GNU bug report logs -
#22297
24.5; gnutls builds do not verify https by default
Previous Next
Reported by: Glyph Lefkowitz <glyph <at> twistedmatrix.com>
Date: Sun, 3 Jan 2016 09:38:02 UTC
Severity: normal
Found in version 24.5
Fixed in version 25.1
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 22297 in the body.
You can then email your comments to 22297 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#22297; Package
emacs.
(Sun, 03 Jan 2016 09:38:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Glyph Lefkowitz <glyph <at> twistedmatrix.com>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Sun, 03 Jan 2016 09:38:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
;; This elisp program illustrates the issue.
(require 'cl)
(let ((bad-hosts
(loop for bad
in `("https://wrong.host.badssl.com/"
"https://self-signed.badssl.com/")
if (condition-case e
(url-retrieve
bad (lambda (retrieved) t))
(error nil))
collect bad)))
(if bad-hosts
(error (format "tls misconfigured; retrieved %s ok"
bad-hosts))
(url-retrieve "https://badssl.com"
(lambda (retrieved) t))))
In GNU Emacs 24.5.1 (x86_64-apple-darwin15.2.0, NS apple-appkit-1404.34)
of 2015-12-19 on milly
Configured using:
`configure --prefix=/Homebrew/Cellar/emacs/24.5
--enable-locallisppath=/Homebrew/share/emacs/site-lisp
--infodir=/Homebrew/Cellar/emacs/24.5/share/info/emacs --with-xml2
--without-dbus --with-gnutls --with-rsvg --without-popmail --with-ns
--disable-ns-self-contained'
Important settings:
value of $LANG: en_US.UTF-8
locale-coding-system: utf-8-unix
Major mode: Emacs-Lisp
Minor modes in effect:
tooltip-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Recent messages:
Undo!
Auto-saving...done
Entering debugger...
Back to top level.
cl
Contacting host: wrong.host.badssl.com:443
Entering debugger...
Back to top level.
End of buffer
Mark set
Beginning of buffer
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message format-spec rfc822 mml mml-sec
mm-decode mm-bodies mm-encode mailabbrev gmm-utils mailheader sendmail
cl-macs cl gv mail-utils help-mode easymenu debug gnutls network-stream
starttls url-http tls mail-parse rfc2231 rfc2047 rfc2045 ietf-drums
url-gw url-cache url-auth url url-proxy url-privacy url-expand
url-methods url-history url-cookie url-domsuf url-util url-parse
auth-source eieio byte-opt bytecomp byte-compile cl-extra cl-loaddefs
cl-lib cconv eieio-core gnus-util mm-util help-fns mail-prsvr
password-cache url-vars mailcap misearch multi-isearch vc-git xterm
time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel ns-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment lisp-mode prog-mode register page menu-bar
rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax
facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak
czech european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button
faces cus-face macroexp files text-properties overlay sha1 md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process cocoa ns multi-tty emacs)
Memory information:
((conses 16 99881 8328)
(symbols 48 20184 0)
(miscs 40 64 258)
(strings 32 18027 4634)
(string-bytes 1 506262)
(vectors 16 10261)
(vector-slots 8 367085 7832)
(floats 8 69 390)
(intervals 56 444 15)
(buffers 960 18))
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#22297; Package
emacs.
(Sun, 03 Jan 2016 09:45:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 22297 <at> debbugs.gnu.org (full text, mbox):
Glyph Lefkowitz <glyph <at> twistedmatrix.com> writes:
> ;; This elisp program illustrates the issue.
>
> (require 'cl)
> (let ((bad-hosts
> (loop for bad
> in `("https://wrong.host.badssl.com/"
> "https://self-signed.badssl.com/")
> if (condition-case e
> (url-retrieve
> bad (lambda (retrieved) t))
> (error nil))
> collect bad)))
> (if bad-hosts
> (error (format "tls misconfigured; retrieved %s ok"
> bad-hosts))
> (url-retrieve "https://badssl.com"
> (lambda (retrieved) t))))
I'm unable to reproduce the problem. With an Emacs built with GnuTLS, I
get warnings about invalid certificates.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) unreproducible.
Request was from
Lars Magne Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sun, 03 Jan 2016 09:45:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#22297; Package
emacs.
(Sun, 03 Jan 2016 09:47:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 22297 <at> debbugs.gnu.org (full text, mbox):
Lars Magne Ingebrigtsen <larsi <at> gnus.org> writes:
> I'm unable to reproduce the problem. With an Emacs built with GnuTLS, I
> get warnings about invalid certificates.
(I tested with Emacs 25.1, though.)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#22297; Package
emacs.
(Sun, 03 Jan 2016 09:48:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 22297 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
> On Jan 3, 2016, at 1:46 AM, Lars Magne Ingebrigtsen <larsi <at> gnus.org> wrote:
>
> (I tested with Emacs 25.1, though.)
Aah. Quite possibly this bug has been fixed already, then.
[Message part 2 (text/html, inline)]
Removed tag(s) unreproducible.
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 05 Jan 2016 23:22:01 GMT)
Full text and
rfc822 format available.
bug marked as fixed in version 25.1, send any further explanations to
22297 <at> debbugs.gnu.org and Glyph Lefkowitz <glyph <at> twistedmatrix.com>
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 05 Jan 2016 23:22:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 03 Feb 2016 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 9 years and 143 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.