From unknown Fri Jun 20 07:19:52 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#18600 <18600@debbugs.gnu.org>
To: bug#18600 <18600@debbugs.gnu.org>
Subject: Status: 24.3.94; EWW fails to check https certificates
Reply-To: bug#18600 <18600@debbugs.gnu.org>
Date: Fri, 20 Jun 2025 14:19:52 +0000

retitle 18600 24.3.94; EWW fails to check https certificates
reassign 18600 emacs
submitter 18600 Mark H Weaver <mhw@netris.org>
severity 18600 important
tag 18600 fixed security

thanks


From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 02 02:26:02 2014
Received: (at submit) by debbugs.gnu.org; 2 Oct 2014 06:26:02 +0000
Received: from localhost ([127.0.0.1]:57977 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XZZpw-0003FG-M8
	for submit@debbugs.gnu.org; Thu, 02 Oct 2014 02:26:01 -0400
Received: from eggs.gnu.org ([208.118.235.92]:50765)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <mhw@netris.org>) id 1XZZps-0003F6-MG
 for submit@debbugs.gnu.org; Thu, 02 Oct 2014 02:25:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mhw@netris.org>) id 1XZZpl-0002Jd-3u
 for submit@debbugs.gnu.org; Thu, 02 Oct 2014 02:25:56 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:36209)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mhw@netris.org>) id 1XZZpl-0002JZ-0y
 for submit@debbugs.gnu.org; Thu, 02 Oct 2014 02:25:49 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52426)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mhw@netris.org>) id 1XZZpe-0001r0-OG
 for bug-gnu-emacs@gnu.org; Thu, 02 Oct 2014 02:25:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mhw@netris.org>) id 1XZZpY-0002Fk-0I
 for bug-gnu-emacs@gnu.org; Thu, 02 Oct 2014 02:25:42 -0400
Received: from world.peace.net ([96.39.62.75]:47465)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mhw@netris.org>) id 1XZZpX-0002FU-T6
 for bug-gnu-emacs@gnu.org; Thu, 02 Oct 2014 02:25:35 -0400
Received: from c-24-62-95-23.hsd1.ma.comcast.net ([24.62.95.23] helo=jojen)
 by world.peace.net with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.72) (envelope-from <mhw@netris.org>)
 id 1XZZFk-0003wy-Eb; Thu, 02 Oct 2014 01:48:36 -0400
From: Mark H Weaver <mhw@netris.org>
To: bug-gnu-emacs@gnu.org
Subject: 24.3.94; EWW fails to check https certificates
Date: Thu, 02 Oct 2014 01:48:35 -0400
Message-ID: <871tqr81jg.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)


I used EWW to visit an https website that uses a self-signed and
long-expired https certificate.  It failed to notify me of any problem.



In GNU Emacs 24.3.94.1 (i686-pc-linux-gnu, GTK+ Version 3.10.1)
 of 2014-10-02 on localhost
Windowing system distributor `The X.Org Foundation', version 11.0.11202000
Configured using:
 `configure
 CONFIG_SHELL=/gnu/store/wgvrj5q40prd4d1fb0j81n6gxdpqwz79-bash-4.3.27/bin/bash
 SHELL=/gnu/store/wgvrj5q40prd4d1fb0j81n6gxdpqwz79-bash-4.3.27/bin/bash
 --prefix=/gnu/store/6x3z5nwya75jgfs76qkpj25va9iwsqd4-emacs-24.3.94
 --enable-fast-install
 --with-crt-dir=/gnu/store/1zxdnj48g45pwram0s8nprvkkwxzp62b-glibc-2.20/lib'

Important settings:
  value of $LC_ALL: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Summary

Minor modes in effect:
  shell-dirtrack-mode: t
  diff-auto-refine-mode: t
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t

Recent input:
  [removed; irrelevant]

Recent messages:
  [removed; irrelevant]

Load-path shadows:
None found.

