From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Gerwitz <mtg@gnu.org>
Subject: bug#32833: IceCat 60 showing sites as "insecure" despite using HTTPS
Date: Tue, 25 Sep 2018 20:30:57 -0400
Message-ID: <87tvmdcd6m.fsf@gnu.org>
References: <87k1nadx4v.fsf@gnu.org> <87o9clck40.fsf@netris.org>
	<87a7o5cdv3.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60618)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g4y1h-0000HR-EX
	for bug-guix@gnu.org; Tue, 25 Sep 2018 20:50:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g4xnD-00021V-0O
	for bug-guix@gnu.org; Tue, 25 Sep 2018 20:35:03 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:49977)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1g4xnC-00021N-Of
	for bug-guix@gnu.org; Tue, 25 Sep 2018 20:35:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.32833.B32833.15379220578306@debbugs.gnu.org>
In-Reply-To: <87a7o5cdv3.fsf@netris.org> (Mark H. Weaver's message of "Tue, 25
	Sep 2018 20:16:16 -0400")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: 32833@debbugs.gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 25, 2018 at 20:16:16 -0400, Mark H Weaver wrote:
> Mark H Weaver <mhw@netris.org> writes:
>> To begin, I'm currently building IceCat using the bundled NSPR and NSS,
>> to see if that helps.
>
> Using the bundled NSPR and NSS works around the problem for me.  I just
> pushed this change in commit 6d328879378fac95240005233331f596fb5c68ed on
> 'master'.  See also the related, immediately preceding commits
> 257e3247910610fe24ae1b86f38e85552d53e48c and
> 94e96f7f68c3b9053fdb5dee5b0ab614163aaa08.

Great!

> I'm keeping this bug report open, since it would be good to find a
> better fix which avoids using the bundled libraries.

I wish I knew enough to suggest a better solution.

It's a little late now, but I just tested the IceCat binary on a Debian
machine and HTTPS works as expected.

Thanks again for your work on this.  Maybe I'll let IceCat build
overnight so I can give it a try tomorrow (still on my X200).

=2D-=20
Mike Gerwitz

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJbqtNBAAoJEIyRe39dxRuiFqIQAIqBbCWEhiXsRYrh9XuQdRL3
YgkfjY73bmxdSHeb9WyX2buzdiZ0V7vZo2rR3lV+tAPmu72ZUF/KzrsgIxervJ3V
Sd6lnevtT8fZugP7BP+mgSocM0N+4mtUl0kH7wq4MOOGGc+S0TAlDq7ph2yWmQoA
hrUu/FrMkPGASSiGP8+TY6vU3ZfDCf6FeS86zLfUUy75LB5vytM90XntTDGl0P0H
jALgaZLRYHAuztcgQIAzmAGatWcIBZCAYH3s5ZBgI7A1usne20JXhOHmWugFL91X
fFJUn++pA9VV085MIfPwjTKZnehfWEK/bt5gFVJmJUiT1C76kosdvOrHBxmU17yz
YY/hLbdgX4nKNGsmleEiU3HAbsCs4HVJ0dIUYx5PAGM7S/ykv13s3xKthmh5Vc99
u25bDmWcx5lon81sMxjnOZZ5t6W5I1HzQlJw64q3B9pZAoyf55rX7wMKLtx+csHT
rE16d2BZVwWs9cGmROkdSrkHVt3w2jaJr6aDj27uOe9cZUkrP8XfClKru5r4zcLg
+16yz5C5AbkvRFzXojb/jmYllQRTVvYOJ8kz8RXWDxF5ixsjd6uAilvfWLxyuq00
AqTV+VRZ5yS1GWSsrErT0iC9CbH/BdqC9jYJMb0Gnass8Ggo41scS3iC2P7gU1Kx
iNzxT08dKcOBtrOTa/gh
=Rsuf
-----END PGP SIGNATURE-----
--=-=-=--