Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#83 Problems with native gnutls

closed-fixed
nobody
None
5
2014-08-20
2012-05-18
Elias Pipping
No

Ever since

commit f54c1b54b308f38caac66ae567e5f64f6adc631c
Author: Magnus Henoch <legoscia@users.sourceforge.net>
Date: Tue May 15 22:39:43 2012 +0100

Support native GnuTLS for STARTTLS
[..]

I've found myself unable to connect to lavabit.com using starttls. Here's what I found in my message buffer:

gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly terminated.
gnutls.el: (err=[-110] The TLS connection was non-properly terminated.) boot: (:priority NORMAL :hostname lavabit.com :loglevel 0 :min-prime-bits nil :trustfiles (/etc/ssl/certs/ca-certificates.crt) :crlfiles nil :keylist nil :verify-flags nil :verify-error t :verify-hostname-error t :callbacks nil)
gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason. [100 times]
ME@lavabit.com/nil: connection lost: `connection broken by remote peer
'

(where i replaced my username with ME)

Here's the relevant part of my config:

(setq jabber-account-list '(("ME@lavabit.com"
(:password . "PASSWORD")
(:network-server . "lavabit.com")
(:connection-type . starttls)
(:port . 5222)))

Discussion

  • Elias Pipping
    Elias Pipping
    2012-05-19

    After

    commit 1dca591d17cf084e6d870f55898e9343926f8bb8
    Author: Magnus Henoch <magnus.henoch@gmail.com>
    Date: Sat May 19 15:01:05 2012 +0100

    Fix reporting of STARTTLS negotiation errors [..]

    My message buffer looks like this:

    Sat May 19 16:40:07 2012: Starting jabber-connection
    Sat May 19 16:40:07 2012: jabber-connection enters :connecting
    Sat May 19 16:40:07 2012: Found enter function for :connecting: #[(fsm state-data) "\306\307\"\310 !\306\311\"\306\312\"\306\313\"
    

    $\210-\314D\207" [state-data connection-type connect-function server network-server port plist-get :connection-type jabber-get-connect-function :server :network-server :port nil fsm] 5]
    Sat May 19 16:40:07 2012: Using data from enter function
    Sat May 19 16:40:07 2012: Sent :connected to jabber-connection in state :connecting
    Sat May 19 16:40:07 2012: jabber-connection enters :connected
    Sat May 19 16:40:07 2012: Found enter function for :connected: #[(fsm state-data) "\303!\210\304
    \305D\207" [fsm *jabber-connected* state-data jabber-send-stream-header t nil] 2]
    Sat May 19 16:40:07 2012: Using data from enter function
    Sat May 19 16:40:07 2012: Sent :filter to jabber-connection in state :connected
    Sat May 19 16:40:07 2012: Sent :stream-start to jabber-connection in state :connected
    Sat May 19 16:40:08 2012: Sent :filter to jabber-connection in state :connected
    Sat May 19 16:40:08 2012: Sent :stanza to jabber-connection in state :connected
    Sat May 19 16:40:08 2012: jabber-connection enters :starttls
    Sat May 19 16:40:08 2012: Found enter function for :starttls: #[(fsm state-data) "\302!\210 \303D\207" [fsm state-data jabber-starttls-initiate nil] 2]
    Sat May 19 16:40:08 2012: Using data from enter function
    Sat May 19 16:40:08 2012: Sent :filter to jabber-connection in state :starttls
    Sat May 19 16:40:08 2012: Sent :stanza to jabber-connection in state :starttls
    Sat May 19 16:40:08 2012: jabber-connection enters nil
    Sat May 19 16:40:08 2012: Found enter function for nil: #[(fsm state-data) "\306\307\"\310 !\203\"

     
  • Magnus Henoch
    Magnus Henoch
    2012-05-30

    Sorry about the delay in responding...

    I'm seeing this myself on Mac OS X, with Emacs 24.1.50 and GnuTLS 2.12.11 from Macports; it worked on a Linux machine I have no access to at the moment... Which OS and GnuTLS version are you using? Are you able to try different ones?

    I discovered that setting gnutls-log-level to 5 yields more log messages, but they don't tell me very much; pasting here in case it makes the problem obvious to someone:

    gnutls.c: [1] (Emacs) allocating credentials
    gnutls.c: [2] (Emacs) allocating x509 credentials
    gnutls.c: [2] (Emacs) using default verification flags
    gnutls.c: [1] (Emacs) gnutls callbacks
    gnutls.c: [1] (Emacs) gnutls_init
    gnutls.c: [4] REC[0x11c53de00]: Allocating epoch #0

    gnutls.c: [1] (Emacs) got non-default priority string: NORMAL
    gnutls.c: [1] (Emacs) setting the priority string
    gnutls.c: [2] ASSERT: gnutls_constate.c:695

    gnutls.c: [4] REC[0x11c53de00]: Allocating epoch #1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_ARCFOUR_SHA1

