emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls tofu support? or even --insecure?


From: Nix
Subject: Re: gnutls tofu support? or even --insecure?
Date: Wed, 12 Aug 2015 14:21:49 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

On 11 Aug 2015, Toke Høiland-Jørgensen outgrape:

> Well, the outcome was that the new network manager functionality would
> replicate the tofu functionality in lisp and delegate only the
> certificate checking to gnutls. But I lost track of what happened after
> that; think the functionality was merged?

It was, but I'm still being asked about certs on every Emacs restart --
it doesn't seem to be remembering anything persistently.

It's clearly not the same as --tofu -- if gnutls doesn't like a
connection, it's not going to let you in, even if it connected perfectly
well to it in the past. This is true *no matter what* Emacs does -- I
don't see how you can possibly hope to replicate the 'connected fine
before, connect again without cert complaint or checking the cert chain'
without actually telling gnutls not to check the cert chain... which
this fault suggests is not happening.

-- 
NULL && (void)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]