‘guix lint’ should catch certificate validation exceptions

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Tobias Geerinckx-Rice
Severity
normal
T
T
Tobias Geerinckx-Rice wrote on 19 Jun 2021 13:29
‘guix lint’ should catch certificate validation exceptions
(name . Bug Guix)(address . bug-guix@gnu.org)
87eecy3xeb.fsf@nckx
Guix,

The linter should obviously warn about TLS errors but it should
not terminate processing. See ‘guix lint ibndp’ or ‘guix lint
ttping’, where the hostname and certificate CN/SAN don't match.

In any other situation Guix is probably right to throw a scary
error and abort, even if hashes are our primary defence, not TLS.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYM3VLA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15QD4A/RMEHCY66lQXkQQa1Tb70TWjf+ThETlu2xsWv0qG
rP7PAP9rjrkuXweiqje7fiLEEjgDfkZkf0AkG+ptDJEkzrnvBA==
=Vwle
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 23 Jun 2021 22:50
87h7howbjc.fsf@gnu.org
Hi,

Tobias Geerinckx-Rice via Bug reports for GNU Guix <bug-guix@gnu.org>
skribis:

Toggle quote (4 lines)
> The linter should obviously warn about TLS errors but it should not
> terminate processing. See ‘guix lint ibndp’ or ‘guix lint ttping’,
> where the hostname and certificate CN/SAN don't match.

I don’t see these two packages in my checkout. Do you have other
examples?

Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 24 Jun 2021 01:14
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 49114@debbugs.gnu.org)
87o8bwxjgb.fsf@nckx
Ludovic Courtès ???
Toggle quote (4 lines)
> I don’t see these two packages in my checkout. Do you have
> other
> examples?

Oh-kaay, I wonder what the devil went wrong there? I wish I still
had the original copy, but I don't.

I wrote libndp and httping, of course :-D

Thanks!

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYNPARA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15BkkA/3qPpt+h8cIIG5jqNPgW/HX9OaojeaDUR0ksh/nR
2zDaAP9yb31uFCp7N+tBY/3hbQ9QNuCtJgDFQ3ZrcuaAYU9wDA==
=Jup8
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 24 Jun 2021 23:44
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 49114-done@debbugs.gnu.org)
87bl7vrl8w.fsf@gnu.org
Hi!

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

Toggle quote (9 lines)
> Ludovic Courtès ???
>> I don’t see these two packages in my checkout. Do you have other
>> examples?
>
> Oh-kaay, I wonder what the devil went wrong there? I wish I still had
> the original copy, but I don't.
>
> I wrote libndp and httping, of course :-D

Oh! Fixed in 8a81ae61c183085b3a1edc4572d721ac5b2a581c.

Thanks,
Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 49114@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49114
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch