GNU bug report logs - #13877
24.3; gnutls.el: Enable Certificate Checks

Previous Next

Package: emacs;

Reported by: Moritz Ulrich <moritz <at> tarn-vedra.de>

Date: Tue, 5 Mar 2013 16:47:03 UTC

Severity: important

Merged with 13374, 15792

Found in version 24.3

Done: Ted Zlatanov <tzz <at> lifelogs.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 13877 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Moritz Ulrich <moritz <at> tarn-vedra.de>
Cc: 13877 <at> debbugs.gnu.org
Subject: Re: bug#13877: 24.3; gnutls.el: Enable Certificate Checks
Date: Tue, 05 Mar 2013 11:51:33 -0500

Moritz Ulrich wrote:

> Currently, gnutls.el doesn't check certificate signatures when used via
> `open-network-stream' with :type 'tls or `open-gnutls-stream'.

Please see http://debbugs.gnu.org/13374
It was considered too complicated to fix this properly for 24.3.

> There is NO way to set :verify-host, :verify-flags, etc. for this call
> to `gnutls-negotiate' when using gnutls via high-level functions like
> `open-network-stream'.
>
> I consider this a bug, as Emacs won't check any certificates and
> therefore allow man in the middle attacks without even documenting this.
>
> It should at least be possible to pass :verify-* from
> `open-network-stream' down to `gnutls-negotiate'. That would be a simple
> yet effective solution.

This bug report was last modified 11 years and 158 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #13877 24.3; gnutls.el: Enable Certificate Checks

GNU bug report logs - #13877
24.3; gnutls.el: Enable Certificate Checks