GNU bug report logs - #26835
26.0.50; url-retrieve no longer raises certificate errors

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26835 in the body.
You can then email your comments to 26835 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Aaron Jensen <aaronjensen <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 26.0.50; url-retrieve no longer raises certificate errors
Date: Mon, 8 May 2017 11:42:45 -0700

This post describes a method for configuring emacs to verify ssl
certificates:
https://glyph.twistedmatrix.com/2015/11/editor-malware.html

It also contains a snippet to test that it is properly configured:

(let ((bad-hosts
       (loop for bad
             in `("https://wrong.host.badssl.com/"
                  "https://self-signed.badssl.com/")
             if (condition-case e
                    (url-retrieve
                     bad (lambda (retrieved) t))
                  (error nil))
             collect bad)))
  (if bad-hosts
      (print (format "tls misconfigured; retrieved %s ok"
                     bad-hosts))
    (url-retrieve "https://badssl.com"
                  (lambda (retrieved) t))))

This snippet works fine in 25.2 but reports an error on master (26.0.50)

As a simpler test, both:

(url-retrieve "https://wrong.host.badssl.com/")
(url-retrieve-synchronously "https://wrong.host.badssl.com/")

Should fail, but do not.

This is the log output with gnutls-log-level 2

Contacting host: wrong.host.badssl.com:443
gnutls.c: [1] (Emacs) connecting to host: wrong.host.badssl.com
gnutls.c: [1] (Emacs) allocating credentials
gnutls.c: [2] (Emacs) allocating x509 credentials
gnutls.c: [2] (Emacs) using default verification flags
gnutls.c: [audit] There was a non-CA certificate in the trusted list:
O=Entrust.net,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.),OU=(c) 1999 Entrust.net Limited,CN=Entrust.net Certification
Authority (2048).

gnutls.c: [1] (Emacs) setting the trustfile:  /usr/local/etc/libressl/cert.pem
gnutls.c: [audit] There was a non-CA certificate in the trusted list:
O=Entrust.net,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.),OU=(c) 1999 Entrust.net Limited,CN=Entrust.net Certification
Authority (2048).

gnutls.c: [1] (Emacs) gnutls callbacks
gnutls.c: [1] (Emacs) gnutls_init
gnutls.c: [1] (Emacs) got non-default priority string: NORMAL
gnutls.c: [1] (Emacs) setting the priority string
gnutls.c: [audit] Note that the security level of the Diffie-Hellman
key exchange has been lowered to 256 bits and this may allow
decryption of the session data

gnutls.c: [2] HSK[0x1178ab200]: sent server name: 'wrong.host.badssl.com'

gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily
unavailable, try again. [3 times]
gnutls.c: [2] received curve SECP256R1

gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily
unavailable, try again. [2 times]
gnutls.c: [2] (Emacs) Deallocating x509 credentials


Has the usage of url-retrieve changed such that it no longer throws
errors in this case or is this a bug?

If it is not a bug, what is the new preferred way of verifying that
certificate validation is indeed working?

Thanks!


In GNU Emacs 26.0.50 (build 1, x86_64-apple-darwin16.5.0, NS
appkit-1504.82 Version 10.12.4 (Build 16E195))
 of 2017-05-08 built on aaron
Repository revision: 52f7440b8ea8e18f7e83f8d107bd5e4df1bda7b1
Windowing system distributor 'Apple', version 10.3.1504
Recent messages:
Saving file /Users/aaronjensen/.emacs.d/.cache/personal.org...
Wrote ‘/Users/aaronjensen/.emacs.d/.cache/personal.org’
Fetched data overwrote
/Users/aaronjensen/.emacs.d/.cache/personal.org
Saving file /Users/aaronjensen/.emacs.d/.cache/work.org...
Wrote ‘/Users/aaronjensen/.emacs.d/.cache/work.org’
Fetched data overwrote
/Users/aaronjensen/.emacs.d/.cache/work.org
Added 4 events for today
0 (#o0, #x0, ?\C-@)

