[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#13877: 24.3; gnutls.el: Enable Certificate Checks

From: Glenn Morris
Subject: bug#13877: 24.3; gnutls.el: Enable Certificate Checks
Date: Tue, 05 Mar 2013 11:51:33 -0500
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Moritz Ulrich wrote:

> Currently, gnutls.el doesn't check certificate signatures when used via
> `open-network-stream' with :type 'tls or `open-gnutls-stream'.

Please see http://debbugs.gnu.org/13374
It was considered too complicated to fix this properly for 24.3.

> There is NO way to set :verify-host, :verify-flags, etc. for this call
> to `gnutls-negotiate' when using gnutls via high-level functions like
> `open-network-stream'.
> I consider this a bug, as Emacs won't check any certificates and
> therefore allow man in the middle attacks without even documenting this.
> It should at least be possible to pass :verify-* from
> `open-network-stream' down to `gnutls-negotiate'. That would be a simple
> yet effective solution.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]