emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: final GnuTLS API!


From: Ted Zlatanov
Subject: Re: final GnuTLS API!
Date: Mon, 04 Oct 2010 09:44:44 -0500
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)

On Mon, 04 Oct 2010 12:49:25 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> It looks very usable.  The normal open-gnutls-stream is what most people
LMI> will use, and gnutls-negotiate is convenient for use if you're doing
LMI> STARTTLS.

Great.  You can add it into Gnus as a network stream option if you want.

LMI> But how do you say "I don't care whether the server has a valid
LMI> certificate or not" or "I do care"?

With callbacks.  There will be a standard (not the default)
'gnutls-accept-all callback on certificate verification and the default
will probably be nil to let GnuTLS verify them internally (which it does
now IIUC).  I also want a callback that verifies, queries the user if
the certificate is unknown, and stores the certificate if accepted.  I'm
talking to the GnuTLS guys about that.  It may be a problem because I
think the handshake blocks the Emacs display thread, so we may have to
abort the handshake, query the user, then retry the handshake.

All of these callbacks will be in an alist under the :callbacks key in
the gnutls-boot parameters.

Ted




reply via email to

[Prev in Thread] Current Thread [Next in Thread]