From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors
Date: Mon, 08 May 2017 22:04:17 +0300
Message-ID: <8337cfcgr2.fsf@gnu.org>
References: <CAHyO48y+pmerJYB-zCfhtV8KsYvJH+K+iewHfgobL2eTen3-4w@mail.gmail.com>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
X-Trace: blaine.gmane.org 1494270313 5217 195.159.176.226 (8 May 2017 19:05:13 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 8 May 2017 19:05:13 +0000 (UTC)
Cc: 26835@debbugs.gnu.org
To: Aaron Jensen <aaronjensen@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon May 08 21:05:08 2017
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1d7nxz-0001Gs-Rz
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 08 May 2017 21:05:07 +0200
Original-Received: from localhost ([::1]:32769 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1d7ny5-0000za-8X
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 08 May 2017 15:05:13 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47304)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d7nxz-0000xo-Kr
	for bug-gnu-emacs@gnu.org; Mon, 08 May 2017 15:05:08 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d7nxu-0007VG-Ts
	for bug-gnu-emacs@gnu.org; Mon, 08 May 2017 15:05:07 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:57386)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1d7nxu-0007VC-Qt
	for bug-gnu-emacs@gnu.org; Mon, 08 May 2017 15:05:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1d7nxu-00021P-1C
	for bug-gnu-emacs@gnu.org; Mon, 08 May 2017 15:05:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 08 May 2017 19:05:01 +0000
Resent-Message-ID: <handler.26835.B26835.14942702897750@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 26835
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 26835-submit@debbugs.gnu.org id=B26835.14942702897750
	(code B ref 26835); Mon, 08 May 2017 19:05:01 +0000
Original-Received: (at 26835) by debbugs.gnu.org; 8 May 2017 19:04:49 +0000
Original-Received: from localhost ([127.0.0.1]:60063 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1d7nxh-00020w-Ei
	for submit@debbugs.gnu.org; Mon, 08 May 2017 15:04:49 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:56222)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eliz@gnu.org>) id 1d7nxf-00020k-LR
	for 26835@debbugs.gnu.org; Mon, 08 May 2017 15:04:47 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1d7nxV-0007Pc-KW
	for 26835@debbugs.gnu.org; Mon, 08 May 2017 15:04:42 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56658)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1d7nxV-0007PY-ID; Mon, 08 May 2017 15:04:37 -0400
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2353
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1d7nxU-0000Gn-CY; Mon, 08 May 2017 15:04:37 -0400
In-reply-to: <CAHyO48y+pmerJYB-zCfhtV8KsYvJH+K+iewHfgobL2eTen3-4w@mail.gmail.com>
	(message from Aaron Jensen on Mon, 8 May 2017 11:42:45 -0700)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:132381
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/132381>

> From: Aaron Jensen <aaronjensen@gmail.com>
> Date: Mon, 8 May 2017 11:42:45 -0700
> 
> This post describes a method for configuring emacs to verify ssl
> certificates:
> https://glyph.twistedmatrix.com/2015/11/editor-malware.html
> 
> It also contains a snippet to test that it is properly configured:
> 
> (let ((bad-hosts
>        (loop for bad
>              in `("https://wrong.host.badssl.com/"
>                   "https://self-signed.badssl.com/")
>              if (condition-case e
>                     (url-retrieve
>                      bad (lambda (retrieved) t))
>                   (error nil))
>              collect bad)))
>   (if bad-hosts
>       (print (format "tls misconfigured; retrieved %s ok"
>                      bad-hosts))
>     (url-retrieve "https://badssl.com"
>                   (lambda (retrieved) t))))
> 
> This snippet works fine in 25.2 but reports an error on master (26.0.50)
> 
> As a simpler test, both:
> 
> (url-retrieve "https://wrong.host.badssl.com/")
> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
> 
> Should fail, but do not.

I seem to be unable to reproduce any of the wrong behavior in the
current master build.  Could you please provide more details about
what errors you see and what failures you expected, but didn't see?

In my testing, Emacs asks me whether to continue connecting, when it
discovers a bad certificate, and it's up to me to decide.  Did it ask
you, and if it did, what alternative did you select?

Also, did you try all this in "emacs -Q"?  It looks like you did this
in a customized session (e.g., because in "emacs -Q" there's no 'loop'
function, which the above snippet uses).  So the problems could have
something to do with your customizations.

Thanks.