From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: flitterio@gmail.com (Francis Litterio) Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 12 Jun 2016 21:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 23759@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.146576726611388 (code B ref -1); Sun, 12 Jun 2016 21:35:02 +0000 Received: (at submit) by debbugs.gnu.org; 12 Jun 2016 21:34:26 +0000 Received: from localhost ([127.0.0.1]:38347 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCD1W-0002xb-DW for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:26 -0400 Received: from eggs.gnu.org ([208.118.235.92]:54873) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCD1U-0002xN-ML for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCD1N-0002JT-UQ for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:19 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:45129) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD1N-0002JL-RS for submit@debbugs.gnu.org; Sun, 12 Jun 2016 17:34:17 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45844) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD1K-0000Qs-RG for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:34:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCD1F-0002Il-Lz for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:34:14 -0400 Received: from mail-yw0-x231.google.com ([2607:f8b0:4002:c05::231]:33834) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCD1F-0002Ie-G5 for bug-gnu-emacs@gnu.org; Sun, 12 Jun 2016 17:34:09 -0400 Received: by mail-yw0-x231.google.com with SMTP id c72so110911731ywb.1 for ; Sun, 12 Jun 2016 14:34:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=OGxyf9tr1FS9NlLjBA1wFoGAQ2IyBk/Jbrsw1drrloQ=; b=yuEp6ZmAWpQcachWxOYkK9yCcdT3IhDUd1zpYcPA50LKGVFa6Lx6UcykE7CSZ0Emh+ 6R/LplIFO2KXjrXOIto1J052avqqI4kN4ijTfM5jUNmL6I/TG0oemwLmoQsPiwkJSQjV bCbcMKv13Q5FTC/hRNJkRLgNGl5bcrnB6aRECqUNs/sx8Z1lraGFncW8Mif54JmNcjmP WJOEvculwUJGC6HUZzXJqbxxicrxWBeix+yQOl6C5PAd7XPr9c6PO0pHYrDzj9JwWSkb DKXWB+5CwXwoZxHTTpvSegCXX2fsELgWuxBcEwIlL6YxAp6qPXGOw0XjQolA5oU7kYTt lU1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=OGxyf9tr1FS9NlLjBA1wFoGAQ2IyBk/Jbrsw1drrloQ=; b=IGkZtye3xUu4LNEo1sbOW3/lnsmLE6BfPMcxzBAcAFzIQdMn+nqHOS3d7UBQxXSx8w eccK3IvcwmgqCz4pRcRGhUoQsX4IszpBtNaHMMoEDOgN93XymUmMJY4yap0GHzG14UwP YDoMtDDLPMfKBw9s2CqAUt36QRdOAldXVXzQIJE3rbwypPAplTqE4hUMMLpq3hY863+k gmZ4oCqWBuTfGXNljB1KVGAKOgLRYuyoi5o59wH4JdNV1vrDszEFqJzirjGDd8THHhFV 4oX14Mzhxj8xPZAncdzWTlV/Qx3kueCnLoipb7DeGPdB82BDDRKGj8PtDroYEP4YkbsI fI1g== X-Gm-Message-State: ALyK8tI1edRxCWmWaQM/5yPIV+wuxYhv6tIvIu+u9/OK8uK0Ft4Gx0b4gpjyH/67DlGUsw== X-Received: by 10.13.245.194 with SMTP id e185mr6240300ywf.306.1465767248397; Sun, 12 Jun 2016 14:34:08 -0700 (PDT) Received: from puppy.gmail.com (125.sub-70-192-38.myvzw.com. [70.192.38.125]) by smtp.gmail.com with ESMTPSA id b123sm10034869ywe.4.2016.06.12.14.34.06 for (version=TLSv1/SSLv3 cipher=OTHER); Sun, 12 Jun 2016 14:34:07 -0700 (PDT) From: flitterio@gmail.com (Francis Litterio) Date: Sun, 12 Jun 2016 17:32:56 -0400 Message-ID: <87y46ahz23.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) Using Emacs built from the latest mainline source on Windows 7 (with all up= dates applied), I see this problem: 1. Launch Emacs using: emacs.exe -Q 2. Evaluate this form in buffer *scratch*: (progn (require 'tls) (open-tls-stream "foo" nil "irc.oftc.net" 6697)) After the connection is established, buffer *Messages* shows two failed con= nection attempts using gnutls-cli, followed by a successful connection using openss= l: Opening TLS connection to =91irc.oftc.net=92... Opening TLS connection with =91gnutls-cli --x509cafile nil -p 6697 irc.of= tc.net=92...failed Opening TLS connection with =91gnutls-cli --x509cafile nil -p 6697 irc.of= tc.net --protocols ssl3=92...failed Opening TLS connection with =91openssl s_client -connect irc.oftc.net:669= 7 -no_ssl2 -ign_eof=92...done Opening TLS connection to =91irc.oftc.net=92...done Notice switch "--x509cafile nil" passed to gnutls-cli, which cause it to fa= il both times. The root cause has to do with variable tls-program, which has this value: ("gnutls-cli --x509cafile %t -p %p %h" "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3" "openssl s_client -connect %h:%p -no_ssl2 -ign_eof") The docstring for tls-program says that %t is replaced "with a file name co= ntaining trusted certificates". The names of trusted certificate files come from va= riable gnutls-trustfiles, which has this value: ("/etc/ssl/certs/ca-certificates.crt" "/etc/pki/tls/certs/ca-bundle.crt" "/etc/ssl/ca-bundle.pem" "/usr/ssl/certs/ca-bundle.crt" "/usr/local/share/certs/ca-root-nss.crt") The docstring for gnutlsw-trustfiles says: The files may not exist, in which case they will be ignored. These files do not exist on my Windows system, but the %t in the strings li= sted in variable tls-program is replaced by "nil", which creates a malformed gnutls= -cli command. I can work around the problem by setting variable tls-program to this list,= which is the above list without the "--x509cafile %t" in the gnutls-cli commands: ("gnutls-cli -p %p %h" "gnutls-cli -p %p %h --protocols ssl3" "openssl s_client -connect %h:%p -no_ssl2 -ign_eof") If the no trusted cert file is available, the gnutls-cli command needs to b= e constructed more intelligently, so as not to create a malformed command. This problem = seems to be localized in this code in function open-tls-stream in lisp/net/tls.el: (with-current-buffer buffer (message "Opening TLS connection to `%s'..." host) (while (and (not done) (setq cmd (pop cmds))) (let ((process-connection-type tls-process-connection-type) (formatted-cmd (format-spec cmd (format-spec-make ?t (car (gnutls-trustfiles)) ?h host ?p (if (integerp port) (int-to-string port) port))))) (message "Opening TLS connection with `%s'..." formatted-cmd) (setq process (start-process name buffer shell-file-name shell-command-switch formatted-cmd)) -- Fran Litterio In GNU Emacs 25.1.50.1 (i686-pc-mingw32) of 2016-05-28 built on PUPPY Repository revision: 549470fdf234acb4da7941e3bb9b28ed63a51876 Windowing system distributor 'Microsoft Corp.', version 6.1.7601 Recent messages: Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el... Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el... Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el... Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el Mark set Mark saved where search started Mark set [2 times] Type "q" to delete help window. Configured using: 'configure --prefix=3D/c/apps/emacs --without-x --without-xpm --without-png --without-jpeg --without-tiff --without-gif' Configured features: SOUND NOTIFY ACL TOOLKIT_SCROLL_BARS Important settings: value of $LANG: C.ISO-8859-1 locale-coding-system: cp1252 Major mode: Emacs-Lisp Minor modes in effect: erc-list-mode: t erc-menu-mode: t erc-ring-mode: t erc-networks-mode: t erc-pcomplete-mode: t erc-track-mode: t erc-track-minor-mode: t erc-match-mode: t erc-button-mode: t erc-fill-mode: t erc-netsplit-mode: t erc-irccontrols-mode: t erc-noncommands-mode: t erc-move-to-prompt-mode: t erc-readonly-mode: t diff-auto-refine-mode: t show-paren-mode: t save-place-mode: t icomplete-mode: t savehist-mode: t shell-dirtrack-mode: t tooltip-mode: t global-eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t file-name-shadow-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t abbrev-mode: t Load-path shadows: None found. Features: (shadow mail-extr emacsbug skeleton gud mm-archive url-http url-gw url-cache url-auth url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util jka-compr face-remap tabify imenu edmacro kmacro eieio-opt speedbar sb-image ezimage dframe find-func help-fns rect vc-git misearch multi-isearch server sort gnus-draft gnus-agent gnus-srvr nnvirtual nndraft nnmh gnus-msg gnus-cite canlock gnus-async gnus-score score-mode gnus-art mm-uu mml2015 mm-view mml-smime smime dig mailcap gnus-cache gnus-sum fpl-moo fpl-react cl erc-sasl erc-notify erc-truncate erc-log erc-dcc erc-list erc-menu erc-join erc-ring erc-networks erc-pcomplete erc-track erc-match erc-button erc-fill erc-stamp erc-netsplit erc-goodies erc erc-backend erc-compat thingatpt source-safe ediff-merg ediff-wind ediff-diff ediff-mult ediff-help ediff-init ediff-util ediff grep sh-script smie executable python tramp-sh json map ielm pp sgml-mode csharp-mode cc-langs smtpmail sendmail nntp gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source utf7 netrc parse-time gnus-spec gnus-int gnus-range message rfc822 mml mml-sec epa derived epg mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader gnus-win nnoo gnus nnheader subr-x gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums mail-utils mm-util mail-prsvr wid-edit etags vc vc-dispatcher dired-aux hexl smerge-mode diff-mode easy-mmode paren man info compile apropos tramp tramp-compat tramp-loaddefs trampver ucs-normalize format-spec advice saveplace icomplete xref project savehist browse-url shell pcomplete warnings arc-mode archive-mode ange-ftp socks network-stream puny nsm starttls tls gnutls dired dired-loaddefs cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs comint ansi-color ring calc-ext calc calc-loaddefs calc-macs time-stamp finder-inf package epg-config url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs password-cache url-vars seq byte-opt gv bytecomp byte-compile cl-extra help-mode easymenu cconv cl-loaddefs pcase cl-lib time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese charscript case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote w32notify w32 multi-tty make-network-process emacs) Memory information: ((conses 8 524945 95746) (symbols 32 46666 0) (miscs 32 274 2594) (strings 16 105202 34595) (string-bytes 1 3339203) (vectors 8 72445) (vector-slots 4 1840040 248756) (floats 8 547 954) (intervals 28 15501 2890) (buffers 528 53)) From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Jun 2016 03:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: flitterio@gmail.com (Francis Litterio) Cc: 23759@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146578929511277 (code B ref 23759); Mon, 13 Jun 2016 03:42:01 +0000 Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 03:41:35 +0000 Received: from localhost ([127.0.0.1]:38437 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCIkp-0002vp-1B for submit@debbugs.gnu.org; Sun, 12 Jun 2016 23:41:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:50499) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCIkm-0002vb-DF for 23759@debbugs.gnu.org; Sun, 12 Jun 2016 23:41:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCIkd-00008k-TU for 23759@debbugs.gnu.org; Sun, 12 Jun 2016 23:41:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50592) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCIkd-00008d-Pt; Sun, 12 Jun 2016 23:41:23 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3305 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1bCIkb-0006hK-Go; Sun, 12 Jun 2016 23:41:22 -0400 Date: Mon, 13 Jun 2016 06:42:12 +0300 Message-Id: <83r3c1g3fv.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <87y46ahz23.fsf@gmail.com> (flitterio@gmail.com) References: <87y46ahz23.fsf@gmail.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) > From: flitterio@gmail.com (Francis Litterio) > Date: Sun, 12 Jun 2016 17:32:56 -0400 > > Using Emacs built from the latest mainline source on Windows 7 (with all updates applied), > I see this problem: > > 1. Launch Emacs using: emacs.exe -Q > > 2. Evaluate this form in buffer *scratch*: > > (progn > (require 'tls) > (open-tls-stream "foo" nil "irc.oftc.net" 6697)) > > After the connection is established, buffer *Messages* shows two failed connection > attempts using gnutls-cli, followed by a successful connection using openssl: TLS connections on MS-Windows are supported via the GnuTLS library. External TLS programs will never work correctly on Windows, since they use signals to communicate with Emacs. So there's little sense in fixing this issue, because the result will not work anyway. Thanks. From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Jun 2016 10:19:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 23759@debbugs.gnu.org, Francis Litterio Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146581310615280 (code B ref 23759); Mon, 13 Jun 2016 10:19:01 +0000 Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 10:18:26 +0000 Received: from localhost ([127.0.0.1]:38564 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCOws-0003yO-A6 for submit@debbugs.gnu.org; Mon, 13 Jun 2016 06:18:26 -0400 Received: from lamora.getmail.no ([84.210.184.7]:36761) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCOwp-0003y6-Df for 23759@debbugs.gnu.org; Mon, 13 Jun 2016 06:18:25 -0400 Received: from localhost (localhost [127.0.0.1]) by lamora.getmail.no (Postfix) with ESMTP id 37FB5E6039; Mon, 13 Jun 2016 12:18:16 +0200 (CEST) Received: from lamora.getmail.no ([127.0.0.1]) by localhost (lamora.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id uHMGOQngQ6aG; Mon, 13 Jun 2016 12:18:15 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lamora.getmail.no (Postfix) with ESMTP id B1F9FE605C; Mon, 13 Jun 2016 12:18:15 +0200 (CEST) X-Virus-Scanned: amavisd-new at lamora.get.c.bitbit.net Received: from lamora.getmail.no ([127.0.0.1]) by localhost (lamora.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id lyBmvSPZ55zF; Mon, 13 Jun 2016 12:18:15 +0200 (CEST) Received: from mouse (cm-84.215.1.64.getinternet.no [84.215.1.64]) by lamora.getmail.no (Postfix) with ESMTPS id 821A8E6039; Mon, 13 Jun 2016 12:18:15 +0200 (CEST) From: Lars Ingebrigtsen References: <87y46ahz23.fsf@gmail.com> <83r3c1g3fv.fsf@gnu.org> Date: Mon, 13 Jun 2016 12:18:15 +0200 In-Reply-To: <83r3c1g3fv.fsf@gnu.org> (Eli Zaretskii's message of "Mon, 13 Jun 2016 06:42:12 +0300") Message-ID: <87oa759yu0.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Eli Zaretskii writes: > TLS connections on MS-Windows are supported via the GnuTLS library. > External TLS programs will never work correctly on Windows, since they > use signals to communicate with Emacs. So there's little sense in > fixing this issue, because the result will not work anyway. Perhaps it would make sense to just have `open-tls-stream' signal an error on Windows to avoid confusing people? I think this is at least the fourth bug report where people have spent significant time trying to debug something that will never work. It could just say (error "Use an Emacs built with TLS support (and with installed gnutls libraries)"). -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Fran Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Jun 2016 11:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 23759@debbugs.gnu.org, Eli Zaretskii Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146581765228487 (code B ref 23759); Mon, 13 Jun 2016 11:35:01 +0000 Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 11:34:12 +0000 Received: from localhost ([127.0.0.1]:38586 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCQ88-0007PM-Tl for submit@debbugs.gnu.org; Mon, 13 Jun 2016 07:34:12 -0400 Received: from mail-oi0-f44.google.com ([209.85.218.44]:35593) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCQ84-0007Op-05 for 23759@debbugs.gnu.org; Mon, 13 Jun 2016 07:34:07 -0400 Received: by mail-oi0-f44.google.com with SMTP id w5so123662979oib.2 for <23759@debbugs.gnu.org>; Mon, 13 Jun 2016 04:34:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=PF3f7zTi+LZkf7Ucvlgwuxte6WPReAGKRU2nET8mA6k=; b=rnTtaPuHx7JKxh6Vuj8WaUvbGIUexaU6xgP8qaT8yA05FwOt7FKyl5SdaZTW1qun1F TUVWUbfTQr1tKlR+v+9lwyU0kgTkMaGJ3mZb6iKqczJXfWcqi3tJviEwzY3lUQIyn3I0 dhUraNf3oIEyRK6IvrvP+8TMhW9wlswoy1BO4o14sW0z6pnIERqAJwQA2r0mqvD9vKHp RuZYwbpsa72I0KttkYTpx2cMe2B/aZlPECbBRxxAomE8zgTR9ZhBlW+HoUafWj6qCMja RHoSVFhEUaioQ918TwIgHSPh33BMAGScke1edzVfNpuDKisdhjBxEZ5bt+ksJluE4J21 71tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=PF3f7zTi+LZkf7Ucvlgwuxte6WPReAGKRU2nET8mA6k=; b=VecEDRY9gTpbAOVicntgBqxYzavpMEpypDX06kws03gjJM9SkPTOKNduK7sqaTAKd7 06FPG9Ysm4223GK9YsJ/dvRSx38Fc62qatrsixs92mvGkoU7gfTuxHIAvOEElwWLsGMK gKPj6QcA9Vr47lOrfisNZ0yjFXM7JRKL7zzLwRawNk16DkXYvYzfPe5MqQkKT8XE5lIN Ivt8R+JgoVESYLYPobNFFfREcaymVJsoxwOH3VkDdOBg4Ro8RxE4NUwruMUVkuiNnjOV Nl3qcufpE5z3/0To2NIklTTyTW/V9tdbIVC0tZmqdEc0l36YwW0+IHTdNBeYcBAl6S3E rRCw== X-Gm-Message-State: ALyK8tKbs+DtxQT8TWFi+ABcSZdqA7Fvjf0+XVbuWHqdp1LcokpR/xvvKyMhShL7wN7u3dPOcRJ6fyHBtW/iGQ== MIME-Version: 1.0 X-Received: by 10.157.23.209 with SMTP id j75mr6261036otj.109.1465817638313; Mon, 13 Jun 2016 04:33:58 -0700 (PDT) Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:33:58 -0700 (PDT) Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:33:58 -0700 (PDT) In-Reply-To: References: <87y46ahz23.fsf@gmail.com> <83r3c1g3fv.fsf@gnu.org> <87oa759yu0.fsf@gnus.org> Date: Mon, 13 Jun 2016 07:33:58 -0400 Message-ID: From: Fran Content-Type: multipart/alternative; boundary=94eb2c0944f6a3279f05352743c3 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --94eb2c0944f6a3279f05352743c3 Content-Type: text/plain; charset=UTF-8 If Cygwin is installed, open-tls-stream works, because gnutls-cli and openssl are available. It has worked for some time. I routinely use this feature to enable ERC to connect to servers using TLS using function erc-tls. This bug report is about an Elisp logic error that can happen on any platform if the certificate trust files do not exist, leading to a malformed gnutls-cli command line. Those files are outside the control of Emacs. They may not exist. Please don't disable functionality that some of us have used for years. Thanks. -- Fran Litterio On Jun 13, 2016 6:18 AM, "Lars Ingebrigtsen" wrote: Eli Zaretskii writes: > TLS connections on MS-Windows are supported via the GnuTLS library. > External TLS programs will never work correctly on Windows, since they > use signals to communicate with Emacs. So there's little sense in > fixing this issue, because the result will not work anyway. Perhaps it would make sense to just have `open-tls-stream' signal an error on Windows to avoid confusing people? I think this is at least the fourth bug report where people have spent significant time trying to debug something that will never work. It could just say (error "Use an Emacs built with TLS support (and with installed gnutls libraries)"). -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no --94eb2c0944f6a3279f05352743c3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

