GNU bug report logs - #16791
w3m fails to do any SSL certificate checking

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Tue, 18 Feb 2014 09:00:03 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org, bug-strong-list <at> debbugs.gnu.org
Subject: bug#16791: closed (w3m fails to do any SSL certificate checking)
Date: Wed, 10 Feb 2016 21:17:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Wed, 10 Feb 2016 16:16:41 -0500
with message-id <20160210211641.GA28843 <at> jasmine>
and subject line Re: bug#16791: w3m fails to do any SSL certificate checking
has caused the debbugs.gnu.org bug report #16791,
regarding w3m fails to do any SSL certificate checking
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
16791: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16791
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Mark H Weaver <mhw <at> netris.org>
To: bug-guix <at> gnu.org
Subject: w3m fails to do any SSL certificate checking
Date: Tue, 18 Feb 2014 03:58:21 -0500

In Guix, neither w3m nor emacs-w3m warn me when I visit an https URL
that uses a server certificate that is both self-signed and expired.
To make matters worse, if I ask for page information (with the '=' key),
it tells me that the certificate is valid.

On Debian, both w3m and emacs-w3m inform me when an SSL certificate is
invalid in some way, e.g. if it's expired or not signed by a certificate
authority in my trust store.

      Mark



[Message part 3 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: 16791-done <at> debbugs.gnu.org
Subject: Re: bug#16791: w3m fails to do any SSL certificate checking
Date: Wed, 10 Feb 2016 16:16:41 -0500

On Thu, Jan 07, 2016 at 11:55:12PM -0500, Leo Famulari wrote:
> On Tue, Jan 05, 2016 at 11:32:14AM -0500, Leo Famulari wrote:
> > On Tue, Jan 05, 2016 at 12:35:57AM +0100, Ludovic Courtès wrote:

[...]

> > > What about using the latest upstream tarball, along with the patch
> > > above and probably the one that disables SSLv{2,3}?
> > 
> > I'll try that.
> 
> Mark, can you check if commit 62339e2d49 fixes this bug for you?

I believe this bug is fixed. Please re-open if that is not the case.
This bug report was last modified 9 years and 162 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.