clock hides /home/larsi/lisp/clock
/home/larsi/src/cddb.el/expect hides /home/larsi/lisp/expect
/home/larsi/src/pvr.el/pvr hides /home/larsi/lisp/pvr
~/pgnus/contrib/vcard hides /home/larsi/lisp/vcard
/home/larsi/src/cddb.el/captitle hides /home/larsi/lisp/captitle
~/lisp/zenirc-2.112/src/zenirc-example hides /home/larsi/lisp/zenirc-example
/home/larsi/lisp/dom hides /home/larsi/src/emacs/trunk/lisp/dom
~/pgnus/contrib/compface hides /home/larsi/src/emacs/trunk/lisp/image/compface

Features:
(etags grep crm js imenu cc-mode cc-fonts cc-guess cc-menus cc-cmds
cc-styles cc-align cc-engine cc-vars cc-defs shadow emacsbug ffap
log-edit pcvs-util vc-bzr vc-src vc-sccs vc-svn vc-rcs vc-dir ewoc
bug-reference tramp-cache tramp tramp-compat tramp-loaddefs trampver
ucs-normalize advice sh-script smie executable nndir nnspool nnagent
view sgml-mode cal-move cal-menu calendar cal-loaddefs compile pp
dired-aux jukebox humanely-sort lyric-wiki discogs json dae musicbrainz
scan scrobble tellstick wave cddb captitle expect mailalias smtpmail
sendmail ecomplete shell pcomplete comint whitespace map flow-fill
edebug pulse find-func thingatpt xref project ring misearch
multi-isearch rect vc-git diff-mode canlock server eww vc vc-dispatcher
gnus-html url-queue help-fns url-cache gnus-picon sort gnus-cite smiley
ansi-color shr-color color mm-archive gnus-async gnus-dup qp gnus-ml
gmane spam-gmane dns mm-url disp-table gnus-fun gnus-mdrtn pop3 nndoc
nnmbox nndraft utf-7 gnus-topic nnmh nnml nnfolder copyright vc-cvs
network-stream nsm starttls nnir spam-report spam spam-stat gnus-uu yenc
gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg gnus-art
mm-uu mml2015 mm-view mml-smime smime dig nntp gnus-cache gnus-sum
gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source
utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message
format-spec rfc822 mml mml-sec epa epg mailabbrev gmm-utils mailheader
gnus-win gnus nnheader gnus-util rmail rmail-loaddefs mail-utils movie
mkv shr svg imdb dom pvr debug debbugs-gnu easy-mmode derived debbugs
soap-client mm-decode mm-bodies mm-encode url-http tls gnutls url-auth
mail-parse rfc2231 rfc2047 rfc2045 ietf-drums url-gw puny url url-proxy
url-privacy url-expand url-methods url-history url-cookie url-domsuf
url-util mailcap warnings rng-xsd rng-dt rng-util xsd-regexp xml ido seq
flyspell ispell benchmark w3m browse-url doc-view subr-x dired
dired-loaddefs image-mode timezone w3m-hist w3m-fb w3m-ems wid-edit
w3m-ccl ccl w3m-favicon w3m-image w3m-proc w3m-util add-log mail-extr
mm-util mail-prsvr jka-compr cl finder-inf package epg-config
url-handlers url-parse auth-source cl-seq eieio byte-opt bytecomp
byte-compile cl-extra help-mode easymenu cconv eieio-core cl-macs gv
eieio-loaddefs cl-loaddefs pcase cl-lib password-cache url-vars
time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list newcomment elisp-mode
lisp-mode prog-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese charscript case-table epa-hook jka-cmpr-hook help simple abbrev
obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face
macroexp files text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget hashtable-print-readable backquote inotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 4017886 588255)
 (symbols 48 182111 167)
 (miscs 40 1919 6615)
 (strings 32 428804 188127)
 (string-bytes 1 39326307)
 (vectors 16 80710)
 (vector-slots 8 2226075 151559)
 (floats 8 10862 7051)
 (intervals 56 775148 4913)
 (buffers 976 482)
 (heap 1024 528882 474767))

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 9 years and 110 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.