From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: bug#16791: w3m fails to do any SSL certificate checking Date: Tue, 18 Feb 2014 03:58:21 -0500 Message-ID: <87ha7wol02.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54203) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WFgXG-000459-V9 for bug-guix@gnu.org; Tue, 18 Feb 2014 04:00:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WFgX7-0004UL-Ip for bug-guix@gnu.org; Tue, 18 Feb 2014 04:00:14 -0500 Received: from debbugs.gnu.org ([140.186.70.43]:56395) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WFgX7-0004U9-Fr for bug-guix@gnu.org; Tue, 18 Feb 2014 04:00:05 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WFgX7-0007LO-5K for bug-guix@gnu.org; Tue, 18 Feb 2014 04:00:05 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WFgWL-0003vP-Hl for bug-guix@gnu.org; Tue, 18 Feb 2014 03:59:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WFgWE-0003md-80 for bug-guix@gnu.org; Tue, 18 Feb 2014 03:59:17 -0500 Received: from world.peace.net ([96.39.62.75]:40056) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WFgWE-0003mZ-4o for bug-guix@gnu.org; Tue, 18 Feb 2014 03:59:10 -0500 List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: 16791@debbugs.gnu.org In Guix, neither w3m nor emacs-w3m warn me when I visit an https URL that uses a server certificate that is both self-signed and expired. To make matters worse, if I ask for page information (with the '=' key), it tells me that the certificate is valid. On Debian, both w3m and emacs-w3m inform me when an SSL certificate is invalid in some way, e.g. if it's expired or not signed by a certificate authority in my trust store. Mark