[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#16791: w3m fails to do any SSL certificate checking

From: Andreas Enge
Subject: bug#16791: w3m fails to do any SSL certificate checking
Date: Tue, 18 Feb 2014 20:23:00 +0100
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Feb 18, 2014 at 03:58:21AM -0500, Mark H Weaver wrote:
> In Guix, neither w3m nor emacs-w3m warn me when I visit an https URL
> that uses a server certificate that is both self-signed and expired.
> To make matters worse, if I ask for page information (with the '=' key),
> it tells me that the certificate is valid.
> On Debian, both w3m and emacs-w3m inform me when an SSL certificate is
> invalid in some way, e.g. if it's expired or not signed by a certificate
> authority in my trust store.

w3m can be configured to not verify ssl certificates; but this is not the
case for us. I checked that if the server presents a certificate for a
different domain, there is a message:
   Bad cert ident xxx from yyy: accept? (y/n)

However, the debian w3m asks whether a self-signed certificate should be
accepted. Among the about 30 patches in debian for w3m, the name of only one
is related to ssl; I am attaching it, but it does not seem related to our


Attachment: 260_openssl.patch
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]