Configured using:
 'configure --disable-dependency-tracking --disable-silent-rules
 --enable-locallisppath=/usr/local/share/emacs/site-lisp
 --infodir=/usr/local/Cellar/emacs-plus/HEAD-52f7440/share/info/emacs
 --prefix=/usr/local/Cellar/emacs-plus/HEAD-52f7440 --with-xml2
 --without-dbus --with-gnutls --with-imagemagick --with-modules
 --with-rsvg --with-ns --disable-ns-self-contained'

Configured features:
JPEG RSVG IMAGEMAGICK NOTIFY ACL GNUTLS LIBXML2 ZLIB TOOLKIT_SCROLL_BARS
NS MODULES

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Text

Minor modes in effect:
  eros-mode: t
  yas-global-mode: t
  yas-minor-mode: t
  org-mobile-sync-mode: t
  magit-auto-revert-mode: t
  projectile-mode: t
  recentf-mode: t
  flyspell-mode: t
  evil-mc-mode: t
  hl-todo-mode: t
  global-spacemacs-whitespace-cleanup-mode: t
  spacemacs-whitespace-cleanup-mode: t
  ws-butler-global-mode: t
  ws-butler-mode: t
  winum-mode: t
  winner-mode: t
  volatile-highlights-mode: t
  global-vi-tilde-fringe-mode: t
  vi-tilde-fringe-mode: t
  pupo-mode: t
  purpose-mode: t
  spaceline-info-mode: t
  spaceline-helm-mode: t
  save-place-mode: t
  savehist-mode: t
  popwin-mode: t
  persp-mode: t
  Info-breadcrumbs-in-mode-line-mode: t
  global-git-gutter+-mode: t
  global-git-commit-mode: t
  async-bytecomp-package-mode: t
  shell-dirtrack-mode: t
  global-flycheck-mode: t
  flx-ido-mode: t
  eyebrowse-mode: t
  global-evil-surround-mode: t
  evil-surround-mode: t
  global-evil-search-highlight-persist: t
  evil-search-highlight-persist: t
  show-smartparens-global-mode: t
  show-smartparens-mode: t
  evil-escape-mode: t
  global-anzu-mode: t
  anzu-mode: t
  eval-sexp-fu-flash-mode: t
  editorconfig-mode: t
  dtrt-indent-mode: t
  diff-auto-refine-mode: t
  counsel-mode: t
  ivy-mode: t
  clean-aindent-mode: t
  hybrid-mode: t
  which-key-mode: t
  override-global-mode: t
  global-undo-tree-mode: t
  undo-tree-mode: t
  evil-mode: t
  evil-local-mode: t
  spacemacs-leader-override-mode: t
  global-spacemacs-leader-override-mode: t
  global-hl-line-mode: t
  xterm-mouse-mode: t
  global-auto-revert-mode: t
  ido-vertical-mode: t
  global-page-break-lines-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  auto-fill-function: yas--auto-fill
  transient-mark-mode: t
  abbrev-mode: t

Load-path shadows:
/Users/aaronjensen/.emacs.d/elpa/26.0/org-bullets-20140918.1137/org-bullets
hides /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-bullets
/Users/aaronjensen/.emacs.d/elpa/26.0/ht-20161015.1945/ht hides
/Users/aaronjensen/.emacs.d/core/libs/ht
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-texinfo
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-texinfo
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-publish
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-publish
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-org
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-org
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-odt
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-odt
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-md
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-md
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-man
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-man
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-latex
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-latex
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-icalendar
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-icalendar
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-html
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-html
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-beamer
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-beamer
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-ascii
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-ascii
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-w3m
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-w3m
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-version
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-version
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-timer
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-timer
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-table
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-table
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-src
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-src
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-rmail
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-rmail
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-protocol
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-protocol
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-plot
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-plot
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-pcomplete
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-pcomplete
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-mouse
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-mouse
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-mobile
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-mobile
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-mhe
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-mhe
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-macs
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-macs
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-macro
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-macro
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-loaddefs
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-loaddefs
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-list
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-list
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-irc
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-irc
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-install
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-install
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-inlinetask
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-inlinetask
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-info
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-info
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-indent
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-indent
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-id
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-id
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-habit
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-habit
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-gnus
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-gnus
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-footnote
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-footnote
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-feed
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-feed
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-faces
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-faces
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-eshell
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-eshell
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-entities
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-entities
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-element
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-element
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-docview
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-docview
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-datetree
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-datetree
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-ctags
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-ctags
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-crypt
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-crypt
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-compat
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-compat
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-colview
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-colview
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-clock
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-clock
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-capture
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-capture
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-bibtex
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-bibtex
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-bbdb
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-bbdb
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-attach
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-attach
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-archive
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-archive
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-agenda
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-agenda
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-tangle
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-tangle
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-table
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-table
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-sqlite
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-sqlite
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-sql
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-sql
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-shen
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-shen
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-screen
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-screen
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-scheme
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-scheme
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-scala
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-scala
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-sass
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-sass
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ruby
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ruby
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ref
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ref
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-R
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-R
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-python
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-python
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-plantuml
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-plantuml
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-picolisp
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-picolisp
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-perl
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-perl
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-org
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-org
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-octave
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-octave
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ocaml
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ocaml
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-mscgen
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-mscgen
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-maxima
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-maxima
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-matlab
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-matlab
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-makefile
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-makefile
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-lob
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-lob
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-lisp
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-lisp
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-lilypond
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-lilypond
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ledger
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ledger
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-latex
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-latex
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-keys
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-keys
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-js
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-js
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-java
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-java
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-io
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-io
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-haskell
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-haskell
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-gnuplot
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-gnuplot
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-fortran
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-fortran
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-exp
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-exp
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-eval
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-eval
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-emacs-lisp
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-emacs-lisp
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-dot
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-dot
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ditaa
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ditaa
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-css
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-css
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-core
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-core
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-comint
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-comint
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-clojure
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-clojure
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-calc
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-calc
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-C
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-C
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-awk
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-awk
/Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-asymptote
hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-asymptote

Features:
(shadow sort mail-extr emacsbug sendmail smex appt diary-lib
diary-loaddefs auto-compile packed elisp-slime-nav eros
evil-cleverparens evil-cleverparens-text-objects evil-cleverparens-util
paredit flycheck-package package-lint finder nameless alchemist
alchemist-macroexpand alchemist-company alchemist-help
alchemist-complete alchemist-refcard alchemist-phoenix alchemist-compile
alchemist-iex alchemist-message alchemist-hooks alchemist-hex
alchemist-mix alchemist-info alchemist-goto alchemist-scope
alchemist-eval alchemist-interact alchemist-server alchemist-execute
alchemist-report alchemist-test-mode alchemist-project alchemist-file
alchemist-key alchemist-utils smartparens-elixir flycheck-dialyxir
flycheck-credo flycheck-dogma elixir-mode pkg-info epl elixir-smie
goto-addr bug-reference auto-highlight-symbol highlight-numbers
parent-mode highlight-parentheses hideshow rainbow-delimiters sh-script
executable org-table pp vc-git org-gcal org-archive open-junk-file
company-files company-keywords company-etags company-gtags
company-template company-dabbrev-code company-dabbrev company-capf
php-extras company org-eldoc evil-org ob-clojure ob-ruby ob-shell
org-bullets org-download toc-org clojure-snippets yasnippet org-indent
image-file org-rmail org-mhe org-irc org-info org-gnus org-docview
doc-view org-bibtex bibtex org-bbdb org-w3m editorconfig-core
editorconfig-core-handle editorconfig-fnmatch org-mobile-sync org-mobile
org-agenda org-inlinetask ob-elixir ob-http ob-http-mode ob-restclient
restclient ox-gfm ox-md ox-reveal ox-odt rng-loc rng-uri rng-parse
rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok
nxml-util ox-latex ox-icalendar ox-html table ox-ascii ox-publish ox
orgit org-element avl-tree git-rebase magit-gh-pulls gh gh-users
gh-issues gh-pulls gh-repos gh-comments gh-gist gh-oauth gh-api logito
gh-cache pcache eieio-base gh-auth gh-url evil-magit magit-obsolete
magit-blame magit-stash magit-bisect magit-remote magit-commit
magit-sequence magit-notes magit-worktree magit-branch magit-files
magit-refs magit-status magit magit-repos magit-apply magit-wip
magit-log magit-diff smerge-mode magit-core magit-autorevert
magit-process magit-margin magit-mode magit-git magit-section
magit-popup org org-macro org-footnote org-pcomplete org-list org-faces
org-entities org-version ob-emacs-lisp ob ob-tangle org-src ob-ref
ob-lob ob-table ob-keys ob-exp ob-comint ob-core ob-eval org-compat
org-macs org-loaddefs cal-menu calendar cal-loaddefs request-deferred
deferred request alert log4e notifications dbus xml gntp mwim cl-print
colir network-stream starttls url-http tls gnutls url-gw nsm url-cache
url-auth url url-proxy url-privacy url-expand url-methods url-history
url-cookie url-domsuf url-util mailcap projectile grep compile recentf
tree-widget flyspell ispell quiet-emacs fill-or-unfill
company-simple-complete init-xclip init-typescript init-flyspell
init-terminal-cursor evil-terminal-cursor-changer init-org init-magit
evil-mc evil-mc-command-execute evil-mc-command-record
evil-mc-cursor-make evil-mc-region evil-mc-cursor-state evil-mc-undo
evil-mc-vars evil-mc-known-commands evil-mc-common hl-todo zone
xterm-color spacemacs-whitespace-cleanup ws-butler winum winner
window-purpose-x imenu-list imenu ibuf-ext ibuffer ibuffer-loaddefs
volatile-highlights vi-tilde-fringe tmux string-inflection
spacemacs-purpose-popwin window-purpose window-purpose-fixes
window-purpose-prefix-overload window-purpose-switch let-alist
window-purpose-layout window-purpose-core window-purpose-configuration
window-purpose-utils spaceline-config spaceline-segments spaceline
powerline powerline-separators color powerline-themes smartparens-config
smartparens-ruby saveplace savehist ruby-test-mode pcre2el rxt
re-builder ruby-mode smie popwin persp-mode osx-trash linum ivy-hydra
info+ image-mode git-gutter-fringe+ fringe-helper git-gutter+ git-commit
with-editor async-bytecomp async tramp-sh server magit-utils crm
log-edit message puny dired dired-loaddefs rfc822 mml mml-sec epa epg
gnus-util rmail rmail-loaddefs mailabbrev mail-utils gmm-utils
mailheader pcvs-util add-log docker-tramp tramp-cache tramp tramp-compat
tramp-loaddefs trampver shell drupal/pcomplete pcomplete comint
ansi-color parse-time gh-common gh-profile marshal flycheck-flow
flycheck find-func flx-ido eyebrowse evil-unimpaired f s evil-surround
evil-search-highlight-persist evil-numbers evil-lisp-state smartparens
dash evil-indent-plus evil-exchange evil-escape evil-args evil-anzu anzu
cider-eval-sexp-fu eval-sexp-fu highlight editorconfig noutline outline
dtrt-indent rx diff-hl vc-dir ewoc vc vc-dispatcher diff-mode counsel
jka-compr esh-util etags xref project swiper ivy flx delsel ivy-overlay
ffap clean-aindent-mode adaptive-wrap hybrid-mode exec-path-from-shell
evil-evilified-state which-key use-package diminish bind-key hydra lv
cus-edit cus-start cus-load evil evil-integration undo-tree diff
evil-maps evil-commands evil-jumps evil-command-window evil-types
evil-search evil-ex evil-macros evil-repeat evil-states evil-core
evil-common windmove thingatpt rect evil-digraphs evil-vars ring info
bind-map quelpa help-fns radix-tree package-build mm-decode mm-bodies
mm-encode mail-parse rfc2231 rfc2047 rfc2045 mm-util ietf-drums
mail-prsvr json map lisp-mnt hl-line xt-mouse autorevert filenotify
cl-extra disp-table wid-edit monokai-theme format-spec finder-inf
init-sass init-php init-html init-evil core-configuration-layer
eieio-compat ht cl help-mode warnings package epg-config url-handlers
url-parse auth-source cl-seq password-cache url-vars eieio eieio-core
eieio-loaddefs ido-vertical-mode ido seq byte-opt bytecomp byte-compile
cconv core-spacemacs core-use-package-ext core-transient-state
core-micro-state core-toggle core-keybindings core-fonts-support
core-spacemacs-buffer core-funcs cl-macs gv core-themes-support
core-display-init core-jump core-release-management core-custom-settings
core-dotspacemacs core-command-line pcase core-debug edmacro kmacro
derived advice profiler easymenu cl-loaddefs cl-lib page-break-lines
easy-mmode subr-x time-date tooltip eldoc electric uniquify ediff-hook
vc-hooks lisp-float-type mwheel term/ns-win ns-win ucs-normalize
mule-util term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow isearch timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932
hebrew greek romanian slovak czech european ethiopic indian cyrillic
chinese composite charscript charprop case-table epa-hook jka-cmpr-hook
help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote kqueue cocoa ns multi-tty make-network-process emacs)