If Cygwin is installed, open-tls-stream works, because gnutl= s-cli and openssl are available. It has worked for some time. I routinely u= se this feature to enable ERC to connect to servers using TLS using functio= n erc-tls.

This bug report is about an Elisp logic error that can happe= n on any platform if the certificate trust files do not exist, leading to a= malformed gnutls-cli command line. Those files are outside the control of = Emacs. They may not exist.

Please don't disable functionality that some of us have = used for years.

Thanks.
--
Fran Litterio

On Jun 13, 2016 6:18 AM, "Lars Ingebrigtsen= " <larsi@gnus.org> wrote:<= br type=3D"attribution">
Eli Zaretskii <eliz@gnu.org> wri= tes:

> TLS connections on MS-Windows are supported via the GnuTLS library. > External TLS programs will never work correctly on Windows, since they=
> use signals to communicate with Emacs.=C2=A0 So there's little sen= se in
> fixing this issue, because the result will not work anyway.

Perhaps it would make sense to just have `open-tls-stream' signal= an
error on Windows to avoid confusing people?=C2=A0 I think this is at least<= br> the fourth bug report where people have spent significant time trying to debug something that will never work.

It could just say (error "Use an Emacs built with TLS support (and wit= h
installed gnutls libraries)").

--
(domestic pets only, the antidote for overdose, milk.)
=C2=A0 =C2=A0bloggy blog: http://lars.ingebrigtsen.no
--94eb2c0944f6a3279f05352743c3-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Jun 2016 11:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Fran Cc: 23759@debbugs.gnu.org, Eli Zaretskii Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146581802129026 (code B ref 23759); Mon, 13 Jun 2016 11:41:01 +0000 Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 11:40:21 +0000 Received: from localhost ([127.0.0.1]:38590 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCQE8-0007Y6-Tw for submit@debbugs.gnu.org; Mon, 13 Jun 2016 07:40:21 -0400 Received: from bouvier.getmail.no ([84.210.184.8]:50327) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCQE6-0007Xt-UV for 23759@debbugs.gnu.org; Mon, 13 Jun 2016 07:40:19 -0400 Received: from localhost (localhost [127.0.0.1]) by bouvier.getmail.no (Postfix) with ESMTP id 9FBD846038; Mon, 13 Jun 2016 13:40:11 +0200 (CEST) Received: from bouvier.getmail.no ([127.0.0.1]) by localhost (bouvier.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id PvEhWJqdAT6r; Mon, 13 Jun 2016 13:40:11 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bouvier.getmail.no (Postfix) with ESMTP id 3663648585; Mon, 13 Jun 2016 13:40:11 +0200 (CEST) X-Virus-Scanned: amavisd-new at bouvier.get.c.bitbit.net Received: from bouvier.getmail.no ([127.0.0.1]) by localhost (bouvier.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id zVPuYssXTyj5; Mon, 13 Jun 2016 13:40:11 +0200 (CEST) Received: from mouse (cm-84.215.1.64.getinternet.no [84.215.1.64]) by bouvier.getmail.no (Postfix) with ESMTPS id EF48845758; Mon, 13 Jun 2016 13:40:10 +0200 (CEST) From: Lars Ingebrigtsen References: <87y46ahz23.fsf@gmail.com> <83r3c1g3fv.fsf@gnu.org> <87oa759yu0.fsf@gnus.org> Date: Mon, 13 Jun 2016 13:40:10 +0200 In-Reply-To: (Fran's message of "Mon, 13 Jun 2016 07:33:58 -0400") Message-ID: <878ty99v1h.fsf@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Fran writes: > If Cygwin is installed, open-tls-stream works, because gnutls-cli and openssl > are available. It has worked for some time. I routinely use this feature to > enable ERC to connect to servers using TLS using function erc-tls. At some point, tls.el will be deprecated. Why aren't you just using Emacs with the built-in TLS support? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Fran Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Jun 2016 11:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Magne Ingebrigtsen Cc: 23759@debbugs.gnu.org, Eli Zaretskii Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146581855630017 (code B ref 23759); Mon, 13 Jun 2016 11:50:01 +0000 Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 11:49:16 +0000 Received: from localhost ([127.0.0.1]:38595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCQMi-0007o2-RY for submit@debbugs.gnu.org; Mon, 13 Jun 2016 07:49:16 -0400 Received: from mail-oi0-f45.google.com ([209.85.218.45]:36242) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCQMc-0007mD-T8 for 23759@debbugs.gnu.org; Mon, 13 Jun 2016 07:49:10 -0400 Received: by mail-oi0-f45.google.com with SMTP id p204so203203642oih.3 for <23759@debbugs.gnu.org>; Mon, 13 Jun 2016 04:49:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=8RIJzrZ6A87jbqw5xMm1c5Ymc9YJNd5nEvanj6qUAVg=; b=T6PnzbU2jEtRnDWIjLFXetUg3ZAQEzjjYi8YOBetJ8WtdZjm9Ao0lrjx/WyjvplfZW QoklH0GquCYGVcxdrTS9YiXsoGjJvh4vRfEWPv1r2x4jPo+pB2zkSTOUTYyLPyuGS7Gr o0BM/FU0aIpJvFXnLTAiDRGC9qdkuTM1DBh+hZpi4OHM3mG6Q3tky9kIEbf022sAVeEP GqlDqCCWX1hCdLpaib/0n5u71W2Z1HkWcFnbQlnvIcNtewhvBcE8TJcYyWYfu0d4mV55 d9ysGDIjbveyxj1xuDh1SHf6DwYESaO1eQgLM9Qp8DIlj3AOn90XH5kVTyOiOlwtlmOt JZwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=8RIJzrZ6A87jbqw5xMm1c5Ymc9YJNd5nEvanj6qUAVg=; b=dSf1nZplF5JIEmoRHxdjrGvjP/Xs50y1I4yOErD/xyUeYWzIOoenlt3sC4kU1LCg4S gNFopuirbp2HNDzjAbjBuyF2I1et1ZYGIZmsU37rW1Tzm2dk5ai4Y7KrFd6MYMF+boWo xTXhGvzUSYqEC4HGT1FS6QvzDui+3i5aBCBbLqllHRPM+FqFnVqWSOL4VWt4hV1vM9IE XtHRJN1khagQboxRkUy02Aq49puThcIk5g/5qORSKXJDzsXXmjA2GGA1TNs1RcM90VXh cRbVBePJDTifs2BSF1U+c4fuOTpuEwGyQfMylAaa9B6f4545Gn7BPl3idFIzNRLGNGjY o2lQ== X-Gm-Message-State: ALyK8tJnjsrdM56Sv94MZsLU+6+IBPBF1uX5joWqjG2jn3S+UimCoZklGmi/Vmj43zW0S9JvMOaqSaPfm0a4RQ== MIME-Version: 1.0 X-Received: by 10.202.55.198 with SMTP id e189mr5908313oia.85.1465818541371; Mon, 13 Jun 2016 04:49:01 -0700 (PDT) Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:49:01 -0700 (PDT) Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:49:01 -0700 (PDT) In-Reply-To: <878ty99v1h.fsf@gnus.org> References: <87y46ahz23.fsf@gmail.com> <83r3c1g3fv.fsf@gnu.org> <87oa759yu0.fsf@gnus.org> <878ty99v1h.fsf@gnus.org> Date: Mon, 13 Jun 2016 07:49:01 -0400 Message-ID: From: Fran Content-Type: multipart/alternative; boundary=001a113ceea676bb6a05352779cd X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --001a113ceea676bb6a05352779cd Content-Type: text/plain; charset=UTF-8 On Jun 13, 2016 7:40 AM, "Lars Ingebrigtsen" wrote: > At some point, tls.el will be deprecated. Why aren't you just using > Emacs with the built-in TLS support? I didn't know of the plan to deprecate tls.el. And this way has always worked on Windows. I'll certainly try to get "make configure" to enable built-in TLS support on Windows when building with MinGW. If I can get that to work, I'll send a patch so we can hasten the deprecation of tls.el. -- Fran --001a113ceea676bb6a05352779cd Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On Jun 13, 2016 7:40 AM, "Lars Ingebrigtsen" <<= a href=3D"mailto:larsi@gnus.org">larsi@gnus.org> wrote:

> At some point, tls.el will be deprecated.=C2=A0 Why are= n't you just using
> Emacs with the built-in TLS support?

