Package: emacs;
Reported by: Aaron Jensen <aaronjensen <at> gmail.com>
Date: Mon, 8 May 2017 18:44:01 UTC
Severity: normal
Tags: security
Found in version 26.0.50
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26835 in the body.
You can then email your comments to 26835 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Mon, 08 May 2017 18:44:02 GMT) Full text and rfc822 format available.Aaron Jensen <aaronjensen <at> gmail.com>
:bug-gnu-emacs <at> gnu.org
.
(Mon, 08 May 2017 18:44:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Aaron Jensen <aaronjensen <at> gmail.com> To: bug-gnu-emacs <at> gnu.org Subject: 26.0.50; url-retrieve no longer raises certificate errors Date: Mon, 8 May 2017 11:42:45 -0700
This post describes a method for configuring emacs to verify ssl certificates: https://glyph.twistedmatrix.com/2015/11/editor-malware.html It also contains a snippet to test that it is properly configured: (let ((bad-hosts (loop for bad in `("https://wrong.host.badssl.com/" "https://self-signed.badssl.com/") if (condition-case e (url-retrieve bad (lambda (retrieved) t)) (error nil)) collect bad))) (if bad-hosts (print (format "tls misconfigured; retrieved %s ok" bad-hosts)) (url-retrieve "https://badssl.com" (lambda (retrieved) t)))) This snippet works fine in 25.2 but reports an error on master (26.0.50) As a simpler test, both: (url-retrieve "https://wrong.host.badssl.com/") (url-retrieve-synchronously "https://wrong.host.badssl.com/") Should fail, but do not. This is the log output with gnutls-log-level 2 Contacting host: wrong.host.badssl.com:443 gnutls.c: [1] (Emacs) connecting to host: wrong.host.badssl.com gnutls.c: [1] (Emacs) allocating credentials gnutls.c: [2] (Emacs) allocating x509 credentials gnutls.c: [2] (Emacs) using default verification flags gnutls.c: [audit] There was a non-CA certificate in the trusted list: O=Entrust.net,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),OU=(c) 1999 Entrust.net Limited,CN=Entrust.net Certification Authority (2048). gnutls.c: [1] (Emacs) setting the trustfile: /usr/local/etc/libressl/cert.pem gnutls.c: [audit] There was a non-CA certificate in the trusted list: O=Entrust.net,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),OU=(c) 1999 Entrust.net Limited,CN=Entrust.net Certification Authority (2048). gnutls.c: [1] (Emacs) gnutls callbacks gnutls.c: [1] (Emacs) gnutls_init gnutls.c: [1] (Emacs) got non-default priority string: NORMAL gnutls.c: [1] (Emacs) setting the priority string gnutls.c: [audit] Note that the security level of the Diffie-Hellman key exchange has been lowered to 256 bits and this may allow decryption of the session data gnutls.c: [2] HSK[0x1178ab200]: sent server name: 'wrong.host.badssl.com' gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again. [3 times] gnutls.c: [2] received curve SECP256R1 gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again. [2 times] gnutls.c: [2] (Emacs) Deallocating x509 credentials Has the usage of url-retrieve changed such that it no longer throws errors in this case or is this a bug? If it is not a bug, what is the new preferred way of verifying that certificate validation is indeed working? Thanks! In GNU Emacs 26.0.50 (build 1, x86_64-apple-darwin16.5.0, NS appkit-1504.82 Version 10.12.4 (Build 16E195)) of 2017-05-08 built on aaron Repository revision: 52f7440b8ea8e18f7e83f8d107bd5e4df1bda7b1 Windowing system distributor 'Apple', version 10.3.1504 Recent messages: Saving file /Users/aaronjensen/.emacs.d/.cache/personal.org... Wrote ‘/Users/aaronjensen/.emacs.d/.cache/personal.org’ Fetched data overwrote /Users/aaronjensen/.emacs.d/.cache/personal.org Saving file /Users/aaronjensen/.emacs.d/.cache/work.org... Wrote ‘/Users/aaronjensen/.emacs.d/.cache/work.org’ Fetched data overwrote /Users/aaronjensen/.emacs.d/.cache/work.org Added 4 events for today 0 (#o0, #x0, ?\C-@) Configured using: 'configure --disable-dependency-tracking --disable-silent-rules --enable-locallisppath=/usr/local/share/emacs/site-lisp --infodir=/usr/local/Cellar/emacs-plus/HEAD-52f7440/share/info/emacs --prefix=/usr/local/Cellar/emacs-plus/HEAD-52f7440 --with-xml2 --without-dbus --with-gnutls --with-imagemagick --with-modules --with-rsvg --with-ns --disable-ns-self-contained' Configured features: JPEG RSVG IMAGEMAGICK NOTIFY ACL GNUTLS LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS MODULES Important settings: value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix Major mode: Text Minor modes in effect: eros-mode: t yas-global-mode: t yas-minor-mode: t org-mobile-sync-mode: t magit-auto-revert-mode: t projectile-mode: t recentf-mode: t flyspell-mode: t evil-mc-mode: t hl-todo-mode: t global-spacemacs-whitespace-cleanup-mode: t spacemacs-whitespace-cleanup-mode: t ws-butler-global-mode: t ws-butler-mode: t winum-mode: t winner-mode: t volatile-highlights-mode: t global-vi-tilde-fringe-mode: t vi-tilde-fringe-mode: t pupo-mode: t purpose-mode: t spaceline-info-mode: t spaceline-helm-mode: t save-place-mode: t savehist-mode: t popwin-mode: t persp-mode: t Info-breadcrumbs-in-mode-line-mode: t global-git-gutter+-mode: t global-git-commit-mode: t async-bytecomp-package-mode: t shell-dirtrack-mode: t global-flycheck-mode: t flx-ido-mode: t eyebrowse-mode: t global-evil-surround-mode: t evil-surround-mode: t global-evil-search-highlight-persist: t evil-search-highlight-persist: t show-smartparens-global-mode: t show-smartparens-mode: t evil-escape-mode: t global-anzu-mode: t anzu-mode: t eval-sexp-fu-flash-mode: t editorconfig-mode: t dtrt-indent-mode: t diff-auto-refine-mode: t counsel-mode: t ivy-mode: t clean-aindent-mode: t hybrid-mode: t which-key-mode: t override-global-mode: t global-undo-tree-mode: t undo-tree-mode: t evil-mode: t evil-local-mode: t spacemacs-leader-override-mode: t global-spacemacs-leader-override-mode: t global-hl-line-mode: t xterm-mouse-mode: t global-auto-revert-mode: t ido-vertical-mode: t global-page-break-lines-mode: t global-eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t column-number-mode: t line-number-mode: t auto-fill-function: yas--auto-fill transient-mark-mode: t abbrev-mode: t Load-path shadows: /Users/aaronjensen/.emacs.d/elpa/26.0/org-bullets-20140918.1137/org-bullets hides /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-bullets /Users/aaronjensen/.emacs.d/elpa/26.0/ht-20161015.1945/ht hides /Users/aaronjensen/.emacs.d/core/libs/ht /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-texinfo hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-texinfo /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-publish hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-publish /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-org hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-org /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-odt hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-odt /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-md hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-md /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-man hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-man /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-latex hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-latex /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-icalendar hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-icalendar /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-html hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-html /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-beamer hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-beamer /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ox-ascii hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ox-ascii /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-w3m hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-w3m /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-version hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-version /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-timer hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-timer /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-table hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-table /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-src hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-src /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-rmail hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-rmail /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-protocol hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-protocol /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-plot hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-plot /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-pcomplete hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-pcomplete /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-mouse hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-mouse /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-mobile hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-mobile /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-mhe hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-mhe /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-macs hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-macs /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-macro hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-macro /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-loaddefs hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-loaddefs /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-list hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-list /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-irc hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-irc /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-install hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-install /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-inlinetask hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-inlinetask /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-info hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-info /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-indent hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-indent /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-id hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-id /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-habit hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-habit /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-gnus hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-gnus /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-footnote hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-footnote /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-feed hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-feed /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-faces hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-faces /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-eshell hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-eshell /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-entities hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-entities /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-element hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-element /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-docview hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-docview /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-datetree hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-datetree /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-ctags hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-ctags /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-crypt hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-crypt /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-compat hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-compat /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-colview hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-colview /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-clock hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-clock /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-capture hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-capture /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-bibtex hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-bibtex /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-bbdb hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-bbdb /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-attach hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-attach /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-archive hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-archive /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/org-agenda hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/org-agenda /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-tangle hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-tangle /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-table hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-table /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-sqlite hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-sqlite /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-sql hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-sql /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-shen hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-shen /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-screen hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-screen /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-scheme hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-scheme /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-scala hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-scala /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-sass hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-sass /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ruby hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ruby /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ref hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ref /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-R hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-R /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-python hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-python /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-plantuml hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-plantuml /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-picolisp hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-picolisp /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-perl hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-perl /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-org hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-org /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-octave hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-octave /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ocaml hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ocaml /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-mscgen hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-mscgen /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-maxima hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-maxima /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-matlab hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-matlab /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-makefile hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-makefile /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-lob hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-lob /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-lisp hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-lisp /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-lilypond hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-lilypond /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ledger hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ledger /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-latex hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-latex /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-keys hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-keys /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-js hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-js /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-java hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-java /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-io hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-io /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-haskell hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-haskell /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-gnuplot hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-gnuplot /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-fortran hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-fortran /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-exp hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-exp /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-eval hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-eval /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-emacs-lisp hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-emacs-lisp /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-dot hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-dot /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-ditaa hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-ditaa /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-css hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-css /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-core hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-core /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-comint hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-comint /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-clojure hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-clojure /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-calc hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-calc /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-C hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-C /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-awk hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-awk /Users/aaronjensen/.emacs.d/elpa/26.0/org-plus-contrib-20170502/ob-asymptote hides /usr/local/Cellar/emacs-plus/HEAD-52f7440/share/emacs/26.0.50/lisp/org/ob-asymptote Features: (shadow sort mail-extr emacsbug sendmail smex appt diary-lib diary-loaddefs auto-compile packed elisp-slime-nav eros evil-cleverparens evil-cleverparens-text-objects evil-cleverparens-util paredit flycheck-package package-lint finder nameless alchemist alchemist-macroexpand alchemist-company alchemist-help alchemist-complete alchemist-refcard alchemist-phoenix alchemist-compile alchemist-iex alchemist-message alchemist-hooks alchemist-hex alchemist-mix alchemist-info alchemist-goto alchemist-scope alchemist-eval alchemist-interact alchemist-server alchemist-execute alchemist-report alchemist-test-mode alchemist-project alchemist-file alchemist-key alchemist-utils smartparens-elixir flycheck-dialyxir flycheck-credo flycheck-dogma elixir-mode pkg-info epl elixir-smie goto-addr bug-reference auto-highlight-symbol highlight-numbers parent-mode highlight-parentheses hideshow rainbow-delimiters sh-script executable org-table pp vc-git org-gcal org-archive open-junk-file company-files company-keywords company-etags company-gtags company-template company-dabbrev-code company-dabbrev company-capf php-extras company org-eldoc evil-org ob-clojure ob-ruby ob-shell org-bullets org-download toc-org clojure-snippets yasnippet org-indent image-file org-rmail org-mhe org-irc org-info org-gnus org-docview doc-view org-bibtex bibtex org-bbdb org-w3m editorconfig-core editorconfig-core-handle editorconfig-fnmatch org-mobile-sync org-mobile org-agenda org-inlinetask ob-elixir ob-http ob-http-mode ob-restclient restclient ox-gfm ox-md ox-reveal ox-odt rng-loc rng-uri rng-parse rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok nxml-util ox-latex ox-icalendar ox-html table ox-ascii ox-publish ox orgit org-element avl-tree git-rebase magit-gh-pulls gh gh-users gh-issues gh-pulls gh-repos gh-comments gh-gist gh-oauth gh-api logito gh-cache pcache eieio-base gh-auth gh-url evil-magit magit-obsolete magit-blame magit-stash magit-bisect magit-remote magit-commit magit-sequence magit-notes magit-worktree magit-branch magit-files magit-refs magit-status magit magit-repos magit-apply magit-wip magit-log magit-diff smerge-mode magit-core magit-autorevert magit-process magit-margin magit-mode magit-git magit-section magit-popup org org-macro org-footnote org-pcomplete org-list org-faces org-entities org-version ob-emacs-lisp ob ob-tangle org-src ob-ref ob-lob ob-table ob-keys ob-exp ob-comint ob-core ob-eval org-compat org-macs org-loaddefs cal-menu calendar cal-loaddefs request-deferred deferred request alert log4e notifications dbus xml gntp mwim cl-print colir network-stream starttls url-http tls gnutls url-gw nsm url-cache url-auth url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util mailcap projectile grep compile recentf tree-widget flyspell ispell quiet-emacs fill-or-unfill company-simple-complete init-xclip init-typescript init-flyspell init-terminal-cursor evil-terminal-cursor-changer init-org init-magit evil-mc evil-mc-command-execute evil-mc-command-record evil-mc-cursor-make evil-mc-region evil-mc-cursor-state evil-mc-undo evil-mc-vars evil-mc-known-commands evil-mc-common hl-todo zone xterm-color spacemacs-whitespace-cleanup ws-butler winum winner window-purpose-x imenu-list imenu ibuf-ext ibuffer ibuffer-loaddefs volatile-highlights vi-tilde-fringe tmux string-inflection spacemacs-purpose-popwin window-purpose window-purpose-fixes window-purpose-prefix-overload window-purpose-switch let-alist window-purpose-layout window-purpose-core window-purpose-configuration window-purpose-utils spaceline-config spaceline-segments spaceline powerline powerline-separators color powerline-themes smartparens-config smartparens-ruby saveplace savehist ruby-test-mode pcre2el rxt re-builder ruby-mode smie popwin persp-mode osx-trash linum ivy-hydra info+ image-mode git-gutter-fringe+ fringe-helper git-gutter+ git-commit with-editor async-bytecomp async tramp-sh server magit-utils crm log-edit message puny dired dired-loaddefs rfc822 mml mml-sec epa epg gnus-util rmail rmail-loaddefs mailabbrev mail-utils gmm-utils mailheader pcvs-util add-log docker-tramp tramp-cache tramp tramp-compat tramp-loaddefs trampver shell drupal/pcomplete pcomplete comint ansi-color parse-time gh-common