From: Eli Zaretskii <eliz@gnu.org>
To: Aaron Jensen <aaronjensen@gmail.com>
Cc: 26835@debbugs.gnu.org
Subject: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors
Date: Mon, 08 May 2017 22:04:17 +0300 [thread overview]
Message-ID: <8337cfcgr2.fsf@gnu.org> (raw)
In-Reply-To: <CAHyO48y+pmerJYB-zCfhtV8KsYvJH+K+iewHfgobL2eTen3-4w@mail.gmail.com> (message from Aaron Jensen on Mon, 8 May 2017 11:42:45 -0700)
> From: Aaron Jensen <aaronjensen@gmail.com>
> Date: Mon, 8 May 2017 11:42:45 -0700
>
> This post describes a method for configuring emacs to verify ssl
> certificates:
> https://glyph.twistedmatrix.com/2015/11/editor-malware.html
>
> It also contains a snippet to test that it is properly configured:
>
> (let ((bad-hosts
> (loop for bad
> in `("https://wrong.host.badssl.com/"
> "https://self-signed.badssl.com/")
> if (condition-case e
> (url-retrieve
> bad (lambda (retrieved) t))
> (error nil))
> collect bad)))
> (if bad-hosts
> (print (format "tls misconfigured; retrieved %s ok"
> bad-hosts))
> (url-retrieve "https://badssl.com"
> (lambda (retrieved) t))))
>
> This snippet works fine in 25.2 but reports an error on master (26.0.50)
>
> As a simpler test, both:
>
> (url-retrieve "https://wrong.host.badssl.com/")
> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
>
> Should fail, but do not.
I seem to be unable to reproduce any of the wrong behavior in the
current master build. Could you please provide more details about
what errors you see and what failures you expected, but didn't see?
In my testing, Emacs asks me whether to continue connecting, when it
discovers a bad certificate, and it's up to me to decide. Did it ask
you, and if it did, what alternative did you select?
Also, did you try all this in "emacs -Q"? It looks like you did this
in a customized session (e.g., because in "emacs -Q" there's no 'loop'
function, which the above snippet uses). So the problems could have
something to do with your customizations.
Thanks.
next prev parent reply other threads:[~2017-05-08 19:04 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-08 18:42 bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Aaron Jensen
2017-05-08 19:04 ` Eli Zaretskii [this message]
2017-05-08 19:44 ` Aaron Jensen
2017-05-09 17:51 ` Eli Zaretskii
2017-05-10 14:24 ` Lars Ingebrigtsen
2017-05-10 16:48 ` Eli Zaretskii
2017-09-02 13:42 ` Eli Zaretskii
2017-09-13 18:11 ` Lars Ingebrigtsen
2017-09-13 18:44 ` Eli Zaretskii
2017-09-13 17:51 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8337cfcgr2.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=26835@debbugs.gnu.org \
--cc=aaronjensen@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).