Stefan Kangas <stefankangas@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 76278) by debbugs.gnu.org; 15 Feb 2025 03:47:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 14 22:47:21 2025
Received: from localhost ([127.0.0.1]:52779 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tj99E-0000Ye-M7
for submit <at> debbugs.gnu.org; Fri, 14 Feb 2025 22:47:21 -0500
Received: from mail-108-mta194.mxroute.com ([136.175.108.194]:43217)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <jp@HIDDEN>) id 1tj99A-0000YR-Mz
for 76278 <at> debbugs.gnu.org; Fri, 14 Feb 2025 22:47:18 -0500
Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com)
(Authenticated sender: mN4UYu2MZsgR)
by mail-108-mta194.mxroute.com (ZoneMTA) with ESMTPSA id
19507b7abf3000310e.001 for <76278 <at> debbugs.gnu.org>
(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
Sat, 15 Feb 2025 03:47:12 +0000
X-Zone-Loop: df0da4b5a6baec332e087ca1a9c3c90c46324b3b4c62
X-Originating-IP: [136.175.111.3]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=neverwas.me
; s=x;
h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:
Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=NdWO2NYEa3n777NcUlqixzycu/v8HtMfNmE82PDpl9I=; b=maQKq4DhiXOjNLGlnywOnyR7y9
t8XYLjcnAgrBGyhBU4znQ5JxQCwbT8MOkItUgV2hqZLGhhXxlARaS/yKZzA53IADvCgTkky1h6qL3
0bnm7BaAdCsNTVB1I63MqBNabS+OAEfWQyDdn1HvGE/T1Tl04rJ0rYlzuZhHYsGKCepezd3j9x4wk
m/U2HsWMDXW2aON4SjqQa2so/Om7GZkDJuijd2P2ZomuJZnYy5m43rzXiF+zPnHJjVHvN3u8sugtc
002/kFvEQ91BU/5lU7qHiHewdTlU+fGqFRl7SxIcDBw7Vdv0lku/fAvIOo/2nThECjMXNMZS8XJWT
1YkpB6Nw==;
From: "J.P." <jp@HIDDEN>
To: Archie Halliwell <archie@HIDDEN>
Subject: Re: bug#76278: 29.4; ERC 5.5.0.29.1: ERC Manual does not mention
usage of .pem client certificates
In-Reply-To: <1d781469-5f78-4cf6-9b11-d80ec71ff4f2@HIDDEN>
References: <3f93ebc7-8441-4db1-9565-e0d158fbe380@HIDDEN>
<8634ghgc1y.fsf@HIDDEN>
<1d781469-5f78-4cf6-9b11-d80ec71ff4f2@HIDDEN>
Date: Fri, 14 Feb 2025 19:47:08 -0800
Message-ID: <87msenna2r.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Authenticated-Id: masked@HIDDEN
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 76278
Cc: Eli Zaretskii <eliz@HIDDEN>, emacs-erc@HIDDEN, 76278 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi Archie,
Archie Halliwell <archie@HIDDEN> writes:
> On 14/2/25 19:34, Eli Zaretskii wrote:
>>> Date: Fri, 14 Feb 2025 14:43:32 +1100
>>> From: Archie Halliwell <archie@HIDDEN>
>>>
>>> The ERC Manual does not explain how to use .pem client certificates,
>>> only how to use the combination of a .crt certificate and .key private
>>> key. This is confusing as Libera.Chat's CertFP instructions only mention
>>> the use of a .pem file, instructing users on how to create an
>>> appropriate one.
>>>
>>> The manual should really mention that a .pem file can be used as both
>>> files in the client-certificate list.
>> Does ERC use the .pem file directly, or does it use it indirectly,
>> though some GnuTLS interface? If the latter, then the source might
>> not be from a .pem file, but instead from some equivalent OS service
>> (this happens on MS-Windows, for example). So the manual should not
>> cause users of such systems go look for a .pem file that might not
>> even exist, or be irrelevant.
>>
>> Apologies if the above makes no sense: I don't use ERC and know very
>> little about it.
>>
>> Thanks.
> I believe that ERC uses GnuTLS, however the filenames are either specifie=
d in
> the client-certificate argument to ,,erc-tls,, or found in .authinfo.gpg.=
The
> manual gives examples using .key and .crt files, but not using .pem files.
