From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Engster Newsgroups: gmane.emacs.bugs Subject: bug#11788: [babc40c4] still fails to implement HTTPS over HTTP proxy properly Date: Tue, 08 Mar 2016 20:41:23 +0100 Message-ID: <87a8m8dafw.fsf@engster.org> References: <87siua8hf1.fsf@violet.siamics.net> <87io998qjn.fsf@gmail.com> <87lh8iz041.fsf@gnus.org> <83k2o1k6z0.fsf@gnu.org> <8737uj7vzw.fsf@gmail.com> <83bn97dgo6.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1457466148 20727 80.91.229.3 (8 Mar 2016 19:42:28 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Mar 2016 19:42:28 +0000 (UTC) Cc: lo2net , larsi@gnus.org, schwab@linux-m68k.org, ivan@siamics.net, 11788@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Mar 08 20:42:16 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1adNWJ-00066i-JL for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Mar 2016 20:42:15 +0100 Original-Received: from localhost ([::1]:36888 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adNWI-0002kV-Kl for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Mar 2016 14:42:14 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:46138) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adNWA-0002iL-Va for bug-gnu-emacs@gnu.org; Tue, 08 Mar 2016 14:42:12 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1adNW6-0006KF-VZ for bug-gnu-emacs@gnu.org; Tue, 08 Mar 2016 14:42:06 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:42923) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adNW6-0006KB-T6 for bug-gnu-emacs@gnu.org; Tue, 08 Mar 2016 14:42:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1adNW6-0007Pf-AD; Tue, 08 Mar 2016 14:42:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: David Engster Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org, Magnus Henoch Resent-Date: Tue, 08 Mar 2016 19:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 11788 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 11788-submit@debbugs.gnu.org id=B11788.145746610328455 (code B ref 11788); Tue, 08 Mar 2016 19:42:02 +0000 Original-Received: (at 11788) by debbugs.gnu.org; 8 Mar 2016 19:41:43 +0000 Original-Received: from localhost ([127.0.0.1]:40046 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1adNVi-0007On-TL for submit@debbugs.gnu.org; Tue, 08 Mar 2016 14:41:43 -0500 Original-Received: from randomsample.de ([5.45.97.173]:50954) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1adNVe-0007Oa-CQ for 11788@debbugs.gnu.org; Tue, 08 Mar 2016 14:41:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=RLhH8YU8ZFSTvxEK2joFJgkU6jw+PqgDDYUmdT4HHDc=; b=Og404yaMSodsaw8vu8j31HXF8JZO+agOHgQyt+jjRg1V/q9D2p/NVIqGALWekKuVZYp9uj6H3CrYvqZcvROHldMgJw/J/HaeqfF76Gj3vp5o81Dhrero9uEhVCZJccUz; Original-Received: from ip4d1494ed.dynamic.kabel-deutschland.de ([77.20.148.237] helo=isaac) by randomsample.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1adNVb-0007je-56; Tue, 08 Mar 2016 20:41:31 +0100 In-Reply-To: <83bn97dgo6.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 30 Dec 2015 18:50:33 +0200") User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/25.0.50 (gnu/linux) Mail-Copies-To: never X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:114598 Archived-At: Eli Zaretskii writes: >> From: lo2net >> Cc: Lars Ingebrigtsen , schwab@linux-m68k.org, >> ivan@siamics.net, 11788@debbugs.gnu.org > >> Date: Thu, 31 Dec 2015 00:16:03 +0800 >> >> >> Do you have FSF copyright assignments for Emacs on file? >> > >> > There's no assignment on file under the name lo2net . >> >> What should I do next so this bug can be fixed ASAP? Although I've just >> read http://www.gnu.org/software/emacs/CONTRIBUTE, but I still can't figure >> out. Should I email request-assign.future to assign@gnu.org now? > > Form sent off-list. Any news on the assignment? I've stumbled upon this bug today, and IMHO this is actually pretty serious. It should definitely be fixed for Emacs 25.1. It would be OK if https over a proxy simply fails; what I've seen however is that the proxy connects to the requested host via Port 80 instead (meaning plain http). When a site publishes the same content over https as well as http, the user is led to believe that she communicates over an secure channel, when in fact everything is communicated over plain http. For instance, when I do M-x eww RET https://www.google.de RET Emacs will connect to the configured proxy and use a GET request: GET https://www.google.de/ HTTP/1.1 ... At least the two proxies I tested with (CYAN, tinyproxy) will ignore the 'https' part and send a GET request to www.google.de on Port 80 instead. In effect, Eww will succesfully display the Google web site, showing 'https://www.google.de' in its URL bar, while in fact everything I now enter is send over plain http without encryption. -David