[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#13374: 24.?; open-gnutls-stream insecurity
From: |
Glenn Morris |
Subject: |
bug#13374: 24.?; open-gnutls-stream insecurity |
Date: |
Mon, 07 Jan 2013 20:05:06 -0500 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Hi Ted,
Could you look at this report, with a view to possibly changing it in
emacs-24 branch, if appropriate? Thanks.
Oleksii Shevchuk wrote:
> open-gnutls-stream wrapper doesn't pass :verify-hostname-error t
> :verify-error t to gnutls-negotiate. So MitM is possible when you use
> gnus and other packages.
>
> Even with :verify-hostname-error t :verify-error t gnutls-negotiate
> doesn't produce error with selfsigned CA certificate, when :type
> 'gnutls-x509pki passed.
>
> I use next in my .gnus:
>
> (defun open-gnutls-stream (name buffer host service)
> (gnutls-negotiate :process (open-network-stream name buffer host service)
> :hostname host
> :verify-hostname-error t :verify-error t))
>
- bug#13374: 24.?; open-gnutls-stream insecurity, Oleksii Shevchuk, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity,
Glenn Morris <=
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Glenn Morris, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Ted Zlatanov, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Ted Zlatanov, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Stefan Monnier, 2013/01/08