From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.bugs Subject: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains Date: Fri, 13 Apr 2018 17:03:37 +0200 Message-ID: <874lkfm9me.fsf@gmail.com> References: <8736zz8ct0.fsf@mouse.gnus.org> <87sh7zgo96.fsf@mouse.gnus.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1523631739 32475 195.159.176.226 (13 Apr 2018 15:02:19 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 13 Apr 2018 15:02:19 +0000 (UTC) Cc: 26634@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Apr 13 17:02:14 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70DO-0008C6-2A for geb-bug-gnu-emacs@m.gmane.org; Fri, 13 Apr 2018 17:02:14 +0200 Original-Received: from localhost ([::1]:59868 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f70FP-0005i9-KG for geb-bug-gnu-emacs@m.gmane.org; Fri, 13 Apr 2018 11:04:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33157) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f70FC-0005fG-G0 for bug-gnu-emacs@gnu.org; Fri, 13 Apr 2018 11:04:10 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f70F8-0005ey-GQ for bug-gnu-emacs@gnu.org; Fri, 13 Apr 2018 11:04:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:42814) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1f70F8-0005ep-Bh for bug-gnu-emacs@gnu.org; Fri, 13 Apr 2018 11:04:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1f70F7-0006se-PL for bug-gnu-emacs@gnu.org; Fri, 13 Apr 2018 11:04:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Robert Pluim Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 13 Apr 2018 15:04:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 26634 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 26634-submit@debbugs.gnu.org id=B26634.152363183426435 (code B ref 26634); Fri, 13 Apr 2018 15:04:01 +0000 Original-Received: (at 26634) by debbugs.gnu.org; 13 Apr 2018 15:03:54 +0000 Original-Received: from localhost ([127.0.0.1]:50711 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70Ew-0006sF-QI for submit@debbugs.gnu.org; Fri, 13 Apr 2018 11:03:54 -0400 Original-Received: from mail-wr0-f175.google.com ([209.85.128.175]:33680) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70Er-0006ry-KB for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 11:03:49 -0400 Original-Received: by mail-wr0-f175.google.com with SMTP id z73so8945106wrb.0 for <26634@debbugs.gnu.org>; Fri, 13 Apr 2018 08:03:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-copies-to:gmane-reply-to-list :date:in-reply-to:message-id:mime-version:content-transfer-encoding; bh=8DZ7HRBmQf/sSfb/HUGGnpTScyM1SZAME/vvc1IK+Uw=; b=f2NjNHl7s8Av055+QBYpJmy/qylQW85UwraV+9+U83uMZ6ZCYrzZ05gbZJWh6LZP9F iifTgKwxJsKjPEeM1nZVRZOlgGYBIExL8uc6qQOf+QzsVzXoCAcBIvKKRY86TcgdSSk8 A12fl+pHWnFIQ/5jaTGJ+m9I2hO5LQIoBf5DCjW83bCxPI08OBlj9kyfAcTRsY9dzvUN 9MRIUwQQtRVyY/XdCOHw/EXMY2005yKB4A5ARqPblly+6LbtgYayZnEP1VpduNTEdFK8 GcG5x4mR/GFK88R5BAeiVMcYtE0fxcyuucynQH7IukVUTRA/9Q8gPmvh13nNGZdTvUvU tEgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=8DZ7HRBmQf/sSfb/HUGGnpTScyM1SZAME/vvc1IK+Uw=; b=AaKFQloTmSfXwELGOmcQfb9xZmx9/VLM/U4FApaThV2kSXATVd9tEgn8O1J8GJHdfl 7hGET2r3i/fUe1Nfv99CNcVsBRYJDKPbGmeA1LXMAw1gy7QZCMVd5rA62agcT9Vis/zA h34nKO+DiTc4FKJIzcTZSoCL9VgjCLMubV5wILk1hp3hMIqXrGMali8PDYca/DuiYuof v9KOiOddhmCT7xFwx6X9gBFkUkYKk9TULd4iwWDOU9Zxtviu+Fut72UvQW0bliQKpSE4 HwxJT5b0aP1vh5MwSGL3qnKMXwZXqMqIjO3WkIzdw0mcxySDXrd4pt8P86VEmxq+kZzU Rpzg== X-Gm-Message-State: ALQs6tAYdDGNHG4/B/kIcFRn2PnQXZiTobMPvyKpaFhNwhqMm7KtU1YG ydYWrutz9yMeBMjs0VpJ9PQhNq61IaU= X-Google-Smtp-Source: AIpwx49bUMnC/ZDkIaYlWZgkhd5QUi69FGKlEWnNOMGBIAD5sytcBRbRphC74NuIlEcDOE1OXTKEKg== X-Received: by 10.28.20.140 with SMTP id 134mr3705558wmu.87.1523631819520; Fri, 13 Apr 2018 08:03:39 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id 55sm12201710wrw.52.2018.04.13.08.03.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Apr 2018 08:03:38 -0700 (PDT) Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <87sh7zgo96.fsf@mouse.gnus.org> (Lars Ingebrigtsen's message of "Fri, 13 Apr 2018 16:44:05 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:145280 Archived-At: Lars Ingebrigtsen writes: > Lars Ingebrigtsen writes: > >> Lars Ingebrigtsen writes: >> >>> If you type `M-x eww RET https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com RET= ', the NSM will then say: >>> >>> "certificate host doesn't match hostname" >> >> Hm... Now Emacs refuses to load that URL completely... > > OK; I've now fixed recent breakages so that we can access > https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com again. > > Now the question is... what do we do about this in the network security > manager. > > If you go to that domain in Firefox, for instance, it won't say that > there's anything wrong with it... because it isn't. It's a totally > normal domain name consisting of ASCII characters and a CYRILLIC SMALL > LETTER PALOCHKA instead of the L. > That=CA=BCs not what you have there. The first component of your FQDN is 100% cyrillic. Did you mean ? (FWIW, chrome is supposed to detect the 100% cyrillic case, but doesn=CA=BCt as far as I can tell) > `puny-highly-restrictive-domain-p' is not triggered for the domain, so > eww doesn't signal anything wrong with it, either. > > So... Do we say "fine, this is all fine" or do we ... do something? > :-) Opinions welcome. In emacs-26, when I try eww on https://app=D3=8Fe.com, I get Loading https://xn--appe-xre.com/... which is already an indication that something fishy is going on. Robert