From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#24466: `guix download` accepts expired TLS certificates Date: Sun, 18 Sep 2016 21:14:54 -0400 Message-ID: <20160919011454.GA6941@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57885) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1blnBp-0000LQ-P6 for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1blnBj-0006Ud-Gr for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:08 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:36938) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1blnBi-0006UV-B2 for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1blnBi-0007jq-7g for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1blnAs-00008E-27 for bug-guix@gnu.org; Sun, 18 Sep 2016 21:15:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1blnAo-0006Hn-Me for bug-guix@gnu.org; Sun, 18 Sep 2016 21:15:09 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:44829) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1blnAn-0006Fy-GI for bug-guix@gnu.org; Sun, 18 Sep 2016 21:15:06 -0400 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 5652FCCE9F for ; Sun, 18 Sep 2016 21:14:55 -0400 (EDT) Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 24466@debbugs.gnu.org --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline While testing Nicolas's patch "Update giac-xcas", I found that `guix download` accepts expired TLS certificates. I tried visiting the upstream site in order to verify the hash of the updated package, and my browsers (Firefox and Chromium) warned me that the site's certificate had expired ~1 day ago. However, `guix build -S` did not warn me or prevent me from downloading the source code. Perhaps it doesn't matter for the case of `guix build -S`, since we already know what we expect to download. But, for `guix download`, this is a bug. [0] http://lists.gnu.org/archive/html/guix-devel/2016-09/msg01460.html --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX3zwKAAoJECZG+jC6yn8IPAMQAMKc9B8hBVip+kPyp7zIQsOq 5VMZSPn+lPqnYSJ3OWOpYiLBHwAAvcbqFnhAazv5y2DiDTRezessD6y4zIk9T/qY q6EwDuXDKOcoGkOsgf4theMshQ6JYH5eIhv07/rgtnMa4vUGFhg4TqvrJG0b8mU6 lhEgoMpHqsq459MP1pXivDsvc1fvbBgce3ZOFRUVyOzjzm5UGalsCnLhXkMgt/Mz lgrGu3SLVekEGs/ezrYToiZeCaGBSEbgpEpQD3rjNZbSfGwPqL5ibYkydZborr11 AQDxljhjAhznKRueZtdjdCGSh7OXvX5S2a7x9j6eYBuzFWZRw2GonfBCBfHEYZbl 1JL+Y2b+mD2lzoKgFykdCYnm2riok6GkkMztSWw6TWsWrSDYyBkJacUxGf8WJfJD 7p0uKJnjMmtOSt8uarPK6/GQaZL90Q3W/QkNTA6MDBXDKrF2i8XWxc/SHzvUeeMQ /+fNstdpdFTdm98w3BgUd1ZOSY+mPG5kBS9mN8EVYV4whqyrL/3kQgDtoLKtg9Ac kPh+j+1EUpb9GKQdAIko4vDGyIe1JaS/+3gHKKfnYNeOgRIHm+BgsfW/1YlHosXw KcWraLnUJ4eRs/pZbmvUJlv0pLb8vifZKX1cwIA53ay1bSEFPGjHOr90eDIunLhk zrjyHDGgCeqzj9y8gFpn =PDv+ -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--