bug#24575: libgnutls MacOSX bug?

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#24575: libgnutls MacOSX bug?

From:	npostavs
Subject:	bug#24575: libgnutls MacOSX bug?
Date:	Sat, 01 Oct 2016 08:07:22 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Eli Zaretskii <eliz@gnu.org> writes:

>> Date: Sat, 1 Oct 2016 05:20:31 -0500
>> From: "Devon Sean McCullough" <Devon2016@jovi.net>
>> 
>> Perhaps the bug is in libgnutls which Emacs-25 has and Emacs-24 lacks?
>
> My Emacs is built with GnuTLS, and it doesn't show the problem.
>
> GnuTLS uses the system's store of the certificates, so I think the
> problem might be there.

I think this is a problem on the remote end.  I see this problem, but
not every time.  Checking with gnutls-cli it seems that that when
www.hostgator.com resolves to 50.23.69.98 it serves fewer certificates,
and fails to verify.  Other machines serve more certificates and
verification succeeds.

~$ gnutls-cli www.hostgator.com
Processed 183 CA certificate(s).
Resolving 'www.hostgator.com'...
Connecting to '173.192.226.44:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `OU=Domain Control Validated,OU=Hosted by HostGator.com\, 
LLC.,OU=PositiveSSL Wildcard,CN=*.hostgator.com', issuer `C=GB,ST=Greater 
Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure 
Server CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-10-16 
00:00:00 UTC', expires `2018-10-15 23:59:59 UTC', SHA-1 fingerprint 
`1327565bd907609d8cc120fd0af53426347486c5'
        Public Key ID:
                75265ba9039f77c136d9519931b9c8496dd91967
        Public key's random art:
                +--[ RSA 2048]----+
                |              .=E|
                |             + %=|
                |        . o B X o|
                |         + O = + |
                |        S * . .  |
                |           o .   |
                |                 |
                |                 |
                |                 |
                +-----------------+

- Certificate[1] info:
 - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO 
RSA Domain Validation Secure Server CA', issuer `C=GB,ST=Greater 
Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Certification 
Authority', RSA key 2048 bits, signed using RSA-SHA384, activated `2014-02-12 
00:00:00 UTC', expires `2029-02-11 23:59:59 UTC', SHA-1 fingerprint 
`339cdd57cfd5b141169b615ff31428782d1da639'
- Certificate[2] info:
 - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO 
RSA Certification Authority', issuer `C=SE,O=AddTrust AB,OU=AddTrust External 
TTP Network,CN=AddTrust External CA Root', RSA key 4096 bits, signed using 
RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 
UTC', SHA-1 fingerprint `f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0'
- Status: The certificate is trusted. 
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-CBC)-(SHA256)
- Session ID: 
47:28:B2:1E:8E:60:4F:17:8C:03:4C:21:50:F0:27:82:54:4B:5F:60:31:B0:48:D5:84:08:BC:30:82:30:86:EB
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: SECP256R1
 - Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-128-CBC
- MAC: SHA256
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed

- Simple Client Mode:

- Peer has closed the GnuTLS connection
~$ gnutls-cli www.hostgator.com
Processed 183 CA certificate(s).
Resolving 'www.hostgator.com'...
Connecting to '50.23.69.98:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `OU=Domain Control Validated,OU=Hosted by HostGator.com\, 
LLC.,OU=PositiveSSL Wildcard,CN=*.hostgator.com', issuer `C=GB,ST=Greater 
Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure 
Server CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-10-16 
00:00:00 UTC', expires `2018-10-15 23:59:59 UTC', SHA-1 fingerprint 
`1327565bd907609d8cc120fd0af53426347486c5'
        Public Key ID:
                75265ba9039f77c136d9519931b9c8496dd91967
        Public key's random art:
                +--[ RSA 2048]----+
                |              .=E|
                |             + %=|
                |        . o B X o|
                |         + O = + |
                |        S * . .  |
                |           o .   |
                |                 |
                |                 |
                |                 |
                +-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#24575: libgnutls MacOSX bug?, Devon Sean McCullough, 2016/10/01
- bug#24575: libgnutls MacOSX bug?, Eli Zaretskii, 2016/10/01
  - bug#24575: libgnutls MacOSX bug?, npostavs <=

Prev by Date: bug#24577: 25.1; Proposal to improve C-u C-h c behavior
Next by Date: bug#24577: 25.1; Proposal to improve C-u C-h c behavior
Previous by thread: bug#24575: libgnutls MacOSX bug?
Next by thread: bug#24555: [PATCH] Remove unused variable `command-debug-status'
Index(es):
- Date
- Thread