> There is mention of using other services to provide certificates using
> auth-service, however auth-service seems to have disappeared and all link=
s to
> it are broken. Libera.Chat's instructions mention the creation of .pem fi=
les
> on Windows as well, so I expect that specifing a .pem file through the
> client-certificate keyword argument is the "correct" way on all platforms.
ERC supposedly relies on a generalized underlying transport to provide a
network process for exchanging IRC protocol messages with a server. In
practice, it's only equipped to handle TCP streams and defers to an
`open-network-stream'-compatible "opener" to create the necessary goods.
The opener for TLS encrypted streams is `erc-open-tls-stream', a thin
wrapper around `open-network-stream'. In this case, ERC passes the
:client-certificate from `erc-tls' directly to `open-network-stream',
which ultimately relies on `network-stream-certificate' to transform it
into something suitable for the :keylist parameter of `gnutls-boot'.
FWIW, the doc string of `gnutls-boot' does mention that
:keylist is an alist of PEM-encoded key files and PEM-encoded
certificates for =E2=80=98gnutls-x509pki=E2=80=99
which comports with its calling gnutls_certificate_set_x509_key_file2
and friends with a hard-coded GNUTLS_X509_FMT_PEM, although there's a
friendly note saying
/* TODO: GNUTLS_X509_FMT_DER is also an option. */
In any case, this info is likely one too many clicks removed from ERC's
docs. So, I think it makes sense for us to mention the format must be
PEM and that the key and the cert can be the same concatenated file.
In terms of file-name extensions, it's true that the examples on
Libera's site (and OFTC's) all appear to be .pem. OpenSSL's man pages
use .pem when contrasting it with .der, although the format is typically
declared explicitly with options like -outform. The .key and .crt
extensions in ERC's manual may originate from the docs of other IRC
clients or from the world of domain-name validation. Either way, I agree
we should probably change them all to .pem.
As for the broken auth-source hyperlinks, I'm not sure they're fixable
on ERC's side (ditto for all other non-ERC links). FWIW, they should
only be broken on https://elpa.gnu.org/packages/doc/erc.html. The ones
on https://www.gnu.org/software/emacs/manual/html_mono/erc.html and in
the Info manual (info "(erc) client-certificate") should work fine.
Anyway, the attached patch includes the mentioned changes, which are
mostly mechanical in nature. Please give feedback if you can.
Thanks,
J.P.
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
filename=0001-5.6.1-Use-.pem-extension-for-client-certs-in-ERC-doc.patch
From b03220e92e1b497f3db119d69264c056c9e64835 Mon Sep 17 00:00:00 2001
From: "F. Jason Park" <jp@HIDDEN>
Date: Fri, 14 Feb 2025 18:57:41 -0800
Subject: [PATCH] [5.6.1] Use .pem extension for client certs in ERC docs
* doc/misc/erc.texi (Connecting): Change file-name extensions to .pem in
all examples, and explain that the key and the cert can be combined into
one file.
* lisp/erc/erc.el (erc-tls): Use .pem extension for certs. (Bug#76278)
---
doc/misc/erc.texi | 18 +++++++++++-------
lisp/erc/erc.el | 4 ++--
2 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi
index 1c0afa3b300..dac90e2ad7f 100644
--- a/doc/misc/erc.texi
+++ b/doc/misc/erc.texi
@@ -866,15 +866,15 @@ Connecting
@example
(erc-tls :server "irc.libera.chat" :port 6697
:client-certificate
- '("/home/bandali/my-cert.key"
- "/home/bandali/my-cert.crt"))
+ (list (expand-file-name "~/my-key.pem")
+ (expand-file-name "~/my-cert.pem")))
@end example
@example
(erc-tls :server "irc.libera.chat" :port 6697
:client-certificate
- `(,(expand-file-name "~/cert-libera.key")
- ,(expand-file-name "~/cert-libera.crt")))
+ '("/home/bandali/libera.pem"
+ "/home/bandali/libera.pem")) ; same file
@end example
@example
@@ -882,12 +882,16 @@ Connecting
:client-certificate t)
@end example
+Make sure to use absolute file names for the key and the cert. The
+files themselves must be in the PEM-encoded text format and can be
+concatenated into a single file.
