Koneksi TLS ke marmalade-repo.org:443 tidak aman setelah memperbarui ke Emacs 25

12

Ketika saya menjalankan, M-x list-packagessaya mendapatkan kesalahan berikut dengan Marmalade setelah memperbarui ke Emacs 25.

Certificate information
Issued by:          COMODO RSA Domain Validation Secure Server CA
Issued to:          Domain Control Validated
Hostname:           marmalade-repo.org
Public key:         RSA, signature: RSA-SHA256
Protocol:           TLS1.2, key: ECDHE-RSA, cipher: AES-256-GCM, mac: AEAD
Security level:     Medium
Valid:              From 2015-07-12 to 2018-07-11


The TLS connection to marmalade-repo.org:443 is insecure for the
following reasons:

the certificate was signed by an unknown and therefore untrusted authority
certificate could not be verified

.emacsKode yang relevan : (lengkap .emacs di sini )

(require 'package)
(add-to-list 'package-archives
         '("melpa" . "http://melpa.org/packages/") t)
(add-to-list 'package-archives
         '("gnu" . "http://elpa.gnu.org/packages/") t)
(add-to-list 'package-archives
         '("marmalade" . "http://marmalade-repo.org/packages/") t)
(package-initialize)

;; bootstrap use-package
;; https://github.com/jwiegley/use-package/
(unless (package-installed-p 'use-package)
  (package-refresh-contents)
  (package-install 'use-package))
(eval-when-compile (require 'use-package))

Saya juga sudah mencoba menyelesaikannya dengan saran gnutils-cli : $ gnutls-cli --tofu marmalade-repo.orgtetapi belum berhasil. Ada ide?

$ gnutls-cli --tofu marmalade-repo.org
gnutls-cli --tofu marmalade-repo.org                                                                              
Processed 173 CA certificate(s).                                                                                                      
Resolving 'marmalade-repo.org:443'...                                                                                                 
Connecting to '80.69.77.43:443'...                                                                                                    
- Certificate type: X.509                                                                                                             
- Got a certificate list of 1 certificates.                                                                                           
- Certificate[0] info:                                                                                                                
 - subject `CN=marmalade-repo.org,OU=PositiveSSL,OU=Domain Control Validated', issuer `CN=COMODO RSA Domain Validation Secure Server C
A,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x5f7ce5cf6602297b4cbd14639b670e7d, RSA key 2048 bits, signed usin
g RSA-SHA256, activated `2015-07-12 00:00:00 UTC', expires `2018-07-11 23:59:59 UTC', SHA-1 fingerprint `6e080a477d14631d2edf839de582a
c04d4363d09'                                                                                                                          
        Public Key ID:                                                                                                                
                aba6d76ab3d363fa190d654160236eefd32a46dc                                                                              
        Public key's random art:                                                                                                      
                +--[ RSA 2048]----+
                |      . +oo      |
                |     . o . .     |
                |      o   o      |
                |     . . o       |
                |     . .S        |
                |      o.E=       |
                |     . o= o      |
                |      O.==       |
                |    .*=X+.       |
                +-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID: 53:BF:2F:D2:86:74:BD:BC:85:A8:67:12:0B:39:7A:12:EA:2F:91:1F:8E:06:5E:94:7F:20:11:4F:FC:51:60:8F
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: SECP256R1
 - Curve size: 256 bits
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: safe renegotiation,
- Handshake was completed

- Simple Client Mode:



*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.

Masalah yang belum terpecahkan terkait : Konfigurasi server TLS rusak dan rentan # 144

marcanuy
sumber
Tidak ada git yang berkomitmen dalam beberapa bulan dan sertifikat TLS yang kadaluwarsa merupakan indikasi bahwa marmalade sudah mati . Saya menyarankan menghapusnya sebagai repositori paket.
Aliran

Jawaban:

7

Konfigurasi server pada marmalade.org rusak: Tidak melayani sertifikat perantara yang digunakannya. Ini telah ditunjukkan dalam setengah lusin masalah sekarang di https://github.com/nicferrier/elmarmalade - Saya tidak bisa melihat tindakan apa pun.

Jadi dapat dikatakan bahwa selai sudah mati.

Sayangnya, saya juga belum tahu bagaimana cara membuat manajer paket Emacs bekerja lagi di hadapan kesalahan ini.

cabo
sumber
4

Saya mendapatkan ini berfungsi dengan mengunduh file PEM untuk [Intermediate CA # 2] COMODO RSA Organization Validation Secure Server CA (SHA-2) ke dalam ~/etc/tls/certificates/comodo.rsa.ca.intermediate.crtdan menambahkan yang berikut ke .emacs:

  (require 'gnutls)
  (add-to-list 'gnutls-trustfiles
               (expand-file-name
                "~/etc/tls/certificates/comodo.rsa.ca.intermediate.crt"))
Michael Hoffman
sumber
Terima kasih ini pada dasarnya bekerja untuk saya di bawah Emacs 26.1, tetapi saya memerlukan sertifikat dari support.comodo.com/index.php?/Knowledgebase/Article/View/970/0/…
Matthew Phillips