GNU bug report logs - #16791
w3m fails to do any SSL certificate checking

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Tue, 18 Feb 2014 09:00:03 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Mark H Weaver <mhw <at> netris.org>
Subject: bug#16791: closed (Re: bug#16791: w3m fails to do any SSL
 certificate checking)
Date: Wed, 10 Feb 2016 21:17:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#16791: w3m fails to do any SSL certificate checking

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 16791 <at> debbugs.gnu.org.

-- 
16791: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16791
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: 16791-done <at> debbugs.gnu.org
Subject: Re: bug#16791: w3m fails to do any SSL certificate checking
Date: Wed, 10 Feb 2016 16:16:41 -0500

On Thu, Jan 07, 2016 at 11:55:12PM -0500, Leo Famulari wrote:
> On Tue, Jan 05, 2016 at 11:32:14AM -0500, Leo Famulari wrote:
> > On Tue, Jan 05, 2016 at 12:35:57AM +0100, Ludovic Courtès wrote:

[...]

> > > What about using the latest upstream tarball, along with the patch
> > > above and probably the one that disables SSLv{2,3}?
> > 
> > I'll try that.
> 
> Mark, can you check if commit 62339e2d49 fixes this bug for you?

I believe this bug is fixed. Please re-open if that is not the case.


[Message part 3 (message/rfc822, inline)]
From: Mark H Weaver <mhw <at> netris.org>
To: bug-guix <at> gnu.org
Subject: w3m fails to do any SSL certificate checking
Date: Tue, 18 Feb 2014 03:58:21 -0500

In Guix, neither w3m nor emacs-w3m warn me when I visit an https URL
that uses a server certificate that is both self-signed and expired.
To make matters worse, if I ask for page information (with the '=' key),
it tells me that the certificate is valid.

On Debian, both w3m and emacs-w3m inform me when an SSL certificate is
invalid in some way, e.g. if it's expired or not signed by a certificate
authority in my trust store.

      Mark
This bug report was last modified 9 years and 161 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.