GNU bug report logs - #35896
27.0.50; Gmane certificate host does not match hostname

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 25 May 2019 11:54:02 UTC

Severity: normal

Found in version 27.0.50

Done: Stefan Monnier <monnier <at> iro.umontreal.ca>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#35896: closed (27.0.50; Gmane certificate host does not match
 hostname)
Date: Sat, 25 May 2019 16:04:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sat, 25 May 2019 12:03:10 -0400
with message-id <jwvwoiesez7.fsf-monnier+emacs <at> gnu.org>
and subject line Re: bug#35896: 27.0.50; Gmane certificate host does not match hostname
has caused the debbugs.gnu.org bug report #35896,
regarding 27.0.50; Gmane certificate host does not match hostname
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
35896: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35896
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: bug-gnu-emacs <at> gnu.org
Subject: 27.0.50; Gmane certificate host does not match hostname
Date: Sat, 25 May 2019 07:53:31 -0400

Package: Emacs
Version: 27.0.50


Whenever gmane update their certificate NSM asks me for confirmation,
saying:

    The TLS connection to news.gmane.org:nntp is insecure for the following
    reason:

    certificate host does not match hostname

If I look at the certificate info above I see:

    Issued to:       CN=news.gmane.org
    Hostname:        news.gmane.org

So to me, it looks like the hostname matches, except maybe for the "CN="
which seems like a mistake.  Is that a mistake on our side or on Gmane's
or on Let's Encrypt?


        Stefan




[Message part 3 (message/rfc822, inline)]
From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Andreas Schwab <schwab <at> linux-m68k.org>
Cc: 35896-done <at> debbugs.gnu.org
Subject: Re: bug#35896: 27.0.50; Gmane certificate host does not match hostname
Date: Sat, 25 May 2019 12:03:10 -0400

>> Whenever gmane update their certificate NSM asks me for confirmation,
>> saying:
>>
>>     The TLS connection to news.gmane.org:nntp is insecure for the following
>>     reason:
>>
>>     certificate host does not match hostname
>
> Are you sure the question is about news.gmane.org, not news.gwene.org?

I didn't copy&paste the text (because the prompt is not a minibuffer
and here I'm exposed to the undesirable difference ;-), so maybe you're
right: maybe I didn't read carefully enough to notice it said "gwene"
instead of "gmane".

[...comparing my network-security.data with my backup's...]

Yup, you're right, it seems that it was gwene's so I guess it's
a misconfiguration there where they share a single certificate but only
tell Letsencrypt about one of the two names.

Thanks,


        Stefan
This bug report was last modified 6 years and 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.