From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#21227: 24.5; tls connections not verified by default
Date: Tue, 29 Dec 2015 14:46:57 +0100
Message-ID: <8737ulicz2.fsf@gnus.org>
References: <6C18DAE6-6826-4AD9-A324-FF4FD7B594BF@twistedmatrix.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1451396906 963 80.91.229.3 (29 Dec 2015 13:48:26 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 29 Dec 2015 13:48:26 +0000 (UTC)
Cc: 21227@debbugs.gnu.org
To: Glyph <glyph@twistedmatrix.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Dec 29 14:48:15 2015
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aDudJ-0003nJ-Cp
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Dec 2015 14:48:13 +0100
Original-Received: from localhost ([::1]:48531 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aDudI-0005Dy-Vy
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Dec 2015 08:48:12 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44792)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aDudF-0005Ds-Rp
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 08:48:10 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aDudC-0006Li-L0
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 08:48:09 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:39843)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aDudC-0006LI-Hp
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 08:48:06 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aDud8-0002OJ-7Y
	for bug-gnu-emacs@gnu.org; Tue, 29 Dec 2015 08:48:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Lars Ingebrigtsen <larsi@gnus.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 29 Dec 2015 13:48:02 +0000
Resent-Message-ID: <handler.21227.B21227.14513968459133@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 21227
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 21227-submit@debbugs.gnu.org id=B21227.14513968459133
	(code B ref 21227); Tue, 29 Dec 2015 13:48:02 +0000
Original-Received: (at 21227) by debbugs.gnu.org; 29 Dec 2015 13:47:25 +0000
Original-Received: from localhost ([127.0.0.1]:47442 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aDucX-0002NE-5s
	for submit@debbugs.gnu.org; Tue, 29 Dec 2015 08:47:25 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:41038)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <larsi@gnus.org>) id 1aDucV-0002N0-5R
	for 21227@debbugs.gnu.org; Tue, 29 Dec 2015 08:47:23 -0500
Original-Received: from 2.150.58.24.tmi.telenormobil.no ([2.150.58.24] helo=mouse)
	by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1aDuc6-0005ed-Gq; Tue, 29 Dec 2015 14:46:58 +0100
In-Reply-To: <6C18DAE6-6826-4AD9-A324-FF4FD7B594BF@twistedmatrix.com>
	(glyph@twistedmatrix.com's message of "Sun, 9 Aug 2015 19:30:57
	-0700")
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux)
X-MailScanner-ID: 1aDuc6-0005ed-Gq
MailScanner-NULL-Check: 1452001619.11017@nVYsTdTI1e8JHJtUqaOIAg
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:110956
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/110956>

Glyph <glyph@twistedmatrix.com> writes:

> In order to have HTTPS connections verified, one must customize the
> behavior of tls.el in a highly non-obvious way:
>
> '(tls-checktrust t)
> '(tls-program
>    (quote
>     ("gnutls-cli --x509cafile $A_CERT_BUNDLE -p %p %h")))
>
> leaving the user to determine an appropriate location for
> $A_CERT_BUNDLE.

This has been fixed in Emacs 25.1. 

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no