Features:
(shadow term ehelp emacsbug sendmail sort gnus-cite mail-extr gnus-async
gnus-bcklg qp gnus-ml disp-table nndraft nnmh nnfolder netrc gnus-agent
gnus-srvr gnus-score score-mode nnvirtual gnus-msg gnus-art mm-uu
mml2015 epg-config mm-view mml-smime smime dig nntp gnus-cache gnus-sum
nnoo gnus-group gnus-undo nnmail mail-source gnus-start gnus-spec
gnus-int gnus-range gnus-win misearch multi-isearch gnutls shr-color
color timezone parse-time help-mode mule-util url-queue network-stream
starttls url-http tls url-gw url-cache url-auth eww mm-url gnus gnus-ems
nnheader wid-edit url url-proxy url-privacy url-expand url-methods
url-history url-cookie url-domsuf url-util url-parse auth-source eieio
byte-opt bytecomp byte-compile cconv eieio-core gnus-util password-cache
url-vars mailcap shr browse-url shell pcomplete comint ansi-color
paredit edmacro kmacro cl-loaddefs cl-lib server w3m-wget w3m-load
magit-bisect magit-key-mode magit diff-mode log-edit easy-mmode message
format-spec rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode
mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mm-util help-fns
mail-prsvr mailabbrev mail-utils gmm-utils mailheader ring pcvs-util
add-log geiser-install geiser scheme time-date tooltip electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd
fontset image regexp-opt fringe tabulated-list newcomment lisp-mode
prog-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote make-network-process
dbusbind gfilenotify dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

Memory information:
((conses 8 389222 31229)
 (symbols 24 32379 0)
 (miscs 20 195 588)
 (strings 16 51077 6316)
 (string-bytes 1 1780492)
 (vectors 8 25575)
 (vector-slots 4 590009 18268)
 (floats 8 413 443)
 (intervals 28 3719 319)
 (buffers 512 28)
 (heap 1024 44807 14554))




From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 02 14:04:31 2014
Received: (at control) by debbugs.gnu.org; 2 Oct 2014 18:04:31 +0000
Received: from localhost ([127.0.0.1]:59324 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XZkjv-0006rz-HO
	for submit@debbugs.gnu.org; Thu, 02 Oct 2014 14:04:31 -0400
Received: from world.peace.net ([96.39.62.75]:47152)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <mhw@netris.org>) id 1XZkjs-0006rp-UH
 for control@debbugs.gnu.org; Thu, 02 Oct 2014 14:04:29 -0400
Received: from c-24-62-95-23.hsd1.ma.comcast.net ([24.62.95.23]
 helo=yeeloong.lan)
 by world.peace.net with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.72) (envelope-from <mhw@netris.org>)
 id 1XZkjm-0005l7-7A; Thu, 02 Oct 2014 14:04:22 -0400
From: Mark H Weaver <mhw@netris.org>
To: control@debbugs.gnu.org
Date: Thu, 02 Oct 2014 14:04:08 -0400
Message-ID: <878uky73hj.fsf@yeeloong.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  severity 18600 serious thanks [...] 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  severity 18600 serious thanks [...] 
 
 Content analysis details:   (2.0 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  1.8 MISSING_SUBJECT        Missing Subject: header
  0.2 NO_SUBJECT             Extra score for no subject

severity 18600 serious
thanks




From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 02 23:00:20 2014
Received: (at control) by debbugs.gnu.org; 3 Oct 2014 03:00:20 +0000
Received: from localhost ([127.0.0.1]:59630 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XZt6R-0008Ri-6D
	for submit@debbugs.gnu.org; Thu, 02 Oct 2014 23:00:19 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:40847)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1XZt6O-0008Ra-Fh
 for control@debbugs.gnu.org; Thu, 02 Oct 2014 23:00:17 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>) id 1XZt6O-00071P-07
 for control@debbugs.gnu.org; Thu, 02 Oct 2014 23:00:16 -0400
Date: Thu, 02 Oct 2014 23:00:16 -0400
Message-Id: <E1XZt6O-00071P-07@fencepost.gnu.org>
Subject: control message for bug 18600
To: <control@debbugs.gnu.org>
X-Mailer: mail (GNU Mailutils 2.1)
From: Glenn Morris <rgm@gnu.org>
X-Spam-Score: -6.0 (------)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -6.0 (------)

