From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 02 14:44:18 2013 Received: (at submit) by debbugs.gnu.org; 2 Nov 2013 18:44:18 +0000 Received: from localhost ([127.0.0.1]:59842 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgBF-0001Yc-7f for submit@debbugs.gnu.org; Sat, 02 Nov 2013 14:44:17 -0400 Received: from eggs.gnu.org ([208.118.235.92]:45278) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vcclt-0001An-Ni for submit@debbugs.gnu.org; Sat, 02 Nov 2013 11:05:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vcclh-0000B1-GK for submit@debbugs.gnu.org; Sat, 02 Nov 2013 11:05:48 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:58516) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vcclh-0000Ax-Co for submit@debbugs.gnu.org; Sat, 02 Nov 2013 11:05:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46985) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vcclb-0003ta-92 for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 11:05:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VcclV-00009w-1H for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 11:05:35 -0400 Received: from bart.luffy.cx ([78.47.78.131]:39897) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VcclU-000095-HO for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 11:05:28 -0400 Received: from bart.luffy.cx (localhost [127.0.0.1]) by bart.luffy.cx (Postfix) with ESMTP id 7FED114948 for ; Sat, 2 Nov 2013 16:05:24 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:subject :date:message-id:mime-version:content-type; s=postfix; bh=wpL6FU yTDH3RRjaoaTxPmthUIJk=; b=dFlce1k3zu1Fgif7Rp3v4sqzbD6yXM15I7EiiX u5OtpAXYSLtDmU3aoiWOwVV02COFwDsXl8U13akgye2APzdd+zaz+bfopmAztgC3 MC5sJBof2fX4ZmzIXz4U7H2POTVR5OwJ4AdN3qNRzCkwIGwKu9RDFf2zldde72d0 tEm2E= DomainKey-Signature: a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:subject :date:message-id:mime-version:content-type; q=dns; s=postfix; b= vpYIRbXayRbg7AGA2MXyQjBSrka8vpkpwfYGPHI/KPjNPYiYQFFvHS5ZoQziUate veHZJuH/PuDciityJndG9cHuTSdZP8FVJf5LlmM4yFmdEH1ubzqlIBm7PpThUxfv WCfrp8SsppJYOGR9qB52J1HzNDh42Pn6IVXVt7KlwBg= Received: from guybrush.luffy.cx (4vh54-1-88-121-64-64.fbx.proxad.net [88.121.64.64]) by bart.luffy.cx (Postfix) with ESMTPS id 4A58214943 for ; Sat, 2 Nov 2013 16:05:24 +0100 (CET) Received: by guybrush.luffy.cx (Postfix, from userid 1000) id 94A2533B; Sat, 2 Nov 2013 16:05:21 +0100 (CET) From: Vincent Bernat To: bug-gnu-emacs@gnu.org Subject: 24.3; Builtin TLS support should enable certificate verification support by default Date: Sat, 02 Nov 2013 16:05:21 +0100 Message-ID: <87a9hmu9n2.fsf@guybrush.luffy.cx> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sat, 02 Nov 2013 14:44:15 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi! New builtin TLS support disables certificate verification by default. This is a very bad practice and the default should be to check for certificate validity. Moreover, the end-user of a package using this builtin support has no easy way to enable the verification of TLS certificates. For example, Gnus does not provide anything to enable this and as a simple user, it seems quite difficult to ensure that certificates are verified. And each package has the responsability to enable this option. This is cumbersome. Previously, enabling/disabling certificate verification was easy. You set `tls-program` variable to something that checks or don't check for certificates. For gnutls-client, this was a matter of using or not using the `--insecure` switch. I didn't find a way to disable the builtin TLS support (other than to recompile Emacs). I propose: 1. Verify the certificates by default. 2. Prompt the user if there is a problem. 3. Add the possibility to not check for certificates by default. I can provide a patch for the first step but I have little Emacs-fu for the other two parts (all the more that most of the code is in C). -- Use variable names that mean something. - The Elements of Programming Style (Kernighan & Plauger) From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 02 14:46:47 2013 Received: (at control) by debbugs.gnu.org; 2 Nov 2013 18:46:48 +0000 Received: from localhost ([127.0.0.1]:59848 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgDf-0001dr-I1 for submit@debbugs.gnu.org; Sat, 02 Nov 2013 14:46:47 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:33859 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgDd-0001di-FN for