[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: client certs and CRL lists for GnuTLS

From: Lars Magne Ingebrigtsen
Subject: Re: client certs and CRL lists for GnuTLS
Date: Tue, 03 May 2011 17:25:44 +0200
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> The attached patch adds a :keylist parameter to `gnutls-boot' which is a
> list of (client key file, client cert file) pairs.  It also renames the
> :keyfiles parameter to :crlfiles since it's for CRL lists.  So now you
> can specify any number of client certs.  If the key files require a
> passphrase, the decoding won't work because we don't set a callback.

Right.  Hm...  if you specify a keyfile (that requires a password), does
starttls.el allow prompting for that password?  (I'm just wondering
whether the gnutls.c situation would be totally equivalent or not...)

> `gnutls-negotiate' also gets the parameter changes (should I just make
> it take a plist?)


>  (defun gnutls-negotiate (proc type hostname &optional priority-string
> -                              trustfiles keyfiles verify-flags
> +                              trustfiles crlfiles keylist verify-flags
>                                verify-error verify-hostname-error)

Heh.  Yes, I think it would be better to change this to a plist.  :-)

(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]