bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#13374: 24.?; open-gnutls-stream insecurity


From: Glenn Morris
Subject: bug#13374: 24.?; open-gnutls-stream insecurity
Date: Mon, 07 Jan 2013 20:05:06 -0500
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Hi Ted,

Could you look at this report, with a view to possibly changing it in
emacs-24 branch, if appropriate? Thanks.

Oleksii Shevchuk wrote:

> open-gnutls-stream wrapper doesn't pass :verify-hostname-error t
> :verify-error t to gnutls-negotiate. So MitM is possible when you use
> gnus and other packages. 
>
> Even with :verify-hostname-error t :verify-error t gnutls-negotiate
> doesn't produce error with selfsigned CA certificate, when :type
> 'gnutls-x509pki passed.
>
> I use next in my .gnus:
>
> (defun open-gnutls-stream (name buffer host service)
>   (gnutls-negotiate :process (open-network-stream name buffer host service)
>                     :hostname host
>                     :verify-hostname-error t :verify-error t))
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]