severity 18600 important




From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 03 19:01:57 2014
Received: (at 18600) by debbugs.gnu.org; 3 Oct 2014 23:01:57 +0000
Received: from localhost ([127.0.0.1]:60651 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XaBrE-0004SZ-Ek
	for submit@debbugs.gnu.org; Fri, 03 Oct 2014 19:01:57 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:43905)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1XaBr7-0004SI-FB
 for 18600@debbugs.gnu.org; Fri, 03 Oct 2014 19:01:50 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>)
 id 1XaBr4-0002ka-S9; Fri, 03 Oct 2014 19:01:43 -0400
From: Glenn Morris <rgm@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
References: <871tqr81jg.fsf@netris.org>
X-Spook: White Water DRM IRA ASDIC Albright Waco, Texas Dick
X-Ran: "vEu&K7Lp{Gr]%J>GdjxbChj0)3.#d$y87;rUv(wIo{M1L5]&P'>[zwzr}in]/b@a*6E^T
X-Hue: cyan
X-Attribution: GM
Date: Fri, 03 Oct 2014 19:01:42 -0400
In-Reply-To: <871tqr81jg.fsf@netris.org> (Mark H. Weaver's message of "Thu, 02
 Oct 2014 01:48:35 -0400")
Message-ID: <51r3yorc4p.fsf@fencepost.gnu.org>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Mark H Weaver wrote:

> I used EWW to visit an https website that uses a self-signed and
> long-expired https certificate.  It failed to notify me of any problem.

Setting gnutls-verify-error non-nil may help (I don't know what it does
with self-signed certificates).






From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 03 19:40:18 2014
Received: (at control) by debbugs.gnu.org; 3 Oct 2014 23:40:18 +0000
Received: from localhost ([127.0.0.1]:60656 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XaCSP-0005S2-Kk
	for submit@debbugs.gnu.org; Fri, 03 Oct 2014 19:40:17 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:44665)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1XaCSN-0005Ru-3T
 for control@debbugs.gnu.org; Fri, 03 Oct 2014 19:40:15 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>) id 1XaCSH-0006aI-TD
 for control@debbugs.gnu.org; Fri, 03 Oct 2014 19:40:10 -0400
Date: Fri, 03 Oct 2014 19:40:09 -0400
Message-Id: <E1XaCSH-0006aI-TD@fencepost.gnu.org>
Subject: control message for bug 16193
To: <control@debbugs.gnu.org>
X-Mailer: mail (GNU Mailutils 2.1)
From: Glenn Morris <rgm@gnu.org>
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

forcemerge 18600 16193




From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 03 19:44:52 2014
Received: (at 18600) by debbugs.gnu.org; 3 Oct 2014 23:44:52 +0000
Received: from localhost ([127.0.0.1]:60660 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XaCWp-0005aY-LA
	for submit@debbugs.gnu.org; Fri, 03 Oct 2014 19:44:51 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:44743)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1XaCWn-0005aP-5d
 for 18600@debbugs.gnu.org; Fri, 03 Oct 2014 19:44:49 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>)
 id 1XaCWm-0007Wf-87; Fri, 03 Oct 2014 19:44:48 -0400
From: Glenn Morris <rgm@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
References: <871tqr81jg.fsf@netris.org> <51r3yorc4p.fsf@fencepost.gnu.org>
X-Spook: LLNL unclassified Merlin import Vince Foster kibo
X-Ran: zVG#N@%DN0|%DI~NOiH5sVbuoMP7Op9JD_!dIl7>ht>.j=?l{PApPwAm"Em-R]2Uv+;$ZR
X-Hue: red
X-Debbugs-No-Ack: yes
X-Attribution: GM
Date: Fri, 03 Oct 2014 19:44:48 -0400
In-Reply-To: <51r3yorc4p.fsf@fencepost.gnu.org> (Glenn Morris's message of
 "Fri, 03 Oct 2014 19:01:42 -0400")
Message-ID: <w9wq8gwwen.fsf@fencepost.gnu.org>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -4.3 (----)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -4.3 (----)


PS see previous discussion in http://debbugs.gnu.org/16978 .




