[emacs-berlin] Your text editor is malware

Tilmann Singer tils at tils.net
Wed Nov 25 22:15:21 UTC 2015

As a short followup to todays meeting, and a reminder, because I think
it is an important topic, here is the blog post I was referring to:


I finally got it configured again successfully. I had it working in
emacs 24, but for an unknown reason it stopped working. After upgrading
to emacs25-git (probably a good idea anyway), it works again.
Unfortunately I don't have more insight into why it failed.

The litmus test is to eval this code:

(let ((bad-hosts
       (loop for bad
             in `("https://wrong.host.badssl.com/"
             if (condition-case e
                     bad (lambda (retrieved) t))
                  (error nil))
             collect bad)))
  (if bad-hosts
      (error (format "tls misconfigured; retrieved %s ok"
    (url-retrieve "https://badssl.com"
                  (lambda (retrieved) t))))

the output should look like this:

#<buffer  *http badssl.com:443*-492452>

If you see an error instead, then your emacs ssl setup is unsafe.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <http://mailb.org/pipermail/emacs-berlin/attachments/20151125/6e65e234/attachment.sig>

More information about the emacs-berlin mailing list