gh-profile marshal flycheck-flow flycheck find-func flx-ido eyebrowse evil-unimpaired f s evil-surround evil-search-highlight-persist evil-numbers evil-lisp-state smartparens dash evil-indent-plus evil-exchange evil-escape evil-args evil-anzu anzu cider-eval-sexp-fu eval-sexp-fu highlight editorconfig noutline outline dtrt-indent rx diff-hl vc-dir ewoc vc vc-dispatcher diff-mode counsel jka-compr esh-util etags xref project swiper ivy flx delsel ivy-overlay ffap clean-aindent-mode adaptive-wrap hybrid-mode exec-path-from-shell evil-evilified-state which-key use-package diminish bind-key hydra lv cus-edit cus-start cus-load evil evil-integration undo-tree diff evil-maps evil-commands evil-jumps evil-command-window evil-types evil-search evil-ex evil-macros evil-repeat evil-states evil-core evil-common windmove thingatpt rect evil-digraphs evil-vars ring info bind-map quelpa help-fns radix-tree package-build mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 mm-util ietf-drums mail-prsvr json map lisp-mnt hl-line xt-mouse autorevert filenotify cl-extra disp-table wid-edit monokai-theme format-spec finder-inf init-sass init-php init-html init-evil core-configuration-layer eieio-compat ht cl help-mode warnings package epg-config url-handlers url-parse auth-source cl-seq password-cache url-vars eieio eieio-core eieio-loaddefs ido-vertical-mode ido seq byte-opt bytecomp byte-compile cconv core-spacemacs core-use-package-ext core-transient-state core-micro-state core-toggle core-keybindings core-fonts-support core-spacemacs-buffer core-funcs cl-macs gv core-themes-support core-display-init core-jump core-release-management core-custom-settings core-dotspacemacs core-command-line pcase core-debug edmacro kmacro derived advice profiler easymenu cl-loaddefs cl-lib page-break-lines easy-mmode subr-x time-date tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/ns-win ns-win ucs-normalize mule-util term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote kqueue cocoa ns multi-tty make-network-process emacs) Memory information: ((conses 16 1234324 766669) (symbols 48 72939 2) (miscs 40 2095 4834) (strings 32 222406 407731) (string-bytes 1 7367064) (vectors 16 111766) (vector-slots 8 2307252 262704) (floats 8 558 2047) (intervals 56 38278 14013) (buffers 976 58))
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Mon, 08 May 2017 19:05:01 GMT) Full text and rfc822 format available.Message #8 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: Aaron Jensen <aaronjensen <at> gmail.com> Cc: 26835 <at> debbugs.gnu.org Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Mon, 08 May 2017 22:04:17 +0300
> From: Aaron Jensen <aaronjensen <at> gmail.com> > Date: Mon, 8 May 2017 11:42:45 -0700 > > This post describes a method for configuring emacs to verify ssl > certificates: > https://glyph.twistedmatrix.com/2015/11/editor-malware.html > > It also contains a snippet to test that it is properly configured: > > (let ((bad-hosts > (loop for bad > in `("https://wrong.host.badssl.com/" > "https://self-signed.badssl.com/") > if (condition-case e > (url-retrieve > bad (lambda (retrieved) t)) > (error nil)) > collect bad))) > (if bad-hosts > (print (format "tls misconfigured; retrieved %s ok" > bad-hosts)) > (url-retrieve "https://badssl.com" > (lambda (retrieved) t)))) > > This snippet works fine in 25.2 but reports an error on master (26.0.50) > > As a simpler test, both: > > (url-retrieve "https://wrong.host.badssl.com/") > (url-retrieve-synchronously "https://wrong.host.badssl.com/") > > Should fail, but do not. I seem to be unable to reproduce any of the wrong behavior in the current master build. Could you please provide more details about what errors you see and what failures you expected, but didn't see? In my testing, Emacs asks me whether to continue connecting, when it discovers a bad certificate, and it's up to me to decide. Did it ask you, and if it did, what alternative did you select? Also, did you try all this in "emacs -Q"? It looks like you did this in a customized session (e.g., because in "emacs -Q" there's no 'loop' function, which the above snippet uses). So the problems could have something to do with your customizations. Thanks.
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Mon, 08 May 2017 19:45:02 GMT) Full text and rfc822 format available.Message #11 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Aaron Jensen <aaronjensen <at> gmail.com> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 26835 <at> debbugs.gnu.org Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Mon, 8 May 2017 12:44:52 -0700
On Mon, May 8, 2017 at 12:04 PM, Eli Zaretskii <eliz <at> gnu.org> wrote: >> From: Aaron Jensen <aaronjensen <at> gmail.com> >> Date: Mon, 8 May 2017 11:42:45 -0700 >> > I seem to be unable to reproduce any of the wrong behavior in the > current master build. Could you please provide more details about > what errors you see and what failures you expected, but didn't see? > > In my testing, Emacs asks me whether to continue connecting, when it > discovers a bad certificate, and it's up to me to decide. Did it ask > you, and if it did, what alternative did you select? > > Also, did you try all this in "emacs -Q"? It looks like you did this > in a customized session (e.g., because in "emacs -Q" there's no 'loop' > function, which the above snippet uses). So the problems could have > something to do with your customizations. It repros in `emacs -Q', just set: (setq gnutls-verify-error t) (url-retrieve-synchronously "https://wrong.host.badssl.com/") In Emacs 25.2, this causes an error to be thrown when you use url-retrieve, in 26, it silently proceeds. Also, I can confirm that if gnutls-verify-error is nil, it prompts as you described. I'll leave it as that for now in my config.