    gnutls.c: [3] HSK[0x11c53de00]: Keeping ciphersuite: RSA_ARCFOUR_MD5

    gnutls.c: [2] EXT[0x11c53de00]: Sending extension SAFE RENEGOTIATION (1 bytes)

    gnutls.c: [2] EXT[SIGA]: sent signature algo (4.2) DSA-SHA256

    gnutls.c: [2] EXT[SIGA]: sent signature algo (4.1) RSA-SHA256

    gnutls.c: [2] EXT[SIGA]: sent signature algo (2.1) RSA-SHA1

    gnutls.c: [2] EXT[SIGA]: sent signature algo (2.2) DSA-SHA1

    gnutls.c: [2] EXT[0x11c53de00]: Sending extension SIGNATURE ALGORITHMS (10 bytes)

    gnutls.c: [3] HSK[0x11c53de00]: CLIENT HELLO was sent [112 bytes]

    gnutls.c: [6] BUF[HSK]: Inserted 112 bytes of Data

    gnutls.c: [7] HWRITE: enqueued 112. Total 112 bytes.

    gnutls.c: [7] HWRITE FLUSH: 112 bytes in buffer.

    gnutls.c: [4] REC[0x11c53de00]: Sending Packet[0] Handshake(22) with length: 112

    gnutls.c: [7] WRITE: enqueued 117 bytes for 0xb. Total 117 bytes.

    gnutls.c: [4] REC[0x11c53de00]: Sent Packet[1] Handshake(22) with length: 117

    gnutls.c: [7] HWRITE: wrote 112 bytes, 0 bytes left.

    gnutls.c: [7] WRITE FLUSH: 117 bytes in buffer.

    gnutls.c: [7] WRITE: wrote 117 bytes, 0 bytes left.

    gnutls.c: [7] READ: -1 returned from 0xb, errno=35 gerrno=0

    gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again.
    gnutls.c: [7] READ: Got 0 bytes from 0xb

    gnutls.c: [7] READ: read 0 bytes from 0xb

    gnutls.c: [2] ASSERT: gnutls_buffers.c:640

    gnutls.c: [2] ASSERT: gnutls_record.c:969

    gnutls.c: [2] ASSERT: gnutls_handshake.c:2762

    gnutls.c: [6] BUF[HSK]: Cleared Data from buffer

    gnutls.c: [0] (Emacs) fatal error: A TLS packet with unexpected length was received.
    gnutls.c: [4] REC: Sending Alert[2|22] - Record overflow

    gnutls.c: [4] REC[0x11c53de00]: Sending Packet[1] Alert(21) with length: 2

    gnutls.c: [7] WRITE: enqueued 7 bytes for 0xb. Total 7 bytes.

    gnutls.c: [7] WRITE FLUSH: 7 bytes in buffer.

    gnutls.c: [7] WRITE: wrote 7 bytes, 0 bytes left.

    gnutls.c: [4] REC[0x11c53de00]: Sent Packet[2] Alert(21) with length: 7

    gnutls.el: (err=[-9] A TLS packet with unexpected length was received.) boot: (:priority NORMAL :hostname jabber.se :loglevel 10 :min-prime-bits nil :trustfiles nil :crlfiles nil :keylist nil :verify-flags nil :verify-error t :verify-hostname-error t :callbacks nil)
    gnutls.c: [2] (Emacs) Deallocating x509 credentials
    gnutls.c: [6] BUF[HSK]: Cleared Data from buffer

    gnutls.c: [4] REC[0x11c53de00]: Epoch #0 freed

    gnutls.c: [4] REC[0x11c53de00]: Epoch #1 freed

     
  • Elias Pipping
    Elias Pipping
    2012-05-30

    I'm on emacs 24.0.97.1 and gnutls 3.0.19.

     
  • Magnus Henoch
    Magnus Henoch
    2012-05-31

    Just stumbled upon another thing: in the function jabber-ssl-send in jabber-conn.el, there are two calls to process-send-string, the second one just sending an extra newline. Could you try commenting out the second one?

     
  • Elias Pipping
    Elias Pipping
    2012-05-31

    That doesn't seem to change anything.

    A message that is written to the line at the bottom of the screen but not the message buffer is this btw:

    connection lost: `STARTTLS negotation files: GnuTLS error: #<process jabber>, -110'

     
  • Elias Pipping
    Elias Pipping
    2012-06-04

    Sorry, my testing must've been flawed somehow.

    I updated and tried again, now it works. Bisection led me to c382ddead8c42452c3838263f41fc5ba0d997d62. Thanks :)

     
  • Magnus Henoch
    Magnus Henoch
    2012-06-20

    • status: open --> closed-fixed
     
  • Magnus Henoch
    Magnus Henoch
    2012-06-20

    That's good to hear; I was running out of things to try :) Closing this ticket.