bug#13877: 24.3; gnutls.el: Enable Certificate Checks

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#13877: 24.3; gnutls.el: Enable Certificate Checks

From:	Glenn Morris
Subject:	bug#13877: 24.3; gnutls.el: Enable Certificate Checks
Date:	Tue, 05 Mar 2013 11:51:33 -0500
User-agent:	Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Moritz Ulrich wrote:

> Currently, gnutls.el doesn't check certificate signatures when used via
> `open-network-stream' with :type 'tls or `open-gnutls-stream'.

Please see http://debbugs.gnu.org/13374
It was considered too complicated to fix this properly for 24.3.

> There is NO way to set :verify-host, :verify-flags, etc. for this call
> to `gnutls-negotiate' when using gnutls via high-level functions like
> `open-network-stream'.
>
> I consider this a bug, as Emacs won't check any certificates and
> therefore allow man in the middle attacks without even documenting this.
>
> It should at least be possible to pass :verify-* from
> `open-network-stream' down to `gnutls-negotiate'. That would be a simple
> yet effective solution.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#13877: 24.3; gnutls.el: Enable Certificate Checks, Moritz Ulrich, 2013/03/05
- bug#13877: 24.3; gnutls.el: Enable Certificate Checks, Glenn Morris <=
  - bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks, Ted Zlatanov, 2013/03/14
    - bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks, Ted Zlatanov, 2013/03/27

Prev by Date: bug#13874: 24.3; Toolbar in MacOS X full screen mode
Next by Date: bug#13873: GNU Emacs 24.3.1: Gnus with directory group fails upon restart
Previous by thread: bug#13877: 24.3; gnutls.el: Enable Certificate Checks
Next by thread: bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks
Index(es):
- Date
- Thread