[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#26835: 26.0.50; url-retrieve no longer raises certificate errors
|
From: |
Eli Zaretskii |
|
Subject: |
bug#26835: 26.0.50; url-retrieve no longer raises certificate errors |
|
Date: |
Mon, 08 May 2017 22:04:17 +0300 |
> From: Aaron Jensen <aaronjensen@gmail.com>
> Date: Mon, 8 May 2017 11:42:45 -0700
>
> This post describes a method for configuring emacs to verify ssl
> certificates:
> https://glyph.twistedmatrix.com/2015/11/editor-malware.html
>
> It also contains a snippet to test that it is properly configured:
>
> (let ((bad-hosts
> (loop for bad
> in `("https://wrong.host.badssl.com/";
> "https://self-signed.badssl.com/";)
> if (condition-case e
> (url-retrieve
> bad (lambda (retrieved) t))
> (error nil))
> collect bad)))
> (if bad-hosts
> (print (format "tls misconfigured; retrieved %s ok"
> bad-hosts))
> (url-retrieve "https://badssl.com";
> (lambda (retrieved) t))))
>
> This snippet works fine in 25.2 but reports an error on master (26.0.50)
>
> As a simpler test, both:
>
> (url-retrieve "https://wrong.host.badssl.com/";)
> (url-retrieve-synchronously "https://wrong.host.badssl.com/";)
>
> Should fail, but do not.
I seem to be unable to reproduce any of the wrong behavior in the
current master build. Could you please provide more details about
what errors you see and what failures you expected, but didn't see?
In my testing, Emacs asks me whether to continue connecting, when it
discovers a bad certificate, and it's up to me to decide. Did it ask
you, and if it did, what alternative did you select?
Also, did you try all this in "emacs -Q"? It looks like you did this
in a customized session (e.g., because in "emacs -Q" there's no 'loop'
function, which the above snippet uses). So the problems could have
something to do with your customizations.
Thanks.