bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#20960: handling /etc/ssl/certs/ca-bundle.crt by default in emacs


From: Lars Ingebrigtsen
Subject: bug#20960: handling /etc/ssl/certs/ca-bundle.crt by default in emacs
Date: Thu, 26 Jan 2017 20:24:16 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> On Sat, 26 Dec 2015 21:57:24 +0100 Lars Ingebrigtsen <address@hidden> wrote: 
>
> LI> Stefan Monnier <address@hidden> writes:
>>>> that exists, similar to what gnutls-trustfiles does. (Do these two
>>>> variables duplicate each other?)
>>> 
>>> Yes, I believe they are duplicates (with smime-CA-directory predating
>>> the gnutls thingy).
>
> LI> smime-CA-directory should be rewritten to use gnutls-trustfiles (if
> LI> gnutls-trustfiles exists).  The minor complication is that the former is
> LI> a directory and the latter is a list of files, so it wouldn't be exactly
> LI> backwards compatible...
>
> We can make `gnutls-trustfiles' support directories?

On the other hand, this is the only place smime-CA-directory is used:

(defun smime-verify-region (b e)
  "Verify S/MIME message in region between B and E.
Returns non-nil on success.
Any details (stdout and stderr) are left in the buffer specified by
`smime-details-buffer'."
  (smime-new-details-buffer)
  (let ((CAs (append (if smime-CA-file
                         (list "-CAfile"
                               (expand-file-name smime-CA-file)))
                     (if smime-CA-directory
                         (list "-CApath"
                               (expand-file-name smime-CA-directory))))))

And:

       -CAfile file
           a file containing trusted CA certificates, only used with -verify.

       -CApath dir
           a directory containing trusted CA certificates, only used with
           -verify. This directory must be a standard certificate directory:
           that is a hash of each subject name (using x509 -hash) should be
           linked to each certificate.

Is a list of CA files, and can be in different directories, so there's,
like, no way to used them interchangeably.

So...  I dunno.  Somebody could just rewrite that function to use all
the files from (gnutls-trustfiles) and see if one of them are OK.  I
never use smime, though, so I'm not that person.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no





reply via email to

[Prev in Thread] Current Thread [Next in Thread]