From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 03 19:46:14 2014
Received: (at control) by debbugs.gnu.org; 3 Oct 2014 23:46:14 +0000
Received: from localhost ([127.0.0.1]:60664 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XaCYA-0006tl-7a
	for submit@debbugs.gnu.org; Fri, 03 Oct 2014 19:46:14 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:44770)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1XaCY7-0006tc-BS
 for control@debbugs.gnu.org; Fri, 03 Oct 2014 19:46:11 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>) id 1XaCY6-0007tY-Rr
 for control@debbugs.gnu.org; Fri, 03 Oct 2014 19:46:10 -0400
Date: Fri, 03 Oct 2014 19:46:10 -0400
Message-Id: <E1XaCY6-0007tY-Rr@fencepost.gnu.org>
Subject: control message for bug 16193
To: <control@debbugs.gnu.org>
X-Mailer: mail (GNU Mailutils 2.1)
From: Glenn Morris <rgm@gnu.org>
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

merge 16978 16193




From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 04 17:34:04 2014
Received: (at 18600) by debbugs.gnu.org; 4 Oct 2014 21:34:04 +0000
Received: from localhost ([127.0.0.1]:33280 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XaWxn-0004Gt-Om
	for submit@debbugs.gnu.org; Sat, 04 Oct 2014 17:34:04 -0400
Received: from mail-qc0-f178.google.com ([209.85.216.178]:36465)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <tzz@lifelogs.com>) id 1XaWxe-0004GN-TX
 for 18600@debbugs.gnu.org; Sat, 04 Oct 2014 17:34:01 -0400
Received: by mail-qc0-f178.google.com with SMTP id c9so2484483qcz.23
 for <18600@debbugs.gnu.org>; Sat, 04 Oct 2014 14:33:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google;
 h=from:to:cc:subject:organization:references:mail-copies-to
 :gmane-reply-to-list:date:in-reply-to:message-id:user-agent
 :mime-version:content-type;
 bh=OzRIMuhbJ+ONgnzwYvbkY6Sly2UCcFUfyuYCQfyaPBA=;
 b=hd+uALWZGsJesWggooQn/2/p51NSre2Wy7xXMvlNj3Y5ahtQDIfpnUsBT2txrNIctv
 MMj90OzwPh/hBWpHUlM+1img1XtUXs/qXdHjyY8DwN63WtZtFHRZWeEKDTL8adMpshGr
 NTmyrX/bwKQBF/NX5HStX4X2UibPrxYbkCa4A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:organization:references
 :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
 :user-agent:mime-version:content-type;
 bh=OzRIMuhbJ+ONgnzwYvbkY6Sly2UCcFUfyuYCQfyaPBA=;
 b=B7b0nwPFIkN+m5Y8N2YXupmRiemqQAL6VHKR5xa9JN2hg91oGx9Fm4nUxHrCrxQux8
 E34dOuw4fKjcYEuPiCYXibzrYO0K2iDUiSZNFXLcmcLAleCmxC13uAhLXlUzB9YEMwYV
 wKS8RHrXQALv37XFmuqKwFJag5nNl+TG/Ttcjs47Z7orYDJv4W4rQCugeVSHQ8nIGjLg
 JoGnIbhhQIl1L514WUEyD2m2O33/idAYCN5SoTlTrwxu8BGxidocPyRku3b8Yfdkjmcj
 2Nd6Vac6O71gbK5JXHe2hCYl+YBxa0AtbIMjgJzQNtZB1vzqa4dmugQC00q+SKdb79hP
 WWFA==
X-Gm-Message-State: ALoCoQmZRiu7qMbOvwhi0OW8fscOf47pIFo+1d+7q3cdKnC8r1jcMpKCSv6624wLCZ0cOYj6cEas
X-Received: by 10.224.121.80 with SMTP id g16mr19137392qar.64.1412458434186;
 Sat, 04 Oct 2014 14:33:54 -0700 (PDT)
Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72])
 by mx.google.com with ESMTPSA id o6sm8950269qag.40.2014.10.04.14.33.53
 for <multiple recipients>
 (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
 Sat, 04 Oct 2014 14:33:53 -0700 (PDT)
From: Ted Zlatanov <tzz@lifelogs.com>
To: Glenn Morris <rgm@gnu.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <871tqr81jg.fsf@netris.org> <51r3yorc4p.fsf@fencepost.gnu.org>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
 d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
 D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Sat, 04 Oct 2014 17:34:39 -0400
In-Reply-To: <51r3yorc4p.fsf@fencepost.gnu.org> (Glenn Morris's message of
 "Fri, 03 Oct 2014 19:01:42 -0400")
Message-ID: <87tx3jiknk.fsf@lifelogs.com>
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/25.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org, Mark H Weaver <mhw@netris.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Fri, 03 Oct 2014 19:01:42 -0400 Glenn Morris <rgm@gnu.org> wrote: 

GM> Mark H Weaver wrote:
>> I used EWW to visit an https website that uses a self-signed and
>> long-expired https certificate.  It failed to notify me of any problem.

GM> Setting gnutls-verify-error non-nil may help (I don't know what it does
GM> with self-signed certificates).

Emacs will reject such certificates then. I tested that as part of
http://debbugs.gnu.org/16978 and would appreciate Mark's verification.

After 24.4 (now 25.1) is released it will be t by default.  Mark, can we
close this bug since http://debbugs.gnu.org/16978 already has all the info?

Thanks
Ted




From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 04 19:25:11 2014
Received: (at 18600) by debbugs.gnu.org; 4 Oct 2014 23:25:11 +0000
Received: from localhost ([127.0.0.1]:33320 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XaYhK-00074L-RB
	for submit@debbugs.gnu.org; Sat, 04 Oct 2014 19:25:11 -0400
Received: from world.peace.net ([96.39.62.75]:52874)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <mhw@netris.org>) id 1XaYhH-00074B-MB
 for 18600@debbugs.gnu.org; Sat, 04 Oct 2014 19:25:08 -0400
Received: from c-24-62-95-23.hsd1.ma.comcast.net ([24.62.95.23]
 helo=yeeloong.lan)
 by world.peace.net with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.72) (envelope-from <mhw@netris.org>)
 id 1XaYh9-0005tl-DS; Sat, 04 Oct 2014 19:24:59 -0400
From: Mark H Weaver <mhw@netris.org>
To: Glenn Morris <rgm@gnu.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
References: <871tqr81jg.fsf@netris.org> <51r3yorc4p.fsf@fencepost.gnu.org>
 <87tx3jiknk.fsf@lifelogs.com>
Date: Sat, 04 Oct 2014 19:24:41 -0400
In-Reply-To: <87tx3jiknk.fsf@lifelogs.com> (Ted Zlatanov's message of "Sat, 04
 Oct 2014 17:34:39 -0400")
Message-ID: <87h9zj5sg6.fsf@yeeloong.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Fri, 03 Oct 2014 19:01:42 -0400 Glenn Morris <rgm@gnu.org> wrote: 
>
> GM> Mark H Weaver wrote:
>>> I used EWW to visit an https website that uses a self-signed and
>>> long-expired https certificate.  It failed to notify me of any problem.
>
> GM> Setting gnutls-verify-error non-nil may help (I don't know what it does
> GM> with self-signed certificates).
>
> Emacs will reject such certificates then. I tested that as part of
> http://debbugs.gnu.org/16978 and would appreciate Mark's verification.

Yes, that works, thanks.

