bug#27658: 26.0.50; response parsing hangs when using tls.el and gnutls-cli.exe on Windows

[Richard Copley]

On 13 Jul 2017 16:49, "Eli Zaretskii" <eliz@gnu.org> wrote:

> From: Richard Copley <rcopley@gmail.com>
> Date: Thu, 13 Jul 2017 03:42:56 +0100
> Cc: 27658@debbugs.gnu.org
>
> > Hmm, and I see that #15905 was closed as wontfix too, so it's basically
> > unsupported at this point even on GNU/Linux platforms.  We should mark
> > it as obsolete at least, if not remove it entirely.
>
> That's a shame, because the library-based implementation has some flaws
> too. I've been trying to debug where that goes wrong, when it accepts certs
> for the wrong host and self-signed certs. (Test case in Glyph's blog post.)
> I didn't learn much. Never mind :)

Are you sure that blog is still accurate?  It's quite old, and newer
versions of the GnuTLS library became meanwhile available.

No doubt some stuff there is no longer valid, but the test case should
succeed.

I have the latest release of GnuTLS and I did my own testing and
debugging using gnutls-cli.exe before writing this bug report.

I mentioned the library in my last message. I find (on my own system
today) that the Emacs TLS implementation using the library (in
gnutls.{c,el}) works except that it accepts bad certificates. I don't
think that's stated in the blog at all -- the blog is also mostly
about the implementation based on an external program (in tls.el).

The possible bug in gnutls.{c,el} or the library itself, the one I was
talking about in my last message, appears to be what is spoken about
here(1) in November 2015 and here(2) in February 2016. As far as I
know it doesn't have an Emacs bug report.

(1) https://emacs.stackexchange.com/questions/18079/emacs-tls-check-is-still-ill-configured
(2) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816063