GNU bug report logs -
#78189
31.0.50; require properties :key and :cert in auth search done from `network-stream-certificate'
Previous Next
Reported by: Jens Schmidt <jschmidt4gnu <at> vodafonemail.de>
Date: Thu, 1 May 2025 14:38:02 UTC
Severity: normal
Tags: fixed
Found in version 31.0.50
Fixed in version 31.1
Done: Robert Pluim <rpluim <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #11 received at 78189 <at> debbugs.gnu.org (full text, mbox):
On Thu, 1 May 2025 16:36:42 +0200 Jens Schmidt <jschmidt4gnu <at> vodafonemail.de> wrote:
JS> Function `network-stream-certificate' attempts to find a suitable client
JS> certificate for HOST and SERVICE by doing a search through the available
JS> auth sources, like this ("old search"):
JS> (let* ((auth-info
JS> (ignore-errors
JS> (car (auth-source-search :max 1
JS> :host host
JS> :port (format "%s" service)))))
JS> I think this search should better explicitly require properties :key and
JS> :cert for the auth source search, like this ("new search"):
JS> (let* ((auth-info
JS> (ignore-errors
JS> (car (auth-source-search :max 1
JS> :host host
JS> :port (format "%s" service)
JS> :require '(:key :cert)))))
JS> The rest of this mail tries to convince me and you that this is TRT to
JS> do. If you don't need convincing, you might skip it and instead check
JS> the attached patch.
I'm OK with a patch to prefer entries with :key and :cert.
I wonder if it might be better to just say "prefer the most
specific/interesting" in a generic way? Like
:prefer '(:key :cert)
which can also be one of these
:prefer 'most-keys ;;; count of keys
:prefer 'most-detail ;;; length of serialized entry?
:prefer 'network-stream-keys ;;; knows to look for host, port, key, cert
but that's extra work and maybe your proposed patch is simple enough to
Just Work.
Ted
This bug report was last modified 5 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.