GNU bug report logs - #13374
24.?; open-gnutls-stream insecurity

Previous Next

Package: emacs;

Reported by: Oleksii Shevchuk <alxchk <at> gmail.com>

Date: Mon, 7 Jan 2013 16:53:02 UTC

Severity: important

Merged with 13877, 15792

Found in version 24.3

Done: Ted Zlatanov <tzz <at> lifelogs.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: Oleksii Shevchuk <alxchk <at> gmail.com>, 13374 <at> debbugs.gnu.org, Ted Zlatanov <tzz <at> lifelogs.com>
Subject: bug#13374: 24.?; open-gnutls-stream insecurity
Date: Tue, 08 Jan 2013 05:20:00 +0100

Glenn Morris <rgm <at> gnu.org> writes:

> Could you look at this report, with a view to possibly changing it in
> emacs-24 branch, if appropriate? Thanks.

Well, the issue is what we do when we get a certificate we can't
validate.

The traditional thing to do is to query the user for whether to connect
anyway, and whether to record a permanent exception for that
certificate.

The code to do that hasn't been written yet.

It's very common for SMTP and IMAP servers to use self-signed
certificates, so just forcing ":validate t" for all connections would
essentially mean that Emacs would be unusable for reading/sending email
(using encryption) before that code has been written.

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/
This bug report was last modified 11 years and 157 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.