From: Lars Magne Ingebrigtsen <larsi@gnus.org>
To: ding@gnus.org
Subject: Re: tls-program
Date: Sun, 19 Sep 2010 01:47:46 +0200 [thread overview]
Message-ID: <m3zkver4v1.fsf@quimbies.gnus.org> (raw)
In-Reply-To: <87sk163b6o.fsf@news.realpath.org>
Sebastian Krause <sebastian@realpath.org> writes:
> Since I can imagine that the native TLS in Emacs 24 will probably be
> based on GnuTLS as well (just guessing), it might be worth trying to
> find out what's going wrong here. What happens when you try to
> directly connect to the servers from the shell, e.g. with "gnutls-cli
> -p 993 imap.example.com"?
Excellent point.
It turns out that gnutls-cli terminates with:
- The hostname in the certificate does NOT match '<host name>'
So the IMAP servers have certificates that don't match their names. I'm
guessing that that's common? Adding --insecure fixes this.
So... what would be the nicest behaviour here? Adding --insecure would
probably not be nice. But not nice to not work, either.
Hang on. Why does the openssh thing work if the certificate isn't
valid?
Ah. It says
Verify return code: 10 (certificate has expired)
and then continues merrily on. So gnutls-cli defaults to secure, while
openssl defaults to insecure? That seems inconsistent. So perhaps
adding --insecure is the right thing, after all?
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
next prev parent reply other threads:[~2010-09-18 23:47 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-18 22:29 tls-program Lars Magne Ingebrigtsen
2010-09-18 22:44 ` tls-program Ludovic Courtès
2010-09-18 22:46 ` tls-program Sebastian Krause
2010-09-18 22:51 ` tls-program Sebastian Krause
2010-09-18 22:58 ` tls-program Lars Magne Ingebrigtsen
2010-09-18 23:05 ` tls-program Sebastian Krause
2010-09-18 23:47 ` Lars Magne Ingebrigtsen [this message]
2010-09-19 4:20 ` tls-program Daniel Pittman
2010-09-19 12:25 ` tls-program Lars Magne Ingebrigtsen
2010-09-19 13:21 ` tls-program Steinar Bang
2010-09-19 13:27 ` tls-program Lars Magne Ingebrigtsen
2010-09-19 17:42 ` tls-program David Engster
2010-09-19 17:47 ` tls-program Lars Magne Ingebrigtsen
2010-09-20 14:53 ` tls-program Ted Zlatanov
2010-09-21 16:11 ` tls-program Lars Magne Ingebrigtsen
2010-09-19 15:48 ` tls-program Frank Schmitt
2010-09-19 15:58 ` tls-program Lars Magne Ingebrigtsen
2010-09-19 8:48 ` tls-program Tibor Simko
2010-09-19 12:28 ` tls-program Lars Magne Ingebrigtsen
2010-09-19 12:29 ` tls-program Lars Magne Ingebrigtsen
2010-09-19 19:17 ` tls-program James Cloos
2010-09-19 19:15 ` tls-program James Cloos
2010-09-19 19:21 ` tls-program Lars Magne Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3zkver4v1.fsf@quimbies.gnus.org \
--to=larsi@gnus.org \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).