[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks
From: |
Ted Zlatanov |
Subject: |
bug#13374: bug#13877: 24.3; gnutls.el: Enable Certificate Checks |
Date: |
Thu, 14 Mar 2013 08:19:09 -0400 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Tue, 05 Mar 2013 11:51:33 -0500 Glenn Morris <rgm@gnu.org> wrote:
GM> Moritz Ulrich wrote:
>> Currently, gnutls.el doesn't check certificate signatures when used via
>> `open-network-stream' with :type 'tls or `open-gnutls-stream'.
GM> Please see http://debbugs.gnu.org/13374
GM> It was considered too complicated to fix this properly for 24.3.
>> There is NO way to set :verify-host, :verify-flags, etc. for this call
>> to `gnutls-negotiate' when using gnutls via high-level functions like
>> `open-network-stream'.
>>
>> I consider this a bug, as Emacs won't check any certificates and
>> therefore allow man in the middle attacks without even documenting this.
>>
>> It should at least be possible to pass :verify-* from
>> `open-network-stream' down to `gnutls-negotiate'. That would be a simple
>> yet effective solution.
I would like to fix this properly now that 24.3 is out, but perhaps the
emacs-devel mailing list is a better place to work on it?
Ted