bug#24466: `guix download` accepts expired TLS certificates

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#24466: `guix download` accepts expired TLS certificates

From:	Leo Famulari
Subject:	bug#24466: `guix download` accepts expired TLS certificates
Date:	Sun, 18 Sep 2016 21:14:54 -0400
User-agent:	Mutt/1.7.0 (2016-08-17)

While testing Nicolas's patch "Update giac-xcas", I found that `guix
download` accepts expired TLS certificates.

I tried visiting the upstream site in order to verify the hash of the
updated package, and my browsers (Firefox and Chromium) warned me that
the site's certificate had expired ~1 day ago.

However, `guix build -S` did not warn me or prevent me from downloading
the source code.

Perhaps it doesn't matter for the case of `guix build -S`, since we
already know what we expect to download. But, for `guix download`, this
is a bug.

[0]
http://lists.gnu.org/archive/html/guix-devel/2016-09/msg01460.html

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#24466: `guix download` accepts expired TLS certificates, Leo Famulari <=

Prev by Date: bug#24433: [PATCH] gnu: fish: Add input bc.
Next by Date: bug#24442: gettext: No PO mode for Emacs (or wrong description)
Previous by thread: bug#24450: pypi importer outputs strange character series in optional dependency case.
Next by thread: bug#24496: offloading should fall back to local build after n tries
Index(es):
- Date
- Thread