GNU bug report logs - #55858
28.1; process-async-https-with-delay failure

Previous Next

Package: emacs;

Reported by: Ken Brown <kbrown <at> cornell.edu>

Date: Wed, 8 Jun 2022 22:05:02 UTC

Severity: normal

Tags: moreinfo

Found in version 28.1

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ken Brown <kbrown <at> cornell.edu>
To: bug-gnu-emacs <at> gnu.org
Subject: 28.1; process-async-https-with-delay failure
Date: Wed, 8 Jun 2022 18:04:05 -0400

process-async-https-with-delay in test/src/process-tests.el fails on my
Cygwin system when run via 'make check' (but not when run via 'emacs
-batch -l /path/to/test/src/process-tests.el -f
ert-run-tests-batch-and-exit').  By adding 'TEST_INTERACTIVE=yes' to the
make invocation, I traced this to a certificate problem together with
the fact that HOME is set to /nonexistent during 'make check'.

In more detail, if I run

make -C test process-tests SELECTOR='process-async-https-with-delay' 
TEST_INTERACTIVE=yes

then emacs starts and shows me the following in the *Network Security
Manager* buffer:

Certificate information
  Issued by:          R3
  Issued to:          CN=elpa.gnu.org
  Hostname:           elpa.gnu.org
  Public key:         RSA, signature: RSA-SHA256
  Session:            TLS1.3, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD
  Security level:     Medium
  Valid:              From 2022-05-27 to 2022-08-25

The TLS connection to elpa.gnu.org:443 is insecure
for the following reasons:

* certificate has expired
* certificate could not be verified

A minibuffer prompt asks me if I want to continue connecting, and if I
select 'always', I get a "No such file or directory" error for
/nonexistent/.emacs.d/network-security.data.  Of course,
~/.emacs.d/network-security.data does exist and contains the appropriate
information about elpa.gnu.org:443 from previous selections of 'always'
outside of 'make check'.

There are two issues here.  First, there's obviously something I should
do on my system so that the TLS certificate for elpa.gnu.org is
trusted.  I know nothing about TLS certificates and would appreciate
help here.

Second, I think it's a bug that the test is causing /nonexistent to be
accessed.  Maybe it would make more sense for the test to be skipped if
the certificate can't be verified.

Ken
This bug report was last modified 3 years and 44 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.