GNU bug report logs - #78189
31.0.50; require properties :key and :cert in auth search done from `network-stream-certificate'

Previous Next

Package: emacs;

Reported by: Jens Schmidt <jschmidt4gnu <at> vodafonemail.de>

Date: Thu, 1 May 2025 14:38:02 UTC

Severity: normal

Tags: fixed

Found in version 31.0.50

Fixed in version 31.1

Done: Robert Pluim <rpluim <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Robert Pluim <rpluim <at> gmail.com>
To: Ted Zlatanov <tzz <at> lifelogs.com>
Cc: 78189 <at> debbugs.gnu.org, Jens Schmidt <jschmidt4gnu <at> vodafonemail.de>
Subject: bug#78189: 31.0.50; require properties :key and :cert in auth search done from `network-stream-certificate'
Date: Mon, 05 May 2025 13:44:21 +0200

>>>>> On Sun, 04 May 2025 16:15:01 -0400, Ted Zlatanov <tzz <at> lifelogs.com> said:

    Ted> On Thu, 1 May 2025 16:36:42 +0200 Jens Schmidt <jschmidt4gnu <at> vodafonemail.de> wrote: 
    JS> Function `network-stream-certificate' attempts to find a suitable client
    JS> certificate for HOST and SERVICE by doing a search through the available
    JS> auth sources, like this ("old search"):

    JS> (let* ((auth-info
    JS> (ignore-errors
    JS> (car (auth-source-search :max 1
    JS> :host host
    JS> :port (format "%s" service)))))

    JS> I think this search should better explicitly require properties :key and
    JS> :cert for the auth source search, like this ("new search"):

    JS> (let* ((auth-info
    JS> (ignore-errors
    JS> (car (auth-source-search :max 1
    JS> :host host
    JS> :port (format "%s" service)
    JS> :require '(:key :cert)))))

    JS> The rest of this mail tries to convince me and you that this is TRT to
    JS> do.  If you don't need convincing, you might skip it and instead check
    JS> the attached patch.

Iʼm convinced.

    Ted> I'm OK with a patch to prefer entries with :key and :cert.

Jens attached a patch that did exactly that 😀

Jens, I think your copyright assignment is on file?

    Ted> I wonder if it might be better to just say "prefer the most
    Ted> specific/interesting" in a generic way? Like

    Ted> :prefer '(:key :cert)

    Ted> which can also be one of these

    Ted> :prefer 'most-keys ;;; count of keys
    Ted> :prefer 'most-detail ;;; length of serialized entry?
    Ted> :prefer 'network-stream-keys ;;; knows to look for host, port, key, cert

Iʼm not seeing a use case for this. Just saying 'find an entry with
:key and :cert' should be enough, and is easy to explain.

Robert
--
This bug report was last modified 6 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.