Memory information:
((conses 16 1234324 766669)
 (symbols 48 72939 2)
 (miscs 40 2095 4834)
 (strings 32 222406 407731)
 (string-bytes 1 7367064)
 (vectors 16 111766)
 (vector-slots 8 2307252 262704)
 (floats 8 558 2047)
 (intervals 56 38278 14013)
 (buffers 976 58))

Message #8 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Aaron Jensen <aaronjensen <at> gmail.com>
Cc: 26835 <at> debbugs.gnu.org
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Mon, 08 May 2017 22:04:17 +0300

> From: Aaron Jensen <aaronjensen <at> gmail.com>
> Date: Mon, 8 May 2017 11:42:45 -0700
> 
> This post describes a method for configuring emacs to verify ssl
> certificates:
> https://glyph.twistedmatrix.com/2015/11/editor-malware.html
> 
> It also contains a snippet to test that it is properly configured:
> 
> (let ((bad-hosts
>        (loop for bad
>              in `("https://wrong.host.badssl.com/"
>                   "https://self-signed.badssl.com/")
>              if (condition-case e
>                     (url-retrieve
>                      bad (lambda (retrieved) t))
>                   (error nil))
>              collect bad)))
>   (if bad-hosts
>       (print (format "tls misconfigured; retrieved %s ok"
>                      bad-hosts))
>     (url-retrieve "https://badssl.com"
>                   (lambda (retrieved) t))))
> 
> This snippet works fine in 25.2 but reports an error on master (26.0.50)
> 
> As a simpler test, both:
> 
> (url-retrieve "https://wrong.host.badssl.com/")
> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
> 
> Should fail, but do not.

I seem to be unable to reproduce any of the wrong behavior in the
current master build.  Could you please provide more details about
what errors you see and what failures you expected, but didn't see?

In my testing, Emacs asks me whether to continue connecting, when it
discovers a bad certificate, and it's up to me to decide.  Did it ask
you, and if it did, what alternative did you select?

Also, did you try all this in "emacs -Q"?  It looks like you did this
in a customized session (e.g., because in "emacs -Q" there's no 'loop'
function, which the above snippet uses).  So the problems could have
something to do with your customizations.

