From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#24466: `guix download` accepts expired TLS certificates
Date: Sun, 18 Sep 2016 21:14:54 -0400
Message-ID: <20160919011454.GA6941@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57885)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1blnBp-0000LQ-P6
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1blnBj-0006Ud-Gr
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:08 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:36938)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1blnBi-0006UV-B2
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1blnBi-0007jq-7g
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:16:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.24466.B.147424772029688@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57740)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1blnAs-00008E-27
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:15:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1blnAo-0006Hn-Me
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:15:09 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:44829)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1blnAn-0006Fy-GI
	for bug-guix@gnu.org; Sun, 18 Sep 2016 21:15:06 -0400
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
	by mail.messagingengine.com (Postfix) with ESMTPA id 5652FCCE9F
	for <bug-guix@gnu.org>; Sun, 18 Sep 2016 21:14:55 -0400 (EDT)
Content-Disposition: inline
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: 24466@debbugs.gnu.org


--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

While testing Nicolas's patch "Update giac-xcas", I found that `guix
download` accepts expired TLS certificates.

I tried visiting the upstream site in order to verify the hash of the
updated package, and my browsers (Firefox and Chromium) warned me that
the site's certificate had expired ~1 day ago.

However, `guix build -S` did not warn me or prevent me from downloading
the source code.

Perhaps it doesn't matter for the case of `guix build -S`, since we
already know what we expect to download. But, for `guix download`, this
is a bug.

[0]
http://lists.gnu.org/archive/html/guix-devel/2016-09/msg01460.html

--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX3zwKAAoJECZG+jC6yn8IPAMQAMKc9B8hBVip+kPyp7zIQsOq
5VMZSPn+lPqnYSJ3OWOpYiLBHwAAvcbqFnhAazv5y2DiDTRezessD6y4zIk9T/qY
q6EwDuXDKOcoGkOsgf4theMshQ6JYH5eIhv07/rgtnMa4vUGFhg4TqvrJG0b8mU6
lhEgoMpHqsq459MP1pXivDsvc1fvbBgce3ZOFRUVyOzjzm5UGalsCnLhXkMgt/Mz
lgrGu3SLVekEGs/ezrYToiZeCaGBSEbgpEpQD3rjNZbSfGwPqL5ibYkydZborr11
AQDxljhjAhznKRueZtdjdCGSh7OXvX5S2a7x9j6eYBuzFWZRw2GonfBCBfHEYZbl
1JL+Y2b+mD2lzoKgFykdCYnm2riok6GkkMztSWw6TWsWrSDYyBkJacUxGf8WJfJD
7p0uKJnjMmtOSt8uarPK6/GQaZL90Q3W/QkNTA6MDBXDKrF2i8XWxc/SHzvUeeMQ
/+fNstdpdFTdm98w3BgUd1ZOSY+mPG5kBS9mN8EVYV4whqyrL/3kQgDtoLKtg9Ac
kPh+j+1EUpb9GKQdAIko4vDGyIe1JaS/+3gHKKfnYNeOgRIHm+BgsfW/1YlHosXw
KcWraLnUJ4eRs/pZbmvUJlv0pLb8vifZKX1cwIA53ay1bSEFPGjHOr90eDIunLhk
zrjyHDGgCeqzj9y8gFpn
=PDv+
-----END PGP SIGNATURE-----

--X1bOJ3K7DJ5YkBrT--