GNU bug report logs - #29978
wishlist: gnutls-verify-error needs a 'ask mode

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 29978 in the body.
You can then email your comments to 29978 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #3 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: wishlist: gnutls-verify-error needs a 'ask mode
Date: Thu, 04 Jan 2018 16:21:21 +0100

Verification using gnutls-verify-error is currently an either-or
proposition: if the verification fails, there's no fallback. Typical
browser implementations allow querying the user for the desired
action, emacs should allow something similar.

Bonus: allow updating gnutls-verify-error automatically based on the
user's response

Message #6 received at 29978 <at> debbugs.gnu.org (full text, mbox):

From: Andreas Schwab <schwab <at> suse.de>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: 29978 <at> debbugs.gnu.org
Subject: Re: bug#29978: wishlist: gnutls-verify-error needs a 'ask mode
Date: Thu, 04 Jan 2018 17:07:44 +0100

On Jan 04 2018, Robert Pluim <rpluim <at> gmail.com> wrote:

> Verification using gnutls-verify-error is currently an either-or
> proposition: if the verification fails, there's no fallback. Typical
> browser implementations allow querying the user for the desired
> action, emacs should allow something similar.

Isn't that what NSM is about?

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab <at> suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Message #9 received at 29978 <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: Andreas Schwab <schwab <at> suse.de>
Cc: 29978 <at> debbugs.gnu.org
Subject: Re: bug#29978: wishlist: gnutls-verify-error needs a 'ask mode
Date: Thu, 04 Jan 2018 17:23:53 +0100

Andreas Schwab <schwab <at> suse.de> writes:

> On Jan 04 2018, Robert Pluim <rpluim <at> gmail.com> wrote:
>
>> Verification using gnutls-verify-error is currently an either-or
>> proposition: if the verification fails, there's no fallback. Typical
>> browser implementations allow querying the user for the desired
>> action, emacs should allow something similar.
>
> Isn't that what NSM is about?

NSM doesn't currently come into play until gnutls.c has finished
setting up the TLS connection. Since gnutls.c is the one doing the
verification, by then it's too late.

Robert

Message #14 received at 29978-done <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: Andreas Schwab <schwab <at> suse.de>
Cc: 29978-done <at> debbugs.gnu.org
Subject: Re: bug#29978: wishlist: gnutls-verify-error needs a 'ask mode
Date: Thu, 04 Jan 2018 17:46:36 +0100

Robert Pluim <rpluim <at> gmail.com> writes:

> Andreas Schwab <schwab <at> suse.de> writes:
>
>> On Jan 04 2018, Robert Pluim <rpluim <at> gmail.com> wrote:
>>
>>> Verification using gnutls-verify-error is currently an either-or
>>> proposition: if the verification fails, there's no fallback. Typical
>>> browser implementations allow querying the user for the desired
>>> action, emacs should allow something similar.
>>
>> Isn't that what NSM is about?
>
> NSM doesn't currently come into play until gnutls.c has finished
> setting up the TLS connection. Since gnutls.c is the one doing the
> verification, by then it's too late.

Umm, nevermind. I hadn't realized nsm already implemented these
checks. Closing.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.