Thanks.

Message #11 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Aaron Jensen <aaronjensen <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 26835 <at> debbugs.gnu.org
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Mon, 8 May 2017 12:44:52 -0700

On Mon, May 8, 2017 at 12:04 PM, Eli Zaretskii <eliz <at> gnu.org> wrote:
>> From: Aaron Jensen <aaronjensen <at> gmail.com>
>> Date: Mon, 8 May 2017 11:42:45 -0700
>>
> I seem to be unable to reproduce any of the wrong behavior in the
> current master build.  Could you please provide more details about
> what errors you see and what failures you expected, but didn't see?
>
> In my testing, Emacs asks me whether to continue connecting, when it
> discovers a bad certificate, and it's up to me to decide.  Did it ask
> you, and if it did, what alternative did you select?
>
> Also, did you try all this in "emacs -Q"?  It looks like you did this
> in a customized session (e.g., because in "emacs -Q" there's no 'loop'
> function, which the above snippet uses).  So the problems could have
> something to do with your customizations.

It repros in `emacs -Q', just set:

(setq gnutls-verify-error t)
(url-retrieve-synchronously "https://wrong.host.badssl.com/")

In Emacs 25.2, this causes an error to be thrown when you use
url-retrieve, in 26, it silently proceeds.

Also, I can confirm that if gnutls-verify-error is nil, it prompts as
you described. I'll leave it as that for now in my config.

Message #18 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Aaron Jensen <aaronjensen <at> gmail.com>, Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 26835 <at> debbugs.gnu.org
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Tue, 09 May 2017 20:51:48 +0300

[Resending, as I messed up the previous message.  Apologies.]

> From: Aaron Jensen <aaronjensen <at> gmail.com>
> Date: Mon, 8 May 2017 12:44:52 -0700
> Cc: 26835 <at> debbugs.gnu.org
> 
> It repros in `emacs -Q', just set:
> 
> (setq gnutls-verify-error t)
> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
> 
> In Emacs 25.2, this causes an error to be thrown when you use
> url-retrieve, in 26, it silently proceeds.

That's because we now perform GnuTLS negotiation asynchronously,
without blocking.  When the certificate matching fails, gnutls.c
faithfully stores the error message in the process's status by calling
boot_error:

	      boot_error (p, "The x509 certificate does not match \"%s\"",
			  c_hostname);

and boot_error does:

  static void ATTRIBUTE_FORMAT_PRINTF (2, 3)
  boot_error (struct Lisp_Process *p, const char *m, ...)
  {
    va_list ap;
    va_start (ap, m);
    if (p->is_non_blocking_client)
      pset_status (p, list2 (Qfailed, vformat_string (m, ap)));

So the process status becomes the list (failed "error message").  But
when url-retrieve-synchronously accesses the status, by calling
process-status, we do this:

  status = p->status;
  if (CONSP (status))
    status = XCAR (status);

which loses the error message, leaving just 'failed'.  So
url-retrieve-synchronously silently exits, and doesn't even have the
info that could cause it to signal an error.

IOW, the problem is not that the connection proceeds -- it does not.
The problem is that it fails silently without telling the caller what
caused the failure.

I'll CC Lars, who introduced the non-blocking connections.

Message #21 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 26835 <at> debbugs.gnu.org, Aaron Jensen <aaronjensen <at> gmail.com>
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Wed, 10 May 2017 16:24:13 +0200

Eli Zaretskii <eliz <at> gnu.org> writes:

>> It repros in `emacs -Q', just set:
>> 
>> (setq gnutls-verify-error t)
>> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
>> 
>> In Emacs 25.2, this causes an error to be thrown when you use
>> url-retrieve, in 26, it silently proceeds.
>
> That's because we now perform GnuTLS negotiation asynchronously,
> without blocking.

(As an aside, perhaps url-retrieve-synchronously should be opening the
socket with :nowait nil?)

