From unknown Sat Sep 06 12:38:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#35896: 27.0.50; Gmane certificate host does not match hostname Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 25 May 2019 11:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 35896 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 35896@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15587852297120 (code B ref -1); Sat, 25 May 2019 11:54:02 +0000 Received: (at submit) by debbugs.gnu.org; 25 May 2019 11:53:49 +0000 Received: from localhost ([127.0.0.1]:48305 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUVFF-0001qm-Hv for submit@debbugs.gnu.org; Sat, 25 May 2019 07:53:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45594) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUVFD-0001qY-Rn for submit@debbugs.gnu.org; Sat, 25 May 2019 07:53:48 -0400 Received: from lists.gnu.org ([209.51.188.17]:60603) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hUVF8-0005T9-Li for submit@debbugs.gnu.org; Sat, 25 May 2019 07:53:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59975) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hUVF7-0006Uf-Lv for bug-gnu-emacs@gnu.org; Sat, 25 May 2019 07:53:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hUVF6-0005Rs-M0 for bug-gnu-emacs@gnu.org; Sat, 25 May 2019 07:53:41 -0400 Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:23000) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hUVF6-0005RV-EJ for bug-gnu-emacs@gnu.org; Sat, 25 May 2019 07:53:40 -0400 Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 656AE8116B for ; Sat, 25 May 2019 07:53:39 -0400 (EDT) Received: from mail02.iro.umontreal.ca (unknown [172.31.2.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 1217980D60 for ; Sat, 25 May 2019 07:53:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1558785218; bh=0i09nuqNjRBm9WQIdo5ouzeaPDfzSoLtr/llIruMh24=; h=From:To:Subject:Date:From; b=JHFQu4ctYZMxPqPvJ8CCW7eIQDT/6AXD3XSQQ1dEOYU6+r07kl4BH+WsVqOzZatcv u2IqDYXGzWAq84JzVNkvS06p+dP8rZdAq3A0JyOu9suidwKB/ZXwUQ9kmR002FfGoT TCpI4V4NPcC00Yjs8C0BJWeRuYJLETaxidMr608jhMghlP410Y+0LNsvCWheHD3piP TtEqS8P5p1F8hID6aIPslLEXlT1eQrx0wUyMg6EysY9Ju6GA94Wg4qpP59HuVdPJVx CNH7MIGjzr6cYH+mwiyTSN/sXP6bPwVyK4XG79376TGHp/1/IQRqTLYs3hvobohHlp btWPtZrebt7sg== Received: from pastel (unknown [167.88.27.42]) by mail02.iro.umontreal.ca (Postfix) with ESMTPSA id E324D1204B4 for ; Sat, 25 May 2019 07:53:37 -0400 (EDT) From: Stefan Monnier Date: Sat, 25 May 2019 07:53:31 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 132.204.25.50 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Package: Emacs Version: 27.0.50 Whenever gmane update their certificate NSM asks me for confirmation, saying: The TLS connection to news.gmane.org:nntp is insecure for the following reason: certificate host does not match hostname If I look at the certificate info above I see: Issued to: CN=news.gmane.org Hostname: news.gmane.org So to me, it looks like the hostname matches, except maybe for the "CN=" which seems like a mistake. Is that a mistake on our side or on Gmane's or on Let's Encrypt? Stefan From unknown Sat Sep 06 12:38:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#35896: 27.0.50; Gmane certificate host does not match hostname Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 25 May 2019 12:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 35896 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Stefan Monnier Cc: 35896@debbugs.gnu.org Received: via spool by 35896-submit@debbugs.gnu.org id=B35896.155878885413054 (code B ref 35896); Sat, 25 May 2019 12:55:02 +0000 Received: (at 35896) by debbugs.gnu.org; 25 May 2019 12:54:14 +0000 Received: from localhost ([127.0.0.1]:48373 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUWBh-0003OT-RX for submit@debbugs.gnu.org; Sat, 25 May 2019 08:54:14 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:44409) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUWBg-0003OK-1l for 35896@debbugs.gnu.org; Sat, 25 May 2019 08:54:12 -0400 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 45B38d5PcYz1rXtr; Sat, 25 May 2019 14:54:06 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 45B38Z2QbXz1qql0; Sat, 25 May 2019 14:54:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id DU1zBvYSMG1v; Sat, 25 May 2019 14:54:05 +0200 (CEST) X-Auth-Info: CmYUoB7C1RzQ204uKqvw1FvXPgghA6cMxBLseCiy27FFVK+Pxu2PTbBdxQkNy8Dc Received: from igel.home (ppp-46-244-160-177.dynamic.mnet-online.de [46.244.160.