[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using GnuTLS 3.x and certificate checks
|
From: |
Ted Zlatanov |
|
Subject: |
Re: using GnuTLS 3.x and certificate checks |
|
Date: |
Sat, 18 May 2013 22:57:31 -0400 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Wed, 10 Apr 2013 21:35:18 +0100 (BST) Christopher Schmidt <address@hidden>
wrote:
CS> Ted Zlatanov <address@hidden> writes:
>> This would also be a good time to enable SSL certificate verification
>> by default.
CS> That's a great idea.
CS> What do you think about a user-customizable verification mechanism?
CS> This could be as simple as passing host, port and the PEM-encoded cert
CS> chain to a regular function that will return non-nil if the verification
CS> failed.
I like your idea, the problem is that often it will be triggered at very
inconvenient times. Emacs, unlike most other environments with this
capability, doesn't deal well with interrupting network I/O to ask the
user questions... not to mention the TCP exchange itself could be
aborted, or the whole thing could be running unattended (--batch for
example).
I think Lars and many others have brought up these issues before, mostly
on the bug tracker over the last year or two.
To start the planning, is there a way to tell Emacs "run this function,
but if we're not interactive or if the user has not answered in 30
seconds, proceed as if they answered 'n' to everything"? I think that
would be better than writing special code just for GnuTLS. But I'm open
to suggestions either way.
Ted
- Re: using GnuTLS 3.x and certificate checks,
Ted Zlatanov <=