GNU bug report logs - #20960
handling /etc/ssl/certs/ca-bundle.crt by default in emacs

Previous Next

Package: emacs;

Reported by: Petr Hracek <phracek <at> redhat.com>

Date: Thu, 2 Jul 2015 09:58:02 UTC

Severity: wishlist

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #38 received at 20960 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: 20960 <at> debbugs.gnu.org
Subject: Re: bug#20960: handling /etc/ssl/certs/ca-bundle.crt by default in
 emacs
Date: Thu, 26 Jan 2017 20:24:16 +0100

Ted Zlatanov <tzz <at> lifelogs.com> writes:

> On Sat, 26 Dec 2015 21:57:24 +0100 Lars Ingebrigtsen <larsi <at> gnus.org> wrote: 
>
> LI> Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>>>> that exists, similar to what gnutls-trustfiles does. (Do these two
>>>> variables duplicate each other?)
>>> 
>>> Yes, I believe they are duplicates (with smime-CA-directory predating
>>> the gnutls thingy).
>
> LI> smime-CA-directory should be rewritten to use gnutls-trustfiles (if
> LI> gnutls-trustfiles exists).  The minor complication is that the former is
> LI> a directory and the latter is a list of files, so it wouldn't be exactly
> LI> backwards compatible...
>
> We can make `gnutls-trustfiles' support directories?

On the other hand, this is the only place smime-CA-directory is used:

(defun smime-verify-region (b e)
  "Verify S/MIME message in region between B and E.
Returns non-nil on success.
Any details (stdout and stderr) are left in the buffer specified by
`smime-details-buffer'."
  (smime-new-details-buffer)
  (let ((CAs (append (if smime-CA-file
			 (list "-CAfile"
			       (expand-file-name smime-CA-file)))
		     (if smime-CA-directory
			 (list "-CApath"
			       (expand-file-name smime-CA-directory))))))

And:

       -CAfile file
           a file containing trusted CA certificates, only used with -verify.

       -CApath dir
           a directory containing trusted CA certificates, only used with
           -verify. This directory must be a standard certificate directory:
           that is a hash of each subject name (using x509 -hash) should be
           linked to each certificate.

Is a list of CA files, and can be in different directories, so there's,
like, no way to used them interchangeably.

So...  I dunno.  Somebody could just rewrite that function to use all
the files from (gnutls-trustfiles) and see if one of them are OK.  I
never use smime, though, so I'm not that person.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 3 years and 45 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.