[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#13877: 24.3; gnutls.el: Enable Certificate Checks
From: |
Glenn Morris |
Subject: |
bug#13877: 24.3; gnutls.el: Enable Certificate Checks |
Date: |
Tue, 05 Mar 2013 11:51:33 -0500 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Moritz Ulrich wrote:
> Currently, gnutls.el doesn't check certificate signatures when used via
> `open-network-stream' with :type 'tls or `open-gnutls-stream'.
Please see http://debbugs.gnu.org/13374
It was considered too complicated to fix this properly for 24.3.
> There is NO way to set :verify-host, :verify-flags, etc. for this call
> to `gnutls-negotiate' when using gnutls via high-level functions like
> `open-network-stream'.
>
> I consider this a bug, as Emacs won't check any certificates and
> therefore allow man in the middle attacks without even documenting this.
>
> It should at least be possible to pass :verify-* from
> `open-network-stream' down to `gnutls-negotiate'. That would be a simple
> yet effective solution.