GNU bug report logs - #49114
‘guix lint’ should catch certificate validation exceptions

Previous Next

Package: guix;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Sat, 19 Jun 2021 11:30:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: bug#49114: closed (Re: bug#49114: ‘guix lint’ should catch certificate validation exceptions)
Date: Thu, 24 Jun 2021 21:45:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#49114: ‘guix lint’ should catch certificate validation exceptions

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 49114 <at> debbugs.gnu.org.

-- 
49114: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=49114
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 49114-done <at> debbugs.gnu.org
Subject: Re: bug#49114: ‘guix lint’ should catch
 certificate validation exceptions
Date: Thu, 24 Jun 2021 23:44:15 +0200

Hi!

Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:

> Ludovic Courtès 写道:
>> I don’t see these two packages in my checkout.  Do you have other
>> examples?
>
> Oh-kaay, I wonder what the devil went wrong there?  I wish I still had
> the original copy, but I don't.
>
> I wrote libndp and httping, of course :-D

Oh!  Fixed in 8a81ae61c183085b3a1edc4572d721ac5b2a581c.

Thanks,
Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Bug Guix <bug-guix <at> gnu.org>
Subject: ‘guix lint’ should catch certificate
 validation exceptions
Date: Sat, 19 Jun 2021 13:29:48 +0200

[Message part 4 (text/plain, inline)]
Guix,

The linter should obviously warn about TLS errors but it should 
not terminate processing.  See ‘guix lint ibndp’ or ‘guix lint 
ttping’, where the hostname and certificate CN/SAN don't match.

In any other situation Guix is probably right to throw a scary 
error and abort, even if hashes are our primary defence, not TLS.

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 330 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.