[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#32658: 26.1; Cannot connect to TLS websites
|
From: |
thomas |
|
Subject: |
bug#32658: 26.1; Cannot connect to TLS websites |
|
Date: |
Fri, 07 Sep 2018 11:22:06 +0200 |
when I try to connect to an TLS enabled website on this Windows 10
machine, I get an error message.
I tried with the packages gnutls version 3.6.0 on emacs 26.1 and I did
upgrade the gnutls version to the 3.6.3 but still no success.
I did set gnutls-log-level to 5 here is the log with emacs 26.1 and
upgrade gnutls library to 3.6.3:
Contacting host: lwn.net:80
5 (#o5, #x5, ?\C-e)
Contacting host: lwn.net:443
gnutls.c: [1] (Emacs) connecting to host: lwn.net
gnutls.c: [1] (Emacs) allocating credentials
gnutls.c: [2] (Emacs) allocating x509 credentials
gnutls.c: [2] (Emacs) using default verification flags
gnutls.c: [3] ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:321
gnutls.c: [audit] There was a non-CA certificate in the trusted list:
OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft
Root Authority.
gnutls.c: [3] ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:321
gnutls.c: [audit] There was a non-CA certificate in the trusted list:
C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.
gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls.c: [3] ASSERT: dn.c[_gnutls_x509_compare_raw_dn]:988
gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls.c: [3] ASSERT: common.c[_gnutls_x509_get_raw_field2]:1566
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3895
gnutls.c: [3] ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3945
gnutls.c: [3] ASSERT: verify-high.c[gnutls_x509_trust_list_add_cas]:321
gnutls.c: [audit] There was a non-CA certificate in the trusted list: CN=Root
Agency.
gnutls.c: [1] (Emacs) gnutls callbacks
gnutls.c: [1] (Emacs) gnutls_init
gnutls.c: [5] REC[0000000005a734f0]: Allocating epoch #0
gnutls.c: [1] (Emacs) got non-default priority string: NORMAL:%DUMBFW
gnutls.c: [1] (Emacs) setting the priority string
gnutls.c: [2] added 5 protocols, 29 ciphersuites, 15 sig algos and 8 groups
into priority list
gnutls.c: [audit] Note that the security level of the Diffie-Hellman key
exchange has been lowered to 256 bits and this may allow decryption of the
session data
gnutls.c: [5] REC[0000000005a734f0]: Allocating epoch #1
gnutls.c: [4] HSK[0000000005a734f0]: Adv. version: 3.3
gnutls.c: [2] Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls.c: [2] Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls.c: [2] Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls.c: [2] Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls.c: [2] Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls.c: [2] Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls.c: [2] Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls.c: [2] Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls.c: [2] Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls.c: [2] Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls.c: [2] Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls.c: [2] Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls.c: [2] Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls.c: [2] Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls.c: [2] Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls.c: [2] Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls.c: [2] Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls.c: [2] Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls.c: [2] Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Maximum Record
Size/1) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (OCSP Status
Request/5) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension OCSP Status Request/5 (5
bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Supported Groups/10)
for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sent group SECP256R1 (0x17)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group SECP384R1 (0x18)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group SECP521R1 (0x19)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group X25519 (0x1d)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE2048 (0x100)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE3072 (0x101)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE4096 (0x102)
gnutls.c: [4] EXT[0000000005a734f0]: Sent group FFDHE8192 (0x104)
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Supported Groups/10 (18
bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Supported EC Point
Formats/11) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Supported EC Point
Formats/11 (2 bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (SRP/12) for 'client
hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Signature
Algorithms/13) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (4.1) RSA-SHA256
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.4)
RSA-PSS-RSAE-SHA256
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (4.3) ECDSA-SHA256
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.7) EdDSA-Ed25519
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (5.1) RSA-SHA384
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.5)
RSA-PSS-RSAE-SHA384
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (5.3) ECDSA-SHA384
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (6.1) RSA-SHA512
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (8.6)
RSA-PSS-RSAE-SHA512
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (6.3) ECDSA-SHA512
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (2.1) RSA-SHA1
gnutls.c: [4] EXT[0000000005a734f0]: sent signature algo (2.3) ECDSA-SHA1
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Signature Algorithms/13
(32 bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (SRTP/14) for 'client
hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Heartbeat/15) for
'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (ALPN/16) for 'client
hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Encrypt-then-MAC/22)
for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Encrypt-then-MAC/22 (0
bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Extended Master
Secret/23) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Extended Master
Secret/23 (0 bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Session Ticket/35)
for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Session Ticket/35 (0
bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Key Share/51) for
'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Supported
Versions/43) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Post Handshake
Auth/49) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Safe
Renegotiation/65281) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Safe Renegotiation/65281
(1 bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Server Name
Indication/0) for 'client hello'
gnutls.c: [2] HSK[0000000005a734f0]: sent server name: 'lwn.net'
gnutls.c: [4] EXT[0000000005a734f0]: Sending extension Server Name Indication/0
(12 bytes)
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Cookie/44) for
'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (PSK Key Exchange
Modes/45) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (ClientHello
Padding/21) for 'client hello'
gnutls.c: [4] EXT[0000000005a734f0]: Preparing extension (Pre Shared Key/41)
for 'client hello'
gnutls.c: [4] HSK[0000000005a734f0]: CLIENT HELLO was queued [201 bytes]
gnutls.c: [5] REC[0000000005a734f0]: Preparing Packet Handshake(22) with
length: 201 and min pad: 0
gnutls.c: [5] REC[0000000005a734f0]: Sent Packet[1] Handshake(22) in epoch 0
and length: 206
gnutls.c: [3] ASSERT: buffers.c[_gnutls_writev_emu]:464
gnutls.c: [2] WRITE: -1 returned from 0000000005f1ae30, errno: 11
gnutls.c: [3] (Emacs) retry: Resource temporarily unavailable, try again.
