[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-init
|
From: |
Thomas Fitzsimmons |
|
Subject: |
bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake |
|
Date: |
Mon, 09 Apr 2012 23:07:34 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
Ted Zlatanov <tzz@lifelogs.com> writes:
> On Sun, 08 Apr 2012 13:46:56 -0400 Thomas Fitzsimmons <fitzsim@fitzsim.org>
> wrote:
>
> TF> The loop happens when the GnuTLS handshake fails for some reason, within
> TF> a network process. I use the attached patch to limit the number of
> TF> iterations. I'm not familiar enough with the Emacs process code to
> TF> suggest a fix though.
>
> Thanks again for the help and provided patch. I modified it to keep the
> number of handshakes tried per connection, not globally. Please try
> it. I will also propose it on emacs-devel for inclusion in the upcoming
> 24.1 release.
I tried trunk against my IMAP server and the applied patch prevents the
infinite loop. At the default gnutls-log-level, a connection attempt
fails with:
Warning: Opening nnimap server on <imap_server_hostname>...failed: ; Unable to
open server nnimap+<imap_server_hostname> due to: GnuTLS error: #<process
*nnimap*>, -9
gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated
for some reason.
A nice improvement would be to detect when the server uses a ciphersuite
that GnuTLS's default priority list ("NORMAL") rejects, warn the user,
and ask if they want to retry with a more permissive list
("PERFORMANCE"). But that's a separate enhancement -- for now your
patch fixes the infinite loop and setting gnutls-algorithm-priority to
"performance" works around the server's weak ciphersuite.
Thanks,
Thomas