Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2017-04-16 Thread Rob Browning
Antoine Beaupre writes: > Obviously, one should never use openssl s_client for stuff like this... > I should also note that even though Emacs 24 supports TLS natively now, > its handling of X509 certificate is really problematic, as documented in > #816063. I've just

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2017-02-22 Thread Antoine Beaupre
On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote: > Kurt Roeckx writes: > > > From what I understand, it is (or was) possible to configure > > things in such a way that it uses s_client to set up SSL, even > > when it's configured to use gnutls. You should never

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2016-02-20 Thread Lars Ingebrigtsen
Kurt Roeckx writes: > From what I understand, it is (or was) possible to configure > things in such a way that it uses s_client to set up SSL, even > when it's configured to use gnutls. You should never use s_client > for that. s_client is a debug tool. It does create an SSL >

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2016-02-20 Thread Kurt Roeckx
On Fri, Oct 24, 2014 at 09:39:28AM -0400, Ted Zlatanov wrote: > On Thu, 23 Oct 2014 10:57:17 -0500 Rob Browning > wrote: > > RB> Ted Zlatanov writes: > >> could you provide a test case? The information gathered by > >> `M-x report-emacs-bug' would be

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-27 Thread Filipp Gunbin
On 24/10/2014 11:01 +0400, Lars Magne Ingebrigtsen wrote: I grepped through the Emacs tree, and there seems to still be one in-tree usage -- mail-source.el. It uses imap.el to allow a simple download-from-IMAP thing. Which probably nobody uses, but should still be present, I think. If I

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-25 Thread Richard Stallman
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] In an issue of security vulnerability, giving users the right defaults is paramount.

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-24 Thread Lars Magne Ingebrigtsen
Stefan Monnier monn...@iro.umontreal.ca writes: Is there anything that uses imap.el? I thought it was obsolete... Should we move it to lisp/obsolete, then? I grepped through the Emacs tree, and there seems to still be one in-tree usage -- mail-source.el. It uses imap.el to allow a simple

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-24 Thread Ted Zlatanov
On Thu, 23 Oct 2014 12:34:38 -0400 Richard Stallman r...@gnu.org wrote: RS I've read that falling back to ssl3 is a real security hole, RS being exploited frequently. That feature should be removed. That's not really relevant to the bug report, but with GnuTLS you use priority strings to

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-24 Thread Ted Zlatanov
On Thu, 23 Oct 2014 10:57:17 -0500 Rob Browning r...@defaultvalue.org wrote: RB Ted Zlatanov t...@lifelogs.com writes: could you provide a test case? The information gathered by `M-x report-emacs-bug' would be really helpful, too. RB Hmm, I'm not the original reporter, and don't yet deeply

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Ted Zlatanov
On Wed, 22 Oct 2014 15:05:02 -0500 Rob Browning r...@defaultvalue.org wrote: RB Rob Browning r...@defaultvalue.org writes: The following issue was just reported against emacs23 in Debian, and from a quick glance, it looks like 24.4 still uses s_client, so if this is a problem, it's perhaps

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Rob Browning
Ted Zlatanov t...@lifelogs.com writes: could you provide a test case? The information gathered by `M-x report-emacs-bug' would be really helpful, too. Hmm, I'm not the original reporter, and don't yet deeply understand the relevant issues, but on the surface, the bug appears to just ask that

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Richard Stallman
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] I've read that falling back to ssl3 is a real security hole, being exploited

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Andreas Schwab
This (untested) patch will make :stream ssl equivalent to :stream tls. Andreas. diff --git a/lisp/net/imap.el b/lisp/net/imap.el index cf19e6c..9219b54 100644 --- a/lisp/net/imap.el +++ b/lisp/net/imap.el @@ -184,19 +184,6 @@ the list is tried until a successful connection is made. :group

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Lars Magne Ingebrigtsen
Andreas Schwab sch...@linux-m68k.org writes: This (untested) patch will make :stream ssl equivalent to :stream tls. [...] diff --git a/lisp/net/imap.el b/lisp/net/imap.el index cf19e6c..9219b54 100644 --- a/lisp/net/imap.el +++ b/lisp/net/imap.el Is there anything that uses imap.el? I

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Florian Weimer
* Richard Stallman: I've read that falling back to ssl3 is a real security hole, being exploited frequently. That feature should be removed. GNUTLS automatically and securely upgrades to a TLS protocol if supported by the server. Dropping SSL 3.0 support altogether will only encourage

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Perry E. Metzger
On Thu, 23 Oct 2014 20:00:08 +0200 Florian Weimer f...@deneb.enyo.de wrote: * Richard Stallman: I've read that falling back to ssl3 is a real security hole, being exploited frequently. That feature should be removed. GNUTLS automatically and securely upgrades to a TLS protocol if

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-23 Thread Stefan Monnier
Is there anything that uses imap.el? I thought it was obsolete... Should we move it to lisp/obsolete, then? Stefan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-22 Thread Rob Browning
[When possible, please preserve the -forwarded address in any replies.] The following issue was just reported against emacs23 in Debian, and from a quick glance, it looks like 24.4 still uses s_client, so if this is a problem, it's perhaps still relevant. Kurt Roeckx k...@roeckx.be writes: It

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-22 Thread Rob Browning
Rob Browning r...@defaultvalue.org writes: The following issue was just reported against emacs23 in Debian, and from a quick glance, it looks like 24.4 still uses s_client, so if this is a problem, it's perhaps still relevant. Oh, and the link (for the emacs24 bug cloned from the emacs23 bug)

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-22 Thread Stefan Monnier
[When possible, please preserve the -forwarded address in any replies.] The following issue was just reported against emacs23 in Debian, and from a quick glance, it looks like 24.4 still uses s_client, so if this is a problem, it's perhaps still relevant. AFAIK, nowadays Emacs only use

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

2014-10-22 Thread Andreas Schwab
Rob Browning r...@defaultvalue.org writes: [When possible, please preserve the -forwarded address in any replies.] The following issue was just reported against emacs23 in Debian, and from a quick glance, it looks like 24.4 still uses s_client, so if this is a problem, it's perhaps still