[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. |
Date: |
Tue, 07 Oct 2014 23:35:04 +0200 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux) |
Toke Høiland-Jørgensen <address@hidden> writes:
> (require 'gnutls)
> (setq gnutls-verify-error '((".*" :tofu))
> (open-gnutls-stream "test" nil "google.com" 443) ; this should fail
>
> To add the certificate to the trust store, execute (in a shell)
> `gnutls-cli --tofu -p 443 google.com` and answer yes when it asks
> whether to trust the certificate. Doing so should cause the open to
> success the next time around.
I think all the certificate checking should just work out of the box
without the user having to do any configuration or shell commands.
I.e., it should be done by `open-network-stream'.
See
http://permalink.gmane.org/gmane.emacs.devel/174908
for how I think this should work from the user's standpoint, if you want
to implement it. >"?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/07
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.,
Lars Magne Ingebrigtsen <=
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/07
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08