[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
|
From: |
Lars Magne Ingebrigtsen |
|
Subject: |
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. |
|
Date: |
Wed, 08 Oct 2014 14:56:42 +0200 |
|
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux) |
Eli Zaretskii <address@hidden> writes:
>> > Right, so (just to make sure I'm understanding you right), what you
>> > propose is to get rid of all the current validation logic in C (i.e the
>> > erroring out) and just return something like (<cert hash> <cert
>> > hostname> <CA validity status>) -- and then make the lisp code work out
>> > the rest?
>>
>> Yup, I think that would be more flexible.
>
> I don't see how this could be done: the initialization of TLS network
> stream creates a descriptor and adds it to the descriptors we watch in
> wait_reading_process_output. If that descriptor is invalid, we will
> likely crash.
It would still need to return a file descriptor, but would have extra
accessors for accessing the certificate stuff. Sorry if I was
misleading in my response to Toke...
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/07
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/07
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/07
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.,
Lars Magne Ingebrigtsen <=
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08