control@debbugs.gnu.org; Sat, 02 Nov 2013 14:46:45 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1VcgDd-0000z1-5Z for control@debbugs.gnu.org; Sat, 02 Nov 2013 14:46:45 -0400 Date: Sat, 02 Nov 2013 14:46:45 -0400 Message-Id: Subject: control message for bug 15792 To: X-Mailer: mail (GNU Mailutils 2.1) From: Glenn Morris X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) forcemerge 13374 15792 From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 02 14:49:02 2013 Received: (at 15792) by debbugs.gnu.org; 2 Nov 2013 18:49:02 +0000 Received: from localhost ([127.0.0.1]:59854 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgFq-0001hy-2s for submit@debbugs.gnu.org; Sat, 02 Nov 2013 14:49:02 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:33880 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VcgFo-0001hZ-9G for 15792@debbugs.gnu.org; Sat, 02 Nov 2013 14:49:00 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1VcgFl-00017v-PM; Sat, 02 Nov 2013 14:48:57 -0400 From: Glenn Morris To: Vincent Bernat Subject: Re: bug#15792: 24.3; Builtin TLS support should enable certificate verification support by default References: <87a9hmu9n2.fsf@guybrush.luffy.cx> X-Spook: Rubin assassinate Sundevil Mole defense information X-Ran: 2A<^?*s2T-80g#/=9CXl*8cM9Iow@6fo1V6`:=C5E-8l!'Ug*Oa^*xf)mB;\2$XN+"/h\d X-Hue: cyan X-Debbugs-No-Ack: yes X-Attribution: GM Date: Sat, 02 Nov 2013 14:48:57 -0400 In-Reply-To: <87a9hmu9n2.fsf@guybrush.luffy.cx> (Vincent Bernat's message of "Sat, 02 Nov 2013 16:05:21 +0100") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15792 Cc: 15792@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) See http://debbugs.gnu.org/13374 and related discussion. From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 02 17:07:22 2013 Received: (at 15792-close) by debbugs.gnu.org; 2 Nov 2013 21:07:22 +0000 Received: from localhost ([127.0.0.1]:60008 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VciPi-0006JZ-39 for submit@debbugs.gnu.org; Sat, 02 Nov 2013 17:07:22 -0400 Received: from bart.luffy.cx ([78.47.78.131]:34275) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VciPf-0006JO-Qd for 15792-close@debbugs.gnu.org; Sat, 02 Nov 2013 17:07:20 -0400 Received: from bart.luffy.cx (localhost [127.0.0.1]) by bart.luffy.cx (Postfix) with ESMTP id 51BBD1446E; Sat, 2 Nov 2013 22:07:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding; s=postfix; bh=CyDBXhIak vZX7Qyo7rZ0+YNHbI4=; b=EhF42dae3vBAcZrGBGlAKkdQnegKtEQt5b7W0bk+U Yrek4baxElfa7xuTFrqBtoRpFYn+x8GRUKnOPL9KhCfGejRG7+YP/yhIgMgqC9Kd eEHDUXaGyM8BnogCjowtIbHLhweTAxGNGRUAAkDNE+nwiJApLsTSmIJ6fT7nlk+7 38= DomainKey-Signature: a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding; q=dns; s=postfix; b=uLS /Eh4c4+xDBlX1MHeke2FhDPL0tfI4vGJ+rma39WOB5p3kom3vxIRNiWiB02uFrIl vsVH0ZENoWrqATm8JLcjJfqN+4qXjIxpvDWAFy829fZbfFdexuDOPB7TTD0oJoVR UlRTkgQOhe+1WIQfClJNynmBQGfnN3Qe8YLdXTPo= Received: from guybrush.luffy.cx (4vh54-1-88-121-64-64.fbx.proxad.net [88.121.64.64]) by bart.luffy.cx (Postfix) with ESMTPS id 1630614063; Sat, 2 Nov 2013 22:07:18 +0100 (CET) Received: by guybrush.luffy.cx (Postfix, from userid 1000) id 71CC033B; Sat, 2 Nov 2013 22:07:16 +0100 (CET) From: Vincent Bernat To: Glenn Morris Subject: Re: bug#15792: 24.3; Builtin TLS support should enable certificate verification support by default References: <87a9hmu9n2.fsf@guybrush.luffy.cx> Date: Sat, 02 Nov 2013 22:07:16 +0100 In-Reply-To: (Glenn Morris's message of "Sat, 02 Nov 2013 14:48:57 -0400") Message-ID: <87txfusebf.fsf@guybrush.luffy.cx> User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15792-close Cc: 15792-close@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) =E2=9D=A6 2 novembre 2013 19:48 CET, Glenn Morris =C2=A0: > See http://debbugs.gnu.org/13374 and related discussion. Thanks! Sorry for the duplicate, I didn't find this bug report. --=20 printk("??? No FDIV bug? Lucky you...\n"); 2.2.16 /usr/src/linux/include/asm-i386/bugs.h From unknown Sat Aug 09 09:35:55 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Did not alter fixed versions and reopened. Date: Sat, 02 Nov 2013 21:11:01 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # Did not alter fixed versions and reopened. thanks # This fakemail brought to you by your local debbugs # administrator From unknown Sat Aug 09 09:35:55 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 16 Jan 2014 12:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator