GNU bug report logs -
#16978
24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities
Previous Next
Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
Date: Mon, 10 Mar 2014 07:00:02 UTC
Severity: important
Tags: fixed, security
Merged with 16193,
18600
Found in versions 24.3, 24.3.94
Fixed in version 25.1
Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Thu, 20 Mar 2014 09:43:50 -0400, Ted Zlatanov <tzz <at> lifelogs.com> said:
TZ> For storage of the certificates, I think
TZ> ~/.emacs.d/certs/hostname.somextension is the right place. I
TZ> asked this on gnutls-devel a while ago so we can revisit the
TZ> discussion when we have the UI worked out.
Hi Ted,
GnuTLS uses the file ~/.gnutls/known_hosts. I did not look into
this, but why do want to duplicate that functionality in Emacs?
JL> P.S. Self-signed certs are unusable now [...]
TZ> Hmm. That seems a Gnus bug :) Can you submit it separately, to
TZ> keep the books clean, after testing with the latest Gnus?
Done: http://debbugs.gnu.org/17061
JL> P.P.S. I’m using imap.el, which knows of various ways to
JL> establish SSL/TLS connections, but gnutls.el is not among them.
TZ> I think you're on an old Gnus then, which is strange considering
TZ> you're testing with a recent Emacs. What's `M-x gnus-version'?
v5.13 and Ma Gnus v0.10. I’m using imap among `mail-sources' via
imap.el, not nnimap. (The latter is on my todo list.)
Best wishes
Jens
This bug report was last modified 10 years and 178 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.