From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#24396: 25.1;
	Doesn't trust Let's Encrypt certificates (used by MELPA)
Date: Sat, 10 Sep 2016 08:46:19 +0300
Message-ID: <83zing8fys.fsf@gnu.org>
References: <CAKCAbMg8qpyVzRXMGhLE2rbe1qtw-+a-PQxUV3c0R6jJ5bt8Dg@mail.gmail.com>
	<j54m5p0zu7.fsf@fencepost.gnu.org> <dpvay4kfuj.fsf@fencepost.gnu.org>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
X-Trace: blaine.gmane.org 1473486445 6477 195.159.176.226 (10 Sep 2016 05:47:25 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sat, 10 Sep 2016 05:47:25 +0000 (UTC)
Cc: 24396@debbugs.gnu.org, zackw@panix.com
To: Glenn Morris <rgm@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Sep 10 07:47:21 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bib8D-0000NC-PT
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 10 Sep 2016 07:47:13 +0200
Original-Received: from localhost ([::1]:33292 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bib8B-000393-RL
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 10 Sep 2016 01:47:11 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45391)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bib86-00038v-9w
	for bug-gnu-emacs@gnu.org; Sat, 10 Sep 2016 01:47:07 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bib82-0002yI-7A
	for bug-gnu-emacs@gnu.org; Sat, 10 Sep 2016 01:47:05 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:57349)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bib82-0002yE-49
	for bug-gnu-emacs@gnu.org; Sat, 10 Sep 2016 01:47:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bib81-0007J1-Sb
	for bug-gnu-emacs@gnu.org; Sat, 10 Sep 2016 01:47:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 10 Sep 2016 05:47:01 +0000
Resent-Message-ID: <handler.24396.B24396.147348639428046@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 24396
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 24396-submit@debbugs.gnu.org id=B24396.147348639428046
	(code B ref 24396); Sat, 10 Sep 2016 05:47:01 +0000
Original-Received: (at 24396) by debbugs.gnu.org; 10 Sep 2016 05:46:34 +0000
Original-Received: from localhost ([127.0.0.1]:55061 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bib7Z-0007II-Tf
	for submit@debbugs.gnu.org; Sat, 10 Sep 2016 01:46:34 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:54384)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eliz@gnu.org>) id 1bib7X-0007I4-6s
	for 24396@debbugs.gnu.org; Sat, 10 Sep 2016 01:46:31 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1bib7O-0002po-Ud
	for 24396@debbugs.gnu.org; Sat, 10 Sep 2016 01:46:26 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56127)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1bib7O-0002pi-Ra; Sat, 10 Sep 2016 01:46:22 -0400
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1735
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1bib7M-0001Tx-KA; Sat, 10 Sep 2016 01:46:21 -0400
In-reply-to: <dpvay4kfuj.fsf@fencepost.gnu.org> (message from Glenn Morris on
	Fri, 09 Sep 2016 15:55:48 -0400)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:123133
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/123133>

> From: Glenn Morris <rgm@gnu.org>
> Date: Fri, 09 Sep 2016 15:55:48 -0400
> Cc: 24396@debbugs.gnu.org
> 
> http://emacs.stackexchange.com/questions/18045/how-can-i-retrieve-an-https-url-on-mac-os-x-without-warnings-about-an-untrusted
> 
> seems relevant.
> 
> I guess OS X uses some system keychain for SSL certs that is opaque to Emacs.
> Perhaps it should learn to understand it, if that's even possible.

Isn't that the GnuTLS job?  (The OP's build is linked against GnuTLS.)
That's what happens on MS-Windows: GnuTLS uses the system-wide
certificate store, not the files you find on a typical Posix box.  We
already request GnuTLS to use system certificate store.