> After 24.4 (now 25.1) is released it will be t by default.  Mark, can we
> close this bug since http://debbugs.gnu.org/16978 already has all the info?

I almost closed the bug myself, but on second thought I think this case
of eww https warrants special consideration, independent of the more
general question of how 'open-gnutls-stream' should behave by default.

There are a few reasons for this:

1. In the case of imaps, smtps, xmpp, etc, the most common use case is
   to connect to a single server only for each of these protocols, and
   very often that's one's own server with self-signed certs.

2. In the case of https, the typical use cases are very different, as
   are the expectations.  When browsing the web, one typically talks to
   a very large number of https servers.  More often than not, these
   servers have certificates signed by a well-known CA.  (Ideally it
   should be possible to disable checking based on URL).

3. Emacs 24.4 will be the first release that includes eww, so there are
   no preexisting users of eww that would be annoyed by suddenly having
   their existing functionality stop working.

With these in mind, I have two recommendations:

* I believe that eww https should check certificates by default in 24.4,
  even though other tls connections are tolerant by default.

* At minimum, it should be possible to enable certificate checking for
  eww https connections while still allowing self-signed certificates
  for other uses of 'open-gnutls-stream' such as imaps and smtps.  This
  is fairly common case.

IMO, anyway.  If you disagree, I'll defer to your judgment, but my
feeling is that the current behavior would not be well received.

    Thanks,
      Mark




From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 04 22:00:41 2014
Received: (at 18600) by debbugs.gnu.org; 5 Oct 2014 02:00:41 +0000
Received: from localhost ([127.0.0.1]:33366 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Xab7l-0002Yv-4V
	for submit@debbugs.gnu.org; Sat, 04 Oct 2014 22:00:38 -0400
Received: from ironport2-out.teksavvy.com ([206.248.154.181]:22657)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <monnier@iro.umontreal.ca>) id 1Xab7i-0002Yn-7I
 for 18600@debbugs.gnu.org; Sat, 04 Oct 2014 22:00:34 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArgGAIDvNVNFxKjo/2dsb2JhbABZgwY7gw+9L4MOgRcXdIIlAQEBAQIBViMFCws0EhQYDSSIBAjSGReOegeEOASpGYFqg0wh
X-IPAS-Result: ArgGAIDvNVNFxKjo/2dsb2JhbABZgwY7gw+9L4MOgRcXdIIlAQEBAQIBViMFCws0EhQYDSSIBAjSGReOegeEOASpGYFqg0wh
X-IronPort-AV: E=Sophos;i="4.97,753,1389762000"; d="scan'208";a="91694171"
Received: from 69-196-168-232.dsl.teksavvy.com (HELO ceviche.home)
 ([69.196.168.232])
 by ironport2-out.teksavvy.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
 04 Oct 2014 22:00:33 -0400
Received: by ceviche.home (Postfix, from userid 20848)
 id F252066088; Sat,  4 Oct 2014 22:00:27 -0400 (EDT)
From: Stefan Monnier <monnier@iro.umontreal.ca>
To: Mark H Weaver <mhw@netris.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
Message-ID: <jwvzjdbth0j.fsf-monnier+emacsbugs@gnu.org>
References: <871tqr81jg.fsf@netris.org> <51r3yorc4p.fsf@fencepost.gnu.org>
 <87tx3jiknk.fsf@lifelogs.com> <87h9zj5sg6.fsf@yeeloong.lan>
Date: Sat, 04 Oct 2014 22:00:27 -0400
In-Reply-To: <87h9zj5sg6.fsf@yeeloong.lan> (Mark H. Weaver's message of "Sat, 
 04 Oct 2014 19:24:41 -0400")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org, Glenn Morris <rgm@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.3 (/)

> With these in mind, I have two recommendations:
> * I believe that eww https should check certificates by default in 24.4,
>   even though other tls connections are tolerant by default.
> * At minimum, it should be possible to enable certificate checking for
>   eww https connections while still allowing self-signed certificates
>   for other uses of 'open-gnutls-stream' such as imaps and smtps.  This
>   is fairly common case.

