GNU bug report logs - #35896
27.0.50; Gmane certificate host does not match hostname

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 25 May 2019 11:54:02 UTC

Severity: normal

Found in version 27.0.50

Done: Stefan Monnier <monnier <at> iro.umontreal.ca>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Subject: bug#35896: closed (Re: bug#35896: 27.0.50; Gmane certificate host
 does not match hostname)
Date: Sat, 25 May 2019 16:04:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#35896: 27.0.50; Gmane certificate host does not match hostname

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 35896 <at> debbugs.gnu.org.

-- 
35896: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35896
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Andreas Schwab <schwab <at> linux-m68k.org>
Cc: 35896-done <at> debbugs.gnu.org
Subject: Re: bug#35896: 27.0.50; Gmane certificate host does not match hostname
Date: Sat, 25 May 2019 12:03:10 -0400

>> Whenever gmane update their certificate NSM asks me for confirmation,
>> saying:
>>
>>     The TLS connection to news.gmane.org:nntp is insecure for the following
>>     reason:
>>
>>     certificate host does not match hostname
>
> Are you sure the question is about news.gmane.org, not news.gwene.org?

I didn't copy&paste the text (because the prompt is not a minibuffer
and here I'm exposed to the undesirable difference ;-), so maybe you're
right: maybe I didn't read carefully enough to notice it said "gwene"
instead of "gmane".

[...comparing my network-security.data with my backup's...]

Yup, you're right, it seems that it was gwene's so I guess it's
a misconfiguration there where they share a single certificate but only
tell Letsencrypt about one of the two names.

Thanks,


        Stefan



[Message part 3 (message/rfc822, inline)]
From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: bug-gnu-emacs <at> gnu.org
Subject: 27.0.50; Gmane certificate host does not match hostname
Date: Sat, 25 May 2019 07:53:31 -0400

Package: Emacs
Version: 27.0.50


Whenever gmane update their certificate NSM asks me for confirmation,
saying:

    The TLS connection to news.gmane.org:nntp is insecure for the following
    reason:

    certificate host does not match hostname

If I look at the certificate info above I see:

    Issued to:       CN=news.gmane.org
    Hostname:        news.gmane.org

So to me, it looks like the hostname matches, except maybe for the "CN="
which seems like a mistake.  Is that a mistake on our side or on Gmane's
or on Let's Encrypt?


        Stefan
This bug report was last modified 6 years and 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.