I didn't know of the plan to deprecate tls.el. And this = way has always worked on Windows. I'll certainly try to get "make = configure" to enable built-in TLS support on Windows when building wit= h MinGW. If I can get that to work, I'll send a patch so we can hasten = the deprecation of tls.el.
--
Fran

--001a113ceea676bb6a05352779cd-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Jun 2016 14:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Lars Ingebrigtsen Cc: 23759@debbugs.gnu.org, flitterio@gmail.com Reply-To: Eli Zaretskii Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146582655110135 (code B ref 23759); Mon, 13 Jun 2016 14:03:01 +0000 Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 14:02:31 +0000 Received: from localhost ([127.0.0.1]:39087 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCSRf-0002dJ-O9 for submit@debbugs.gnu.org; Mon, 13 Jun 2016 10:02:31 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47044) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bCSRb-0002d4-L0 for 23759@debbugs.gnu.org; Mon, 13 Jun 2016 10:02:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCSRQ-00054l-B8 for 23759@debbugs.gnu.org; Mon, 13 Jun 2016 10:02:18 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59515) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCSRQ-000545-7J; Mon, 13 Jun 2016 10:02:12 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3650 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1bCSRO-0004a8-Ba; Mon, 13 Jun 2016 10:02:10 -0400 Date: Mon, 13 Jun 2016 17:03:02 +0300 Message-Id: <83eg81fap5.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <87oa759yu0.fsf@gnus.org> (message from Lars Ingebrigtsen on Mon, 13 Jun 2016 12:18:15 +0200) References: <87y46ahz23.fsf@gmail.com> <83r3c1g3fv.fsf@gnu.org> <87oa759yu0.fsf@gnus.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) > From: Lars Ingebrigtsen > Cc: flitterio@gmail.com (Francis Litterio), 23759@debbugs.gnu.org > Date: Mon, 13 Jun 2016 12:18:15 +0200 > > Eli Zaretskii writes: > > > TLS connections on MS-Windows are supported via the GnuTLS library. > > External TLS programs will never work correctly on Windows, since they > > use signals to communicate with Emacs. So there's little sense in > > fixing this issue, because the result will not work anyway. > > Perhaps it would make sense to just have `open-tls-stream' signal an > error on Windows to avoid confusing people? I think this is at least > the fourth bug report where people have spent significant time trying to > debug something that will never work. > > It could just say (error "Use an Emacs built with TLS support (and with > installed gnutls libraries)"). At least a warning sounds like a good idea. Not so sure about erroring out, though. From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; References: <87y46ahz23.fsf@gmail.com> In-Reply-To: <87y46ahz23.fsf@gmail.com> Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 02 Jul 2016 00:23:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 23759@debbugs.gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146741894830115 (code B ref 23759); Sat, 02 Jul 2016 00:23:01 +0000 Received: (at 23759) by debbugs.gnu.org; 2 Jul 2016 00:22:28 +0000 Received: from localhost ([127.0.0.1]:34251 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bJ8hX-0007pf-LL for submit@debbugs.gnu.org; Fri, 01 Jul 2016 20:22:28 -0400 Received: from mail-wm0-f46.google.com ([74.125.82.46]:36738) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bJ8Vd-0007Uu-Jg for 23759@debbugs.gnu.org; Fri, 01 Jul 2016 20:10:10 -0400 Received: by mail-wm0-f46.google.com with SMTP id f126so43093257wma.1 for <23759@debbugs.gnu.org>; Fri, 01 Jul 2016 17:10:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=RmWE7K1twMEoxuqb5t9gi0w6wDp61ttFKH6mbhpDP8M=; b=SjzwyzYAQwNaekQQttFczB3mwjs0Qv5gDgn2vjROQ7SzkeLAniQMdJ8rV9veE3N/dA cAx3WeiHoLz+JpGB5nxdINnqAyB1DoZZLpHeRu5X5f3DKvjLpGJpJzW55rUJX8pyBwKb yqWEp+AKyAQlpbnAUmRpx+bnb5MNxts41xHDlKjnn7kFjuCDH+PmQl9Segfm1wJJU8PA VVK/Xvb/2Dt3dEAIB8WJ04YP/ET6ptNigAEJ2zbp7r+urohTGAq9aoMDM3odhTdCwzll teBsjYs6ORhP2LC2JAPJjz4yWYpgimpl5NjQwF/I724S7a0MfY4wPaZ0Rsk7xi1Ks9Ee 8Zdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=RmWE7K1twMEoxuqb5t9gi0w6wDp61ttFKH6mbhpDP8M=; b=k14HlLWLV9gOjGZCUFOK87t4xkJrCd4/1kRLE2Ifpy6VnnwIgzW+EH89F76yRuQCzH 13NyZFzYe68MjrkV86FH+aJbW2Z2S+DVo8LnDFn8bf2IkjbS1mPEN4r7ixR/5l7uZNXU bpAVXXcb0kHozoJJkQbl9a5bjdyyN8oC2wU3t0xjWdINylXj4CfQ4SSNN6emtKEmlRRW GR4g4nzyHhWDLTwCK54JVvhMBCdrLr+JhA8svGmibYRJVQlAKDfrYCYSETQKakbVBW50 Bg3qA6CQLx0J9WPUk+MMxsNGD9jqZt4UJ7bVUsBw1ihkPkOq6hxKdD17a5AepIgO+//5 uG9A== X-Gm-Message-State: ALyK8tK3+U6d7ifc0gEvnCVSkD/3daDWXcFBma0/pDoBHt0Jpjli/bQvkoPqBi+8QLhQvyG6AsOwNi+xDqxW1tiN X-Received: by 10.194.175.231 with SMTP id cd7mr576765wjc.19.1467418203513; Fri, 01 Jul 2016 17:10:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.99.214 with HTTP; Fri, 1 Jul 2016 17:09:43 -0700 (PDT) From: Konstantin Kliakhandler Date: Sat, 2 Jul 2016 03:09:43 +0300 Message-ID: Content-Type: multipart/mixed; boundary=089e013d1d86c21fa505369becbb X-Spam-Score: -0.7 (/) X-Mailman-Approved-At: Fri, 01 Jul 2016 20:22:25 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --089e013d1d86c21fa505369becbb Content-Type: multipart/alternative; boundary=089e013d1d86c21fa105369becb9 --089e013d1d86c21fa105369becb9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, I am using emacs on OSX 10.12 from https://emacsformacosx.com/builds: (emacs-version) "GNU Emacs 25.1.50.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603)) of 2016-05-30" And experience the same problem when running emacs -Q. Furthermore, I diagnosed the cause to be incorrect building of formatted-cmd in open-tls-stream from the given arguments. Attached is a patch that fixes the problem on my end. To make the patch smaller, I did not reindent the whole function - I hope this is alright. Finally, I'd like to reply to: > Fran gmail.com> writes: > If Cygwin is installed, open-tls-stream works, because gnutls-cli and > openssl > > are available. It has worked for some time. I routinely use this featur= e > to > > enable ERC to connect to servers using TLS using function erc-tls. > At some point, tls.el will be deprecated. Why aren't you just using > Emacs with the built-in TLS support? In my honest opinion, a feature is either deprecated or not, and while it is not yet deprecated, bugs should not be ignored. I hope you would agree at least to the point of testing the patch and incorporating it if it works well :-) Fuller description of the problem and the fix: The problem: `open-tls-stream' replaces %t with exactly one element, which is nil if none of gnutls-trustfiles is readable, and the first element of gnutls-trustfiles is more than one is readable. The Solution: In the patch I make the test iterate on all the trustfiles as a user might have more than one relevant. In addition, I made the default setting for tls-program have entries that do not explicitly specify the trustfile. One thing to note here perhaps, is that if (gnutls-trustfiles) returns an empty list and one has the %t substitution in one of the tls-program entries, then that entry will not be run at all. I feel that this is reasonable since by setting --x509cafile nil one makes gnutls-cli fail anyway. Finally, I'm experiencing the above behavior, as far as I can tell, by default in e.g. erc-tls. What is the proper way to move to the built in TLS? Is it likely to be something in my config or in the implementation of ERC? Thanks, Kosta --=20 Konstantin Kliakhandler http://slumpy.org )=C2=B0) )=C2=B0( (=C2=B0( --089e013d1d86c21fa105369becb9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello,

I am using emacs= on OSX 10.12 from https://emacsformacosx.com/builds:=C2=A0

(emacs-version)
"GNU Emacs 25.1.50.1 (x86= _64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603))
=C2=A0of 2016-05-30"

And exper= ience the same problem when running emacs -Q. Furthermore, I diagnosed the = cause to be incorrect building of formatted-cmd in open-tls-stream from the= given arguments. Attached is a patch that fixes the problem on my end. To = make the patch smaller, I did not reindent the whole function - I hope this= is alright.=C2=A0

Finally, I'd like to reply = to:
=C2=A0
Fran <flitterio <at> gmail.com> writes:
> If Cygwin is installed, open-tls-stream works= , because gnutls-cli and openssl
> are available. It has worked for s= ome time. I routinely use this feature to
> enable ERC to connect to = servers using TLS using function erc-tls.
=C2=A0
At some point, tls.el will b= e deprecated. Why aren't you just using
Emacs with the built-in TLS= support?

In my honest opinion, a feature i= s either deprecated or not, and while it is not yet deprecated, bugs should= not be ignored. I hope you would agree at least to the point of testing th= e patch and incorporating it if it works well :-)

= Fuller description of the problem and the fix:

The= problem: `open-tls-stream' replaces %t with exactly one element, which= is nil if none of gnutls-trustfiles is readable, and the first element of = gnutls-trustfiles is more than one is readable.
The Solution: In = the patch I make the test iterate on all the trustfiles as a user might hav= e more than one relevant. In addition, I made the default setting for tls-p= rogram have entries that do not explicitly specify the trustfile.

One thing to note here perhaps, is that if (gnutls-trustfil= es) returns an empty list and one has the %t substitution in one of the tls= -program entries, then that entry will not be run at all. I feel that this = is reasonable since by setting --x509cafile nil one makes gnutls-cli fail a= nyway.=C2=A0

Finally, I'm experiencing the abo= ve behavior, as far as I can tell, by default in e.g. erc-tls. What is the = proper way to move to the built in TLS? Is it likely to be something in my = config or in the implementation of ERC?

Than= ks,
Kosta

--089e013d1d86c21fa105369becb9-- --089e013d1d86c21fa505369becbb Content-Type: application/octet-stream; name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Disposition: attachment; filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_iq4elcyt0 RnJvbSAwNTdmYzkxNThlODE2ZTUyMjBiOTMwM2EyYjYzNGVhYjFkN2M3MzVlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5 Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1 YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyNSArKysr KysrKysrKysrKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTcgaW5zZXJ0aW9ucygrKSwg OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90 bHMuZWwKaW5kZXggZjEyMTlmZC4uNzg5MGFjMCAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVs CisrKyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzcsOSArNzcsMTEgQEAgYW5kIGBnbnV0bHMtY2xp JyAodmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKICAgOmdyb3VwICd0bHMpCiAKIChkZWZjdXN0b20g dGxzLXByb2dyYW0KLSAgJygiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCisg ICcoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0 IC1wICVwICVoIgogICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXBy b3RvY29scyBzc2wzIgotICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19z c2wyIC1pZ25fZW9mIikKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVjdCAlaDolcCAtbm9f c3NsMiAtaWduX2VvZiIKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0 ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikKICAgIkxpc3Qgb2Ygc3RyaW5ncyBjb250YWluaW5n IGNvbW1hbmRzIHRvIHN0YXJ0IFRMUyBzdHJlYW0gdG8gYSBob3N0LgogRWFjaCBlbnRyeSBpbiB0 aGUgbGlzdCBpcyB0cmllZCB1bnRpbCBhIGNvbm5lY3Rpb24gaXMgc3VjY2Vzc2Z1bC4KICVoIGlz IHJlcGxhY2VkIHdpdGggdGhlIHNlcnZlciBob3N0bmFtZSwgJXAgd2l0aCB0aGUgcG9ydCB0bwpA QCAtOTMsMTQgKzk1LDE4IEBAIHN1Y2Nlc3NmdWwgbmVnb3RpYXRpb24uIgogICA6dHlwZQogICAn KGNob2ljZQogICAgIChjb25zdCA6dGFnICJEZWZhdWx0IGxpc3Qgb2YgY29tbWFuZHMiCi0JICAg KCJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKKwkgICAoImdudXRscy1jbGkg LXAgJXAgJWgiCisgICAgICAgICAgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg JWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s cyBzc2wzIgorICAgICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5v X3NzbDIgLWlnbl9lb2YiCiAJICAgICJvcGVuc3NsIHNfY2xpZW50IC1DQWZpbGUgJXQgLWNvbm5l Y3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKSkKICAgICAobGlzdCA6dGFnICJDaG9vc2UgY29t bWFuZHMiCiAJICA6dmFsdWUKLQkgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg JWgiCisJICAoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgICAgICAgICJnbnV0bHMtY2xpIC0t eDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKIAkgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQg LXAgJXAgJWggLS1wcm90b2NvbHMgc3NsMyIKLQkgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVj dCAlaDolcCAtbm9fc3NsMiAtaWduX2VvZiIpCisgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50 IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIgorCSAgICJvcGVuc3NsIHNfY2xpZW50 IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQogCSAgKHNldCA6 aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRhZyAiLi4uIicgZGVzY3Jp cHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFnICJPdGhlciIgKHN0cmlu ZykpCkBAIC0yMjcsMTIgKzIzMywxNSBAQCBGb3VydGggYXJnIFBPUlQgaXMgYW4gaW50ZWdlciBz cGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0aC1jdXJyZW50LWJ1ZmZl ciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25uZWN0aW9uIHRvIGAlcycu Li4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChzZXRxIGNtZCAocG9wIGNt ZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxzLXByb2Nlc3MtY29ubmVj dGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251dGxzLXRydXN0ZmlsZXMp KQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hpbGUgKGFuZCAobm90IGRv bmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAgICAgICAgKGxldCAoKHBy b2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rpb24tdHlwZSkKIAkgICAg ICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJY21kCiAJCShmb3JtYXQt c3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRscy10cnVzdGZpbGVzKSkK KyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0CiAJCSA/cCAoaWYgKGlu dGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAtMjY5LDcgKzI3OCw3IEBA IEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcgYSBwb3J0IHRvIGNvbm5l Y3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsgbW92ZSBwb2ludCB0byBz dGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQtb2YtZGF0YSkpKQotCSAg ICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUgcHJvY2VzcykpKSkpKQog ICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRscy1jaGVja3RydXN0Ci0t IAoyLjcuNCAoQXBwbGUgR2l0LTY2KQoK --089e013d1d86c21fa505369becbb-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist References: <87y46ahz23.fsf@gmail.com> In-Reply-To: <87y46ahz23.fsf@gmail.com> Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 02 Jul 2016 16:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 23759@debbugs.gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146747851316485 (code B ref 23759); Sat, 02 Jul 2016 16:56:01 +0000 Received: (at 23759) by debbugs.gnu.org; 2 Jul 2016 16:55:13 +0000 Received: from localhost ([127.0.0.1]:34834 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bJOCG-0004Hm-81 for submit@debbugs.gnu.org; Sat, 02 Jul 2016 12:55:12 -0400 Received: from mail-wm0-f53.google.com ([74.125.82.53]:38862) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bJF4B-0005UB-RE for 23759@debbugs.gnu.org; Sat, 02 Jul 2016 03:10:17 -0400 Received: by mail-wm0-f53.google.com with SMTP id r201so53762285wme.1 for <23759@debbugs.gnu.org>; Sat, 02 Jul 2016 00:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=yhzrOxOpIMr378+kVLpvG5UUU0NDNIe9T3ykjR9aFAQ=; b=qTKoOUgLpVsoKBojBOzOZpnc9OPJcbcIbX9VuYlBfu8XwMcwgLdLGC3ukDD/gaRJNW 7JPWzQ38N+9kT+ZF4bWNp6OxmU3gCpX0CieDV+tA2PfdLaESAu8mFSD0OptZOMSizDjr /0T/cdtEjIQJmqPZnmEiId4gQ4bFNYnTVWWsDpIzVLFVSTFxNjXCDAy44qoWP/R9Ptew Ygq18NpoLJpKlDVWqMbzYwFkaPXGAwUtgcwHpsqyO9KMLG8jWtrfpmRBazMjD+KXDasB 7dWbmlyX1R8/YxziWIkCAazNXmVAqk4Za5LxqvCBRojDUfi3bq0w/tDHp1t5foL4w8do N2tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yhzrOxOpIMr378+kVLpvG5UUU0NDNIe9T3ykjR9aFAQ=; b=jheyRF2gVtc0zjSuSGbyYpSjVZHm4x3mcCkA3J5WKdIQ3/HAdWkb+iRhKrLhWmAw7Y igcUlOMzT+qsVRdp1p3wOMyyMUGWutzKOgcNaqaV+H7ntts+oJmqFMbqQLt7xWKbR71m z+uqQezjXuDvjETw7nxFAAQmt7+k00pD82I3w1k5RzjYnK+qGkRhEdhSTrYvjBs+XNYx uut4pOK9ebbaZlVuA1doIxvZzHXYxYo3RddKSxsortGZJE9c2n+m7tUhyuJ7BlgjiXHr AheuV3h6N3fcQeqvZDIpHXphXv18sc6ux/EO4/c6DPElnUp/fGjdweQn7jvUOlh6YwTd cc8A== X-Gm-Message-State: ALyK8tKX5UxE/Ifk/JFiEbPWdYzks7VdKZpRzsi2+pmQ/eTQHw2C1wu6VBHoiHFi4smNB2+llFPIW0t1p9eE+grl X-Received: by 10.28.148.1 with SMTP id w1mr1866925wmd.63.1467443410039; Sat, 02 Jul 2016 00:10:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.99.214 with HTTP; Sat, 2 Jul 2016 00:09:50 -0700 (PDT) From: Konstantin Kliakhandler Date: Sat, 2 Jul 2016 10:09:50 +0300 Message-ID: Content-Type: multipart/mixed; boundary=001a114c23b42f2ed10536a1cba4 X-Spam-Score: -0.7 (/) X-Mailman-Approved-At: Sat, 02 Jul 2016 12:55:10 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --001a114c23b42f2ed10536a1cba4 Content-Type: multipart/alternative; boundary=001a114c23b42f2ecb0536a1cba2 --001a114c23b42f2ecb0536a1cba2 Content-Type: text/plain; charset=UTF-8 Hello, First, I apologize for the double posting - I realize that I sent the previous message with a messed up subject and this caused it not to be grouped with the rest of the messages in this bug, and to not appear in the tracker. I hope this second one will work now. I am using emacs on OSX 10.12 from https://emacsformacosx.com/builds: (emacs-version) "GNU Emacs 25.1.50.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603)) of 2016-05-30" And experience the same problem when running emacs -Q. Furthermore, I diagnosed the cause to be incorrect building of formatted-cmd in open-tls-stream from the given arguments. Attached is a patch that fixes the problem on my end. To make the patch smaller, I did not reindent the whole function - I hope this is alright. Finally, I'd like to reply to: > Fran gmail.com> writes: > If Cygwin is installed, open-tls-stream works, because gnutls-cli and > openssl > > are available. It has worked for some time. I routinely use this feature > to > > enable ERC to connect to servers using TLS using function erc-tls. > At some point, tls.el will be deprecated. Why aren't you just using > Emacs with the built-in TLS support? In my honest opinion, a feature is either deprecated or not, and while it is not yet deprecated, bugs should not be ignored. I hope you would agree at least to the point of testing the patch and incorporating it if it works well :-) Fuller description of the problem and the fix: The problem: `open-tls-stream' replaces %t with exactly one element, which is nil if none of gnutls-trustfiles is readable, and the first element of gnutls-trustfiles is more than one is readable. The Solution: In the patch I make the test iterate on all the trustfiles as a user might have more than one relevant. In addition, I made the default setting for tls-program have entries that do not explicitly specify the trustfile. One thing to note here perhaps, is that if (gnutls-trustfiles) returns an empty list and one has the %t substitution in one of the tls-program entries, then that entry will not be run at all. I feel that this is reasonable since by setting --x509cafile nil one makes gnutls-cli fail anyway. Finally, I'm experiencing the above behavior, as far as I can tell, by default in e.g. erc-tls. What is the proper way to move to the built in TLS? Is it likely to be something in my config or in the implementation of ERC? Thanks, Kosta --001a114c23b42f2ecb0536a1cba2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello,

First, I apologize for = the double posting - I realize that I sent the previous message with a mess= ed up subject and this caused it not to be grouped with the rest of the mes= sages in this bug, and to not appear in the tracker. I hope this second one= will work now.


(emacs-ver= sion)
"GNU Emacs 25.1.50.1 (x86_64-apple-darwin13= .4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603))
=C2=A0of = 2016-05-30"

And experience the same pro= blem when running emacs -Q. Furthermore, I diagnosed the cause to be incorr= ect building of formatted-cmd in open-tls-stream from the given arguments. = Attached is a patch that fixes the problem on my end. To make the patch sma= ller, I did not reindent the whole function - I hope this is alright.=C2=A0=

Finally, I'd like to reply to:
=C2= =A0
Fran <flitterio <at> gmail.com> writes:
> If Cygwin is installed, open-tls-stream works, because gnutls-= cli and openssl
> are available. It has worked for some time. I routi= nely use this feature to
> enable ERC to connect to servers using TLS= using function erc-tls.
=C2=A0
At some point, tls.el will b= e deprecated. Why aren't you just using
Emacs with the built-in TLS= support?

In my honest opinion, a feature i= s either deprecated or not, and while it is not yet deprecated, bugs should= not be ignored. I hope you would agree at least to the point of testing th= e patch and incorporating it if it works well :-)

= Fuller description of the problem and the fix:

The= problem: `open-tls-stream' replaces %t with exactly one element, which= is nil if none of gnutls-trustfiles is readable, and the first element of = gnutls-trustfiles is more than one is readable.
The Solution: In = the patch I make the test iterate on all the trustfiles as a user might hav= e more than one relevant. In addition, I made the default setting for tls-p= rogram have entries that do not explicitly specify the trustfile.

One thing to note here perhaps, is that if (gnutls-trustfil= es) returns an empty list and one has the %t substitution in one of the tls= -program entries, then that entry will not be run at all. I feel that this = is reasonable since by setting --x509cafile nil one makes gnutls-cli fail a= nyway.=C2=A0

Finally, I'm experiencing the abo= ve behavior, as far as I can tell, by default in e.g. erc-tls. What is the = proper way to move to the built in TLS? Is it likely to be something in my = config or in the implementation of ERC?

Than= ks,
Kosta

--001a114c23b42f2ecb0536a1cba2-- --001a114c23b42f2ed10536a1cba4 Content-Type: application/octet-stream; name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Disposition: attachment; filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_iq4elcyt0 RnJvbSAwNTdmYzkxNThlODE2ZTUyMjBiOTMwM2EyYjYzNGVhYjFkN2M3MzVlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5 Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1 YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyNSArKysr KysrKysrKysrKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTcgaW5zZXJ0aW9ucygrKSwg OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90 bHMuZWwKaW5kZXggZjEyMTlmZC4uNzg5MGFjMCAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVs CisrKyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzcsOSArNzcsMTEgQEAgYW5kIGBnbnV0bHMtY2xp JyAodmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKICAgOmdyb3VwICd0bHMpCiAKIChkZWZjdXN0b20g dGxzLXByb2dyYW0KLSAgJygiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCisg ICcoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0 IC1wICVwICVoIgogICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXBy b3RvY29scyBzc2wzIgotICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19z c2wyIC1pZ25fZW9mIikKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVjdCAlaDolcCAtbm9f c3NsMiAtaWduX2VvZiIKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0 ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikKICAgIkxpc3Qgb2Ygc3RyaW5ncyBjb250YWluaW5n IGNvbW1hbmRzIHRvIHN0YXJ0IFRMUyBzdHJlYW0gdG8gYSBob3N0LgogRWFjaCBlbnRyeSBpbiB0 aGUgbGlzdCBpcyB0cmllZCB1bnRpbCBhIGNvbm5lY3Rpb24gaXMgc3VjY2Vzc2Z1bC4KICVoIGlz IHJlcGxhY2VkIHdpdGggdGhlIHNlcnZlciBob3N0bmFtZSwgJXAgd2l0aCB0aGUgcG9ydCB0bwpA QCAtOTMsMTQgKzk1LDE4IEBAIHN1Y2Nlc3NmdWwgbmVnb3RpYXRpb24uIgogICA6dHlwZQogICAn KGNob2ljZQogICAgIChjb25zdCA6dGFnICJEZWZhdWx0IGxpc3Qgb2YgY29tbWFuZHMiCi0JICAg KCJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKKwkgICAoImdudXRscy1jbGkg LXAgJXAgJWgiCisgICAgICAgICAgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg JWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s cyBzc2wzIgorICAgICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5v X3NzbDIgLWlnbl9lb2YiCiAJICAgICJvcGVuc3NsIHNfY2xpZW50IC1DQWZpbGUgJXQgLWNvbm5l Y3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKSkKICAgICAobGlzdCA6dGFnICJDaG9vc2UgY29t bWFuZHMiCiAJICA6dmFsdWUKLQkgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg JWgiCisJICAoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgICAgICAgICJnbnV0bHMtY2xpIC0t eDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKIAkgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQg LXAgJXAgJWggLS1wcm90b2NvbHMgc3NsMyIKLQkgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVj dCAlaDolcCAtbm9fc3NsMiAtaWduX2VvZiIpCisgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50 IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIgorCSAgICJvcGVuc3NsIHNfY2xpZW50 IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQogCSAgKHNldCA6 aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRhZyAiLi4uIicgZGVzY3Jp cHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFnICJPdGhlciIgKHN0cmlu ZykpCkBAIC0yMjcsMTIgKzIzMywxNSBAQCBGb3VydGggYXJnIFBPUlQgaXMgYW4gaW50ZWdlciBz cGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0aC1jdXJyZW50LWJ1ZmZl ciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25uZWN0aW9uIHRvIGAlcycu Li4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChzZXRxIGNtZCAocG9wIGNt ZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxzLXByb2Nlc3MtY29ubmVj dGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251dGxzLXRydXN0ZmlsZXMp KQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hpbGUgKGFuZCAobm90IGRv bmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAgICAgICAgKGxldCAoKHBy b2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rpb24tdHlwZSkKIAkgICAg ICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJY21kCiAJCShmb3JtYXQt c3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRscy10cnVzdGZpbGVzKSkK KyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0CiAJCSA/cCAoaWYgKGlu dGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAtMjY5LDcgKzI3OCw3IEBA IEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcgYSBwb3J0IHRvIGNvbm5l Y3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsgbW92ZSBwb2ludCB0byBz dGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQtb2YtZGF0YSkpKQotCSAg ICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUgcHJvY2VzcykpKSkpKQog ICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRscy1jaGVja3RydXN0Ci0t IAoyLjcuNCAoQXBwbGUgR2l0LTY2KQoK --001a114c23b42f2ed10536a1cba4-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 05 Jul 2016 14:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Konstantin Kliakhandler Cc: 23759@debbugs.gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146772938215248 (code B ref 23759); Tue, 05 Jul 2016 14:37:01 +0000 Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 14:36:22 +0000 Received: from localhost ([127.0.0.1]:38360 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKRSX-0003xs-N0 for submit@debbugs.gnu.org; Tue, 05 Jul 2016 10:36:21 -0400 Received: from mail-pa0-f46.google.com ([209.85.220.46]:34075) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKRSV-0003xe-0W for 23759@debbugs.gnu.org; Tue, 05 Jul 2016 10:36:19 -0400 Received: by mail-pa0-f46.google.com with SMTP id bz2so67946549pad.1 for <23759@debbugs.gnu.org>; Tue, 05 Jul 2016 07:36:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=I8xqkgsV5zPfAq0qgrR7hhKN9G2nuEJ6xr1hh5R+Fnw=; b=slvC0AXT7TMF9HkcUrh6FwHnRQgbxr3FFjmk+h35w2IAM+wikm8p4+RE+ERbfkslLo rPBj6IGDgrvJSsulhot1E3gHEA5zc/7T2vx1ZN2V6+NIivnVhDu0lsNbyq3WHGkHIjwF YvE68Ei3QSjMI8ZnJXSd1wTuW8DBK7Nd1q7Gs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version; bh=I8xqkgsV5zPfAq0qgrR7hhKN9G2nuEJ6xr1hh5R+Fnw=; b=mxRvzSq+VSJxqoiFAFfmy4qjWmHVTAuYgToydcgz0FIrYmorN5KPHb+eMu3px9Bwpc Z2bwUuxW1WWnKjYH4LH5FC+VLo2fyWXJrEd4FII8NJCmAtW0oVPTRV62W4atNtMhmHmz vlFaqs5ZA+NKVskaHjNyK7UfJMha8mGLeLtYLmOdaF5VCOImDPdO0ThLfgGnVaCYowzf bRa71F+hC1xhOJmNbacmy5R7fGpFFLMM8Y+hGFR71WkuIBjIifIpQK0+HqGTJsD2O3S3 5MQLlc8qgz24F6RnzXvb3I470dm2OLNSDhyrYZ+DVKOIt/Un4ZhadmKcT5pdyV5Rjl9L iNjA== X-Gm-Message-State: ALyK8tJbvBXsThAhrcH7KjQ/MzEiuJKrTmwigczUc3tzSizwPthc45HjS43lSAQCE/t2mQ== X-Received: by 10.66.86.103 with SMTP id o7mr33299294paz.5.1467729372534; Tue, 05 Jul 2016 07:36:12 -0700 (PDT) Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157]) by smtp.gmail.com with ESMTPSA id bt5sm5876418pac.47.2016.07.05.07.36.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jul 2016 07:36:09 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <87y46ahz23.fsf@gmail.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Tue, 05 Jul 2016 10:36:04 -0400 In-Reply-To: (Konstantin Kliakhandler's message of "Sat, 2 Jul 2016 10:09:50 +0300") Message-ID: <87wpl0gnjf.fsf@lifelogs.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sat, 2 Jul 2016 10:09:50 +0300 Konstantin Kliakhandler wrote: KK> The problem: `open-tls-stream' replaces %t with exactly one element, which KK> is nil if none of gnutls-trustfiles is readable, and the first element of KK> gnutls-trustfiles is more than one is readable. KK> The Solution: In the patch I make the test iterate on all the trustfiles as KK> a user might have more than one relevant. In addition, I made the default KK> setting for tls-program have entries that do not explicitly specify the KK> trustfile. KK> One thing to note here perhaps, is that if (gnutls-trustfiles) returns an KK> empty list and one has the %t substitution in one of the tls-program KK> entries, then that entry will not be run at all. I feel that this is KK> reasonable since by setting --x509cafile nil one makes gnutls-cli fail KK> anyway. As you said, one of the key points of your patch is this: - '("gnutls-cli --x509cafile %t -p %p %h" + '("gnutls-cli -p %p %h" + "gnutls-cli --x509cafile %t -p %p %h" Which replaces the specific call with a generic call (no CA file specified). This is probably less secure because it will use the system CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so I'd rather not make it the first thing attempted. KK> Finally, I'm experiencing the above behavior, as far as I can tell, by KK> default in e.g. erc-tls. What is the proper way to move to the built in KK> TLS? Is it likely to be something in my config or in the implementation of KK> ERC? On Mac OS X, you can use Homebrew to build it with all the nice libraries, or use one of the pre-built binary packages. brew update && brew reinstall emacs --HEAD --use-git-head --cocoa --with-gnutls --with-rsvg --with-imagemagick On W32, you need the right DLLs installed. Once the libraries are installed, you're all set, they'll be used automatically. Ted From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Noam Postavsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 05 Jul 2016 14:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Ted Zlatanov Cc: 23759@debbugs.gnu.org, Konstantin Kliakhandler Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146773018616395 (code B ref 23759); Tue, 05 Jul 2016 14:50:01 +0000 Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 14:49:46 +0000 Received: from localhost ([127.0.0.1]:38379 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKRfW-0004GN-G8 for submit@debbugs.gnu.org; Tue, 05 Jul 2016 10:49:46 -0400 Received: from mail-oi0-f45.google.com ([209.85.218.45]:33977) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKRfU-0004GA-Vv for 23759@debbugs.gnu.org; Tue, 05 Jul 2016 10:49:45 -0400 Received: by mail-oi0-f45.google.com with SMTP id s66so231988760oif.1 for <23759@debbugs.gnu.org>; Tue, 05 Jul 2016 07:49:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Oc451nd0lpsE2Y8QTZf81S+hfV8emVgRXu0VXjJYc+k=; b=j/ll+KQ0o2K8R+7EIsk9Z8RPR7natgKqBxUbBDtS7/PlG+QlAMkK5KKauyFy0JNSf7 /eUr5LXexFw49q1XQ0Yh39eY3Yn504Sp1vO5oC8GpEMsd8J6oHPHMJaa4KC3MDZDMWZ2 u3QbxMjPrJc2cPsyGZHmJ7vhlbEWT2lgYFMmErTUdyIYHd6ZHdiYkMU2dpTAdzRQTlFu x1pBCL0/3JVNle2YR4ecbFYRdtFSnxl02uQce9zupRTjTZDWQ++jgzxk1FKvuW5UM9VC ueD06hfDycK60j8KDTA4KrFnuvlxwEFffMNiibWDkF52W7gOornV6WgrUKAHse0RMLW2 Tx/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Oc451nd0lpsE2Y8QTZf81S+hfV8emVgRXu0VXjJYc+k=; b=aph5uWI+KxftEBBr1WAoOuaFzPYXilNYLAddWer4u4diYhUo7FV6e+/WTkeXzIJzM1 uv7iqc/EbKuT74jFa01cj/fU7d7MuRxoDJBFRW4F3fLI3mGsqTumvKyljxRpbNH6CgY+ 1wJdnKabgh5hAVaRzyajQfbhAnF6ZSF1LeIYbBl77MArfffuNzfiDuAyx1YEVp6IkzII RiUfM7l4OJiBDtfnlF+qZULabwO7foz1jdsJ5462NGP6sp72JSb2lQxD/0UhdvOQrmCH /Ygq4cbjxveEIfdWMLmEW9JtH5+B4eZAG+0ZtOmtDnFqlfOsbG6q42/MoZ/aMiheA4yN pybg== X-Gm-Message-State: ALyK8tI+mOdpzfDWn97e+HLHBKeXfhdltKhR2GzQMBdY4BRsB5Fh/Xceil1R4JPhJO0PGxlvJf960vw/IKgt5g== X-Received: by 10.157.35.110 with SMTP id k43mr4585608otd.134.1467730179265; Tue, 05 Jul 2016 07:49:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.20.106 with HTTP; Tue, 5 Jul 2016 07:49:38 -0700 (PDT) In-Reply-To: <87wpl0gnjf.fsf@lifelogs.com> References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> From: Noam Postavsky Date: Tue, 5 Jul 2016 10:49:38 -0400 X-Google-Sender-Auth: ht9-ukV1H7AYe4elIFFYAsZVv_g Message-ID: Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, Jul 5, 2016 at 10:36 AM, Ted Zlatanov wrote: > > KK> Finally, I'm experiencing the above behavior, as far as I can tell, by > KK> default in e.g. erc-tls. What is the proper way to move to the built in > KK> TLS? Is it likely to be something in my config or in the implementation of > KK> ERC? > > On Mac OS X, you can use Homebrew to build it with all the nice > libraries, or use one of the pre-built binary packages. > > brew update && brew reinstall emacs --HEAD --use-git-head --cocoa --with-gnutls --with-rsvg --with-imagemagick I think gnutls is broken on master for OSX currently, see https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23503 From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 05 Jul 2016 16:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Noam Postavsky Cc: 23759@debbugs.gnu.org, Ted Zlatanov Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146773772228636 (code B ref 23759); Tue, 05 Jul 2016 16:56:01 +0000 Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 16:55:22 +0000 Received: from localhost ([127.0.0.1]:38511 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKTd3-0007Ro-Fu for submit@debbugs.gnu.org; Tue, 05 Jul 2016 12:55:21 -0400 Received: from mail-it0-f47.google.com ([209.85.214.47]:35428) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKTd1-0007RF-5f for 23759@debbugs.gnu.org; Tue, 05 Jul 2016 12:55:20 -0400 Received: by mail-it0-f47.google.com with SMTP id j185so55155949ith.0 for <23759@debbugs.gnu.org>; Tue, 05 Jul 2016 09:55:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=exm9se0cfymYG17KU3V4rbSgJkOkQPxjb1guAFThKTY=; b=lToudfS1590ozs/D8xx4rwy+UvRfFNkuJRjSlih3A3VGBsVHEoPHue2sXqBHiRNbYL m1o/nL6+761lBauyzgraCA1uvmYrUnaoAn5/fL0pEkZkBC54ttkuKLrczrz7+MWkhTzE 95rQHCuU28ATPU9WXs2h2Ww0hbOMl9RiVrT0H1wu1OOCjZu2sDn5H6nv2o0dxC7pw9zR dwEn8/61z3KHCtAfgPCxoB5WlChhANEksgewSQKPQJJbEeTeFrHCik5aHBuXPL7QW13I 5L1sEIn6fOnnOLeOzb5O/ujgxuVnXKpfYCPfWMEzGNDur6S98PuP2KQk57GjljvEoR1+ UVCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=exm9se0cfymYG17KU3V4rbSgJkOkQPxjb1guAFThKTY=; b=Wj1TvXa2Mtk85/DACoUXkm6e0ZLjNhMC+LS+J+JqSmJPsgBq+Wg0hN7iCVwOzK6s1h qfc0Zywfezbl0oa+Yv1DEcOcOrvZdrqeIjJVi6SdTfMPink/Nq8faV+GEeNlFpSzxAEf ZDjDI92Jxp8M3SJJS5ufKksd8NF4vll0T3CLSmCaVAe3YfguPKyr2Ds2aGwjTQXW366e 2RXlgF3aM2sbD1Q3nQAXdODkaA+Bk6s2SH4BgI8lWUFAEA3v85FA3cMHJ74VzrvxpjSS FEP5AA440MySSBB+Bf0TvM32uV8VeQV+AT+pcwGW2SUJ+QzLz4uJ7nr28kBfYnBU94Kr bqag== X-Gm-Message-State: ALyK8tIP2pCNd1pqNneNSe1nGfJkBhxpCvgj8KoW5iBbDyve1YlrmypHKrYg9PR0qJJUHB0YoYSsqAb1K3RPQzHE X-Received: by 10.36.16.197 with SMTP id 188mr7236651ity.88.1467737713357; Tue, 05 Jul 2016 09:55:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.136.216 with HTTP; Tue, 5 Jul 2016 09:54:53 -0700 (PDT) In-Reply-To: References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> From: Konstantin Kliakhandler Date: Tue, 5 Jul 2016 19:54:53 +0300 Message-ID: Content-Type: multipart/mixed; boundary=001a1144405a07ee160536e6519b X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --001a1144405a07ee160536e6519b Content-Type: multipart/alternative; boundary=001a1144405a07ee0f0536e65199 --001a1144405a07ee0f0536e65199 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, On 5 July 2016 at 17:49, Noam Postavsky wrote: > > I think gnutls is broken on master for OSX currently, see > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D23503 > When I do this, with my patch enabled, I get a buffer with: Cache-Control: max-age=3D0 > Expires: Tue, 05 Jul 2016 14:58:42 GMT > Content-Length: 3104 > Keep-Alive: timeout=3D3, max=3D100 > Connection: Keep-Alive > Content-Type: text/html > Content-Language: en > ... Of course, it would have worked even before the patch since currently tls.el by default attempts two connections via gnutls-tls and then tries via openssl s_client, which always worked for me (at least for ERC). On 5 July 2016 at 17:36, Ted Zlatanov wrote: > > > As you said, one of the key points of your patch is this: > > - '("gnutls-cli --x509cafile %t -p %p %h" > + '("gnutls-cli -p %p %h" > + "gnutls-cli --x509cafile %t -p %p %h" > I wouldn't characterize it as "one of the key points" of my patch, and the patch would work just as well if instead the line without --x509cafile was at the bottom of the list. Well, it would work worse for some users, but the key word is that it would work - except that now now it would take several more attempts to connect on my computer and on OPs (instead of just not connecting at all for OP). Which replaces the specific call with a generic call (no CA file > specified). This is probably less secure because it will use the system > CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so > I'd rather not make it the first thing attempted. Personally, I also think that the default as defined in my current patch is preferable, since anyone who messes around with the certificates would edit this variable e.g. to set there --strict-tofu or the like (I did. It is a bit more annoying to use, but since I rarely open a new domain in emacs, it's not a big deal). For everyone else, they trust their system CAs all the time when they go online. Especially considering that the previous default for this variable had "--insecure" in the arguments, I thought that the priorities for the new setting was 1>2>3 "1. It is secure by default. 2. It works by default. 3. It is secure in edge cases", rather than 1>3>2. Anyway, I do concede that the second version is more secure. Attached is a patch that I hope is more to your liking. I put the the call that do not use an explicit certificate at the bottom of the list, even below the call to openssl s_client. I'm not sure what are the implications, as I don't know the relative merits of openssl s_client vs gnutls-cli. If you are inclined to educate me, please do as a short googling did not reveal the answers. > Once the libraries are installed, you're all set, they'll be used > automatically. > >From what both of you said, I still am not sure what is meant by "native support". However, for various reasons I don't like the version provided in homebrew. I prefer the version from https://emacsformacosx.com. Noam, is this *"one of the pre-built binary packages"* you were referring to, or did you mean something else? How will I know that the libraries are being used? Finally, is there a way to test them explicitly? Anyway, it seems that the version I got from the site above does not have built in gnutls: system-configuration-features is a variable defined in =E2=80=98C source co= de=E2=80=99. Its value is "NOTIFY ACL LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS" system-configuration-options is a variable defined in =E2=80=98C source cod= e=E2=80=99. Its value is "--with-ns '--enable-locallisppath=3D/Library/Application Support/Emacs/${version}/site-lisp:/Library/Application Support/Emacs/site-lisp' I'll build one myself and see if the results I get are any different. Thanks for your time, Kosta --001a1144405a07ee0f0536e65199 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

On 5 July 2016 at 17:49, Noam Postavsky <npostavs@use= rs.sourceforge.net> wrote:
I think gnutls is = broken on master for OSX currently, see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug= =3D23503

When I do this, wit= h my patch enabled, I get a buffer with:
Cache-Control: max-age= =3D0
Expires: Tue, 05 Jul 2016 14:58:42 GMT
Content-Length: 3104
K= eep-Alive: timeout=3D3, max=3D100
Connection: Keep-Alive
Content-Type= : text/html
Content-Language: en
...

= Of course, it would have worked even before the patch since currently tls.e= l by default attempts two connections via gnutls-tls and then tries via ope= nssl s_client, which always worked for me (at least for ERC).=C2=A0

On 5 July 2016 at 17:36, Ted Zlatanov=C2=A0<tzz@lifelogs.= com>=C2=A0wrote:

As you said, one of the = key points of your patch is this:

-=C2=A0 '("gnutls-cli --x= 509cafile %t -p %p %h"
+=C2=A0 '("gnutls-cli -p %p %h"= ;
+=C2=A0 =C2=A0 "gnutls-cli --x509cafile %t -p %p %h"

I wouldn't characterize it as "one of= the key points" of my patch, and the patch would work just as well if= instead the line without --x509cafile was at the bottom of the list. Well,= it would work worse for some users, but the key word is that it would work= - except that now now it would take several more attempts to connect on my= computer and on OPs (instead of just not connecting at all for OP).=C2=A0<= /div>

Which replaces the specific call with = a generic call (no CA file
specified). This is probably less secure beca= use it will use the system
CA trustfiles regardless of the user's pr= eferred `gnutls-trustfiles', so
I'd rather not make it the first= thing attempted.

Personally, I also think = that the default as defined in my current patch is preferable, since anyone= who messes around with the certificates would edit this variable e.g. to s= et there --strict-tofu or the like (I did. It is a bit more annoying to use= , but since I rarely open a new domain in emacs, it's not a big deal). = For everyone else, they trust their system CAs all the time when they go on= line. Especially considering that the previous default for this variable ha= d "--insecure" in the arguments, I thought that the priorities fo= r the new setting was 1>2>3 "1. It is secure by default. 2. It w= orks by default. 3. It is secure in edge cases", rather than 1>3>= ;2.=C2=A0

Anyway, I do concede that the second ver= sion is more secure. Attached is a patch that I hope is more to your liking= . I put the the call that do not use an explicit certificate at the bottom = of the list, even below the call to openssl s_client. I'm not sure what= are the implications, as I don't know the relative merits of openssl s= _client vs gnutls-cli. If you are inclined to educate me, please do as a sh= ort googling did not reveal the answers.
=C2=A0
Once the libraries are installed, you're all set, they'll be u= sed
automatically.
=C2=A0
From what= both of you said, I still am not sure what is meant by "native suppor= t". However, for various reasons I don't like the version provided= in homebrew. I prefer the version from https://emacsformacosx.com. Noam, is this=C2=A0"one of the pre-built binary packages"=C2=A0you were referri= ng to, or did you mean something else? How will I know that the libraries a= re being used? Finally, is there a way to test them explicitly? Anyway, it = seems that the version I got from the site above does not have built in gnu= tls:

system-configuration-features is a varia= ble defined in =E2=80=98C source code=E2=80=99.
Its value is &quo= t;NOTIFY ACL LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS"
system-configuration-options is a variable defined in =E2=80=98C source co= de=E2=80=99.
Its value is
"--with-ns '--enable= -locallisppath=3D/Library/Application Support/Emacs/${version}/site-lisp:/L= ibrary/Application Support/Emacs/site-lisp'

<= div>I'll build one myself and see if the results I get are any differen= t.

Thanks for your time,
Kosta
--001a1144405a07ee0f0536e65199-- --001a1144405a07ee160536e6519b Content-Type: application/octet-stream; name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Disposition: attachment; filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_iq9oi4570 RnJvbSBkZWNjYmI1NGQ3ODRjYzIwYmY0NjA3MjQ5ODA3MTIzNWIwODc3OTViIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5 Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1 YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyMiArKysr KysrKysrKysrKysrLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTYgaW5zZXJ0aW9ucygrKSwgNiBk ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90bHMu ZWwKaW5kZXggZjEyMTlmZC4uYmMyMDY4NSAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVsCisr KyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzksNyArNzksMTAgQEAgYW5kIGBnbnV0bHMtY2xpJyAo dmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKIChkZWZjdXN0b20gdGxzLXByb2dyYW0KICAgJygiZ251 dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCiAgICAgImdudXRscy1jbGkgLS14NTA5 Y2FmaWxlICV0IC1wICVwICVoIC0tcHJvdG9jb2xzIHNzbDMiCi0gICAgIm9wZW5zc2wgc19jbGll bnQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQorICAgICJvcGVuc3NsIHNfY2xp ZW50IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiCisgICAgIm9w ZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiCisgICAgImdu dXRscy1jbGkgLXAgJXAgJWgiKQorCiAgICJMaXN0IG9mIHN0cmluZ3MgY29udGFpbmluZyBjb21t YW5kcyB0byBzdGFydCBUTFMgc3RyZWFtIHRvIGEgaG9zdC4KIEVhY2ggZW50cnkgaW4gdGhlIGxp c3QgaXMgdHJpZWQgdW50aWwgYSBjb25uZWN0aW9uIGlzIHN1Y2Nlc3NmdWwuCiAlaCBpcyByZXBs YWNlZCB3aXRoIHRoZSBzZXJ2ZXIgaG9zdG5hbWUsICVwIHdpdGggdGhlIHBvcnQgdG8KQEAgLTk1 LDEyICs5OCwxNiBAQCBzdWNjZXNzZnVsIG5lZ290aWF0aW9uLiIKICAgICAoY29uc3QgOnRhZyAi RGVmYXVsdCBsaXN0IG9mIGNvbW1hbmRzIgogCSAgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUg JXQgLXAgJXAgJWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAt LXByb3RvY29scyBzc2wzIgotCSAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25u ZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikpCisJICAgICJvcGVuc3NsIHNfY2xpZW50IC1D QWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiCisgICAgICAgICAgICAi Z251dGxzLWNsaSAtcCAlcCAlaCIKKyAgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25u ZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikpCiAgICAgKGxpc3QgOnRhZyAiQ2hvb3NlIGNv bW1hbmRzIgogCSAgOnZhbHVlCiAJICAoImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0IC1wICVw ICVoIgogCSAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s cyBzc2wzIgotCSAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1p Z25fZW9mIikKKwkgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0ICVoOiVw IC1ub19zc2wyIC1pZ25fZW9mIgorICAgICAgICAgICAiZ251dGxzLWNsaSAtcCAlcCAlaCIKKyAg ICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9l b2YiKQogCSAgKHNldCA6aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRh ZyAiLi4uIicgZGVzY3JpcHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFn ICJPdGhlciIgKHN0cmluZykpCkBAIC0yMjcsMTIgKzIzNCwxNSBAQCBGb3VydGggYXJnIFBPUlQg aXMgYW4gaW50ZWdlciBzcGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0 aC1jdXJyZW50LWJ1ZmZlciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25u ZWN0aW9uIHRvIGAlcycuLi4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChz ZXRxIGNtZCAocG9wIGNtZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxz LXByb2Nlc3MtY29ubmVjdGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251 dGxzLXRydXN0ZmlsZXMpKQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hp bGUgKGFuZCAobm90IGRvbmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAg ICAgICAgKGxldCAoKHByb2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rp b24tdHlwZSkKIAkgICAgICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJ Y21kCiAJCShmb3JtYXQtc3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRs cy10cnVzdGZpbGVzKSkKKyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0 CiAJCSA/cCAoaWYgKGludGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAt MjY5LDcgKzI3OSw3IEBAIEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcg YSBwb3J0IHRvIGNvbm5lY3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsg bW92ZSBwb2ludCB0byBzdGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQt b2YtZGF0YSkpKQotCSAgICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUg cHJvY2VzcykpKSkpKQogICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRs cy1jaGVja3RydXN0Ci0tIAoyLjkuMAoK --001a1144405a07ee160536e6519b-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Noam Postavsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 05 Jul 2016 18:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Konstantin Kliakhandler Cc: 23759@debbugs.gnu.org, Ted Zlatanov Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.14677415882141 (code B ref 23759); Tue, 05 Jul 2016 18:00:02 +0000 Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 17:59:48 +0000 Received: from localhost ([127.0.0.1]:38574 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKUdP-0000YT-SC for submit@debbugs.gnu.org; Tue, 05 Jul 2016 13:59:48 -0400 Received: from mail-oi0-f47.google.com ([209.85.218.47]:33709) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKUdN-0000YG-U3 for 23759@debbugs.gnu.org; Tue, 05 Jul 2016 13:59:46 -0400 Received: by mail-oi0-f47.google.com with SMTP id u201so239559109oie.0 for <23759@debbugs.gnu.org>; Tue, 05 Jul 2016 10:59:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=eA98bN4BMezVbnvwJIrtUDiSsuSE5smYqDK563IYf8c=; b=AqUZXJCI47PexTXyrdWL7esl7TQu/QGbPvjPpy1ITwRmERpVWVA0vVOtBBDugVRYjQ fAyywQ3MBzIXa4Y1TyrGw9RgMn2g38BA5gnTJ+0c0IUejJkgljYNcZgGGyjUDU7swXpw 332Q4QJ7ApRZecmqGXd1wNVlN7x0n9hr5y64tNOD7/ERIBp+vi1z8I0dzNLLZUm5KByO wGZTtKGE6NQx/Lh2MtpLWfMocZe33RU5LD0XCp8AxP8ljIugufClCMrZYfvg49IlwRdS X1eOOUg/NPbHwHmvlnvb9xMJHzwlWY0q1ealpM/tXoFD17XKNCmCkWYeXWlaLYazMeLA CuJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=eA98bN4BMezVbnvwJIrtUDiSsuSE5smYqDK563IYf8c=; b=Dxw2GwZxvglPib0ilyjBEvcQHu1vbyDnOsJ41tiSm5nm7ESBhDel66tQhhw/7FVzlk s2caOhEDYphB0ccQpZFzRZJSmPKT/q6/uOcL8ihpoq++KCTqQoLzm6ARF+rdC9gTcg6t cx5fkiKpC+3FAQofdvpoY6e0wiWn0FrwiXERqxZyCGXs36yz7KCf98r8mIEShYUNMJFG jUa4iJZuO4SYnPFRooZHBb7Q4IpS5ohYp3vdjw0P16ROEspcpnPtrhDrRZPYgVqxSbux JjU9SxginA8eABLaL9DPnc7owh7SQZEj2h2uPLJRUE6ZV3CP6FmYWN/njME/LcCb1BPB O3aA== X-Gm-Message-State: ALyK8tKYuxYPVK66dtYbPzkqffwz5W5PVZEde2XNMxRJh+2s3cSZUJLmkv3Qrco/sVZ5F1TOyU00avN4sG0yOQ== X-Received: by 10.202.5.193 with SMTP id 184mr9462377oif.143.1467741580476; Tue, 05 Jul 2016 10:59:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.4.197 with HTTP; Tue, 5 Jul 2016 10:59:39 -0700 (PDT) In-Reply-To: References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> From: Noam Postavsky Date: Tue, 5 Jul 2016 13:59:39 -0400 X-Google-Sender-Auth: lQR_6x82Z0pYhEDzLF2qfDYRRFE Message-ID: Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, Jul 5, 2016 at 12:54 PM, Konstantin Kliakhandler wrote: > From what both of you said, I still am not sure what is meant by "native > support". However, for various reasons I don't like the version provided in > homebrew. I prefer the version from https://emacsformacosx.com. Noam, is > this "one of the pre-built binary packages" you were referring to, or did > you mean something else? How will I know that the libraries are being used? > Finally, is there a way to test them explicitly? If evaluating (gnutls-available-p) returns t, then you are using the gnutls library (if the function is undefined then your Emacs is not compiled with libgnutls support). And if you hit bug 22929/23225/23503 then you might notice by seeing that https doesn't work :( I don't run OSX (Ted was the one mentioning "pre-built binary packages"), so I can't say much more than that. From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 05 Jul 2016 21:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Noam Postavsky Cc: 23759@debbugs.gnu.org, Konstantin Kliakhandler Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146775345232690 (code B ref 23759); Tue, 05 Jul 2016 21:18:02 +0000 Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 21:17:32 +0000 Received: from localhost ([127.0.0.1]:38653 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKXij-0008V8-2d for submit@debbugs.gnu.org; Tue, 05 Jul 2016 17:17:32 -0400 Received: from mail-pf0-f172.google.com ([209.85.192.172]:33266) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKXig-0008Uv-6C for 23759@debbugs.gnu.org; Tue, 05 Jul 2016 17:17:28 -0400 Received: by mail-pf0-f172.google.com with SMTP id i123so73335256pfg.0 for <23759@debbugs.gnu.org>; Tue, 05 Jul 2016 14:17:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=gxmK5RNcY9CzoKtgNmooDjOHmd6eNpC4MYzsHc4O0Os=; b=ZRmBsJIwv4m4KdueX2DvjuPRaD/cL4Ye9VSCitU+LsS+qh2wBlMNyx2Yhlt1cB2COO MrJV3QDFoEi5aHwmOsSdbUFdrUSorg1t93EgGi8GaD0Qs9GVX7z6ZBZhE7pemIvlcqcX FFzJ4TGVHwhGVr25ZObm4CYeR5iFnXRa8vRio= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version; bh=gxmK5RNcY9CzoKtgNmooDjOHmd6eNpC4MYzsHc4O0Os=; b=DBt8qq2FS5RYeAa7+bi3qMDEhZZ9GXenD/W7Jc0kk1TFdcOYryXy037ur9uGHqcVRc pY6hZ4sngPaWFQeXM8hHi0p9Bt9gCjMt8+5+7E5J+ydShuL/s6pqK3lZQOtL1askrPF0 KZ4NcuOQB43nNxUFsDODHpnGRJ3AzSeXeWFMTQr+t2s1RtU9cqvCWhPu6dbiflE4/dIj aZBXiLWPWKZic9eQP4RQHIvW7FyO08XNhhxEL1HhpNZZHiOsb4BVkW99Od+yd9l2u0L8 BExfuGsMQ5iiFS2NSs74+tpbM2KLon11WyBZ+LNJdzfJ6FE2mTlnLcnPFDMiDXHhnKJq qFaQ== X-Gm-Message-State: ALyK8tImy24SwtT9kWZmKSvMWMeORV5T9qmaACzGMQicqZTsZh5M0J1Z/qniHosWUMCjZQ== X-Received: by 10.98.192.135 with SMTP id g7mr35889044pfk.64.1467753439900; Tue, 05 Jul 2016 14:17:19 -0700 (PDT) Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157]) by smtp.gmail.com with ESMTPSA id xl1sm7289249pab.8.2016.07.05.14.17.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jul 2016 14:17:18 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Tue, 05 Jul 2016 17:17:11 -0400 In-Reply-To: (Noam Postavsky's message of "Tue, 5 Jul 2016 10:49:38 -0400, Tue, 5 Jul 2016 19:54:53 +0300, Tue, 5 Jul 2016 13:59:39 -0400") Message-ID: <87k2gzhjjc.fsf_-_@lifelogs.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, 5 Jul 2016 10:49:38 -0400 Noam Postavsky wrote: NP> I think gnutls is broken on master for OSX currently, see NP> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23503 Unfortunately I don't have access to Mac OS X anymore (I did until recently) so I can't verify or fix that issue. On Tue, 5 Jul 2016 19:54:53 +0300 Konstantin Kliakhandler wrote: KK> On 5 July 2016 at 17:36, Ted Zlatanov wrote: >> [Kosta's patch] replaces the specific call with a generic call (no CA file >> specified). This is probably less secure because it will use the system >> CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so >> I'd rather not make it the first thing attempted. KK> the patch would work just as well if instead the line without --x509cafile was KK> at the bottom of the list. Well, it would work worse for some users, but KK> the key word is that it would work - except that now now it would take KK> several more attempts to connect on my computer and on OPs (instead of just KK> not connecting at all for OP). Unfortunately it's less secure in the default case. I agree that it's faster and more convenient. Perhaps there can be a way to say "if this %t is empty, remove the preceding --argument as well" in the format string? That would simplify the whole thing, like so: "gnutls-cli --x509cafile %T -p %p %h" ...becomes "gnutls-cli -p PORT HOST" when the %T parameter is nil. Just an idea... KK> Personally, I also think that the default as defined in my current patch is KK> preferable, since anyone who messes around with the certificates would edit KK> this variable e.g. to set there --strict-tofu or the like (I did. It is a KK> bit more annoying to use, but since I rarely open a new domain in emacs, KK> it's not a big deal). Many users don't know about these settings, and many don't have the right GnuTLS libraries installed but think they do (so they are using this library accidentally). I think it's good to be cautious here and provide safe defaults. The TOFU stuff is an interesting use case. The Emacs NSM (see `network-security-level' and friends) tries to address this area to some degree, but there's lots of work to be done. KK> Anyway, I do concede that the second version is more secure. Attached is a KK> patch that I hope is more to your liking. I put the the call that do not KK> use an explicit certificate at the bottom of the list, even below the call KK> to openssl s_client. I'm not sure what are the implications, as I don't KK> know the relative merits of openssl s_client vs gnutls-cli. If you are KK> inclined to educate me, please do as a short googling did not reveal the KK> answers. I'd group all the gnutls-cli calls together so it's more predictable and easier to read. Otherwise it's fine IMHO. I know we have many security experts here, perhaps they'll comment. I am also concerned that SSLv3 is explicitly in the defaults. See http://disablessl3.com/ etc.--I think that should be removed if possible. I'll bring it up on emacs-devel. >> Once the libraries are installed, you're all set, they'll be used >> automatically. KK> From what both of you said, I still am not sure what is meant by "native KK> support". However, for various reasons I don't like the version provided in KK> homebrew. I prefer the version from https://emacsformacosx.com. OK, talk to the people that build that version :) Homebrew is what I used when I had access to Mac OS X, and it worked well for me. As Noam said, if `gnutls-available-p' returns t, you've got the native C bindings to GnuTLS working. IMHO after the 25.1 release, opening a secure network connection without `gnutls-available-p' should be an annoying warning. I'll bring it up on emacs-devel. Ted From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Richard Stallman Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 06 Jul 2016 22:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Ted Zlatanov Cc: 23759@debbugs.gnu.org, kosta@slumpy.org, npostavs@users.sourceforge.net Reply-To: rms@gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146784390627246 (code B ref 23759); Wed, 06 Jul 2016 22:26:02 +0000 Received: (at 23759) by debbugs.gnu.org; 6 Jul 2016 22:25:06 +0000 Received: from localhost ([127.0.0.1]:39953 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKvFi-00075O-Jg for submit@debbugs.gnu.org; Wed, 06 Jul 2016 18:25:06 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55591) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bKvFh-00074r-5H for 23759@debbugs.gnu.org; Wed, 06 Jul 2016 18:25:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bKvFb-0001RY-4A for 23759@debbugs.gnu.org; Wed, 06 Jul 2016 18:24:59 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:41257) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bKvFR-0001H2-G0; Wed, 06 Jul 2016 18:24:49 -0400 Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1bKvFP-00069n-Bp; Wed, 06 Jul 2016 18:24:47 -0400 Content-Type: text/plain; charset=Utf-8 From: Richard Stallman In-reply-to: <87k2gzhjjc.fsf_-_@lifelogs.com> (message from Ted Zlatanov on Tue, 05 Jul 2016 17:17:11 -0400) References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> Message-Id: Date: Wed, 06 Jul 2016 18:24:47 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.3 (------) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.3 (------) [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Unfortunately I don't have access to Mac OS X anymore (I did until > recently) so I can't verify or fix that issue. I hope this means you're now using a free operating system! -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Jul 2016 03:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Richard Stallman Cc: 23759@debbugs.gnu.org, kosta@slumpy.org, npostavs@users.sourceforge.net Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146786232615341 (code B ref 23759); Thu, 07 Jul 2016 03:33:01 +0000 Received: (at 23759) by debbugs.gnu.org; 7 Jul 2016 03:32:06 +0000 Received: from localhost ([127.0.0.1]:40097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bL02o-0003zN-AG for submit@debbugs.gnu.org; Wed, 06 Jul 2016 23:32:06 -0400 Received: from mail-pa0-f50.google.com ([209.85.220.50]:35881) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bL02j-0003yq-WE for 23759@debbugs.gnu.org; Wed, 06 Jul 2016 23:32:04 -0400 Received: by mail-pa0-f50.google.com with SMTP id uj8so2191708pab.3 for <23759@debbugs.gnu.org>; Wed, 06 Jul 2016 20:32:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=WqGb5fM8x8g3aETmTynperTt68X5Q12KwXZFBkp1Z2I=; b=iYpMBx2uvPP+5+erZum553D9BNT8XAYkXBui4rbnxxtXXTEYYOslh+9RtVuRlZ8rlz xcdP+pubyvSifjcKAmA/TW+Ly6RFxZFBGlV+DnI8WhjEw3R9g9cqaZ1QY+9ALXTIXygk OK/cOSxgol/yw+CRk77/zfMRzzYTWmRPCrIbM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version; bh=WqGb5fM8x8g3aETmTynperTt68X5Q12KwXZFBkp1Z2I=; b=BZWFtqM/XS0/uZqkYayDSICyVb7J/cCNsPGCpNsHgy0ZkwIEk0j5Tv7r/AzOGQhQjP bRAdhxUeWFPQW0ZvuoN5VagDrUnCd/FdWW9XxFnNdaYlqrVh4kZEpm+heEnroCrfWW0P DYkcwin7B1DQUfvjpK1yKq0pkmMpF25UJx23GyXqiu4p5ssY5yzrlmuXSVaxhkX1d503 kfH/SZAYqns8HPobSUzB4Ia+po5CWkKvvcU4aPLbEsifDx0bEb23rSBa1TWJucImxJaF cv0DWsbCv8/WGvcqCBwKDMXN5ghOXjPDZb5BcJ2/mfWNeuU/Q/AoO7wJBKbP/DsFdX4b 3h+g== X-Gm-Message-State: ALyK8tIuhFMdyfPW91CcjpxFu+ldnqjw2wNiVgSwOyjDXxrpgtOxrNe2s5wpzymi3MCE6A== X-Received: by 10.66.216.202 with SMTP id os10mr47778889pac.91.1467862316075; Wed, 06 Jul 2016 20:31:56 -0700 (PDT) Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157]) by smtp.gmail.com with ESMTPSA id s65sm189935pfd.23.2016.07.06.20.31.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Jul 2016 20:31:54 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 06 Jul 2016 23:31:46 -0400 In-Reply-To: (Richard Stallman's message of "Wed, 06 Jul 2016 18:24:47 -0400") Message-ID: <87k2gydsyl.fsf@lifelogs.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, 06 Jul 2016 18:24:47 -0400 Richard Stallman wrote: >> Unfortunately I don't have access to Mac OS X anymore (I did until >> recently) so I can't verify or fix that issue. RS> I hope this means you're now using a free operating system! I have not stopped since 1996 or so :) Ted From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Jul 2016 06:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Ted Zlatanov Cc: 23759@debbugs.gnu.org, Richard Stallman , Noam Postavsky Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146787188230532 (code B ref 23759); Thu, 07 Jul 2016 06:12:02 +0000 Received: (at 23759) by debbugs.gnu.org; 7 Jul 2016 06:11:22 +0000 Received: from localhost ([127.0.0.1]:40159 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bL2Ww-0007wO-6k for submit@debbugs.gnu.org; Thu, 07 Jul 2016 02:11:22 -0400 Received: from mail-io0-f173.google.com ([209.85.223.173]:34868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bL2Ws-0007w9-W6 for 23759@debbugs.gnu.org; Thu, 07 Jul 2016 02:11:21 -0400 Received: by mail-io0-f173.google.com with SMTP id f30so14325788ioj.2 for <23759@debbugs.gnu.org>; Wed, 06 Jul 2016 23:11:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=HDmjTRaCSQl0xQX4VRp8cKibnLOoq6wBZ83OwT7Ppg8=; b=BrD4Q8y046R0qOt3aMj3jvUwPMbOpe8+p5WbhGuUBV5iyYLltSG1C8ZJPmCldiZJh1 Kvu7yaJQLcHQMiSJFpKVXY9D2PnYTGE7FX6/dIhXIV28Rysub7rpF2FqcbhQ0wboOQV0 lrr4GWFUp5FXX2KLPlMEEZzs56eEWtf1KEX8pirb5GI26U+p0GQu+0pApmYK1ua9xuGs ON7ANEJdtNYN76mNklcOFP/x8FaNC+bAUcf1J9kRHMQXc3AHPBTwJMi5GGcz5sksvyrq xBhwt99Gk+j3VXc/jwuNnPCHIex/1N/yjkgLhz57pJBRhXBrhIKp1514sZBFo8H/8xOw Iufw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=HDmjTRaCSQl0xQX4VRp8cKibnLOoq6wBZ83OwT7Ppg8=; b=R4GcsycJcQ0kl33OYbCunv5qYktDvVNC9FkJkFqj7qPP1F/kh0/XUm0HmOw0LruMxv yNiOkL7RWGRHPYuFGbKkHB5vnUYCMHEzyc/mopfH/vwh2/8jFjRTqZiqm0kcCzw/rfoM kJMbdNvStEdvvqdIBwyxRuFvgoe2uaJPJB4rlP08dHSskfc3pbfMcHSv+zUZAF9YTY8s jXWSG3ecwYkmSguK0zTxb8UlU8VaxoUxri5eJVIxE2KrTzw3qZo4s4uCOTLvO3TETujf +2Tw/bbVy0XkMRltGJwHmnsGLZIJYXkRmWxiga0o/NfPBqz+CZaCGHZf5QzySCtP79NM pYDg== X-Gm-Message-State: ALyK8tLjQkRbC5Y08DdDIFOWJXb5D8HQbY3UbdLds4kDv7cPhh+ULfNaI8OWG0cUT3WSj9HYD85zh6rucsDY6Agg MIME-Version: 1.0 X-Received: by 10.107.7.228 with SMTP id g97mr952177ioi.64.1467871873418; Wed, 06 Jul 2016 23:11:13 -0700 (PDT) Received: by 10.107.136.216 with HTTP; Wed, 6 Jul 2016 23:11:12 -0700 (PDT) Received: by 10.107.136.216 with HTTP; Wed, 6 Jul 2016 23:11:12 -0700 (PDT) In-Reply-To: <87k2gydsyl.fsf@lifelogs.com> References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> <87k2gydsyl.fsf@lifelogs.com> Date: Thu, 7 Jul 2016 09:11:12 +0300 Message-ID: From: Konstantin Kliakhandler Content-Type: multipart/alternative; boundary=001a113f91e09773380537058d0e X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --001a113f91e09773380537058d0e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable What about free hardware? ;-) -- )=C2=B0))=C2=B0((=C2=B0( Konstantin Kliakhandler Sent on the go. On Jul 7, 2016 06:31, "Ted Zlatanov" wrote: > On Wed, 06 Jul 2016 18:24:47 -0400 Richard Stallman wrote: > > >> Unfortunately I don't have access to Mac OS X anymore (I did until > >> recently) so I can't verify or fix that issue. > > RS> I hope this means you're now using a free operating system! > > I have not stopped since 1996 or so :) > > Ted > --001a113f91e09773380537058d0e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

