bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks

From: Ted Zlatanov
Subject: bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks
Date: Thu, 14 Mar 2013 08:19:09 -0400
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) 
On Tue, 05 Mar 2013 11:51:33 -0500 Glenn Morris <rgm@gnu.org> wrote: 

GM> Moritz Ulrich wrote:
>> Currently, gnutls.el doesn't check certificate signatures when used via
>> `open-network-stream' with :type 'tls or `open-gnutls-stream'.

GM> Please see http://debbugs.gnu.org/13374
GM> It was considered too complicated to fix this properly for 24.3.

>> There is NO way to set :verify-host, :verify-flags, etc. for this call
>> to `gnutls-negotiate' when using gnutls via high-level functions like
>> `open-network-stream'.
>> 
>> I consider this a bug, as Emacs won't check any certificates and
>> therefore allow man in the middle attacks without even documenting this.
>> 
>> It should at least be possible to pass :verify-* from
>> `open-network-stream' down to `gnutls-negotiate'. That would be a simple
>> yet effective solution.

I would like to fix this properly now that 24.3 is out, but perhaps the
emacs-devel mailing list is a better place to work on it?

Ted
reply via email to
[Prev in Thread] Current Thread [Next in Thread]