Re: using GnuTLS 3.x and certificate checks

[Ted Zlatanov]

On Wed, 05 Jun 2013 16:55:39 -0400 Ted Zlatanov <address@hidden> wrote: 

TZ> On Wed, 05 Jun 2013 11:13:18 -0400 Ted Zlatanov <address@hidden> wrote: 
TZ> Without comments, I will assume a general OK on these two things:

TZ> - move to the GnuTLS 3.x API and require that version of the libraries.

TZ> - enable SSL certificate verification by default (I have some questions
TZ> about non-interactive cases in a separate thread).

TZ> ...and after Stefan's comments:

TZ> - SSL certificates will be run through a user-supplied acceptance
TZ>   function/regex/whatever.  If they are not accepted by it, the behavior
TZ>   forks.  In batch mode, we always refuse to accept.  In interactive
TZ>   mode, we do yes/no/save prompting, waiting forever.  Saving the
TZ>   certificate will put it in ~/.emacs.d/certificates or something
TZ>   similar.

TZ>   The interactive behavior may have a connection time out while waiting,
TZ>   which will cause surprises.  We'll try to reopen the connection but
TZ>   the user may not enjoy the experience and it could get refused the
TZ>   second time and so on.

...adding Christopher Schmidt's comments to the last item:

The user will also have an option to reject by default interactively, to
inspect the offered certificate, and so on.  Basically the choice will
be this alist:

'((interactive . x)
  (non-interactive . y))

where x and y can be:

'ask => prompt y/n/Y (permanent)/N (permanent)/inspect
'maybe-reject => goes through the acceptance function and rejects if it fails
nil => always reject unknown
t => always accept, good for testing but discouraged otherwise

The symbols may evolve to specify the acceptance function inline.  The
default will probably be

'((interactive ask)
  (non-interactive maybe-reject))

I hope that's helpful :)

Ted