Nathaniel Smith <n...@pobox.com> writes: > And sometimes I've even had it fail on https://wrong.host.badssl.com > after setting this (but not always). However, it always happily loads > https://self-signed.badssl.com, which means it's providing no > protection at all against MITM attacks.
So with 24.5+1-6+b2, right now I'm seeing exceptions for both addresses via emacs -Q: (require 'gnutls) (setq gnutls-verify-error t) (url-retrieve-synchronously "https://wrong.host.badssl.com";) (url-retrieve-synchronously "https://self-signed.badssl.com";) But perhaps this could be the intermittent success you mention? In any case, I'm investigating the patch http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=ccae04f205db7cffa0f247a463272f6c5af77122 mentioned here: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20465 referred to via: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816063#15 Thanks -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
