bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19404: 25.0.50; Gnus shows self-signed certificate warning when conn


From: Ivan Shmakov
Subject: bug#19404: 25.0.50; Gnus shows self-signed certificate warning when connecting to Gmane
Date: Thu, 18 Dec 2014 19:10:48 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

>>>>> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>>>>> Eli Zaretskii <eliz@gnu.org> writes:

[…]

 >> If the latter, can _we_ somehow distinguish between the two cases
 >> and add some text to that effect?

 > These are our translation to text from the GnuTLS error messages
 > (which we have previously translated to symbols).  I had hoped that
 > the :not-ca case would help, but I've never seen it in the wild.

[…]

 > if (EQ (status_symbol, intern (":self-signed")))
 >   return build_string ("certificate signer was not found (self-signed)");

 > if (EQ (status_symbol, intern (":not-ca")))
 >   return build_string ("certificate signer is not a CA");

        Presumably the former is returned when the certificate is signed
        by an unknown CA, which /typically/ – but by no means
        /necessarily/ – implies a self-signed certificate.  It’s of
        course possible for the peer’s certificate to be signed by a CA
        not known (or not trusted) by the user.

        The latter would mean that the signing party is not a CA.  That
        is: the signer’s own certificate lacks the CA flag.  (The
        certificate will be also the peer’s own one in the self-signed
        case.)

[…]

-- 
FSF associate member #7257  http://boycottsystemd.org/  … 3013 B6A0 230E 334A





reply via email to

[Prev in Thread] Current Thread [Next in Thread]