‘guix lint’ should catch certificate validation exceptions

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Tobias Geerinckx-Rice
Severity
normal

Debbugs page

Tobias Geerinckx-Rice wrote 4 years ago
‘guix lint’ should catch certificate validation exceptions
(name . Bug Guix)(address . bug-guix@gnu.org)
87eecy3xeb.fsf@nckx
Guix,

The linter should obviously warn about TLS errors but it should
not terminate processing. See ‘guix lint ibndp’ or ‘guix lint
ttping’, where the hostname and certificate CN/SAN don't match.

In any other situation Guix is probably right to throw a scary
error and abort, even if hashes are our primary defence, not TLS.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYM3VLA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15QD4A/RMEHCY66lQXkQQa1Tb70TWjf+ThETlu2xsWv0qG
rP7PAP9rjrkuXweiqje7fiLEEjgDfkZkf0AkG+ptDJEkzrnvBA==
=Vwle
-----END PGP SIGNATURE-----

Ludovic Courtès wrote 4 years ago
87h7howbjc.fsf@gnu.org
Hi,

Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org>
skribis:

Toggle quote (4 lines)
> The linter should obviously warn about TLS errors but it should not
> terminate processing. See ‘guix lint ibndp’ or ‘guix lint ttping’,
> where the hostname and certificate CN/SAN don't match.

I don’t see these two packages in my checkout. Do you have other
examples?

Ludo’.
Tobias Geerinckx-Rice wrote 4 years ago
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 49114@debbugs.gnu.org)
87o8bwxjgb.fsf@nckx
Ludovic Courtès 写道:
Toggle quote (4 lines)
> I don’t see these two packages in my checkout. Do you have
> other
> examples?

Oh-kaay, I wonder what the devil went wrong there? I wish I still
had the original copy, but I don't.

I wrote libndp and httping, of course :-D

Thanks!

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYNPARA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15BkkA/3qPpt+h8cIIG5jqNPgW/HX9OaojeaDUR0ksh/nR
2zDaAP9yb31uFCp7N+tBY/3hbQ9QNuCtJgDFQ3ZrcuaAYU9wDA==
=Jup8
-----END PGP SIGNATURE-----

Ludovic Courtès wrote 4 years ago
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 49114-done@debbugs.gnu.org)
87bl7vrl8w.fsf@gnu.org
Hi!

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

Toggle quote (9 lines)
> Ludovic Courtès 写道:
>> I don’t see these two packages in my checkout. Do you have other
>> examples?
>
> Oh-kaay, I wonder what the devil went wrong there? I wish I still had
> the original copy, but I don't.
>
> I wrote libndp and httping, of course :-D

Oh! Fixed in 8a81ae61c183085b3a1edc4572d721ac5b2a581c.

Thanks,
Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 49114@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49114
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help