tags +unreproducible thanks Rob Browning <r...@defaultvalue.org> writes:
> Nathaniel Smith <n...@pobox.com> writes: > >> And sometimes I've even had it fail on https://wrong.host.badssl.com >> after setting this (but not always). However, it always happily loads >> https://self-signed.badssl.com, which means it's providing no >> protection at all against MITM attacks. > > So with 24.5+1-6+b2, right now I'm seeing exceptions for both addresses > via emacs -Q: > > (require 'gnutls) > (setq gnutls-verify-error t) > (url-retrieve-synchronously "https://wrong.host.badssl.com") > (url-retrieve-synchronously "https://self-signed.badssl.com") > > But perhaps this could be the intermittent success you mention? As yet, both of these retrievals have always succeeded for me (just tested again with emacs24-lucid 24.5+1-6+b2). > In any case, I'm investigating the patch > > > http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=ccae04f205db7cffa0f247a463272f6c5af77122 > > mentioned here: > > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20465 > > referred to via: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816063#15 While we might decide to add this patch anyway, so far it's not clear to me that it's related to the core problem originally reported here. -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4