GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems

Previous Next

Package: emacs;

Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>

Date: Sat, 23 Jun 2018 10:39:02 UTC

Severity: normal

Tags: fixed, security

Found in version 27.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 31946 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jimmy Yuen Ho Wong <wyuenho <at> gmail.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, 31946 <at> debbugs.gnu.org,
 Noam Postavsky <npostavs <at> gmail.com>
Subject: Re: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Wed, 27 Jun 2018 14:20:16 +0200

Lars Ingebrigtsen <larsi <at> gnus.org> writes:

> To get the connection parameters, say something like:
>
> (gnutls-peer-status (open-network-stream "foo" nil
> "dh-composite.badssl.com" "https" :tls-parameters (cons
> 'gnutls-x509pki (gnutls-boot-parameters :hostname
> "dh-composite.badssl.com"))))

Speaking of which -- it's quite a mouthful to say:

(open-network-stream
 "foo" nil "dh-composite.badssl.com" "https"
 :tls-parameters (cons 'gnutls-x509pki (gnutls-boot-parameters
                                        :hostname "dh-composite.badssl.com")))

I've been meaning to add a :tls keyword to `open-network-stream' that
would make

(open-network-stream "foo" nil "dh-composite.badssl.com" "https" :tls t)

a short way to write the above.  I.e., the default TLS parameters (which
is what you need in 99.9% of the cases) would be used if you just say
:tls t.

Does that sound OK to you, Eli?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 328 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.