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Sat, 25 May 2019 14:54:05 +0200 (CEST) Received: by igel.home (Postfix, from userid 1000) id 047E72C162C; Sat, 25 May 2019 14:54:04 +0200 (CEST) From: Andreas Schwab References: X-Yow: Look into my eyes and try to forget that you have a Macy's charge card! Date: Sat, 25 May 2019 14:54:04 +0200 In-Reply-To: (Stefan Monnier's message of "Sat, 25 May 2019 07:53:31 -0400") Message-ID: <87y32u3dar.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Mai 25 2019, Stefan Monnier wrote: > Whenever gmane update their certificate NSM asks me for confirmation, > saying: > > The TLS connection to news.gmane.org:nntp is insecure for the following > reason: > > certificate host does not match hostname Are you sure the question is about news.gmane.org, not news.gwene.org? Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different." From unknown Sat Sep 06 12:38:43 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Stefan Monnier Subject: bug#35896: closed (Re: bug#35896: 27.0.50; Gmane certificate host does not match hostname) Message-ID: References: X-Gnu-PR-Message: they-closed 35896 X-Gnu-PR-Package: emacs Reply-To: 35896@debbugs.gnu.org Date: Sat, 25 May 2019 16:04:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1558800242-1998-1" This is a multi-part message in MIME format... ------------=_1558800242-1998-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #35896: 27.0.50; Gmane certificate host does not match hostname which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 35896@debbugs.gnu.org. --=20 35896: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D35896 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1558800242-1998-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 35896-done) by debbugs.gnu.org; 25 May 2019 16:03:20 +0000 Received: from localhost ([127.0.0.1]:49416 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUZ8i-0000V8-Hf for submit@debbugs.gnu.org; Sat, 25 May 2019 12:03:20 -0400 Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:26052) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUZ8h-0000Ut-F9 for 35896-done@debbugs.gnu.org; Sat, 25 May 2019 12:03:19 -0400 Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id DD99B1011C4; Sat, 25 May 2019 12:03:12 -0400 (EDT) Received: from mail02.iro.umontreal.ca (unknown [172.31.2.1]) by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id CFB7A101138; Sat, 25 May 2019 12:03:11 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1558800191; bh=HWFUatsr4hThkQ0AAFy+o2x+Z19Y9No2NtKe9VZX+2Q=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=Jsb/T/08q21zaaKgV5EOsqLrkpiJqt3C+skKEoqCQCsFnkIsdetrivj8+yiwyMCO2 71VOW4C3YlajZjVKVGx2o4y1YbHGA4/Cy6i3T1ywUtG4vcKQ3X5WAcil6AwaSIDF3Y wjof2/JVXnyDTKGsfGJbWhsSt7xgtiymAxzCaBXvImE8wGiX+hnZctZPJkpgCm7ypK R+0mB5r4JdDtRN/TDe8scwCE4LZ9Rfm1eqrhDuMRSsDDMW9pUjOX0fekbkqNS1t/xi UiJ9aX+BSIwJHtH8QDGlBeKfYrB8gZOuK/n9BOrYcjhSXbSEaG34WA5QWSV6eaEmOB /z5HqScKDEeug== Received: from pastel (unknown [167.88.27.42]) by mail02.iro.umontreal.ca (Postfix) with ESMTPSA id A523B120AA3; Sat, 25 May 2019 12:03:11 -0400 (EDT) From: Stefan Monnier To: Andreas Schwab Subject: Re: bug#35896: 27.0.50; Gmane certificate host does not match hostname Message-ID: References: <87y32u3dar.fsf@igel.home> Date: Sat, 25 May 2019 12:03:10 -0400 In-Reply-To: <87y32u3dar.fsf@igel.home> (Andreas Schwab's message of "Sat, 25 May 2019 14:54:04 