GNU bug report logs -
#16784
24.3; Problems opening NNTP connection: failing starttls because of a non-verified certificate
Previous Next
Reported by: sb <at> dod.no
Date: Mon, 17 Feb 2014 17:52:01 UTC
Severity: normal
Tags: fixed
Found in version 24.3
Fixed in version 25.1
Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Thu, 20 Mar 2014 15:58:02 +0100 Lars Magne Ingebrigtsen <larsi <at> gnus.org> wrote:
LMI> Ted Zlatanov <tzz <at> lifelogs.com> writes:
SB> I would like one of the following solutions:
SB> 1. The possibility to switch off the attempted upgrade to STARTTLS for
SB> NNTP connections
>>
>> I think Lars has to give an opinion here.
LMI> I think we should always do encryption, even though we can't do validation.
So the answer is "no" to Steinar's question. I have to agree, although
it may be noisier, in 2014 it's the right way.
>> So basically customize that variable and add :trustfiles and :hostname
>> for the respective verifications, or nil to disable them.
LMI> When doing opportunistic upgrades (where the user hasn't asked for the
LMI> connection to be encrypted), bothering the user with warnings about not
LMI> being able to establish the identity of the server doesn't make much
LMI> sense.
I can only suggest overriding `gnutls-log-level' but that doesn't make
much sense if you're planning to use that connection, in which case you
care about those warnings. Do we need a way to defer GnuTLS warnings
(put them in a variable temporarily)?
Ted
This bug report was last modified 10 years and 227 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.