GNU bug report logs -
#35896
27.0.50; Gmane certificate host does not match hostname
Previous Next
Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>
Date: Sat, 25 May 2019 11:54:02 UTC
Severity: normal
Found in version 27.0.50
Done: Stefan Monnier <monnier <at> iro.umontreal.ca>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35896 in the body.
You can then email your comments to 35896 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#35896; Package
emacs.
(Sat, 25 May 2019 11:54:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Stefan Monnier <monnier <at> iro.umontreal.ca>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Sat, 25 May 2019 11:54:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Package: Emacs
Version: 27.0.50
Whenever gmane update their certificate NSM asks me for confirmation,
saying:
The TLS connection to news.gmane.org:nntp is insecure for the following
reason:
certificate host does not match hostname
If I look at the certificate info above I see:
Issued to: CN=news.gmane.org
Hostname: news.gmane.org
So to me, it looks like the hostname matches, except maybe for the "CN="
which seems like a mistake. Is that a mistake on our side or on Gmane's
or on Let's Encrypt?
Stefan
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#35896; Package
emacs.
(Sat, 25 May 2019 12:55:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 35896 <at> debbugs.gnu.org (full text, mbox):
On Mai 25 2019, Stefan Monnier <monnier <at> iro.umontreal.ca> wrote:
> Whenever gmane update their certificate NSM asks me for confirmation,
> saying:
>
> The TLS connection to news.gmane.org:nntp is insecure for the following
> reason:
>
> certificate host does not match hostname
Are you sure the question is about news.gmane.org, not news.gwene.org?
Andreas.
--
Andreas Schwab, schwab <at> linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."
Reply sent
to
Stefan Monnier <monnier <at> iro.umontreal.ca>:
You have taken responsibility.
(Sat, 25 May 2019 16:04:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Stefan Monnier <monnier <at> iro.umontreal.ca>:
bug acknowledged by developer.
(Sat, 25 May 2019 16:04:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 35896-done <at> debbugs.gnu.org (full text, mbox):
>> Whenever gmane update their certificate NSM asks me for confirmation,
>> saying:
>>
>> The TLS connection to news.gmane.org:nntp is insecure for the following
>> reason:
>>
>> certificate host does not match hostname
>
> Are you sure the question is about news.gmane.org, not news.gwene.org?
I didn't copy&paste the text (because the prompt is not a minibuffer
and here I'm exposed to the undesirable difference ;-), so maybe you're
right: maybe I didn't read carefully enough to notice it said "gwene"
instead of "gmane".
[...comparing my network-security.data with my backup's...]
Yup, you're right, it seems that it was gwene's so I guess it's
a misconfiguration there where they share a single certificate but only
tell Letsencrypt about one of the two names.
Thanks,
Stefan
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 23 Jun 2019 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 77 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.