GNU bug report logs -
#78189
31.0.50; require properties :key and :cert in auth search done from `network-stream-certificate'
Previous Next
Reported by: Jens Schmidt <jschmidt4gnu <at> vodafonemail.de>
Date: Thu, 1 May 2025 14:38:02 UTC
Severity: normal
Tags: fixed
Found in version 31.0.50
Fixed in version 31.1
Done: Robert Pluim <rpluim <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #11 received at 78189 <at> debbugs.gnu.org (full text, mbox):
On Thu, 1 May 2025 16:36:42 +0200 Jens Schmidt <jschmidt4gnu <at> vodafonemail.de> wrote:
JS> Function `network-stream-certificate' attempts to find a suitable client
JS> certificate for HOST and SERVICE by doing a search through the available
JS> auth sources, like this ("old search"):
JS> (let* ((auth-info
JS> (ignore-errors
JS> (car (auth-source-search :max 1
JS> :host host
JS> :port (format "%s" service)))))
JS> I think this search should better explicitly require properties :key and
JS> :cert for the auth source search, like this ("new search"):
JS> (let* ((auth-info
JS> (ignore-errors
JS> (car (auth-source-search :max 1
JS> :host host
JS> :port (format "%s" service)
JS> :require '(:key :cert)))))
JS> The rest of this mail tries to convince me and you that this is TRT to
JS> do. If you don't need convincing, you might skip it and instead check
JS> the attached patch.
I'm OK with a patch to prefer entries with :key and :cert.
I wonder if it might be better to just say "prefer the most
specific/interesting" in a generic way? Like
:prefer '(:key :cert)
which can also be one of these
:prefer 'most-keys ;;; count of keys
:prefer 'most-detail ;;; length of serialized entry?
:prefer 'network-stream-keys ;;; knows to look for host, port, key, cert
but that's extra work and maybe your proposed patch is simple enough to
Just Work.
Ted
This bug report was last modified 60 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.