[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using GnuTLS 3.x and certificate checks

From: Ted Zlatanov
Subject: Re: using GnuTLS 3.x and certificate checks
Date: Sat, 18 May 2013 22:57:31 -0400
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)

On Wed, 10 Apr 2013 21:35:18 +0100 (BST) Christopher Schmidt <address@hidden> 

CS> Ted Zlatanov <address@hidden> writes:
>> This would also be a good time to enable SSL certificate verification
>> by default.

CS> That's a great idea.

CS> What do you think about a user-customizable verification mechanism?
CS> This could be as simple as passing host, port and the PEM-encoded cert
CS> chain to a regular function that will return non-nil if the verification
CS> failed.

I like your idea, the problem is that often it will be triggered at very
inconvenient times.  Emacs, unlike most other environments with this
capability, doesn't deal well with interrupting network I/O to ask the
user questions... not to mention the TCP exchange itself could be
aborted, or the whole thing could be running unattended (--batch for

I think Lars and many others have brought up these issues before, mostly
on the bug tracker over the last year or two.

To start the planning, is there a way to tell Emacs "run this function,
but if we're not interactive or if the user has not answered in 30
seconds, proceed as if they answered 'n' to everything"?  I think that
would be better than writing special code just for GnuTLS.  But I'm open
to suggestions either way.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]