[gnutls-devel] TLS connection improperly terminated

[Daniel Kahn Gillmor]

On Wed 2015-07-29 14:56:48 -0400, Eli Zaretskii wrote:
>> From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
>> Cc: rustompmody at gmail.com, bugs at gnutls.org
>> Date: Wed, 29 Jul 2015 14:41:28 -0400
>> 
>> > The connection to marmalade doesn't fail.
>> 
>> So this is a non-fatal warning that is reported back to emacs?  how is
>> emacs invoking gnutls here?
>
> Not sure what you want to hear in response.  As you well know,
> invoking GnuTLS involves an elaborate setup, which calls many
> different GnuTLS functions.  The function that actually fails is
> gnutls_handshake, I think.

You're saying that gnutls_handshake fails, but the application continues
to use the network connection?

> Is that what you wanted to know?
>
>> > Each package is shown with its source, and quite a few of them are
>> > from marmalade, so the connection to marmalade seems to have
>> > succeeded, and the data was probably successfully retrieved.
>> 
>> interesting, and confusing.  I tend to agree with you from an
>> application perspective that the warning without a connection abort
>> doesn't seem to be particularly actionable (though maybe this discussion
>> will encourage the marmalade ops to fix their certchain), and that it
>> seems like the connection should probably fail closed instead of failing
>> open.
>
> That was our feeling as well, yes.

I think the description of the situation is:

GnuTLS reports a warning/error about a certificate validation to the
application, and the application decides to continue with the connection
anyway, which seems like it is probably insecure.  Is that right?

I see two approaches: the application can close the connection when it
sees that warning/error, or GnuTLS can terminate the connection for the
user (effectively changing its interface contract, which has
implications for other users of the library).  I can see (good)
arguments for the latter, but the former might be easier to accomplish.

    --dkg