[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using GnuTLS 3.x and certificate checks
|
From: |
Ted Zlatanov |
|
Subject: |
Re: using GnuTLS 3.x and certificate checks |
|
Date: |
Wed, 05 Jun 2013 16:55:39 -0400 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Wed, 05 Jun 2013 11:13:18 -0400 Ted Zlatanov <address@hidden> wrote:
TZ> Without comments, I will assume a general OK on these two things:
TZ> - move to the GnuTLS 3.x API and require that version of the libraries.
TZ> - enable SSL certificate verification by default (I have some questions
TZ> about non-interactive cases in a separate thread).
...and after Stefan's comments:
- SSL certificates will be run through a user-supplied acceptance
function/regex/whatever. If they are not accepted by it, the behavior
forks. In batch mode, we always refuse to accept. In interactive
mode, we do yes/no/save prompting, waiting forever. Saving the
certificate will put it in ~/.emacs.d/certificates or something
similar.
The interactive behavior may have a connection time out while waiting,
which will cause surprises. We'll try to reopen the connection but
the user may not enjoy the experience and it could get refused the
second time and so on.
Ted