GNU bug report logs - #49114
‘guix lint’ should catch certificate validation exceptions

Previous Next

Package: guix;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Sat, 19 Jun 2021 11:30:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 49114 in the body.
You can then email your comments to 49114 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#49114; Package guix. (Sat, 19 Jun 2021 11:30:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Tobias Geerinckx-Rice <me <at> tobias.gr>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sat, 19 Jun 2021 11:30:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Bug Guix <bug-guix <at> gnu.org>
Subject: ‘guix lint’ should catch certificate
 validation exceptions
Date: Sat, 19 Jun 2021 13:29:48 +0200

[Message part 1 (text/plain, inline)]
Guix,

The linter should obviously warn about TLS errors but it should 
not terminate processing.  See ‘guix lint ibndp’ or ‘guix lint 
ttping’, where the hostname and certificate CN/SAN don't match.

In any other situation Guix is probably right to throw a scary 
error and abort, even if hashes are our primary defence, not TLS.

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#49114; Package guix. (Wed, 23 Jun 2021 20:51:01 GMT) Full text and rfc822 format available.

Message #8 received at 49114 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 49114 <at> debbugs.gnu.org,  Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: Re: bug#49114: ‘guix lint’ should catch
 certificate validation exceptions
Date: Wed, 23 Jun 2021 22:50:31 +0200

Hi,

Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix <at> gnu.org>
skribis:

> The linter should obviously warn about TLS errors but it should not
> terminate processing.  See ‘guix lint ibndp’ or ‘guix lint ttping’,
> where the hostname and certificate CN/SAN don't match.

I don’t see these two packages in my checkout.  Do you have other
examples?

Ludo’.
Information forwarded to bug-guix <at> gnu.org:
bug#49114; Package guix. (Wed, 23 Jun 2021 23:15:02 GMT) Full text and rfc822 format available.

Message #11 received at 49114 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 49114 <at> debbugs.gnu.org
Subject: Re: bug#49114: ‘guix lint’ should catch
 certificate validation exceptions
Date: Thu, 24 Jun 2021 01:14:12 +0200

[Message part 1 (text/plain, inline)]
Ludovic Courtès 写道:
> I don’t see these two packages in my checkout.  Do you have 
> other
> examples?

Oh-kaay, I wonder what the devil went wrong there?  I wish I still 
had the original copy, but I don't.

I wrote libndp and httping, of course :-D

Thanks!

T G-R

[signature.asc (application/pgp-signature, inline)]
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Thu, 24 Jun 2021 21:45:01 GMT) Full text and rfc822 format available.
Notification sent to Tobias Geerinckx-Rice <me <at> tobias.gr>:
bug acknowledged by developer. (Thu, 24 Jun 2021 21:45:02 GMT) Full text and rfc822 format available.

Message #16 received at 49114-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 49114-done <at> debbugs.gnu.org
Subject: Re: bug#49114: ‘guix lint’ should catch
 certificate validation exceptions
Date: Thu, 24 Jun 2021 23:44:15 +0200

Hi!

Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:

> Ludovic Courtès 写道:
>> I don’t see these two packages in my checkout.  Do you have other
>> examples?
>
> Oh-kaay, I wonder what the devil went wrong there?  I wish I still had
> the original copy, but I don't.
>
> I wrote libndp and httping, of course :-D

Oh!  Fixed in 8a81ae61c183085b3a1edc4572d721ac5b2a581c.

Thanks,
Ludo’.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 23 Jul 2021 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 2 years and 275 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.