[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs core TLS support
From: |
Ted Zlatanov |
Subject: |
Re: Emacs core TLS support |
Date: |
Wed, 15 Sep 2010 06:20:48 -0500 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) |
On Tue, 14 Sep 2010 21:10:52 +0200 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Nikos Mavrogiannopoulos <address@hidden> writes:
>>> What ca.pem should I use? There's one in GnuTLS and one in
>>> /etc/ssl/certs/ca.pem on my Ubuntu system. It should Just Work so it
>>> may make sense to ship ca.pem with Emacs. WDYT?
>>
>> This is local policy, I don't think that it has to be shipped with
>> emacs. Just give the option of someone specifying it.
LMI> I don't know how tls stuff works at all, but if a certificate is needed
LMI> for basic usage, then it should be shipped with Emacs.
On my Ubuntu system I get 142 CA certificates out of
/etc/ssl/certs/ca-certificates.crt and one out of /etc/ssl/certs/ca.pem.
So the former seems like a better starting point IIUC. It seems like
this should be part of the configure process: if GnuTLS is enabled, look
for a certificate bundle (allowing an override). Then build a merged
bundle out of the local one plus whatever Emacs ships by default and
make that the default certificate bundle (the user can override that in
gnutls.el at runtime, of course). See
http://lynx.isc.org/current/README.sslcerts for an example of how we
could explain this to the Emacs users.
Should Emacs blindly trust all the certificates in the local policy?
Ted
- Re: Emacs core TLS support, (continued)
- Re: Emacs core TLS support, Stefan Monnier, 2010/09/06
- Message not available
- Message not available
- Re: Emacs core TLS support, Ted Zlatanov, 2010/09/11
- Re: Emacs core TLS support, Stefan Monnier, 2010/09/12
- Message not available
- Message not available
- Re: Emacs core TLS support, Nikos Mavrogiannopoulos, 2010/09/13
- Message not available
- Re: Emacs core TLS support, Nikos Mavrogiannopoulos, 2010/09/14
- Re: Emacs core TLS support, Lars Magne Ingebrigtsen, 2010/09/14
- Re: Emacs core TLS support,
Ted Zlatanov <=
- Re: Emacs core TLS support, Ted Zlatanov, 2010/09/14
- Message not available
- Re: Emacs core TLS support, Nikos Mavrogiannopoulos, 2010/09/15
- Re: Emacs core TLS support, Ted Zlatanov, 2010/09/15
- Re: Emacs core TLS support, Ted Zlatanov, 2010/09/26
- Re: Emacs core TLS support, Lars Magne Ingebrigtsen, 2010/09/26
- Re: Emacs core TLS support, James Cloos, 2010/09/26
- Re: Emacs core TLS support, Lars Magne Ingebrigtsen, 2010/09/27
- Re: Emacs core TLS support, Lars Magne Ingebrigtsen, 2010/09/27
- Re: Emacs core TLS support, Lars Magne Ingebrigtsen, 2010/09/27
- Re: Emacs core TLS support, Lars Magne Ingebrigtsen, 2010/09/27