[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#16784: 24.3; Problems opening NNTP connection: failing starttls beca
|
From: |
Ted Zlatanov |
|
Subject: |
bug#16784: 24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate |
|
Date: |
Fri, 21 Mar 2014 06:23:16 -0400 |
|
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Thu, 20 Mar 2014 15:58:02 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org>
wrote:
LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
SB> I would like one of the following solutions:
SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for
SB> NNTP connections
>>
>> I think Lars has to give an opinion here.
LMI> I think we should always do encryption, even though we can't do validation.
So the answer is "no" to Steinar's question. I have to agree, although
it may be noisier, in 2014 it's the right way.
>> So basically customize that variable and add :trustfiles and :hostname
>> for the respective verifications, or nil to disable them.
LMI> When doing opportunistic upgrades (where the user hasn't asked for the
LMI> connection to be encrypted), bothering the user with warnings about not
LMI> being able to establish the identity of the server doesn't make much
LMI> sense.
I can only suggest overriding `gnutls-log-level' but that doesn't make
much sense if you're planning to use that connection, in which case you
care about those warnings. Do we need a way to defer GnuTLS warnings
(put them in a variable temporarily)?
Ted