GNU bug report logs - #13374
24.?; open-gnutls-stream insecurity

Previous Next

Package: emacs;

Reported by: Oleksii Shevchuk <alxchk <at> gmail.com>

Date: Mon, 7 Jan 2013 16:53:02 UTC

Severity: important

Merged with 13877, 15792

Found in version 24.3

Done: Ted Zlatanov <tzz <at> lifelogs.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Glenn Morris <rgm <at> gnu.org>
To: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Cc: Oleksii Shevchuk <alxchk <at> gmail.com>, 13374 <at> debbugs.gnu.org, Ted Zlatanov <tzz <at> lifelogs.com>
Subject: bug#13374: 24.?; open-gnutls-stream insecurity
Date: Mon, 07 Jan 2013 23:27:23 -0500

Lars Magne Ingebrigtsen wrote:

> Well, the issue is what we do when we get a certificate we can't
> validate.
>
> The traditional thing to do is to query the user for whether to connect
> anyway, and whether to record a permanent exception for that
> certificate.
>
> The code to do that hasn't been written yet.
>
> It's very common for SMTP and IMAP servers to use self-signed
> certificates, so just forcing ":validate t" for all connections would
> essentially mean that Emacs would be unusable for reading/sending email
> (using encryption) before that code has been written.

Ah well, ok, thanks for the explanation. It sounds then like it's
probably better to leave this for trunk rather than try and force it
into 24.3 at this relatively late stage.
This bug report was last modified 11 years and 157 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.