bug#16193: 24.3; Enable TLS certificate checking by default

[Ted Zlatanov]

On Thu, 19 Dec 2013 19:20:04 +0000 "William G. Gardella" <wgg2@member.fsf.org> 
wrote: 

WGG> How to reproduce: use `open-network-stream' on any TLS connection to a
WGG> server with an invalid, expired, or self-signed certificate.

WGG> What I expect to happen: Emacs asks the user or signals on `error' or
WGG> `user-error', terminating the connection attempt, or queries the user if
WGG> they wish to continue.

Please try setting `gnutls-verify-error' through customize in the Emacs
trunk.  Set it to t to always error on verification issues.

I plan to change it to t (or some variation thereof, e.g. sit-for-a-bit)
after the upcoming release, but didn't want to break people's setups.
Also there's no way to make it interactive due to the way Emacs
constructs the GnuTLS connection.  It has to error out completely.

WGG> Recommended solutions:

WGG> 2. Ensure that `tls-checktrust' actually works on an Emacs where
WGG> libgnutls is linked in.  (As far as I can tell, gnutls makes no
WGG> reference to this variable, although `gnutls-negotiate' does seem to
WGG> have some low-level facility for checking certificates, and there is the
WGG> `gnutls-trustfiles' variable).

Please check that it works for you as described above.  If yes, we'll
close this ticket.

WGG> 3. Document the default behavior in locations highly visible to users,
WGG> i.e. not just in the elisp manual, which is primarily for people writing
WGG> elisp, but also in the manuals of major `open-network-stream'-using
WGG> packages, such as ERC and smtpmail.  This is still an inferior solution
WGG> as users are unlikely to consult these manuals if nothing seems to be
WGG> wrong.

After the upcoming release, yes.

Ted