GNU bug report logs - #17061
24.3.50; Gnus fails for self-signed certs when gnutls-verify-error is t

Previous Next

Package: gnus;

Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>

Date: Fri, 21 Mar 2014 19:43:02 UTC

Severity: normal

Found in version 5.13001

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 17061 in the body.
You can then email your comments to 17061 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bugs <at> gnus.org:
bug#17061; Package gnus. (Fri, 21 Mar 2014 19:43:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>:
New bug report received and forwarded. Copy sent to bugs <at> gnus.org. (Fri, 21 Mar 2014 19:43:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
To: submit <at> debbugs.gnu.org (The Gnus Bugfixing Girls + Boys)
Subject: 24.3.50;
 Gnus fails for self-signed certs when gnutls-verify-error is t
Date: Fri, 21 Mar 2014 20:42:01 +0100

Hi there,

when gnutls-verify-error is t, Gnus fails to establish connections
to servers with self-signed certificates.  This is to be expected,
but I do not get any information about certificate problems at all.
Gnus just fails silently and reports the server as offline in the
*Server* buffer.

This happens when Gnus upgrades the connection via STARTTLS as well
as when I request TLS via nntp-open-tls-stream, e.g., for gmane:
(setq gnutls-verify-error t
      gnus-select-method
      '(nntp "news.gmane.org"
	     (nntp-open-connection-function nntp-open-tls-stream)
	     (nntp-port-number 563)
	     (nntp-address "news.gmane.org")))

I believe that some notification is necessary.

Thanks
Jens

P.S. Output of gnus-bug:
Ma Gnus v0.10
GNU Emacs 24.3.50.1 (i686-pc-linux-gnu, GTK+ Version 2.20.1)
 of 2014-03-21 on pcwi7557
Information forwarded to bugs <at> gnus.org:
bug#17061; Package gnus. (Tue, 24 Jan 2017 23:51:01 GMT) Full text and rfc822 format available.

Message #8 received at 17061 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
Cc: 17061 <at> debbugs.gnu.org
Subject: Re: bug#17061: 24.3.50;
 Gnus fails for self-signed certs when gnutls-verify-error is t
Date: Wed, 25 Jan 2017 00:50:44 +0100

Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org> writes:

> when gnutls-verify-error is t, Gnus fails to establish connections
> to servers with self-signed certificates.  This is to be expected,
> but I do not get any information about certificate problems at all.
> Gnus just fails silently and reports the server as offline in the
> *Server* buffer.

Aren't there any messages from the gnutls layer saying what happened?

I don't think there's any good mechanism to report these errors back up
to the application layer...  or is there?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
Information forwarded to bugs <at> gnus.org:
bug#17061; Package gnus. (Wed, 25 Jan 2017 18:31:01 GMT) Full text and rfc822 format available.

Message #11 received at 17061 <at> debbugs.gnu.org (full text, mbox):

From: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 17061 <at> debbugs.gnu.org
Subject: Re: bug#17061: 24.3.50;
 Gnus fails for self-signed certs when gnutls-verify-error is t
Date: Wed, 25 Jan 2017 19:30:23 +0100

On 2017-01-25, at 00:50, Lars Ingebrigtsen wrote:

> Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org> writes:
>
>> when gnutls-verify-error is t, Gnus fails to establish connections
>> to servers with self-signed certificates.  This is to be expected,
>> but I do not get any information about certificate problems at all.
>> Gnus just fails silently and reports the server as offline in the
>> *Server* buffer.
>
> Aren't there any messages from the gnutls layer saying what happened?
>
> I don't think there's any good mechanism to report these errors back up
> to the application layer...  or is there?

I don’t have 24.3.50 around any more.  More recent versions (24.5.1,
26.x) indeed show a reasonable certificate warning message and ask
whether to continue.

Best wishes
Jens
Information forwarded to bugs <at> gnus.org:
bug#17061; Package gnus. (Wed, 25 Jan 2017 18:33:02 GMT) Full text and rfc822 format available.

Message #14 received at 17061 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
Cc: 17061 <at> debbugs.gnu.org
Subject: Re: bug#17061: 24.3.50;
 Gnus fails for self-signed certs when gnutls-verify-error is t
Date: Wed, 25 Jan 2017 19:32:10 +0100

Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org> writes:

> I dont have 24.3.50 around any more.  More recent versions (24.5.1,
> 26.x) indeed show a reasonable certificate warning message and ask
> whether to continue.

Great; closing.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
bug closed, send any further explanations to 17061 <at> debbugs.gnu.org and Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org> Request was from Lars Ingebrigtsen <larsi <at> gnus.org> to control <at> debbugs.gnu.org. (Wed, 25 Jan 2017 18:33:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 23 Feb 2017 12:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 7 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.