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try
again.
gnutls.c: [3] ASSERT: buffers.c[_gnutls_writev_emu]:464
gnutls.c: [2] WRITE: -1 returned from 0000000005f1ae30, errno: 11
gnutls.c: [3] (Emacs) retry: Resource temporarily unavailable, try again.
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try
again.
gnutls.c: [2] (Emacs) Deallocating x509 credentials
gnutls.c: [5] REC[0000000005a734f0]: Start of epoch cleanup
gnutls.c: [5] REC[0000000005a734f0]: End of epoch cleanup
gnutls.c: [5] REC[0000000005a734f0]: Epoch #0 freed
gnutls.c: [5] REC[0000000005a734f0]: Epoch #1 freed
I'm not sure why the write get's an EAGAIN.
Another setup special is that I login into this Windows 10 machine as a
normal user without admin permissions. Most people doesn't do that and
only have one account with admin permission. maybe this is somehow
related, maybe not.
In GNU Emacs 26.1 (build 1, x86_64-w64-mingw32)
of 2018-05-30 built on CIRROCUMULUS
Repository revision: 07f8f9bc5a51f5aa94eb099f3e15fbe0c20ea1ea
Windowing system distributor 'Microsoft Corp.', version 10.0.17134
Recent messages:
gnutls.c: [5] REC[0000000005a734f0]: Start of epoch cleanup
gnutls.c: [5] REC[0000000005a734f0]: End of epoch cleanup
gnutls.c: [5] REC[0000000005a734f0]: Epoch #0 freed
gnutls.c: [5] REC[0000000005a734f0]: Epoch #1 freed
scroll-down-command: Beginning of buffer [7 times]
Making completion list...
Configured using:
'configure --without-dbus --host=x86_64-w64-mingw32
--without-compress-install 'CFLAGS=-O2 -static -g3''
Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY ACL GNUTLS LIBXML2 ZLIB
TOOLKIT_SCROLL_BARS THREADS LCMS2
Important settings:
value of $LANG: DE
locale-coding-system: cp1252
Major mode: Messages
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
buffer-read-only: t
line-number-mode: t
transient-mark-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message dired dired-loaddefs rfc822 mml
mml-sec epa derived epg epg-config mm-decode mm-bodies mm-encode
mailabbrev gmm-utils mailheader sendmail misearch multi-isearch
network-stream starttls url-http tls gnutls mail-parse rfc2231 url-gw
nsm rmc url-cache url-auth eww easymenu puny mm-url gnus nnheader
gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums mail-utils
wid-edit mm-util mail-prsvr url-queue url url-proxy url-privacy
url-expand url-methods url-history url-cookie url-domsuf url-util
url-parse auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache url-vars mailcap shr svg xml seq byte-opt gv bytecomp
byte-compile cconv dom browse-url format-spec cl-loaddefs cl-lib
elec-pair time-date mule-util tooltip eldoc electric uniquify ediff-hook
vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win
w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt
fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow isearch timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese composite charscript charprop case-table epa-hook jka-cmpr-hook
help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote w32notify w32 lcms2 multi-tty make-network-process emacs)
Memory information:
((conses 16 127886 9148)
(symbols 56 23472 1)
(miscs 48 88 141)
(strings 32 39033 926)
(string-bytes 1 1042801)
(vectors 16 17742)
(vector-slots 8 533924 11674)
(floats 8 78 408)
(intervals 56 446 0)
(buffers 992 14))
- bug#32658: 26.1; Cannot connect to TLS websites,
thomas <=