[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: https and emacs and package archives

From: Stefan Monnier
Subject: Re: https and emacs and package archives
Date: Mon, 27 Oct 2014 13:32:07 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

> So switching back to HTTPS, what is going wrong?
> The depends of a package are all downloaded with HTTPS fine. But then:

>   GET /packages/elpakit-1.1.1.el HTTP/1.1..
>   MIME-Version: 1.0..
>   Connection: keep-alive..
>   Extension: Security/Digest Security/SSL..
>   Host: marmalade-repo.org..
>   Accept-encoding: gzip..Accept: */*..
>   User-Agent: URL/Emacs....  
> ##
> T -> [AP]
>   HTTP/1.1 400 Bad Request..
>   Server: nginx/1.7.1..
>   Date: Mon, 27 Oct 2014 16:51:04 GMT..
>   Content-Type: text/html..
>   Content-Length: 270..
>   Connection: close....
>   <html>..<head><title>
>   400 The plain HTTP request was sent to HTTPS port
>   </title></head>.....

I'm not familiar enough with HTTPS to know what "The plain HTTP request
was sent to HTTPS port" means.

> That looks to me like the packaging system is forgetting that the
> package source is HTTPS when it downloads the target package and is
> sending the request as HTTP.

AFAIK, package.el does not pay attention to the transport at all, it
just uses the base-url as-is without ever tweaking it (so it also works
for file:// URLs), so I think it's more likely that the problem is in
the URL.el package rather than in package.el.

> Is this a regression? Yes. Doing exactly the same thing with my 24.3
> install works fine.

Please make a bug report for it.

> Probably the response to this will be "implement package signing".

It'd be a good idea in any case, indeed.
But we'd still want to fix the problem with https ;-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]