What about free hardware? ;-)

--=C2=A0
)=C2=B0))=C2=B0((=C2=B0(=C2=A0
Konstantin Kliakhandler
Sent on the go.

On Jul 7, 2016 06:31, "Ted Zlatanov" &= lt;tzz@lifelogs.com> wrote:
On Wed, 06 Jul 2016 18:2= 4:47 -0400 Richard Stallman <rms@gnu.org<= /a>> wrote:

>> Unfortunately I don't have access to Mac OS X anymore (I did u= ntil
>> recently) so I can't verify or fix that issue.

RS> I hope this means you're now using a free operating system!

I have not stopped since 1996 or so :)

Ted
--001a113f91e09773380537058d0e-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Jul 2016 17:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Noam Postavsky Cc: 23759@debbugs.gnu.org, Konstantin Kliakhandler Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146791142213214 (code B ref 23759); Thu, 07 Jul 2016 17:11:01 +0000 Received: (at 23759) by debbugs.gnu.org; 7 Jul 2016 17:10:22 +0000 Received: from localhost ([127.0.0.1]:41462 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLCog-0003R4-BZ for submit@debbugs.gnu.org; Thu, 07 Jul 2016 13:10:22 -0400 Received: from mail-pa0-f51.google.com ([209.85.220.51]:34984) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLCod-0003Qh-Sz for 23759@debbugs.gnu.org; Thu, 07 Jul 2016 13:10:20 -0400 Received: by mail-pa0-f51.google.com with SMTP id dx3so7629717pab.2 for <23759@debbugs.gnu.org>; Thu, 07 Jul 2016 10:10:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=ttM7BIjcP2SUCS/ETNlUs/6V5+oK/2YLtIo1WHYLzI8=; b=atxuTvbpkQ7MvHoIshu2BHkXqzUT0ltHoNFmajjXb5u4OhH5KU1P9NglgJixi8e14I 9K959kKJ0UGXIImNfsUQM30PE7kEbLMFWoaK+zELdMcLA3S4khZsSG0Ss8fFQsFD+N92 QAZiTYL19WTEVt2vJEbj1VOEtCX9WlUiAo3Vw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version; bh=ttM7BIjcP2SUCS/ETNlUs/6V5+oK/2YLtIo1WHYLzI8=; b=caPClFh6EuzV6IcNYHMdgxZB0i/UM9XEwq5Z3wiYeYqnpAoPXMtV9+gGOxUATJZPqr 8H+rb0XNzja4SmhXZg183p8LGbsrn957C+juEVwx4WJwomsoyA4atJ2pcWLTK+wDiqWl Pf0jdQgsGVsomDzAiH3dXKbyDsZVy4NWFBXWt7CB1v1GFJjzGoIOK+5n4xSy0BknivPN TMO+ySUID6o95jly+umsKJiNY49zMbf02xhNix8ybD48HEGDzI22/S4M/uj5EhK7ddQ8 jzhf1IconUT8yFJ/DRN9a3DwL9GZ4T7+dmgRZs7c1GI20BzgtMt+vEycbgbxqlir6THB v72w== X-Gm-Message-State: ALyK8tKciGq/otmfe4nx13FJ4HUSq9oeBCE0k2neJ0zKyZEpVQc9hFU9K/xcVsCQTJEUtA== X-Received: by 10.66.193.137 with SMTP id ho9mr2173633pac.28.1467911414328; Thu, 07 Jul 2016 10:10:14 -0700 (PDT) Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157]) by smtp.gmail.com with ESMTPSA id g80sm4922590pfk.51.2016.07.07.10.10.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Jul 2016 10:10:13 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Thu, 07 Jul 2016 13:10:07 -0400 In-Reply-To: <87k2gzhjjc.fsf_-_@lifelogs.com> (Ted Zlatanov's message of "Tue, 05 Jul 2016 17:17:11 -0400") Message-ID: <8760shcr2o.fsf@lifelogs.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Kosta: ping, I noted some minor needed improvements in my last message, maybe you missed it... Thanks! Ted From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Richard Stallman Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Jul 2016 22:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Konstantin Kliakhandler Cc: 23759@debbugs.gnu.org, tzz@lifelogs.com, npostavs@users.sourceforge.net Reply-To: rms@gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146792892626303 (code B ref 23759); Thu, 07 Jul 2016 22:03:02 +0000 Received: (at 23759) by debbugs.gnu.org; 7 Jul 2016 22:02:06 +0000 Received: from localhost ([127.0.0.1]:41602 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLHN0-0006qB-GM for submit@debbugs.gnu.org; Thu, 07 Jul 2016 18:02:06 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59513) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLHMy-0006pf-Ox for 23759@debbugs.gnu.org; Thu, 07 Jul 2016 18:02:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bLHMs-0004B0-M4 for 23759@debbugs.gnu.org; Thu, 07 Jul 2016 18:01:59 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34149) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bLHMn-00046y-It; Thu, 07 Jul 2016 18:01:53 -0400 Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1bLHMk-0002vj-PE; Thu, 07 Jul 2016 18:01:51 -0400 Content-Type: text/plain; charset=Utf-8 From: Richard Stallman In-reply-to: (message from Konstantin Kliakhandler on Thu, 7 Jul 2016 09:11:12 +0300) References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> <87k2gydsyl.fsf@lifelogs.com> Message-Id: Date: Thu, 07 Jul 2016 18:01:50 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.3 (------) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.3 (------) [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] If you are concerned about "free hardware", see See http://gnu.org/philosophy/free-hardware-designs.html That is out-of-topic for this list, though. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Jul 2016 22:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Ted Zlatanov , Noam Postavsky Cc: 23759@debbugs.gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146793124129830 (code B ref 23759); Thu, 07 Jul 2016 22:41:01 +0000 Received: (at 23759) by debbugs.gnu.org; 7 Jul 2016 22:40:41 +0000 Received: from localhost ([127.0.0.1]:41610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLHyK-0007l4-VZ for submit@debbugs.gnu.org; Thu, 07 Jul 2016 18:40:41 -0400 Received: from mail-wm0-f54.google.com ([74.125.82.54]:36982) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLHyJ-0007kp-JE for 23759@debbugs.gnu.org; Thu, 07 Jul 2016 18:40:40 -0400 Received: by mail-wm0-f54.google.com with SMTP id k123so7782821wme.0 for <23759@debbugs.gnu.org>; Thu, 07 Jul 2016 15:40:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VQ42Vf1fFsN5AcHFOq18wJ+iCJfQyvjtwWIauSUmHyw=; b=JCZw70Jslku66/xgxj/XTZhr57d6GlFOe1VWUEkivlGuXmNOtblkIxCDNXPhtkPJCP Q7Gy3po4txvaNNgsfFMPzH29sztjTcxR5DPTNVyeAGGU0h1HyvQoBVzv6zkfqhcmqXi+ ZbWgmExypSV/7eHNb415iLL9sgD62EGLbR51LZ79fVDbrnpf3gMFKj2qrRPBOuVIsAqz ILHCq8g5w1i1R3RN51CENdd5YKQ8CeHRYPQNNqumgzIFgj4mF0pyIsZvtpppm9mODwHG vZXgd3KtPQG+y9s9Iq9J/bumYY8C3MBiFVsMd1twTDxxwksP8l28zTjj+aewQ1zqN1Nz 0M5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VQ42Vf1fFsN5AcHFOq18wJ+iCJfQyvjtwWIauSUmHyw=; b=d6btdtwR6WDXet9/XUICFjvr2bIy3kRrVhkOIVSUbX8P1YPCLcDKZHz/h5+HuyQ3BB KmUMAYU5IZWRzhYm4Iv34uFsF0FNPOn1B/xXzNrVhNqNgw5XuPtvYui4dSM0uG/1VnyP XU7/MJu3bAve+SIB7cM0WsnjBO1ecPRQwWoyFMlJgrHKR6N7ubJjzhx+pgt8CCQ/Or74 1AZq6357o/4kD2h9zaTxHCnHsOYSGgv2ws07CN93WTL/pVQyZoplrVvIwn0ChoZ3t6dW Yj2IERSdaFnzBpCDbeojZlQq3GsLRvhxWigAHvqDYWtjnYsXKnQhjQlNGs4RQe7+XiNr jfwQ== X-Gm-Message-State: ALyK8tJ9gP2aAjU15AIKSheuBHCdX8lHMSGBmDrJrNhM0F01VZDsfgIj1H+QslNRFDB90D/YlwTXwaSicIYVHQ7K X-Received: by 10.194.126.131 with SMTP id my3mr2147836wjb.19.1467931233701; Thu, 07 Jul 2016 15:40:33 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.99.214 with HTTP; Thu, 7 Jul 2016 15:40:13 -0700 (PDT) In-Reply-To: <8760shcr2o.fsf@lifelogs.com> References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> <8760shcr2o.fsf@lifelogs.com> From: Konstantin Kliakhandler Date: Fri, 8 Jul 2016 01:40:13 +0300 Message-ID: Content-Type: multipart/alternative; boundary=e89a8f83a483bd7a950537135fea X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --e89a8f83a483bd7a950537135fea Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello Ted, Sorry, I saw the message but didn't get a chance to act on it. Writing a joking remark on a mobile phone takes much less time and effort... Anyway, T> Perhaps there can be a way to say T> "if this %t is empty, remove the preceding --argument as well" T> in the format string? That would simplify the whole thing, like so: T> "gnutls-cli --x509cafile %T -p %p %h" T> ...becomes "gnutls-cli -p PORT HOST" T> when the %T parameter is nil. Just an idea... I toyed with this idea, and even implemented something of the sort, but from a bit different different direction - I added another replacement variable - %c - and made the list tls-program now contain pairs with (string . value-of-c), e.g. ("gnutls-cli %c %T -p %p %h" . "--x509cafile") have both %c and %T replaced (together) as appropriate. The problem with this approach is, what about people who customized this setting? So, I made it backward compatible with the old standard. Eventually however, it turned into a an ugly big mess due to the backward compatability and I decided against submitting. There is a similar problem of backward compatibility in your approach - what if someone customized it in such a way that wasn't expecting an argument to be removed, and it would create a vulnerability in their setup? I also don't see a simple way to do it nicely, but have no objections on those grounds, of course. Finally, I would do the patch but am uncertain whether it would be better to wait for your results from emacs-devel and remove the ssl3 bit as well (or just go ahead and do it). Let me know and I'll send the appropriate patch. Best, Kosta --=20 Konstantin Kliakhandler http://slumpy.org )=C2=B0) )=C2=B0( (=C2=B0( On Thu, 7 Jul 2016 at 20:10 Ted Zlatanov wrote: > Kosta: ping, I noted some minor needed improvements in my last message, > maybe you missed it... Thanks! > > Ted > --e89a8f83a483bd7a950537135fea Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello Ted,

