[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. |
Date: |
Wed, 08 Oct 2014 16:05:44 +0200 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux) |
Toke Høiland-Jørgensen <address@hidden> writes:
> Lars Magne Ingebrigtsen <address@hidden> writes:
>
>> However, I was hoping to get the "bug out if the stream isn't encrypted
>> and you wanted that" into the same code, so it would be nice to have it
>> all in the same code path.
>
> So a generic callback from C to lisp that includes the encryption
> status? However, doesn't open-network-stream use separate functions
> depending on the encryption mode? I.e. the same C code is not run for
> all of them?
I've just had a fresh look at `open-network-stream'. Looks to me like
it all happens way before sentinels are attached. And if the buffer is
a problem (and I don't think it is), then we can attach the buffer at a
later point.
So I don't think this really is a problem. The `open-gnutls-stream'
function can just return a descriptor, and `open-network-stream' can
then query the descriptor and then decide what to do with it (which
would be closing it and raising an error if the certificate is invalid
or self-signed, and the user confirms that no connection should happen).
I think. Unless there's something subtle here I'm missing...
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., (continued)
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.,
Lars Magne Ingebrigtsen <=
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Eli Zaretskii, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Lars Magne Ingebrigtsen, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Stephen J. Turnbull, 2014/10/08
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/09
- Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Toke Høiland-Jørgensen, 2014/10/08
Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking., Ted Zlatanov, 2014/10/08