From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: https and emacs and package archives
Date: Mon, 27 Oct 2014 13:32:07 -0400
Message-ID: <jwvtx2pe83c.fsf-monnier+emacs@gnu.org>
References: <874muph25d.fsf@ferrier.me.uk>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1414431171 705 80.91.229.3 (27 Oct 2014 17:32:51 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 27 Oct 2014 17:32:51 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Nic Ferrier <nferrier@ferrier.me.uk>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Oct 27 18:32:44 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xio9s-00047v-2R
	for ged-emacs-devel@m.gmane.org; Mon, 27 Oct 2014 18:32:44 +0100
Original-Received: from localhost ([::1]:35079 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xio9r-0004qV-G0
	for ged-emacs-devel@m.gmane.org; Mon, 27 Oct 2014 13:32:43 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57044)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Xio9S-0004p3-8S
	for emacs-devel@gnu.org; Mon, 27 Oct 2014 13:32:25 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Xio9K-00010C-B2
	for emacs-devel@gnu.org; Mon, 27 Oct 2014 13:32:18 -0400
Original-Received: from ironport2-out.teksavvy.com ([206.248.154.181]:14764)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Xio9K-0000xn-6O
	for emacs-devel@gnu.org; Mon, 27 Oct 2014 13:32:10 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArgGAIDvNVNFpY87/2dsb2JhbABZgwY7gw+9L4MOgRcXdIIlAQEBAQIBJy8jBQsLDgYgEhQYDSSIBAjSGReOegeEOASUYwWKAYowgWqDTCE
X-IPAS-Result: ArgGAIDvNVNFpY87/2dsb2JhbABZgwY7gw+9L4MOgRcXdIIlAQEBAQIBJy8jBQsLDgYgEhQYDSSIBAjSGReOegeEOASUYwWKAYowgWqDTCE
X-IronPort-AV: E=Sophos;i="4.97,753,1389762000"; d="scan'208,217";a="95346139"
Original-Received: from 69-165-143-59.dsl.teksavvy.com (HELO pastel.home)
	([69.165.143.59])
	by ironport2-out.teksavvy.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
	27 Oct 2014 13:32:07 -0400
Original-Received: by pastel.home (Postfix, from userid 20848)
	id 83BE67CFF; Mon, 27 Oct 2014 13:32:07 -0400 (EDT)
In-Reply-To: <874muph25d.fsf@ferrier.me.uk> (Nic Ferrier's message of "Mon, 27
	Oct 2014 17:07:42 +0000")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 206.248.154.181
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175899
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175899>

> So switching back to HTTPS, what is going wrong?
> The depends of a package are all downloaded with HTTPS fine. But then:

>   GET /packages/elpakit-1.1.1.el HTTP/1.1..
>   MIME-Version: 1.0..
>   Connection: keep-alive..
>   Extension: Security/Digest Security/SSL..
>   Host: marmalade-repo.org..
>   Accept-encoding: gzip..Accept: */*..
>   User-Agent: URL/Emacs....  
> ##
> T 80.69.77.43:443 -> 172.30.1.18:48975 [AP]
>   HTTP/1.1 400 Bad Request..
>   Server: nginx/1.7.1..
>   Date: Mon, 27 Oct 2014 16:51:04 GMT..
>   Content-Type: text/html..
>   Content-Length: 270..
>   Connection: close....
>   <html>..<head><title>
>   400 The plain HTTP request was sent to HTTPS port
>   </title></head>.....

I'm not familiar enough with HTTPS to know what "The plain HTTP request
was sent to HTTPS port" means.

> That looks to me like the packaging system is forgetting that the
> package source is HTTPS when it downloads the target package and is
> sending the request as HTTP.

AFAIK, package.el does not pay attention to the transport at all, it
just uses the base-url as-is without ever tweaking it (so it also works
for file:// URLs), so I think it's more likely that the problem is in
the URL.el package rather than in package.el.

> Is this a regression? Yes. Doing exactly the same thing with my 24.3
> install works fine.

Please make a bug report for it.

> Probably the response to this will be "implement package signing".

It'd be a good idea in any case, indeed.
But we'd still want to fix the problem with https ;-)


        Stefan