GNU bug report logs - #78189
31.0.50; require properties :key and :cert in auth search done from `network-stream-certificate'

Previous Next

Package: emacs;

Reported by: Jens Schmidt <jschmidt4gnu <at> vodafonemail.de>

Date: Thu, 1 May 2025 14:38:02 UTC

Severity: normal

Tags: fixed

Found in version 31.0.50

Fixed in version 31.1

Done: Robert Pluim <rpluim <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Ted Zlatanov <tzz <at> lifelogs.com>, Robert Pluim <rpluim <at> gmail.com>
Cc: 78189 <at> debbugs.gnu.org, jschmidt4gnu <at> vodafonemail.de
Subject: bug#78189: 31.0.50; require properties :key and :cert in auth search done from `network-stream-certificate'
Date: Mon, 05 May 2025 14:21:37 +0300

> Cc: 78189 <at> debbugs.gnu.org
> From: Ted Zlatanov <tzz <at> lifelogs.com>
> Date: Sun, 04 May 2025 16:15:01 -0400
> 
> On Thu, 1 May 2025 16:36:42 +0200 Jens Schmidt <jschmidt4gnu <at> vodafonemail.de> wrote: 
> 
> JS> Function `network-stream-certificate' attempts to find a suitable client
> JS> certificate for HOST and SERVICE by doing a search through the available
> JS> auth sources, like this ("old search"):
> 
> JS>   (let* ((auth-info
> JS>           (ignore-errors
> JS>             (car (auth-source-search :max 1
> JS>                                      :host host
> JS>                                      :port (format "%s" service)))))
> 
> JS> I think this search should better explicitly require properties :key and
> JS> :cert for the auth source search, like this ("new search"):
> 
> JS>   (let* ((auth-info
> JS>           (ignore-errors
> JS>             (car (auth-source-search :max 1
> JS>                                      :host host
> JS>                                      :port (format "%s" service)
> JS>                                      :require '(:key :cert)))))
> 
> JS> The rest of this mail tries to convince me and you that this is TRT to
> JS> do.  If you don't need convincing, you might skip it and instead check
> JS> the attached patch.
> 
> I'm OK with a patch to prefer entries with :key and :cert.
> 
> I wonder if it might be better to just say "prefer the most
> specific/interesting" in a generic way? Like
> 
> :prefer '(:key :cert)
> 
> which can also be one of these
> 
> :prefer 'most-keys ;;; count of keys
> :prefer 'most-detail ;;; length of serialized entry?
> :prefer 'network-stream-keys ;;; knows to look for host, port, key, cert
> 
> but that's extra work and maybe your proposed patch is simple enough to
> Just Work.

Robert, any comments form you?
This bug report was last modified 5 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.