From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83147 Path: news.gmane.org!not-for-mail From: Steinar Bang Newsgroups: gmane.emacs.gnus.general Subject: Re: SSL problems on dovecot 2.1.7 Date: Thu, 09 May 2013 13:40:53 +0200 Organization: Probably a good idea Message-ID: <87li7oe5yy.fsf@dod.no> References: <87txmceaxj.fsf@dod.no> <87mws4xwiz.fsf@topper.koldfront.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1368099776 5889 80.91.229.3 (9 May 2013 11:42:56 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 9 May 2013 11:42:56 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M31413@lists.math.uh.edu Thu May 09 13:42:52 2013 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UaPFM-0000Yd-C8 for ding-account@gmane.org; Thu, 09 May 2013 13:42:52 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1UaPDi-0004Ut-6N; Thu, 09 May 2013 06:41:10 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1UaPDf-0004Ue-Am for ding@lists.math.uh.edu; Thu, 09 May 2013 06:41:07 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1UaPDd-00082G-AG for ding@lists.math.uh.edu; Thu, 09 May 2013 06:41:06 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1UaPDb-0003rC-Ao for ding@gnus.org; Thu, 09 May 2013 13:41:03 +0200 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UaPDa-00073g-7w for ding@gnus.org; Thu, 09 May 2013 13:41:02 +0200 Original-Received: from cm-84.208.246.141.getinternet.no ([84.208.246.141]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 09 May 2013 13:41:02 +0200 Original-Received: from sb by cm-84.208.246.141.getinternet.no with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 09 May 2013 13:41:02 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: ding@gnus.org Original-Lines: 82 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: cm-84.208.246.141.getinternet.no Mail-Copies-To: never User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.4 (gnu/linux) Cancel-Lock: sha1:odzUgbKygP9FPoFe7vI6nrEg2bE= X-Spam-Score: -3.1 (---) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:83147 Archived-At: >>>>> asjo@koldfront.dk (Adam Sjøgren): >> - Peer's certificate issuer is unknown >> - Peer's certificate is NOT trusted > Shouldn't you fix those, according to your own logic? Indeed I should. And I will do so when I figure out how. But I don't think they are the real issue, because this article has that same output and things seem to be working: http://blog.josefsson.org/2009/04/16/cacert-and-gnutls/ Also, the "gnutls-cli" session I listed doesn't seem to stop when encountering these snags, but continues down to the start of a cleartext IMAP dialog. >From what (little) I know about CA-certifictes and signing, I don't understand that I'm getting these messages...? Because the client machine here is a debian testing machine, and the cacert.org root certificate is already in /etc/ssl/certs/ on this machine. When I tried to point the win7/emacs24/ma gnus/gnutls.dll combo at the cacert.org root certificate, by adjusting gnutls-trustfiles: (push "c:/ProgramFiles/emacs-24.3/etc/gnutls/cacert.org_root.crt" gnutls-trustfiles) and then tried to open the imaps server with gnutls-log-level set to 5, emacs 24 crashed on me. When I try to open the imap server with gnutls-log-level set to 1, this is what I get: Opening connection to imap.mydomain.com via tls... gnutls.c: [1] (Emacs) allocating credentials gnutls.c: [1] (Emacs) setting the trustfile: c:/ProgramFiles/emacs-24.3/etc/gnutls/cacert.org_root.crt gnutls.c: [1] (Emacs) gnutls callbacks gnutls.c: [1] (Emacs) gnutls_init gnutls.c: [1] (Emacs) got non-default priority string: NORMAL gnutls.c: [1] (Emacs) setting the priority string (and there it just stops...) With gnutls-log-level set to 2, this is what I get (which doesn't enlighten me any more): Opening connection to imap.mydomain.com via tls... gnutls.c: [1] (Emacs) allocating credentials gnutls.c: [2] (Emacs) allocating x509 credentials gnutls.c: [2] (Emacs) using default verification flags gnutls.c: [1] (Emacs) setting the trustfile: c:/ProgramFiles/emacs-24.3/etc/gnutls/cacert.org_root.crt gnutls.c: [1] (Emacs) gnutls callbacks gnutls.c: [1] (Emacs) gnutls_init gnutls.c: [1] (Emacs) got non-default priority string: NORMAL gnutls.c: [1] (Emacs) setting the priority string gnutls.c: [2] ASSERT: gnutls_constate.c:716 gnutls.c: [2] ASSERT: gnutls_buffers.c:955 gnutls.c: [2] ASSERT: gnutls_buffers.c:955 gnutls.c: [2] ASSERT: gnutls_buffers.c:955 gnutls.c: [2] ASSERT: signature.c:305 gnutls.c: [2] ASSERT: gnutls_buffers.c:955 gnutls.c: [2] ASSERT: gnutls_buffers.c:1037 gnutls.c: [2] ASSERT: gnutls_buffers.c:1146 gnutls.c: [2] ASSERT: session_ticket.c:684 gnutls.c: [2] ASSERT: gnutls_buffers.c:955 gnutls.c: [2] ASSERT: mpi.c:255 gnutls.c: [2] ASSERT: dn.c:1207 gnutls.c: [2] (Emacs) Deallocating x509 credentials Quit (Sigh! I feel a headache coming on...)