[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.

From: Toke Høiland-Jørgensen
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 18:09:25 +0200

Ted Zlatanov <address@hidden> writes:

> Emacs has this function already, e.g. `(locate-user-emacs-file "certs")'
> I think it's better to make the store private than shared by default, so
> I'd just give the user the choice to use nil (translated to NULL in
> C).

Ah, yes, this should come from the lisp side of course. Silly me, hadn't
even thought of that.

> That would be great, please see how far you get with the exploration.
> Your contribution is already very useful so I am excited to see it
> evolve.

Well, gnutls-cli asks the user in a callback (set with
gnutls_certificate_set_verify_function). The TOFU verification starts at
line 461 of

so it seems it's just pausing in the middle of the handshake.

> OK; Lars and I will probably work on it as well as time allows in
> order to get something into trunk.

Oh, by all means. I didn't mean that as "don't touch it", more as "don't
expect anything more too soon" :)

Have updated the patch to use a configurable credentials file and put in
the autoconf stuff. Will resend it once I have tested it :)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]