[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#20960: handling /etc/ssl/certs/ca-bundle.crt by default in emacs
From: |
Lars Ingebrigtsen |
Subject: |
bug#20960: handling /etc/ssl/certs/ca-bundle.crt by default in emacs |
Date: |
Thu, 26 Jan 2017 20:24:16 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Ted Zlatanov <tzz@lifelogs.com> writes:
> On Sat, 26 Dec 2015 21:57:24 +0100 Lars Ingebrigtsen <larsi@gnus.org> wrote:
>
> LI> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>>>> that exists, similar to what gnutls-trustfiles does. (Do these two
>>>> variables duplicate each other?)
>>>
>>> Yes, I believe they are duplicates (with smime-CA-directory predating
>>> the gnutls thingy).
>
> LI> smime-CA-directory should be rewritten to use gnutls-trustfiles (if
> LI> gnutls-trustfiles exists). The minor complication is that the former is
> LI> a directory and the latter is a list of files, so it wouldn't be exactly
> LI> backwards compatible...
>
> We can make `gnutls-trustfiles' support directories?
On the other hand, this is the only place smime-CA-directory is used:
(defun smime-verify-region (b e)
"Verify S/MIME message in region between B and E.
Returns non-nil on success.
Any details (stdout and stderr) are left in the buffer specified by
`smime-details-buffer'."
(smime-new-details-buffer)
(let ((CAs (append (if smime-CA-file
(list "-CAfile"
(expand-file-name smime-CA-file)))
(if smime-CA-directory
(list "-CApath"
(expand-file-name smime-CA-directory))))))
And:
-CAfile file
a file containing trusted CA certificates, only used with -verify.
-CApath dir
a directory containing trusted CA certificates, only used with
-verify. This directory must be a standard certificate directory:
that is a hash of each subject name (using x509 -hash) should be
linked to each certificate.
Is a list of CA files, and can be in different directories, so there's,
like, no way to used them interchangeably.
So... I dunno. Somebody could just rewrite that function to use all
the files from (gnutls-trustfiles) and see if one of them are OK. I
never use smime, though, so I'm not that person.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- bug#20960: handling /etc/ssl/certs/ca-bundle.crt by default in emacs,
Lars Ingebrigtsen <=