+
In the case of @code{:client-certificate t}, you will need to add a
line like the following to your authinfo file
(for example, @file{~/.authinfo.gpg}):
@example
-machine irc.libera.chat key /home/bandali/my-cert.key cert /home/bandali/my-cert.crt
+machine irc.libera.chat key /home/bandali/my-key.pem cert /home/bandali/my-cert.pem
@end example
@xref{Help for users,,,auth, Emacs auth-source Library}, for more on the
@@ -1244,7 +1248,7 @@ SASL
(erc-tls :server "irc.libera.chat" :port 6697 :nick "aph"
:client-certificate
- '("/home/aph/my.key" "/home/aph/my.crt"))
+ '("/home/aph/my-key.pem" "/home/aph/my-cert.pem"))
@end lisp
You decide to switch things up and try out the @samp{EXTERNAL}
@@ -1258,7 +1262,7 @@ SASL
@example
# ~/.authinfo.gpg
-machine irc.libera.chat key /home/aph/my.key cert /home/aph/my.crt
+machine irc.libera.chat key /home/aph/my-key.pem cert /home/aph/my-cert.pem
machine Example.Net login alyssa password sEcReT
machine Example.Net login aph-bot password sesame
@end example
diff --git a/lisp/erc/erc.el b/lisp/erc/erc.el
index 0d72b46360e..887df0c9e4a 100644
--- a/lisp/erc/erc.el
+++ b/lisp/erc/erc.el
@@ -2921,8 +2921,8 @@ erc-tls
(erc-tls :server \"irc.libera.chat\" :port 6697
:client-certificate
- \\='(\"/home/bandali/my-cert.key\"
- \"/home/bandali/my-cert.crt\"))
+ \\='(\"/home/bandali/my-key.pem\"
+ \"/home/bandali/my-cert.pem\"))
See the alternative entry-point command `erc' as well as Info
node `(erc) Connecting' for a fuller description of the various
--
2.48.1
--=-=-=--
bug-gnu-emacs@HIDDEN:bug#76278; Package emacs.
Full text available.Received: (at 76278) by debbugs.gnu.org; 15 Feb 2025 00:07:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 14 19:07:35 2025 Received: from localhost ([127.0.0.1]:52370 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tj5iZ-0003K7-IW for submit <at> debbugs.gnu.org; Fri, 14 Feb 2025 19:07:35 -0500 Received: from jade.ezihosting.com ([221.121.151.145]:42426) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <archie@HIDDEN>) id 1tj5iW-0003Jp-QP for 76278 <at> debbugs.gnu.org; Fri, 14 Feb 2025 19:07:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=halliwell.com.au; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:From:References:Cc:To:Subject:MIME-Version:Date:Message-ID:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=omJ16eocJrhgN2dB+TDL/lma93/3Ax7+DRKEA15ZgJQ=; b=blpFkSW76Lmx70WQ4ZfMgVEGu2 KY8jaqmqUee1vxgR1Ee0K8SDQ2UP9kq+fKxgyVT/mHuzTqT+L2akesP7G9YRo+fNz66L8Pr9U1p/T lA7EKA9KO+IolebtVPHeTfo392k0d1Dw8ONhVZwtNG1WIPyUZNSVLNGKh3c1eVc2fGxFN3vrwgAWz 8URuUwdH9uKuF/s/E/Xd7917J8bJeIrU+es4HxRLNsbQK3jK/tfapIrRw0tiZ117HU4pF2csjPs7u esvfBD4/EqjA0H4DZqQcsioAR81fgUGHBppRyVMaVGYU7LBLYeDjv2+lfkGwyA2KMNHRJOtIfQGDX j8Xjb0mg==; Received: from [1.159.109.45] (port=38502 helo=[192.168.0.61]) by jade.ezihosting.com with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.98) (envelope-from <archie@HIDDEN>) id 1tj5iP-0000000BADs-3NLr; Sat, 15 Feb 2025 11:07:24 +1100 Message-ID: <1d781469-5f78-4cf6-9b11-d80ec71ff4f2@HIDDEN> Date: Sat, 15 Feb 2025 11:07:20 +1100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#76278: 29.4; ERC 5.5.0.29.1: ERC Manual does not mention usage of .pem client certificates To: Eli Zaretskii <eliz@HIDDEN>, "J.P." <jp@HIDDEN> References: <3f93ebc7-8441-4db1-9565-e0d158fbe380@HIDDEN> <8634ghgc1y.fsf@HIDDEN> Content-Language: en-US From: Archie Halliwell <archie@HIDDEN> In-Reply-To: <8634ghgc1y.fsf@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - jade.ezihosting.com X-AntiAbuse: Original Domain - debbugs.gnu.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - halliwell.com.au X-Get-Message-Sender-Via: jade.ezihosting.com: authenticated_id: archie@HIDDEN X-Authenticated-Sender: jade.ezihosting.com: archie@HIDDEN X-Source: X-Source-Args: X-Source-Dir: X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 76278 Cc: 76278 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) On 14/2/25 19:34, Eli Zaretskii wrote: >> Date: Fri, 14 Feb 2025 14:43:32 +1100 >> From: Archie Halliwell <archie@HIDDEN> >> >> The ERC Manual does not explain how to use .pem client certificates, >> only how to use the combination of a .crt certificate and .key private >> key. This is confusing as Libera.Chat's CertFP instructions only mention >> the use of a .pem file, instructing users on how to create an >> appropriate one. >> >> The manual should really mention that a .pem file can be used as both >> files in the client-certificate list. > Does ERC use the .pem file directly, or does it use it indirectly, > though some GnuTLS interface? If the latter, then the source might > not be from a .pem file, but instead from some equivalent OS service > (this happens on MS-Windows, for example). So the manual should not > cause users of such systems go look for a .pem file that might not > even exist, or be irrelevant. > > Apologies if the above makes no sense: I don't use ERC and know very > little about it. > > Thanks. I believe that ERC uses GnuTLS, however the filenames are either specified in the client-certificate argument to ,,erc-tls,, or found in .authinfo.gpg. The manual gives examples using .key and .crt files, but not using .pem files. There is mention of using other services to provide certificates using auth-service, however auth-service seems to have disappeared and all links to it are broken. Libera.Chat's instructions mention the creation of .pem files on Windows as well, so I expect that specifing a .pem file through the client-certificate keyword argument is the "correct" way on all platforms.
bug-gnu-emacs@HIDDEN:bug#76278; Package emacs.
Full text available.Received: (at 76278) by debbugs.gnu.org; 14 Feb 2025 08:34:21 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 14 03:34:21 2025 Received: from localhost ([127.0.0.1]:46946 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tir9R-0006J9-7g for submit <at> debbugs.gnu.org; Fri, 14 Feb 2025 03:34:21 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37734) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1tir9O-0006Iu-EW for 76278 <at> debbugs.gnu.org; Fri, 14 Feb 2025 03:34:18 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1tir9I-0005kE-81; Fri, 14 Feb 2025 03:34:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=BLRm21eYMNumQQxmY0I2KWVIfaIWPQUuW4+aswcoUc4=; b=kaTwguB38NkQ FceCfXJvYqS8PUKECxgEjK850eGNujRYfIbQcBi7tp5fNm0kAnzYzVkqsEQ+sXtlh/XJF75B9P7e3 211pnNnk78CU4E0vDBaPOM5WBZUoFpzk+1fmxH5BIJVBa2OMMxer0+XX3KmvOq5Di+xA2gVJxPKLo bAkZG6yeB4HR8apmvdCGZF9+Cpzneajkpjw7CKvr2hP7XDo+tSr5RjHb81n1DD2DWehCaKNCGOnHk 3ijUfFJnBlWGvl9oIFllL6Cudt8c1+bBTK90hahoU6s+vIkTOtn5OvuofI9u77sLrlKq9SbAqo7ag FA2sh2RPlU9uzyp9l55wbQ==; Date: Fri, 14 Feb 2025 10:34:01 +0200 Message-Id: <8634ghgc1y.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Archie Halliwell <archie@HIDDEN>, "J.P." <jp@HIDDEN> In-Reply-To: <3f93ebc7-8441-4db1-9565-e0d158fbe380@HIDDEN> (message from Archie Halliwell on Fri, 14 Feb 2025 14:43:32 +1100) Subject: Re: bug#76278: 29.4; ERC 5.5.0.29.1: ERC Manual does not mention usage of .pem client certificates References: <3f93ebc7-8441-4db1-9565-e0d158fbe380@HIDDEN> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 76278 Cc: 76278 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > Date: Fri, 14 Feb 2025 14:43:32 +1100 > From: Archie Halliwell <archie@HIDDEN> > > The ERC Manual does not explain how to use .pem client certificates, > only how to use the combination of a .crt certificate and .key private > key. This is confusing as Libera.Chat's CertFP instructions only mention > the use of a .pem file, instructing users on how to create an > appropriate one. > > The manual should really mention that a .pem file can be used as both > files in the client-certificate list. Does ERC use the .pem file directly, or does it use it indirectly, though some GnuTLS interface? If the latter, then the source might not be from a .pem file, but instead from some equivalent OS service (this happens on MS-Windows, for example). So the manual should not cause users of such systems go look for a .pem file that might not even exist, or be irrelevant. Apologies if the above makes no sense: I don't use ERC and know very little about it. Thanks.
bug-gnu-emacs@HIDDEN:bug#76278; Package emacs.