Glenn Morris <rgm <at> gnu.org>
to control <at> debbugs.gnu.org
.
(Mon, 08 May 2017 20:16:01 GMT) Full text and rfc822 format available.Glenn Morris <rgm <at> gnu.org>
to control <at> debbugs.gnu.org
.
(Mon, 08 May 2017 20:16:02 GMT) Full text and rfc822 format available.bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Tue, 09 May 2017 17:53:01 GMT) Full text and rfc822 format available.Message #18 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: Aaron Jensen <aaronjensen <at> gmail.com>, Lars Ingebrigtsen <larsi <at> gnus.org> Cc: 26835 <at> debbugs.gnu.org Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Tue, 09 May 2017 20:51:48 +0300
[Resending, as I messed up the previous message. Apologies.] > From: Aaron Jensen <aaronjensen <at> gmail.com> > Date: Mon, 8 May 2017 12:44:52 -0700 > Cc: 26835 <at> debbugs.gnu.org > > It repros in `emacs -Q', just set: > > (setq gnutls-verify-error t) > (url-retrieve-synchronously "https://wrong.host.badssl.com/") > > In Emacs 25.2, this causes an error to be thrown when you use > url-retrieve, in 26, it silently proceeds. That's because we now perform GnuTLS negotiation asynchronously, without blocking. When the certificate matching fails, gnutls.c faithfully stores the error message in the process's status by calling boot_error: boot_error (p, "The x509 certificate does not match \"%s\"", c_hostname); and boot_error does: static void ATTRIBUTE_FORMAT_PRINTF (2, 3) boot_error (struct Lisp_Process *p, const char *m, ...) { va_list ap; va_start (ap, m); if (p->is_non_blocking_client) pset_status (p, list2 (Qfailed, vformat_string (m, ap))); So the process status becomes the list (failed "error message"). But when url-retrieve-synchronously accesses the status, by calling process-status, we do this: status = p->status; if (CONSP (status)) status = XCAR (status); which loses the error message, leaving just 'failed'. So url-retrieve-synchronously silently exits, and doesn't even have the info that could cause it to signal an error. IOW, the problem is not that the connection proceeds -- it does not. The problem is that it fails silently without telling the caller what caused the failure. I'll CC Lars, who introduced the non-blocking connections.
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Wed, 10 May 2017 14:25:02 GMT) Full text and rfc822 format available.Message #21 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Lars Ingebrigtsen <larsi <at> gnus.org> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 26835 <at> debbugs.gnu.org, Aaron Jensen <aaronjensen <at> gmail.com> Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Wed, 10 May 2017 16:24:13 +0200
Eli Zaretskii <eliz <at> gnu.org> writes: >> It repros in `emacs -Q', just set: >> >> (setq gnutls-verify-error t) >> (url-retrieve-synchronously "https://wrong.host.badssl.com/") >> >> In Emacs 25.2, this causes an error to be thrown when you use >> url-retrieve, in 26, it silently proceeds. > > That's because we now perform GnuTLS negotiation asynchronously, > without blocking. (As an aside, perhaps url-retrieve-synchronously should be opening the socket with :nowait nil?) > status = p->status; > if (CONSP (status)) > status = XCAR (status); > > which loses the error message, leaving just 'failed'. So > url-retrieve-synchronously silently exits, and doesn't even have the > info that could cause it to signal an error. > > IOW, the problem is not that the connection proceeds -- it does not. > The problem is that it fails silently without telling the caller what > caused the failure. > > I'll CC Lars, who introduced the non-blocking connections. Good analysis. I'll try to have a look at this soonish (and make it report the error properly) unless somebody else beats me to it. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Wed, 10 May 2017 16:50:02 GMT) Full text and rfc822 format available.Message #24 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: Lars Ingebrigtsen <larsi <at> gnus.org> Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Wed, 10 May 2017 19:48:32 +0300
> From: Lars Ingebrigtsen <larsi <at> gnus.org> > Cc: Aaron Jensen <aaronjensen <at> gmail.com>, 26835 <at> debbugs.gnu.org > Date: Wed, 10 May 2017 16:24:13 +0200 > > >> (setq gnutls-verify-error t) > >> (url-retrieve-synchronously "https://wrong.host.badssl.com/") > >> > >> In Emacs 25.2, this causes an error to be thrown when you use > >> url-retrieve, in 26, it silently proceeds. > > > > That's because we now perform GnuTLS negotiation asynchronously, > > without blocking. > > (As an aside, perhaps url-retrieve-synchronously should be opening the > socket with :nowait nil?) Yes, I had a similar thought while I was reading the code. > Good analysis. I'll try to have a look at this soonish (and make it > report the error properly) unless somebody else beats me to it. Thanks.