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SPAM-INFO: Spam detection results: 0 ALL_TRUSTED -1 Passed through trusted hosts only via SMTP BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain X-SPAM-LEVEL: X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 35896-done Cc: 35896-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) >> Whenever gmane update their certificate NSM asks me for confirmation, >> saying: >> >> The TLS connection to news.gmane.org:nntp is insecure for the following >> reason: >> >> certificate host does not match hostname > > Are you sure the question is about news.gmane.org, not news.gwene.org? I didn't copy&paste the text (because the prompt is not a minibuffer and here I'm exposed to the undesirable difference ;-), so maybe you're right: maybe I didn't read carefully enough to notice it said "gwene" instead of "gmane". [...comparing my network-security.data with my backup's...] Yup, you're right, it seems that it was gwene's so I guess it's a misconfiguration there where they share a single certificate but only tell Letsencrypt about one of the two names. Thanks, Stefan ------------=_1558800242-1998-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 25 May 2019 11:53:49 +0000 Received: from localhost ([127.0.0.1]:48305 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUVFF-0001qm-Hv for submit@debbugs.gnu.org; Sat, 25 May 2019 07:53:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45594) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUVFD-0001qY-Rn for submit@debbugs.gnu.org; Sat, 25 May 2019 07:53:48 -0400 Received: from lists.gnu.org ([209.51.188.17]:60603) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hUVF8-0005T9-Li for submit@debbugs.gnu.org; Sat, 25 May 2019 07:53:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59975) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hUVF7-0006Uf-Lv for bug-gnu-emacs@gnu.org; Sat, 25 May 2019 07:53:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hUVF6-0005Rs-M0 for bug-gnu-emacs@gnu.org; Sat, 25 May 2019 07:53:41 -0400 Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:23000) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hUVF6-0005RV-EJ for bug-gnu-emacs@gnu.org; Sat, 25 May 2019 07:53:40 -0400 Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 656AE8116B for ; Sat, 25 May 2019 07:53:39 -0400 (EDT) Received: from mail02.iro.umontreal.ca (unknown [172.31.2.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 1217980D60 for ; Sat, 25 May 2019 07:53:38 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1558785218; bh=0i09nuqNjRBm9WQIdo5ouzeaPDfzSoLtr/llIruMh24=; h=From:To:Subject:Date:From; b=JHFQu4ctYZMxPqPvJ8CCW7eIQDT/6AXD3XSQQ1dEOYU6+r07kl4BH+WsVqOzZatcv u2IqDYXGzWAq84JzVNkvS06p+dP8rZdAq3A0JyOu9suidwKB/ZXwUQ9kmR002FfGoT TCpI4V4NPcC00Yjs8C0BJWeRuYJLETaxidMr608jhMghlP410Y+0LNsvCWheHD3piP TtEqS8P5p1F8hID6aIPslLEXlT1eQrx0wUyMg6EysY9Ju6GA94Wg4qpP59HuVdPJVx CNH7MIGjzr6cYH+mwiyTSN/sXP6bPwVyK4XG79376TGHp/1/IQRqTLYs3hvobohHlp btWPtZrebt7sg== Received: from pastel (unknown [167.88.27.42]) by mail02.iro.umontreal.ca (Postfix) with ESMTPSA id E324D1204B4 for ; Sat, 25 May 2019 07:53:37 -0400 (EDT) From: Stefan Monnier To: bug-gnu-emacs@gnu.org Subject: 27.0.50; Gmane certificate host does not match hostname Date: Sat, 25 May 2019 07:53:31 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 132.204.25.50 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Package: Emacs Version: 27.0.50 Whenever gmane update their certificate NSM asks me for confirmation, saying: The TLS connection to news.gmane.org:nntp is insecure for the following reason: certificate host does not match hostname If I look at the certificate info above I see: Issued to: CN=news.gmane.org Hostname: news.gmane.org So to me, it looks like the hostname matches, except maybe for the "CN=" which seems like a mistake. Is that a mistake on our side or on Gmane's or on Let's Encrypt? Stefan ------------=_1558800242-1998-1--