GNU bug report logs - #24466
`guix download` accepts expired TLS certificates

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Sep 2016 01:16:02 UTC

Severity: normal

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 24466 <at> debbugs.gnu.org
Subject: bug#24466: `guix download` accepts expired TLS certificates
Date: Sun, 18 Sep 2016 21:14:54 -0400

[Message part 1 (text/plain, inline)]

While testing Nicolas's patch "Update giac-xcas", I found that `guix
download` accepts expired TLS certificates.

I tried visiting the upstream site in order to verify the hash of the
updated package, and my browsers (Firefox and Chromium) warned me that
the site's certificate had expired ~1 day ago.

However, `guix build -S` did not warn me or prevent me from downloading
the source code.

Perhaps it doesn't matter for the case of `guix build -S`, since we
already know what we expect to download. But, for `guix download`, this
is a bug.

[0]
http://lists.gnu.org/archive/html/guix-devel/2016-09/msg01460.html

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 8 years and 250 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24466 `guix download` accepts expired TLS certificates

GNU bug report logs - #24466
`guix download` accepts expired TLS certificates