[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: https and emacs and package archives
From: |
Stefan Monnier |
Subject: |
Re: https and emacs and package archives |
Date: |
Mon, 27 Oct 2014 13:32:07 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
> So switching back to HTTPS, what is going wrong?
> The depends of a package are all downloaded with HTTPS fine. But then:
> GET /packages/elpakit-1.1.1.el HTTP/1.1..
> MIME-Version: 1.0..
> Connection: keep-alive..
> Extension: Security/Digest Security/SSL..
> Host: marmalade-repo.org..
> Accept-encoding: gzip..Accept: */*..
> User-Agent: URL/Emacs....
> ##
> T 80.69.77.43:443 -> 172.30.1.18:48975 [AP]
> HTTP/1.1 400 Bad Request..
> Server: nginx/1.7.1..
> Date: Mon, 27 Oct 2014 16:51:04 GMT..
> Content-Type: text/html..
> Content-Length: 270..
> Connection: close....
> <html>..<head><title>
> 400 The plain HTTP request was sent to HTTPS port
> </title></head>.....
I'm not familiar enough with HTTPS to know what "The plain HTTP request
was sent to HTTPS port" means.
> That looks to me like the packaging system is forgetting that the
> package source is HTTPS when it downloads the target package and is
> sending the request as HTTP.
AFAIK, package.el does not pay attention to the transport at all, it
just uses the base-url as-is without ever tweaking it (so it also works
for file:// URLs), so I think it's more likely that the problem is in
the URL.el package rather than in package.el.
> Is this a regression? Yes. Doing exactly the same thing with my 24.3
> install works fine.
Please make a bug report for it.
> Probably the response to this will be "implement package signing".
It'd be a good idea in any case, indeed.
But we'd still want to fix the problem with https ;-)
Stefan