Re: Network security manager

[Lars Magne Ingebrigtsen]

Kelvin White <address@hidden> writes:

> Lars Magne Ingebrigtsen <address@hidden> wrote:
>
>> That sounds reasonable. Hm... Er... do you have a recipe for how to
>> start a new branch off of emacs-24? >"?
>
> git checkout -b NEW_BRANCH
> git commit -m "first commit"
> git push -u origin NEW_BRANCH
>
> substitue the name of the new branch for NEW_BRANCH

Stefan requested that I didn't push this to the public repository, but
I'm not going to finish it tonight, and I need some feedback.

So I did anyway.  The new branch is called "nsm".

This is my first test case, which is nice to use because it has a
self-signed certificate:

(setq process
      (open-network-stream
       "nntpd" (get-buffer-create "*nntp*") "news.gmane.org" "nntp"
       :end-of-command "^\\([2345]\\|[.]\\).*\n"
       :capability-command "HELP\r\n"
       :success "^3"
       :starttls-function
       (lambda (capabilities)
         (if (not (string-match "STARTTLS" capabilities))
             nil
           "STARTTLS\r\n"))))

;; This new function returns a certificate hash and what's wrong with it.

(gnutls-peer-status process)

;; Here's the security manager interface:

(nsm-verify-connection process "news.gmane.org" "nntp")

;; And please don't leave a gazillion connections open to my server.  >"?

(delete-process process)

Give it a whirl if you want.  It's not finished, but it does some basic
stuff, like keeping track of your responses.

But here's the feedback I need:

1) What's the proper mapping for these error messages?

  if (verification & GNUTLS_CERT_INVALID)
    warnings = Fcons (list2 (intern (":invalid"),
  if (verification & GNUTLS_CERT_REVOKED)
    warnings = Fcons (list2 (intern (":revoked"),
  if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND)
    warnings = Fcons (list2 (intern (":signer-not-found"),
  if (verification & GNUTLS_CERT_SIGNER_NOT_CA)
    warnings = Fcons (list2 (intern (":self-signed"),
  if (verification & GNUTLS_CERT_INSECURE_ALGORITHM)
    warnings = Fcons (list2 (intern (":insecure"),
  if (verification & GNUTLS_CERT_NOT_ACTIVATED)
    warnings = Fcons (list2 (intern (":not-activated"),
  if (verification & GNUTLS_CERT_EXPIRED)
    warnings = Fcons (list2 (intern (":expired"),

Which one is the real "self-signed" message?  It's an important
distinction between a self-signed certificate and a forged
certificate...

2) What's the best way to ask longer questions these days?  I just did a
`read-char' on a 8-line message, but perhaps people don't like that...
Put up a help message instead?  Is there an easy-to-use
pop-up-long-help-message-buffer-while-prompting-for-three-different-chars
thing?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no