GNU bug report logs - #33780
network-stream.el: network-stream-certificate always returns nil

Previous Next

Package: emacs;

Reported by: Vinothan Shankar <darael <at> dracon.is>

Date: Mon, 17 Dec 2018 19:17:01 UTC

Severity: normal

Tags: fixed

Fixed in version 27.1

Done: Robert Pluim <rpluim <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #44 received at 33780 <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: darael <at> dracon.is, tzz <at> lifelogs.com, 33780 <at> debbugs.gnu.org
Subject: Re: bug#33780: network-stream.el: network-stream-certificate always
 returns nil
Date: Tue, 15 Jan 2019 21:31:35 +0100

Eli Zaretskii <eliz <at> gnu.org> writes:

>> so loading nsm.el causes nsm-verify-connection to get called in the
>> ':nowait t' case. Presumably in the ':nowait nil' case gnutls-boot has
>> already completed the tls connection, and finish_after_tls_connection
>> never gets called (thatʼs speculation on my part). I donʼt know the
>> GnuTLS code well enough to know if this is a bug. Ted?
>

I can confirm this is what happens: finish_after_tls_connection only
gets called when ':nowait t'.

> Ah, okay.  No, I don't think this is a bug.  So use some way to get
> nsm to approve the connection.

I do find it unexpected that the low level GnuTLS code only invokes
the nsm for ':nowait t' connections.  OTOH 'open-network-stream' works
fine, and uses the nsm, so itʼs not a big deal.

Overriding nsm-query appears not to be enough (itʼs enough when
running the tests interactively, but not in batch mode), I had to
override 'nsm-verify-connection'.

Robert
This bug report was last modified 6 years and 117 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.