[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.

From: Lars Magne Ingebrigtsen
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 15:47:33 +0200
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)

Eli Zaretskii <address@hidden> writes:

> What happens if some stuff comes out of the stream that failed to be
> validated, while Emacs negotiates with the user about what to do?
> Normally, we would pass this stuff to whatever sentinel was defined,
> or insert it into a buffer.  Is that what you want?

Does that really happen that early in the connection process?  I thought
sentinels and buffers were attached at a point later, so that
`open-network-stream' would have a chance of inspecting the stream

It's been a while since I looked at the code, so if that's wrong (and
can't be fixed), then we'd have to do it the way you suggest:

> If what you want is to cause gnutls-boot call out to Lisp for
> validation as part of its normal path, then that's fine, I think.  But
> it does mean that we have no stream until the entire validation
> completes. 

However, I was hoping to get the "bug out if the stream isn't encrypted
and you wanted that" into the same code, so it would be nice to have it
all in the same code path.

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]