Sorry, I saw the message but= didn't get a chance to act on it. Writing a joking remark on a mobile = phone takes much less time and effort...

Anyway,= =C2=A0

T= > Perhaps there can be a way to say=C2=A0
T> "if this=C2=A0%t is empty, remove the preceding --argument= as well"
T= > =C2=A0in the format=C2=A0string? That would simplify the whole thing, like so:

T> "gnutls-cli --x509cafile %= T -p %p %h"

T>= ...becomes "gnutls-cli -p PORT HOST"=C2=A0
T> when the %T parameter is nil. J= ust=C2=A0an idea...=

I toyed with this idea, and eve= n implemented something of the sort, but from a bit different different dir= ection - I added another replacement variable - %c - and made the list tls-= program now contain pairs with (string . value-of-c), e.g. ("gnutls-cli %c %T -p %p %h" . "--= x509cafile") have both %c and %T replaced (together) as appropriate.= =C2=A0

The problem with thi= s approach is, what about people who customized this setting? So, I made it= backward compatible with the old standard. Eventually however, it turned i= nto a an ugly big mess due to the backward compatability and I decided agai= nst submitting.=C2=A0

There= is a similar problem of backward compatibility in your approach - what if = someone customized it in such a way that wasn't expecting an argument t= o be removed, and it would create a vulnerability in their setup? I also do= n't see a simple way to do it nicely, but have no objections on those g= rounds, of course.

Finally,= I would do the patch but am uncertain whether it would be better to wait f= or your results from emacs-devel and remove the ssl3 bit as well (or just g= o ahead and do it). Let me know and I'll send the appropriate patch.

<= div>Best,
Kosta

--=C2=A0
Konsta= ntin Kliakhandler
=C2=A0 =C2=A0 http://slumpy.org
=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 )= =C2=B0) )=C2=B0( (=C2=B0(

On Thu, 7 Jul 201= 6 at 20:10 Ted Zlatanov <tzz@lifelogs.com> wrote:
Kosta: pin= g, I noted some minor needed improvements in my last message,
maybe you missed it... Thanks!

Ted
--e89a8f83a483bd7a950537135fea-- From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 08 Jul 2016 13:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Konstantin Kliakhandler Cc: 23759@debbugs.gnu.org, Noam Postavsky Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.14679854311301 (code B ref 23759); Fri, 08 Jul 2016 13:44:02 +0000 Received: (at 23759) by debbugs.gnu.org; 8 Jul 2016 13:43:51 +0000 Received: from localhost ([127.0.0.1]:41857 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLW4N-0000Ku-B5 for submit@debbugs.gnu.org; Fri, 08 Jul 2016 09:43:51 -0400 Received: from mail-pa0-f54.google.com ([209.85.220.54]:36061) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLW4K-0000Kg-Ic for 23759@debbugs.gnu.org; Fri, 08 Jul 2016 09:43:49 -0400 Received: by mail-pa0-f54.google.com with SMTP id hu1so796650pad.3 for <23759@debbugs.gnu.org>; Fri, 08 Jul 2016 06:43:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version; bh=fSyNwhnahH7aAmum02NP3xBqmlCpZRiCoyDFHNWJxfM=; b=reZF5tuEYruzCXRFtVztG51jJ/WxY0JXJjhTH6CKisKHF153v8wi++tHH1WwdadNMs /4NuxISv+i4uQJn1BXJjeZG3Pq1nf5rIjMknsHD/q/j78zPNyz81J6xfOL308O8j2Qa8 CeTBhlkDhPh3T3H5yqZbTNw4Ac0lCTYp8i9ag= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version; bh=fSyNwhnahH7aAmum02NP3xBqmlCpZRiCoyDFHNWJxfM=; b=ZEYnOdAbnmSwRyv4lqAiFr27F7KxLzZ99TbXv43PVag6Qu5w0pPgGKrIgVu1Qq4eBH 3PHuclpF2vZjsLWYrjxTzpnIh2U0nhnV5BdrkqsfRMSs0MhWVf9nkIsU19fOB48f2ChD +Uh8OnKBWGHkeJUl15EhacMYGn06yHltel/SzCIdZeg9fiaKUVU09SQdqd58hAJKgh3/ daXOTvGFXuJgjIdcfnK7TpMR3ByvIvsCvbl2GWauSpkL+PQ9brwuzOpTU1fgklo+H5oI gdhV5uvE47Uj3XxZ8thhYSY1C7c9tFhWSVB3xSwNUEQDr/5M2iqIe4cz96FJPFqu1j5T NKDg== X-Gm-Message-State: ALyK8tKIxQ01HV1i6LWuZ6JblpI0D5ObB872+D5KOeOfOPGdxEUItfMYN5/V5cCdmVO4FA== X-Received: by 10.67.21.144 with SMTP id hk16mr10311041pad.44.1467985422557; Fri, 08 Jul 2016 06:43:42 -0700 (PDT) Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157]) by smtp.gmail.com with ESMTPSA id y6sm3380739pav.1.2016.07.08.06.43.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Jul 2016 06:43:41 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> <8760shcr2o.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Fri, 08 Jul 2016 09:43:35 -0400 In-Reply-To: (Konstantin Kliakhandler's message of "Fri, 8 Jul 2016 01:40:13 +0300") Message-ID: <87bn28b5yw.fsf@lifelogs.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Fri, 8 Jul 2016 01:40:13 +0300 Konstantin Kliakhandler wrote: T> Perhaps there can be a way to say T> "if this %t is empty, remove the preceding --argument as well" T> in the format string? That would simplify the whole thing, like so: T> "gnutls-cli --x509cafile %T -p %p %h" T> ...becomes "gnutls-cli -p PORT HOST" T> when the %T parameter is nil. Just an idea... KK> I toyed with this idea, and even implemented something of the sort, but KK> from a bit different different direction - I added another replacement KK> variable - %c - and made the list tls-program now contain pairs with KK> (string . value-of-c), e.g. ("gnutls-cli %c %T -p %p %h" . "--x509cafile") KK> have both %c and %T replaced (together) as appropriate. KK> The problem with this approach is, what about people who customized this KK> setting? So, I made it backward compatible with the old standard. KK> Eventually however, it turned into a an ugly big mess due to the backward KK> compatability and I decided against submitting. KK> There is a similar problem of backward compatibility in your approach - KK> what if someone customized it in such a way that wasn't expecting an KK> argument to be removed, and it would create a vulnerability in their setup? KK> I also don't see a simple way to do it nicely, but have no objections on KK> those grounds, of course. Hmm, right, yeah... well %t is always preceded by an argument, right? So maybe the backwards-compatible solution is that if %t is nil, delete the preceding option? Another option is to throw an error when %t is nil, explaining what happened and how to fix it. That's not a terrible inconvenience for the user, compared to running an insecure connection unknowingly. I slightly prefer this. KK> Finally, I would do the patch but am uncertain whether it would be better KK> to wait for your results from emacs-devel and remove the ssl3 bit as well KK> (or just go ahead and do it). Let me know and I'll send the appropriate KK> patch. Go ahead and remove it, we have agreement that it's a Bad Thing. Thank you! Ted From unknown Thu Aug 21 14:54:16 2025 X-Loop: help-debbugs@gnu.org Subject: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 May 2019 19:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: flitterio@gmail.com (Francis Litterio) Cc: 23759@debbugs.gnu.org Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.155777657820445 (code B ref 23759); Mon, 13 May 2019 19:43:02 +0000 Received: (at 23759) by debbugs.gnu.org; 13 May 2019 19:42:58 +0000 Received: from localhost ([127.0.0.1]:46314 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQGqg-0005Jh-F1 for submit@debbugs.gnu.org; Mon, 13 May 2019 15:42:58 -0400 Received: from quimby.gnus.org ([80.91.231.51]:44874) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQGqc-0005JV-Dp for 23759@debbugs.gnu.org; Mon, 13 May 2019 15:42:56 -0400 Received: from [12.41.144.226] (helo=sandy) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hQGqZ-00012d-2v; Mon, 13 May 2019 21:42:53 +0200 From: Lars Ingebrigtsen References: <87y46ahz23.fsf@gmail.com> Date: Mon, 13 May 2019 15:42:49 -0400 In-Reply-To: <87y46ahz23.fsf@gmail.com> (Francis Litterio's message of "Sun, 12 Jun 2016 17:32:56 -0400") Message-ID: <87y33ata2u.fsf@mouse.gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: flitterio@gmail.com (Francis Litterio) writes: > 2. Evaluate this form in buffer *scratch*: > > (progn > (require 'tls) > (open-tls-stream "foo" nil "irc.oftc.net" 6697)) tls.el has been deprecated in Emacs 27.1 (Emacs uses built-in TLS instead), so I'm closing this bug report. Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) flitterio@gmail.com (Francis Litterio) writes: > 2. Evaluate this form in buffer *scratch*: > > (progn > (require 'tls) > (open-tls-stream "foo" nil "irc.oftc.net" 6697)) tls.el has been deprecated in Emacs 27.1 (Emacs uses built-in TLS instead), so I'm closing this bug report. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Mon May 13 15:43:09 2019 Received: (at control) by debbugs.gnu.org; 13 May 2019 19:43:09 +0000 Received: from localhost ([127.0.0.1]:46318 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQGqq-0005Kg-M4 for submit@debbugs.gnu.org; Mon, 13 May 2019 15:43:08 -0400 Received: from quimby.gnus.org ([80.91.231.51]:44892) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQGqn-0005KT-3T for control@debbugs.gnu.org; Mon, 13 May 2019 15:43:06 -0400 Received: from [12.41.144.226] (helo=sandy) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hQGqk-00012k-8d for control@debbugs.gnu.org; Mon, 13 May 2019 21:43:04 +0200 Date: Mon, 13 May 2019 15:43:00 -0400 Message-Id: <87woiuta2j.fsf@mouse.gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #23759 X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: tags 23759 wontfix close 23759 quit Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 23759 wontfix close 23759 quit