From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83141 Path: news.gmane.org!not-for-mail From: Steinar Bang Newsgroups: gmane.emacs.gnus.general Subject: Re: nntp server news.gmane.org tries to use gnutls Date: Wed, 08 May 2013 13:38:57 +0200 Organization: Probably a good idea Message-ID: References: <87li7q22th.fsf@randomsample.de> <87ehdih3ta.fsf@dod.no> <87a9o6h3g7.fsf_-_@dod.no> <87y5bq319r.fsf@topper.koldfront.dk> <8761yugywn.fsf@dod.no> <87zjw5j1y7.fsf@topper.koldfront.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1368013261 11991 80.91.229.3 (8 May 2013 11:41:01 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 May 2013 11:41:01 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M31407@lists.math.uh.edu Wed May 08 13:41:01 2013 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Ua2jy-0002XJ-RS for ding-account@gmane.org; Wed, 08 May 2013 13:40:59 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1Ua2iK-0005te-KM; Wed, 08 May 2013 06:39:16 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1Ua2iI-0005tL-M2 for ding@lists.math.uh.edu; Wed, 08 May 2013 06:39:14 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1Ua2iD-0008CC-SU for ding@lists.math.uh.edu; Wed, 08 May 2013 06:39:13 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1Ua2iB-0005ZJ-TJ for ding@gnus.org; Wed, 08 May 2013 13:39:07 +0200 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Ua2iB-0000lv-If for ding@gnus.org; Wed, 08 May 2013 13:39:07 +0200 Original-Received: from steria10.steria.no ([195.204.41.10]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 May 2013 13:39:07 +0200 Original-Received: from sb by steria10.steria.no with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 May 2013 13:39:07 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: ding@gnus.org Original-Lines: 63 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: steria10.steria.no Mail-Copies-To: never User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3 (windows-nt) Cancel-Lock: sha1:Dx/BVndXpsSh/gb24V5ECfQgmnw= X-Spam-Score: -3.3 (---) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:83141 Archived-At: >>>>> asjo@koldfront.dk (Adam Sjøgren): > To me it sounds like a feature - default to the most reasonable thing > to do. Yes, but that's what I was unsure about: is gunning for STARTTLS always the most reasonable thing to do...? > It sounds like a bug if it doesn't work, though. Indeed. > I don't think I have done anything like that to make it work - I may > be misremembering though. Looks like I just have (require 'gnutls) and > that's it. I tried Katsumi Yamaoka's workaround, but that didn't work for me. I just got Opening nntp server on news.gmane.org...done apply: Server closed connection Since then it has sometimes worked and sometimes not. Entering gmane.discuss worked, but entering this group immediately after, failed. So now I tried upping the GNUTls log level in Messages, by doing (setq gnutls-log-level 1) in the scratch buffer. And then entering this group worked without a hitch... but I don't know if this was coincidental or an actual effect. Have the gmane servers had some issues today, I wonder...? This is what the increased log level said: Opening nntp server on news.gmane.org... gnutls.c: [1] (Emacs) allocating credentials gnutls.c: [1] (Emacs) gnutls callbacks gnutls.c: [1] (Emacs) gnutls_init gnutls.c: [1] (Emacs) got non-default priority string: NORMAL gnutls.c: [1] (Emacs) setting the priority string news.gmane.org certificate could not be verified. gnutls.c: [1] (Emacs) certificate signer was not found: news.gmane.org gnutls.c: [1] (Emacs) certificate validation failed: news.gmane.org Opening nntp server on news.gmane.org...done (certificate validation failed, but that did not stop Gnus from continuing) >> (BTW it would be nice if the gmane.org certs were signed by cacert >> instead of being self-signed) > They just have to be updated quite often, which is a {b,ch}ore. Possible solutions: - Automate the server certificate updates (once every 3 months) http://wiki.cacert.org/Software/CertApi - Someone (ie. Lars) should get a higher level of trust with cacert.org and get longer-lived certs - Both of the above (I think I will try for the automated solution for my own certs)