[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#16784: 24.3; Problems opening NNTP connection: failing starttls beca

From: Ted Zlatanov
Subject: bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate
Date: Fri, 21 Mar 2014 06:23:16 -0400
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Thu, 20 Mar 2014 15:58:02 +0100 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Ted Zlatanov <address@hidden> writes:
SB> I would like one of the following solutions:
SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for
SB> NNTP connections
>> I think Lars has to give an opinion here.

LMI> I think we should always do encryption, even though we can't do validation.

So the answer is "no" to Steinar's question.  I have to agree, although
it may be noisier, in 2014 it's the right way.

>> So basically customize that variable and add :trustfiles and :hostname
>> for the respective verifications, or nil to disable them.

LMI> When doing opportunistic upgrades (where the user hasn't asked for the
LMI> connection to be encrypted), bothering the user with warnings about not
LMI> being able to establish the identity of the server doesn't make much
LMI> sense.

I can only suggest overriding `gnutls-log-level' but that doesn't make
much sense if you're planning to use that connection, in which case you
care about those warnings.  Do we need a way to defer GnuTLS warnings
(put them in a variable temporarily)?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]