[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Jimmy Yuen Ho Wong
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sun, 24 Jun 2018 18:10:13 +0100
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

I have just been looking at how to add OCSP as well, I noticed
`gnutls-boot` already accepts `:crlfiles`, I have a `gnutls.el` patch
that'll supply it to `gnutls-boot-parameters`. I'm testing it now, but
I'm haven't a bit of trouble generating a CRL in PEM. Anyway, do you
think it's worth it as a quick win to include in either master to 26.2
if it works?

On 24/06/2018 17:57, Lars Ingebrigtsen wrote:
> Eli Zaretskii <address@hidden> writes:
>> When the changes are pushed to master, we could look at them and
>> consider whether they (or some of their parts) are safe enough for
>> emacs-26.
> Yup.
> I'm going through the current recommendations for TLS security, and most
> of them are straightforward and require just some added NSM checks.
> However, the check for intermediary sha1 certificates checks requires a
> C-level change: gnutls.c doesn't expose to Lisp the certificate chain,
> so I'll have to add that, too.
> It's not a complicated addition, but it's C level, so you'll have to
> decide whether something that has the potential for crashing Emacs is
> worth the risk for Emacs 26.2.  But I guess we'll see once I've
> implemented this (hopefully next week).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]