[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using GnuTLS 3.x and certificate checks
|
From: |
Stefan Monnier |
|
Subject: |
Re: using GnuTLS 3.x and certificate checks |
|
Date: |
Wed, 05 Jun 2013 14:42:52 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
> When interactive, you should be asked if you want to accept a SSL
> certificate unless your function pre-approves it. So the default
> interactively is 'maybe-ask. The other question is, if the user
> doesn't answer in 30 seconds, can we take that as a "no" answer? I
> think the answer is "no, just wait for it."
By default it makes sense to prompt the user, and if she's not available
to reply, just wait until she is. No need for any special functionality.
> When non-interactive, you can't be asked. So the default there can be
> 'maybe-ask (what I describe in my question, and make it fail gracefully)
> or 'maybe-reject (unless pre-approved, reject). It sounds like no one
> wants 'maybe-ask non-interactively.
In batch mode, prompting doesn't make much sense, so better default to
signal an error.
Stefan