On 13 Jul 2017 16:49, "Eli Zaretskii" wrote: > > From: Richard Copley > > Date: Thu, 13 Jul 2017 03:42:56 +0100 > > Cc: 27658@debbugs.gnu.org > > > > > Hmm, and I see that #15905 was closed as wontfix too, so it's basically > > > unsupported at this point even on GNU/Linux platforms. We should mark > > > it as obsolete at least, if not remove it entirely. > > > > That's a shame, because the library-based implementation has some flaws > > too. I've been trying to debug where that goes wrong, when it accepts > certs > > for the wrong host and self-signed certs. (Test case in Glyph's blog > post.) > > I didn't learn much. Never mind :) > > Are you sure that blog is still accurate? It's quite old, and newer > versions of the GnuTLS library became meanwhile available. > No doubt some stuff there is no longer valid, but the test case should succeed. I have the latest release of GnuTLS and I did my own testing and debugging using gnutls-cli.exe before writing this bug report. I mentioned the library in my last message. I find (on my own system today) that the Emacs TLS implementation using the library (in gnutls.{c,el}) works except that it accepts bad certificates. I don't think that's stated in the blog at all -- the blog is also mostly about the implementation based on an external program (in tls.el). The possible bug in gnutls.{c,el} or the library itself, the one I was talking about in my last message, appears to be what is spoken about here(1) in November 2015 and here(2) in February 2016. As far as I know it doesn't have an Emacs bug report. (1) https://emacs.stackexchange.com/questions/18079/emacs-tls-check-is-still-ill-configured (2) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816063