[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#13374: closed (24.?; open-gnutls-stream insecurity

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#13374: closed (24.?; open-gnutls-stream insecurity)
Date: Sat, 02 Nov 2013 21:08:02 +0000

Your message dated Sat, 02 Nov 2013 22:07:16 +0100
with message-id <address@hidden>
and subject line Re: bug#15792: 24.3; Builtin TLS support should enable 
certificate verification support by default
has caused the debbugs.gnu.org bug report #15792,
regarding 24.?; open-gnutls-stream insecurity
to be marked as done.

(If you believe you have received this mail in error, please contact

15792: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=15792
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: 24.?; open-gnutls-stream insecurity Date: Mon, 07 Jan 2013 12:20:45 +0200
Hi list!

open-gnutls-stream wrapper doesn't pass :verify-hostname-error t
:verify-error t to gnutls-negotiate. So MitM is possible when you use
gnus and other packages. 

Even with :verify-hostname-error t :verify-error t gnutls-negotiate
doesn't produce error with selfsigned CA certificate, when :type
'gnutls-x509pki passed.

I use next in my .gnus:

(defun open-gnutls-stream (name buffer host service)
  (gnutls-negotiate :process (open-network-stream name buffer host service)
                    :hostname host
                    :verify-hostname-error t :verify-error t))

Works for me.

// ----

In GNU Emacs (x86_64-pc-linux-gnu, X toolkit)
 of 2013-01-06 on BlackICE
Bzr revision: address@hidden
Windowing system distributor `The X.Org Foundation', version 11.0.11300000
System Description:     Gentoo Base System release 2.2

Configured using:
 `configure --prefix=/usr --build=x86_64-pc-linux-gnu
 --host=x86_64-pc-linux-gnu --mandir=/usr/share/man
 --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
 --localstatedir=/var/lib --libdir=/usr/lib64
 --disable-dependency-tracking --program-suffix=-emacs-24-vcs
 --with-gameuser=games --without-compress-info --without-hesiod
 --without-kerberos --without-kerberos5 --with-gpm --with-dbus
 --with-gnutls --with-xml2 --without-selinux --with-wide-int
 --with-sound --with-x --without-ns --without-gconf --with-gsettings
 --without-toolkit-scroll-bars --with-gif --with-jpeg --with-png
 --with-rsvg --with-tiff --with-xpm --without-imagemagick --with-xft
 --without-libotf --without-m17n-flt --with-x-toolkit=lucid
 --without-xaw3d GENTOO_PACKAGE=app-editors/emacs-vcs-24.3.9999

Important settings:
  value of $LC_ALL: ru_RU.UTF-8
  value of $LANG: russian
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

--- End Message ---
--- Begin Message --- Subject: Re: bug#15792: 24.3; Builtin TLS support should enable certificate verification support by default Date: Sat, 02 Nov 2013 22:07:16 +0100 User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3 (gnu/linux)
 ❦  2 novembre 2013 19:48 CET, Glenn Morris <address@hidden> :

> See http://debbugs.gnu.org/13374 and related discussion.

Thanks! Sorry for the duplicate, I didn't find this bug report.
printk("??? No FDIV bug? Lucky you...\n");
        2.2.16 /usr/src/linux/include/asm-i386/bugs.h

--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]