[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24575: libgnutls MacOSX bug?
From: |
npostavs |
Subject: |
bug#24575: libgnutls MacOSX bug? |
Date: |
Sat, 01 Oct 2016 08:07:22 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Eli Zaretskii <eliz@gnu.org> writes:
>> Date: Sat, 1 Oct 2016 05:20:31 -0500
>> From: "Devon Sean McCullough" <Devon2016@jovi.net>
>>
>> Perhaps the bug is in libgnutls which Emacs-25 has and Emacs-24 lacks?
>
> My Emacs is built with GnuTLS, and it doesn't show the problem.
>
> GnuTLS uses the system's store of the certificates, so I think the
> problem might be there.
I think this is a problem on the remote end. I see this problem, but
not every time. Checking with gnutls-cli it seems that that when
www.hostgator.com resolves to 50.23.69.98 it serves fewer certificates,
and fails to verify. Other machines serve more certificates and
verification succeeds.
~$ gnutls-cli www.hostgator.com
Processed 183 CA certificate(s).
Resolving 'www.hostgator.com'...
Connecting to '173.192.226.44:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `OU=Domain Control Validated,OU=Hosted by HostGator.com\,
LLC.,OU=PositiveSSL Wildcard,CN=*.hostgator.com', issuer `C=GB,ST=Greater
Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure
Server CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-10-16
00:00:00 UTC', expires `2018-10-15 23:59:59 UTC', SHA-1 fingerprint
`1327565bd907609d8cc120fd0af53426347486c5'
Public Key ID:
75265ba9039f77c136d9519931b9c8496dd91967
Public key's random art:
+--[ RSA 2048]----+
| .=E|
| + %=|
| . o B X o|
| + O = + |
| S * . . |
| o . |
| |
| |
| |
+-----------------+
- Certificate[1] info:
- subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO
RSA Domain Validation Secure Server CA', issuer `C=GB,ST=Greater
Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Certification
Authority', RSA key 2048 bits, signed using RSA-SHA384, activated `2014-02-12
00:00:00 UTC', expires `2029-02-11 23:59:59 UTC', SHA-1 fingerprint
`339cdd57cfd5b141169b615ff31428782d1da639'
- Certificate[2] info:
- subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO
RSA Certification Authority', issuer `C=SE,O=AddTrust AB,OU=AddTrust External
TTP Network,CN=AddTrust External CA Root', RSA key 4096 bits, signed using
RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38
UTC', SHA-1 fingerprint `f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0'
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-CBC)-(SHA256)
- Session ID:
47:28:B2:1E:8E:60:4F:17:8C:03:4C:21:50:F0:27:82:54:4B:5F:60:31:B0:48:D5:84:08:BC:30:82:30:86:EB
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-128-CBC
- MAC: SHA256
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed
- Simple Client Mode:
- Peer has closed the GnuTLS connection
~$ gnutls-cli www.hostgator.com
Processed 183 CA certificate(s).
Resolving 'www.hostgator.com'...
Connecting to '50.23.69.98:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `OU=Domain Control Validated,OU=Hosted by HostGator.com\,
LLC.,OU=PositiveSSL Wildcard,CN=*.hostgator.com', issuer `C=GB,ST=Greater
Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure
Server CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2015-10-16
00:00:00 UTC', expires `2018-10-15 23:59:59 UTC', SHA-1 fingerprint
`1327565bd907609d8cc120fd0af53426347486c5'
Public Key ID:
75265ba9039f77c136d9519931b9c8496dd91967
Public key's random art:
+--[ RSA 2048]----+
| .=E|
| + %=|
| . o B X o|
| + O = + |
| S * . . |
| o . |
| |
| |
| |
+-----------------+
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.