[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Security Manager merge time?

From: Ted Zlatanov
Subject: Re: Network Security Manager merge time?
Date: Wed, 19 Nov 2014 16:41:05 -0500
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

On Wed, 19 Nov 2014 13:34:53 -0500 Ted Zlatanov <address@hidden> wrote: 

TZ> On Wed, 19 Nov 2014 18:59:16 +0100 Lars Magne Ingebrigtsen <address@hidden> 
LMI> Ted Zlatanov <address@hidden> writes:
>>> I'd rather deprecate it in favor of `nsm-security-level', especially if
>>> you're OK with the ability to set the level per host or subnet, and per
>>> service. The `gnutls-verify-error' checks are all 'medium I think.

LMI> I can imagine that some people would rather leave all this up to
LMI> gnutls...

TZ> As far as user-level customization, I'd rather not have multiple
TZ> variables.  The checks will be done the same way, just based on
TZ> `network-security-level' instead of specific checkboxes like now.

Looking at the code, there's a lot of copy+pasta there between the
GnuTLS verification in `gnutls-boot' and the message collection in
`gnutls-peer-status'. Could you factor that out so there's only one
sequence of checks to maintain, especially since I'd like to deprecate
the GnuTLS verification in favor of NSM? Basically call
`gnutls-peer-status' in `gnutls-boot' and then iterate through the
messages (which can be the simpler version you use instead of the one
with the hostname attached I have in `gnutls-boot'). I can do it if you


reply via email to

[Prev in Thread] Current Thread [Next in Thread]