bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#31946: 27.0.50; The NSM should warn about more TLS problems

From: Noam Postavsky
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Tue, 03 Jul 2018 21:34:33 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) 
Lars Ingebrigtsen <larsi@gnus.org> writes:

> Hm...  this URL
>
> https://www.usps.com/business/web-tools-apis/welcome.htm
>
> now gives a warning about a SHA1 intermediary certificate, while
> Chromium and Firefox seems fine with it, so there may be a bug in the
> SHA1 check.  Haven't had time to debug.

According to the show certificate info in Firefox, it's the root
certificate which has SHA1.  Firefox shows both the issuer and subject
name as:

    CN = VeriSign Class 3 Public Primary Certification Authority - G5
    OU = "(c) 2006 VeriSign, Inc. - For authorized use only"
    OU = VeriSign Trust Network
    O = "VeriSign, Inc."
    C = US

But in Emacs, I'm getting this from gnutls_x509_crt_get_issuer_dn():

"C=US,O=VeriSign\\, Inc.,OU=Class 3 Public Primary Certification Authority"

and this from  gnutls_x509_crt_get_dn():

"C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\\, Inc. 
- For authorized use only,CN=VeriSign Class 3 Public Primary Certification 
Authority - G5"

So gnutls is getting this non-matching issuer from somewhere, but it's
unclear to me where.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]