[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Security Manager merge time?

From: Ted Zlatanov
Subject: Re: Network Security Manager merge time?
Date: Tue, 25 Nov 2014 09:20:39 -0500
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

On Fri, 21 Nov 2014 12:29:45 +0100 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Ted Zlatanov <address@hidden> writes:
>> Looking at the code, there's a lot of copy+pasta there between the
>> GnuTLS verification in `gnutls-boot' and the message collection in
>> `gnutls-peer-status'. Could you factor that out so there's only one
>> sequence of checks to maintain, especially since I'd like to deprecate
>> the GnuTLS verification in favor of NSM? Basically call
>> `gnutls-peer-status' in `gnutls-boot' and then iterate through the
>> messages (which can be the simpler version you use instead of the one
>> with the hostname attached I have in `gnutls-boot'). I can do it if you
>> prefer.

LMI> Sure; go ahead.  The verification checks should probably be factored out
LMI> from `gnutls-peer-status', though, since `gnutls-boot' doesn't need the
LMI> other things it calculates (like the fingerprints etc).

OK, done as follows:

* `gnutls-peer-status' returns a simple list of symbols, which can then
  be passed to `gnutls-peer-status-warning-describe' for the full
  string. That could turn into a more complex struct or symbol
  properties, but for now it's just a string message. I adapted
  `gnutls-boot' accordingly. The certificate info is not generated when
  it's called through `gnutls-boot' because that struct is not populated
  yet, so there's no wasted cycles.

* nsm.el was also adapted accordingly.

I think we should now do the following:

* deprecate `gnutls-verify-error' in favor of `network-security-level'

* to help the migration, map :trustfiles and :hostname to 'medium (IIUC)

* add the ability to set the `network-security-level' per hostname regex

* put the 'gnutls customization group next to 'nsm under 'comm



reply via email to

[Prev in Thread] Current Thread [Next in Thread]