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Sat, 02 Sep 2017 13:44:01 GMT) Full text and rfc822 format available.Message #27 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: larsi <at> gnus.org Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Sat, 02 Sep 2017 16:42:44 +0300
> Date: Wed, 10 May 2017 19:48:32 +0300 > From: Eli Zaretskii <eliz <at> gnu.org> > Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com > > > From: Lars Ingebrigtsen <larsi <at> gnus.org> > > Cc: Aaron Jensen <aaronjensen <at> gmail.com>, 26835 <at> debbugs.gnu.org > > Date: Wed, 10 May 2017 16:24:13 +0200 > > > > >> (setq gnutls-verify-error t) > > >> (url-retrieve-synchronously "https://wrong.host.badssl.com/") > > >> > > >> In Emacs 25.2, this causes an error to be thrown when you use > > >> url-retrieve, in 26, it silently proceeds. > > > > > > That's because we now perform GnuTLS negotiation asynchronously, > > > without blocking. > > > > (As an aside, perhaps url-retrieve-synchronously should be opening the > > socket with :nowait nil?) > > Yes, I had a similar thought while I was reading the code. > > > Good analysis. I'll try to have a look at this soonish (and make it > > report the error properly) unless somebody else beats me to it. > > Thanks. Ping! Lars, any news on this issue?
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Wed, 13 Sep 2017 17:52:02 GMT) Full text and rfc822 format available.Message #30 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Lars Ingebrigtsen <larsi <at> gnus.org> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Wed, 13 Sep 2017 19:51:30 +0200
Eli Zaretskii <eliz <at> gnu.org> writes: >> (As an aside, perhaps url-retrieve-synchronously should be opening the >> socket with :nowait nil?) > > Yes, I had a similar thought while I was reading the code. And if we have :nowait nil in that case, then the error will be thrown as advertised. So I think I'll just make that change... somehow. (The URL code is, er, funny.) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
Lars Ingebrigtsen <larsi <at> gnus.org>
:Aaron Jensen <aaronjensen <at> gmail.com>
:Message #35 received at 26835-done <at> debbugs.gnu.org (full text, mbox):
From: Lars Ingebrigtsen <larsi <at> gnus.org> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 26835-done <at> debbugs.gnu.org, aaronjensen <at> gmail.com Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Wed, 13 Sep 2017 20:11:15 +0200
This should now be fixed. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
bug-gnu-emacs <at> gnu.org
:bug#26835
; Package emacs
.
(Wed, 13 Sep 2017 18:45:01 GMT) Full text and rfc822 format available.Message #38 received at 26835 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: Lars Ingebrigtsen <larsi <at> gnus.org> Cc: 26835 <at> debbugs.gnu.org, aaronjensen <at> gmail.com Subject: Re: bug#26835: 26.0.50; url-retrieve no longer raises certificate errors Date: Wed, 13 Sep 2017 21:44:05 +0300
> From: Lars Ingebrigtsen <larsi <at> gnus.org> > Cc: 26835-done <at> debbugs.gnu.org, aaronjensen <at> gmail.com > Date: Wed, 13 Sep 2017 20:11:15 +0200 > > This should now be fixed. Thanks!
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org
.
(Thu, 12 Oct 2017 11:24:04 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.