bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#18600: 24.3.94; EWW fails to check https certificates

From: Mark H Weaver
Subject: bug#18600: 24.3.94; EWW fails to check https certificates
Date: Sun, 05 Oct 2014 13:17:56 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) 
Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> With these in mind, I have two recommendations:
>> * I believe that eww https should check certificates by default in 24.4,
>>   even though other tls connections are tolerant by default.
>> * At minimum, it should be possible to enable certificate checking for
>>   eww https connections while still allowing self-signed certificates
>>   for other uses of 'open-gnutls-stream' such as imaps and smtps.  This
>>   is fairly common case.
>
> I think it's too late to do that for Emacs-24.4.  But we should apply
> such a change to `emacs-24' after the 24.4 release, so that it will be
> included in the next release regardless if the next release is 25.1 or
> a 24.5 bugfix.

I continue to think this will be ill-received, and could result in more
bad PR for the GNU Project, but having said that, I'll let it go now.

     Thanks,
       Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]