[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-init
From: |
Ted Zlatanov |
Subject: |
bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake |
Date: |
Tue, 10 Apr 2012 07:54:01 -0400 |
User-agent: |
Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.95 (gnu/linux) |
On Mon, 09 Apr 2012 23:07:34 -0400 Thomas Fitzsimmons <fitzsim@fitzsim.org>
wrote:
TF> I tried trunk against my IMAP server and the applied patch prevents the
TF> infinite loop. At the default gnutls-log-level, a connection attempt
TF> fails with:
TF> Warning: Opening nnimap server on <imap_server_hostname>...failed: ; Unable
to open server nnimap+<imap_server_hostname> due to: GnuTLS error: #<process
*nnimap*>, -9
TF> gnutls.c: [0] (Emacs) fatal error: The specified session has been
invalidated for some reason.
Wonderful.
TF> A nice improvement would be to detect when the server uses a ciphersuite
TF> that GnuTLS's default priority list ("NORMAL") rejects, warn the user,
TF> and ask if they want to retry with a more permissive list
TF> ("PERFORMANCE"). But that's a separate enhancement -- for now your
TF> patch fixes the infinite loop and setting gnutls-algorithm-priority to
TF> "performance" works around the server's weak ciphersuite.
I plan to follow Nikos' advice here:
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6017
so we'll drop from NORMAL to PERFORMANCE, basically, if the user
approves. After the 24.1 release I'll look at this.
Ted