Full text available.Received: (at submit) by debbugs.gnu.org; 14 Feb 2025 05:09:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 14 00:09:09 2025 Received: from localhost ([127.0.0.1]:46559 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tinwo-0004t5-Rh for submit <at> debbugs.gnu.org; Fri, 14 Feb 2025 00:09:09 -0500 Received: from lists.gnu.org ([2001:470:142::17]:34794) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <archie@HIDDEN>) id 1timcz-0000jm-R0 for submit <at> debbugs.gnu.org; Thu, 13 Feb 2025 22:44:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <archie@HIDDEN>) id 1timcs-000335-MG for bug-gnu-emacs@HIDDEN; Thu, 13 Feb 2025 22:44:26 -0500 Received: from jade.ezihosting.com ([221.121.151.145]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <archie@HIDDEN>) id 1timcp-0007Dd-8p for bug-gnu-emacs@HIDDEN; Thu, 13 Feb 2025 22:44:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=halliwell.com.au; s=default; h=Content-Transfer-Encoding:Content-Type:From: Subject:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=v6vcaQ53S1QD7uMKBTmWgZnW3H7KWvx8swlpz32TemM=; b=NXYtMaAqL1Ac+vm9fyJ9gQ2noZ sIO4JAbP+XyKK3g4BgzVjbtgfUgaQSKVv2r6iTLV7rW3fRtGUIpEROno82IROYcjZehkoH/jusnZb GT7leJznf34Cc8XnCbgCxiSK0KSU8YUus5v+d+q5DfXuSYM5afmt3V0+cY6LHEAquAk2zHof0RhMr 6mSuDXZGvaABsAyuQkeoou5yZtnKTgTVePnzafkXCoI8ezsSHZRME1jM1SU/BBYnSA7xbW83mX1lY WY/J0u6bc5ZzNjuRqUmoVobRdzyUf2xBNDwheELNk4qJMpyYDC7HbEh9zW8LTg5okzmzoBYSSS9Y1 snRlEsyA==; Received: from [1.159.109.45] (port=35724 helo=[192.168.0.61]) by jade.ezihosting.com with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.98) (envelope-from <archie@HIDDEN>) id 1timc4-000000092Ws-2kJI for bug-gnu-emacs@HIDDEN; Fri, 14 Feb 2025 14:43:36 +1100 Message-ID: <3f93ebc7-8441-4db1-9565-e0d158fbe380@HIDDEN> Date: Fri, 14 Feb 2025 14:43:32 +1100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: bug-gnu-emacs@HIDDEN Subject: 29.4; ERC 5.5.0.29.1: ERC Manual does not mention usage of .pem client certificates Content-Language: en-US From: Archie Halliwell <archie@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - jade.ezihosting.com X-AntiAbuse: Original Domain - gnu.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - halliwell.com.au X-Get-Message-Sender-Via: jade.ezihosting.com: authenticated_id: archie@HIDDEN X-Authenticated-Sender: jade.ezihosting.com: archie@HIDDEN X-Source: X-Source-Args: X-Source-Dir: Received-SPF: pass client-ip=221.121.151.145; envelope-from=archie@HIDDEN; helo=jade.ezihosting.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 14 Feb 2025 00:09:04 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.0 (/) Hello, The ERC Manual does not explain how to use .pem client certificates, only how to use the combination of a .crt certificate and .key private key. This is confusing as Libera.Chat's CertFP instructions only mention the use of a .pem file, instructing users on how to create an appropriate one. The manual should really mention that a .pem file can be used as both files in the client-certificate list. When I was trying to set up CertFP I ended up trying to create a .crt and .key from the .pem I had previously created, and could not connect using them (presumably I had not created them properly). I imagine that other users have run into this issue in the past, and have either given up or had to ask for help on #erc as I did. In GNU Emacs 29.4 (build 1, x86_64-pc-linux-gnu, Motif Version 2.3.8, cairo version 1.18.0) of 2024-10-03 built on localhost Windowing system distributor 'The X.Org Foundation', version 11.0.12401004 System Description: Gentoo Linux Configured using: 'configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --datarootdir=/usr/share --disable-silent-rules --docdir=/usr/share/doc/emacs-29.4 --htmldir=/usr/share/doc/emacs-29.4/html --libdir=/usr/lib64 --program-suffix=-emacs-29 --includedir=/usr/include/emacs-29 --infodir=/usr/share/info/emacs-29 --localstatedir=/var --enable-locallisppath=/etc/emacs:/usr/share/emacs/site-lisp --without-compress-install --without-hesiod --without-pop --with-file-notification=inotify --with-pdumper --enable-acl --with-dbus --without-modules --without-gameuser --with-libgmp --with-gpm --without-native-compilation --without-json --with-kerberos --with-kerberos5 --with-lcms2 --without-xml2 --without-mailutils --without-selinux --without-sqlite3 --with-gnutls --without-libsystemd --with-threads --without-tree-sitter --without-wide-int --with-sound=alsa --with-zlib --with-x --without-pgtk --without-ns --without-gconf --without-gsettings --without-toolkit-scroll-bars --with-xpm --with-xft --with-cairo --without-harfbuzz --without-libotf --without-m17n-flt --with-x-toolkit=motif --with-gif --with-jpeg --with-png --with-rsvg --with-tiff --without-webp --without-imagemagick --with-dumping=pdumper 'CFLAGS=-O2 -pipe -march=native -fno-fast-math -ffp-contract=off' CPPFLAGS= 'LDFLAGS=-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs'' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM JPEG LCMS2 NOTIFY INOTIFY PDUMPER PNG RSVG SECCOMP SOUND THREADS TIFF X11 XDBE XIM XINPUT2 XPM MOTIF ZLIB Important settings: value of $LC_MONETARY: en_AU.UTF-8 value of $LANG: en_AU.utf8 locale-coding-system: utf-8-unix Major mode: ERC Minor modes in effect: erc-list-mode: t erc-menu-mode: t erc-autojoin-mode: t erc-ring-mode: t erc-pcomplete-mode: t erc-track-mode: t erc-track-minor-mode: t erc-match-mode: t erc-button-mode: t erc-fill-mode: t erc-stamp-mode: t erc-netsplit-mode: t erc-irccontrols-mode: t erc-noncommands-mode: t erc-move-to-prompt-mode: t erc-readonly-mode: t erc-networks-mode: t tooltip-mode: t global-eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t line-number-mode: t indent-tabs-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message yank-media dired dired-loaddefs rfc822 mml mml-sec epa derived epg rfc6068 epg-config gnus-util mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils shortdoc text-property-search erc-ibuffer ibuf-ext ibuffer ibuffer-loaddefs erc-log erc-notify erc-page erc-services erc-sound erc-speedbar speedbar ezimage dframe erc-xdcc erc-dcc help-fns radix-tree help-mode gnutls network-stream puny nsm erc-list erc-menu erc-join erc-ring erc-pcomplete pcomplete comint ansi-osc ansi-color ring erc-track erc-match erc-button browse-url url url-proxy url-privacy url-expand url-methods url-history url-cookie generate-lisp-file url-domsuf url-util url-parse url-vars mailcap wid-edit erc-fill erc-stamp erc-netsplit erc-goodies erc iso8601 time-date auth-source cl-seq eieio eieio-core cl-macs password-cache json subr-x map thingatpt pp format-spec cl-loaddefs cl-lib erc-backend erc-networks byte-opt gv bytecomp byte-compile erc-common erc-compat erc-loaddefs rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads dbusbind inotify lcms2 dynamic-setting font-render-setting cairo motif x-toolkit xinput2 x multi-tty make-network-process emacs) Memory information: ((conses 16 110605 7861) (symbols 48 11818 0) (strings 32 37138 2697) (string-bytes 1 1036615) (vectors 16 21308) (vector-slots 8 266009 7336) (floats 8 106 22) (intervals 56 630 236) (buffers 976 16))
Archie Halliwell <archie@HIDDEN>:bug-gnu-emacs@HIDDEN.
Full text available.bug-gnu-emacs@HIDDEN:bug#76278; Package emacs.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.