>   status = p->status;
>   if (CONSP (status))
>     status = XCAR (status);
>
> which loses the error message, leaving just 'failed'.  So
> url-retrieve-synchronously silently exits, and doesn't even have the
> info that could cause it to signal an error.
>
> IOW, the problem is not that the connection proceeds -- it does not.
> The problem is that it fails silently without telling the caller what
> caused the failure.
>
> I'll CC Lars, who introduced the non-blocking connections.

Good analysis.  I'll try to have a look at this soonish (and make it
report the error properly) unless somebody else beats me to it.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #24 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Wed, 10 May 2017 19:48:32 +0300

> From: Lars Ingebrigtsen <larsi <at> gnus.org>
> Cc: Aaron Jensen <aaronjensen <at> gmail.com>,  26835 <at> debbugs.gnu.org
> Date: Wed, 10 May 2017 16:24:13 +0200
> 
> >> (setq gnutls-verify-error t)
> >> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
> >> 
> >> In Emacs 25.2, this causes an error to be thrown when you use
> >> url-retrieve, in 26, it silently proceeds.
> >
> > That's because we now perform GnuTLS negotiation asynchronously,
> > without blocking.
> 
> (As an aside, perhaps url-retrieve-synchronously should be opening the
> socket with :nowait nil?)

Yes, I had a similar thought while I was reading the code.

> Good analysis.  I'll try to have a look at this soonish (and make it
> report the error properly) unless somebody else beats me to it.

Thanks.

Message #27 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: larsi <at> gnus.org
Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Sat, 02 Sep 2017 16:42:44 +0300

> Date: Wed, 10 May 2017 19:48:32 +0300
> From: Eli Zaretskii <eliz <at> gnu.org>
> Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com
> 
> > From: Lars Ingebrigtsen <larsi <at> gnus.org>
> > Cc: Aaron Jensen <aaronjensen <at> gmail.com>,  26835 <at> debbugs.gnu.org
> > Date: Wed, 10 May 2017 16:24:13 +0200
> > 
> > >> (setq gnutls-verify-error t)
> > >> (url-retrieve-synchronously "https://wrong.host.badssl.com/")
> > >> 
> > >> In Emacs 25.2, this causes an error to be thrown when you use
> > >> url-retrieve, in 26, it silently proceeds.
> > >
> > > That's because we now perform GnuTLS negotiation asynchronously,
> > > without blocking.
> > 
> > (As an aside, perhaps url-retrieve-synchronously should be opening the
> > socket with :nowait nil?)
> 
> Yes, I had a similar thought while I was reading the code.
> 
> > Good analysis.  I'll try to have a look at this soonish (and make it
> > report the error properly) unless somebody else beats me to it.
> 
> Thanks.

Ping!  Lars, any news on this issue?

Message #30 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Wed, 13 Sep 2017 19:51:30 +0200

Eli Zaretskii <eliz <at> gnu.org> writes:

>> (As an aside, perhaps url-retrieve-synchronously should be opening the
>> socket with :nowait nil?)
>
> Yes, I had a similar thought while I was reading the code.

And if we have :nowait nil in that case, then the error will be thrown
as advertised.

So I think I'll just make that change...  somehow.  (The URL code is,
er, funny.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #35 received at 26835-done <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 26835-done <at> debbugs.gnu.org, aaronjensen <at> gmail.com
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Wed, 13 Sep 2017 20:11:15 +0200

This should now be fixed.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #38 received at 26835 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com
Subject: Re: bug#26835: 26.0.50;
 url-retrieve no longer raises certificate errors
Date: Wed, 13 Sep 2017 21:44:05 +0300

> From: Lars Ingebrigtsen <larsi <at> gnus.org>
> Cc: 26835-done <at> debbugs.gnu.org,  aaronjensen <at> gmail.com
> Date: Wed, 13 Sep 2017 20:11:15 +0200
> 
> This should now be fixed.

Thanks!

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.