[gnutls-devel] TLS connection improperly terminated
Rustom Mody
rustompmody at gmail.com
Wed Jul 29 00:41:36 CEST 2015
On Wed, Jul 29, 2015 at 1:32 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:
> On Tue 2015-07-28 13:25:50 -0400, Eli Zaretskii wrote:
> >> From: Rustom Mody <rustompmody at gmail.com>
> >> Date: Tue, 28 Jul 2015 22:37:05 +0530
> >> Cc: Eli Zaretskii <eliz at gnu.org>
> >>
> >> Start emacs with -Q
> >> Run (package-initialize)
> >> Run (add-to-list 'package-archives
> >> '("marmalade" . "https://marmalade-repo.org/packages/") t)
> >> Run M-x package-list-packages
> >>
> >> Get error
> >> gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly
> >> terminated.
> >
> > I think the real question here is why does GnuTLS regard this
> > situation so important as to warrant a high-priority alert to the
> > user.
>
> AFAICT, the main issue is that the certificate chain offered by
> https://marmalade-repo.org is "transvalid" -- meaning it does not offer
> any intermediate certificates that would allow a user to chain its
> end-entity certificate to a known root.
>
>
> https://blog.hboeck.de/archives/847-Incomplete-Certificate-Chains-and-Transvalid-Certificates.html
>
> see the qualys report for that server here:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=marmalade-repo.org&latest
>
> The connection to this server fails, because it cannot be properly
> authenticated. it looks to me like GnuTLS is doing the right thing by
> reporting that the connection failed. Would you rather it do something
> else?
>
> --dkg
>
The intricacies of certificates (and security in general) are beyond me.
However the point to be noted is that I get a list of packages alright.
So I dont know what you mean by "connection failed"
Is the list the full list? Ive no idea
AFAIK the message looks (semi)bogus
If list there should be no message (at least not this one)
If message there should be no list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150729/33294f30/attachment.html>
More information about the Gnutls-devel
mailing list