GNU bug report logs - #18600
24.3.94; EWW fails to check https certificates

Previous Next

Package: emacs;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Thu, 2 Oct 2014 06:27:02 UTC

Severity: important

Tags: fixed, security

Merged with 16193, 16978

Found in versions 24.3, 24.3.94

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 18600 <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 18600 <at> debbugs.gnu.org, Mark H Weaver <mhw <at> netris.org>
Subject: Re: bug#18600: 24.3.94; EWW fails to check https certificates
Date: Sat, 04 Oct 2014 17:34:39 -0400

On Fri, 03 Oct 2014 19:01:42 -0400 Glenn Morris <rgm <at> gnu.org> wrote: 

GM> Mark H Weaver wrote:
>> I used EWW to visit an https website that uses a self-signed and
>> long-expired https certificate.  It failed to notify me of any problem.

GM> Setting gnutls-verify-error non-nil may help (I don't know what it does
GM> with self-signed certificates).

Emacs will reject such certificates then. I tested that as part of
http://debbugs.gnu.org/16978 and would appreciate Mark's verification.

After 24.4 (now 25.1) is released it will be t by default.  Mark, can we
close this bug since http://debbugs.gnu.org/16978 already has all the info?

Thanks
Ted
This bug report was last modified 10 years and 180 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.