From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/71045
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: tls-program
Date: Sun, 19 Sep 2010 01:47:46 +0200
Organization: Programmerer Ingebrigtsen
Message-ID: <m3zkver4v1.fsf@quimbies.gnus.org>
References: <m3k4misn2k.fsf@quimbies.gnus.org>
	<87y6ay3c1q.fsf@news.realpath.org> <m34odmslpa.fsf@quimbies.gnus.org>
	<87sk163b6o.fsf@news.realpath.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1284853714 31783 80.91.229.12 (18 Sep 2010 23:48:34 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sat, 18 Sep 2010 23:48:34 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M19418@lists.math.uh.edu Sun Sep 19 01:48:33 2010
Return-path: <ding-owner+M19418@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M19418@lists.math.uh.edu>)
	id 1Ox78x-0006o3-Je
	for ding-account@gmane.org; Sun, 19 Sep 2010 01:48:31 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M19418@lists.math.uh.edu>)
	id 1Ox78Y-0004mr-Sa; Sat, 18 Sep 2010 18:48:06 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <postmaster@quimby.gnus.org>)
	id 1Ox78X-0004mc-FS
	for ding@lists.math.uh.edu; Sat, 18 Sep 2010 18:48:05 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtp (Exim 4.72)
	(envelope-from <postmaster@quimby.gnus.org>)
	id 1Ox78R-0008IJ-V1
	for ding@lists.math.uh.edu; Sat, 18 Sep 2010 18:48:04 -0500
Original-Received: from lo.gmane.org ([80.91.229.12])
	by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian))
	id 1Ox78Q-0000ZT-00
	for <ding@gnus.org>; Sun, 19 Sep 2010 01:47:58 +0200
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Ox78N-0006eD-2c
	for ding@gnus.org; Sun, 19 Sep 2010 01:47:55 +0200
Original-Received: from cm-84.215.34.171.getinternet.no ([84.215.34.171])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Sun, 19 Sep 2010 01:47:55 +0200
Original-Received: from larsi by cm-84.215.34.171.getinternet.no with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Sun, 19 Sep 2010 01:47:55 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: ding@gnus.org
Original-Lines: 34
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: cm-84.215.34.171.getinternet.no
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXq4tO3tK6HgnsXFBPA
 vrjNycH79OOTfMDnAAACS0lEQVQ4jV2UQXOzIBCG18zAWQjeA0bPrUzvNcXvrBZypplm//9P6IKY
 pt86Osjj7rK8rKCmwMLDnJvo6ScvII/Si3OO5gUZjbzPwIuRLpHvAhw4cnQTvZp06QeCKfjwv3lF
 IHjPnifnGVjIwLkxO49qnGAzAiN4R6GIeBFgN6ZcXi5AXjIgwujHZm4yoLntM0xmjOzOOoNQABZg
 TlIy59TuQZMHo+lZdwgExC+4WGt7RN0hMpUL3MBqM4hrh/EZQGvtcOmlMKuXzyASMPJqtDbrBtIu
 RMAEtMAlzM172IELHKPpVlNva34kDw3y7xM2d17Afdv2sIyI33VEVPwvqBniF1USDdWB8PlagJ8Z
 R8Y53kyXdsVa5nJyX8GEDDhKcyZXbWy3gVAxRRrwuzbdhDdh7EntHssEgUvTdmM4aLGD8MWZiPPB
 tMPZS60XO5dQdwAdWUta0H5xIftYPBA4CcarBHo82icADcyAUlmLkbxiKRAjNnO94qVzEm8kC5Qc
 yPEM/47r18CXkPSqdwAYquunwUOvPhM47aF4rKrrh+XY2LaAMQOEg7je7HUTfrDvD0Anp75bHo8J
 vNn4BE4Ntn38SGAd/gDHj8OaMrzal1KHR1Kir+BA0cmO9mXXnEQQ/Z1AMiPbE9uXi7flLUIuwdpp
 qQmEkuNARWxg8Evz6+Er+4btBiapwi9gVG4GZqC22wH1w0QqjXTr1mopXGpOl34WotiQvVIPU3PS
 SUy/BRJbqy1N6m2RNHEXbWSK4472yYPaX5VYo8zryuMfiXL20Paj6i0AAAAASUVORK5CYII=
Mail-Copies-To: never
X-Now-Playing: Hector Zazou's _Reivax au Congo_
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:co0z2TnEb2GWlA56gqsi1qetCfQ=
X-Spam-Score: -1.9 (-)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:71045
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/71045>

Sebastian Krause <sebastian@realpath.org> writes:

> Since I can imagine that the native TLS in Emacs 24 will probably be
> based on GnuTLS as well (just guessing), it might be worth trying to
> find out what's going wrong here. What happens when you try to
> directly connect to the servers from the shell, e.g. with "gnutls-cli
> -p 993 imap.example.com"?

Excellent point.

It turns out that gnutls-cli terminates with:

- The hostname in the certificate does NOT match '<host name>'

So the IMAP servers have certificates that don't match their names.  I'm
guessing that that's common?  Adding --insecure fixes this.

So...  what would be the nicest behaviour here?  Adding --insecure would
probably not be nice.  But not nice to not work, either.

Hang on.  Why does the openssh thing work if the certificate isn't
valid?

Ah.  It says

    Verify return code: 10 (certificate has expired)

and then continues merrily on.  So gnutls-cli defaults to secure, while
openssl defaults to insecure?  That seems inconsistent.  So perhaps
adding --insecure is the right thing, after all?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen