On 07/05/14 14:43, Seb Frank wrote:
Hi there,
I've been trying to setup org-caldav to sync to my owndrive calendar.
Setup is
#+begin_src emacs-lisp
(setq org-caldav-url
"https://my.owndrive.com/remote.php/caldav/calendars/myusername";)
(setq org-caldav-calendar-id "myid")
(setq org-caldav-inbox "~/org/test.org <http://test.org>")
#+end_src
When I try org-caldav-sync, it fails with:
Contacting host: my.owndrive.com:443 <http://my.owndrive.com:443>
gnutls.c: [0] (Emacs) fatal error: Public key signature verification has
failed.
gnutls.el: (err=[-89] Public key signature verification has failed.)
boot: (:priority NORMAL :hostname my.owndrive.com
<http://my.owndrive.com> :loglevel 0 :min-prime-bits 256 :trustfiles nil
:crlfiles nil :keylist nil :verify-flags nil :verify-error nil
:callbacks nil)
edebug-signal: GnuTLS error: #<process my.owndrive.com
<http://my.owndrive.com>>, -89
Testing this with gnutls on the command line confirms the problem:
% gnutls-cli -V -p 443 my.owndrive.com <http://my.owndrive.com>
...
- Status: The certificate is NOT trusted. The signature in the
certificate is invalid.
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
Does anyone know if there is a way to tell org-caldav or url-dav to use
an untrusted certificate?
Hi Seb,
I think you need to handle it at the gnutls level. Have a look at
http://blog.tremily.us/posts/X.509_certificates/
Particularly:
GnuTLS
In GnuTLS, you set the list of trusted CAs using
gnutls_certificate_set_x509_trust_file. By convention this function is
pointed to the /etc/ssl/certs/ca-certificates.crt file mentioned above
Ian.