I think it's too late to do that for Emacs-24.4.  But we should apply
such a change to `emacs-24' after the 24.4 release, so that it will be
included in the next release regardless if the next release is 25.1 or
a 24.5 bugfix.


        Stefan




From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 04 22:16:19 2014
Received: (at 18600) by debbugs.gnu.org; 5 Oct 2014 02:16:20 +0000
Received: from localhost ([127.0.0.1]:33379 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XabMw-0002xq-DQ
	for submit@debbugs.gnu.org; Sat, 04 Oct 2014 22:16:18 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:40217)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1XabMu-0002xi-54
 for 18600@debbugs.gnu.org; Sat, 04 Oct 2014 22:16:16 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>)
 id 1XabMt-0006Hu-45; Sat, 04 Oct 2014 22:16:15 -0400
From: Glenn Morris <rgm@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
References: <871tqr81jg.fsf@netris.org> <51r3yorc4p.fsf@fencepost.gnu.org>
 <87tx3jiknk.fsf@lifelogs.com>
X-Spook: industrial intelligence Downing Street SHA class struggle
X-Ran: /:!|h&|Dcs^Jo8T&]pDptk+!JCHdfyK!?f_pPHlI<AY{$]vWOxwcG#TL9Tr4IEOU=.9]}t
X-Hue: red
X-Debbugs-No-Ack: yes
X-Attribution: GM
Date: Sat, 04 Oct 2014 22:16:15 -0400
In-Reply-To: <87tx3jiknk.fsf@lifelogs.com> (Ted Zlatanov's message of "Sat, 04
 Oct 2014 17:34:39 -0400")
Message-ID: <czvbnzntw0.fsf@fencepost.gnu.org>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Ted Zlatanov wrote:

> close this bug since http://debbugs.gnu.org/16978 already has all the info?

They are merged.




From debbugs-submit-bounces@debbugs.gnu.org Sun Oct 05 13:18:23 2014
Received: (at 18600) by debbugs.gnu.org; 5 Oct 2014 17:18:23 +0000
Received: from localhost ([127.0.0.1]:34872 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1XapRv-0002eZ-BI
	for submit@debbugs.gnu.org; Sun, 05 Oct 2014 13:18:23 -0400
Received: from world.peace.net ([96.39.62.75]:53601)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <mhw@netris.org>) id 1XapRt-0002eR-9z
 for 18600@debbugs.gnu.org; Sun, 05 Oct 2014 13:18:21 -0400
Received: from c-24-62-95-23.hsd1.ma.comcast.net ([24.62.95.23]
 helo=yeeloong.lan)
 by world.peace.net with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.72) (envelope-from <mhw@netris.org>)
 id 1XapRn-00085a-3E; Sun, 05 Oct 2014 13:18:15 -0400
From: Mark H Weaver <mhw@netris.org>
To: Stefan Monnier <monnier@iro.umontreal.ca>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
References: <871tqr81jg.fsf@netris.org> <51r3yorc4p.fsf@fencepost.gnu.org>
 <87tx3jiknk.fsf@lifelogs.com> <87h9zj5sg6.fsf@yeeloong.lan>
 <jwvzjdbth0j.fsf-monnier+emacsbugs@gnu.org>
Date: Sun, 05 Oct 2014 13:17:56 -0400
In-Reply-To: <jwvzjdbth0j.fsf-monnier+emacsbugs@gnu.org> (Stefan Monnier's
 message of "Sat, 04 Oct 2014 22:00:27 -0400")
Message-ID: <87y4su4erf.fsf@yeeloong.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org, Glenn Morris <rgm@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> With these in mind, I have two recommendations:
>> * I believe that eww https should check certificates by default in 24.4,
>>   even though other tls connections are tolerant by default.
>> * At minimum, it should be possible to enable certificate checking for
>>   eww https connections while still allowing self-signed certificates
>>   for other uses of 'open-gnutls-stream' such as imaps and smtps.  This
>>   is fairly common case.
>
> I think it's too late to do that for Emacs-24.4.  But we should apply
> such a change to `emacs-24' after the 24.4 release, so that it will be
> included in the next release regardless if the next release is 25.1 or
> a 24.5 bugfix.

