|
From: | Konstantin Kliakhandler |
Subject: | bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist |
Date: | Tue, 5 Jul 2016 19:54:53 +0300 |
I think gnutls is broken on master for OSX currently, see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23503
Cache-Control: max-age=0
Expires: Tue, 05 Jul 2016 14:58:42 GMT
Content-Length: 3104
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en
...
As you said, one of the key points of your patch is this:
- '("gnutls-cli --x509cafile %t -p %p %h"
+ '("gnutls-cli -p %p %h"
+ "gnutls-cli --x509cafile %t -p %p %h"
Which replaces the specific call with a generic call (no CA file
specified). This is probably less secure because it will use the system
CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so
I'd rather not make it the first thing attempted.
Once the libraries are installed, you're all set, they'll be used
automatically.
0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch
Description: Binary data
[Prev in Thread] | Current Thread | [Next in Thread] |