I continue to think this will be ill-received, and could result in more
bad PR for the GNU Project, but having said that, I'll let it go now.

     Thanks,
       Mark




From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 23 12:11:01 2014
Received: (at 18600) by debbugs.gnu.org; 23 Nov 2014 17:11:01 +0000
Received: from localhost ([127.0.0.1]:42857 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Xsage-0005KL-M6
	for submit@debbugs.gnu.org; Sun, 23 Nov 2014 12:11:00 -0500
Received: from hermes.netfonds.no ([80.91.224.195]:47859)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <larsi@gnus.org>) id 1Xsagc-0005KC-2w
 for 18600@debbugs.gnu.org; Sun, 23 Nov 2014 12:10:58 -0500
Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
 helo=stories.gnus.org)
 by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
 (Exim 4.72) (envelope-from <larsi@gnus.org>)
 id 1XsagJ-0006e6-Tq; Sun, 23 Nov 2014 18:10:39 +0100
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
To: Mark H Weaver <mhw@netris.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
References: <871tqr81jg.fsf@netris.org>
X-Now-Playing: Missy "Misdemeanor" Elliott's _Supa Dupa Fly_: "Best Friends"
X-Hashcash: 1:23:141123:18600@debbugs.gnu.org::ehToBQSGm8gmd8rq:00000000000000000000000000000000000000003gH7
X-Hashcash: 1:23:141123:mhw@netris.org::oEjZkhND5NJBlUR7:000XXs8
Date: Sun, 23 Nov 2014 18:10:39 +0100
In-Reply-To: <871tqr81jg.fsf@netris.org> (Mark H. Weaver's message of "Thu, 02
 Oct 2014 01:48:35 -0400")
Message-ID: <m3vbm5alm8.fsf@stories.gnus.org>
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-MailScanner-ID: 1XsagJ-0006e6-Tq
X-Netfonds-MailScanner: Found to be clean
X-Netfonds-MailScanner-From: larsi@gnus.org
MailScanner-NULL-Check: 1417367440.45309@gt2+h8UGStxjeE0VSVZ80w
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 18600
Cc: 18600@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

This has now been fixed on the trunk with the Network Security Manager
stuff.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 23 12:11:04 2014
Received: (at control) by debbugs.gnu.org; 23 Nov 2014 17:11:04 +0000
Received: from localhost ([127.0.0.1]:42861 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Xsagi-0005Ky-3x
	for submit@debbugs.gnu.org; Sun, 23 Nov 2014 12:11:04 -0500
Received: from hermes.netfonds.no ([80.91.224.195]:47865)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <larsi@gnus.org>) id 1Xsage-0005KK-J9
 for control@debbugs.gnu.org; Sun, 23 Nov 2014 12:11:01 -0500
Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
 helo=stories.gnus.org)
 by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
 (Exim 4.72) (envelope-from <larsi@gnus.org>) id 1XsagN-0006eF-0u
 for control@debbugs.gnu.org; Sun, 23 Nov 2014 18:10:43 +0100
Date: Sun, 23 Nov 2014 18:10:42 +0100
Message-Id: <m3tx1palm5.fsf@stories.gnus.org>
To: control@debbugs.gnu.org
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Subject: control message for bug #18600
X-MailScanner-ID: 1XsagN-0006eF-0u
X-Netfonds-MailScanner: Found to be clean
X-Netfonds-MailScanner-From: larsi@gnus.org
MailScanner-NULL-Check: 1417367443.44147@1nR7n+u+MI1L6d0nXXYEyw
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

tags 18600 fixed
close 18600 25.1




From unknown Fri Jun 20 07:19:52 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Mon, 22 Dec 2014 12:24:04 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator