* bug#29977: gnutls-verify-error does not allow matching hostnames
@ 2018-01-04 15:17 Robert Pluim
2018-04-13 12:24 ` Lars Ingebrigtsen
0 siblings, 1 reply; 4+ messages in thread
From: Robert Pluim @ 2018-01-04 15:17 UTC (permalink / raw)
To: 29977; +Cc: Ted Zlatanov
[-- Attachment #1: Type: text/plain, Size: 343 bytes --]
(this is emacs-26)
Given a gnutls-verify-error of
'(("news.gmane.org" nil)
(".*" (:trustfiles :hostname)))
gnutls-boot-parameters will always use (:trustfiles :hostname) even
though the intent is to turn off verification for news.gmane.org.
Proposed patch converts this to first-match, which I think matches the
intent of the variable.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Change-gnutls-verify-error-to-be-first-match.patch --]
[-- Type: text/x-patch, Size: 1549 bytes --]
From 2935008e42d956607bf1893ea6507db6202b3eb1 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim@gmail.com>
Date: Thu, 4 Jan 2018 16:12:47 +0100
Subject: [PATCH] Change gnutls-verify-error to be first-match
* lisp/net/gnutls.el (gnutls-boot-parameters): Convert to
first-match for gnutls-verify-error rather than any-match
---
lisp/net/gnutls.el | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el
index 5afd5c5804..c8f4824b53 100644
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@@ -282,13 +282,9 @@ gnutls-log-level
t)
;; if a list, look for hostname matches
((listp gnutls-verify-error)
- (apply 'append
- (mapcar
- (lambda (check)
- (when (string-match (nth 0 check)
- hostname)
- (nth 1 check)))
- gnutls-verify-error)))
+ (cadr (cl-find-if #'(lambda (x)
+ (string-match (car x) hostname))
+ gnutls-verify-error)))
;; else it's nil
(t nil))))
(min-prime-bits (or min-prime-bits gnutls-min-prime-bits)))
--
2.16.0.rc0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* bug#29977: gnutls-verify-error does not allow matching hostnames
2018-01-04 15:17 bug#29977: gnutls-verify-error does not allow matching hostnames Robert Pluim
@ 2018-04-13 12:24 ` Lars Ingebrigtsen
2018-04-13 12:31 ` Robert Pluim
0 siblings, 1 reply; 4+ messages in thread
From: Lars Ingebrigtsen @ 2018-04-13 12:24 UTC (permalink / raw)
To: Robert Pluim; +Cc: 29977, Ted Zlatanov
Robert Pluim <rpluim@gmail.com> writes:
> gnutls-boot-parameters will always use (:trustfiles :hostname) even
> though the intent is to turn off verification for news.gmane.org.
> Proposed patch converts this to first-match, which I think matches the
> intent of the variable.
Yes, that makes sense, I think. I've now applied the patch to Emacs
27.1.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#29977: gnutls-verify-error does not allow matching hostnames
2018-04-13 12:24 ` Lars Ingebrigtsen
@ 2018-04-13 12:31 ` Robert Pluim
2018-04-13 12:44 ` Lars Ingebrigtsen
0 siblings, 1 reply; 4+ messages in thread
From: Robert Pluim @ 2018-04-13 12:31 UTC (permalink / raw)
To: Lars Ingebrigtsen; +Cc: 29977, Ted Zlatanov
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Robert Pluim <rpluim@gmail.com> writes:
>
>> gnutls-boot-parameters will always use (:trustfiles :hostname) even
>> though the intent is to turn off verification for news.gmane.org.
>> Proposed patch converts this to first-match, which I think matches the
>> intent of the variable.
>
> Yes, that makes sense, I think. I've now applied the patch to Emacs
> 27.1.
Did we want something like this on top? I doubt this warrants a NEWS
entry, as the previous behaviour was never documented :-)
2018-04-13 Robert Pluim <rpluim@gmail.com>
* lisp/net/gnutls.el (gnutls-verify-error): Mention that the
matching is first-match.
diff --git i/lisp/net/gnutls.el w/lisp/net/gnutls.el
index 85c9308c0d..a9ee6ebfaf 100644
--- i/lisp/net/gnutls.el
+++ w/lisp/net/gnutls.el
@@ -61,9 +61,9 @@ gnutls-verify-error
((HOST-REGEX FLAGS...) (HOST-REGEX FLAGS...) ...)
where each HOST-REGEX is a regular expression to be matched
-against the hostname, and FLAGS is either t or a list of
-one or more verification flags. The supported flags and the
-corresponding conditions to be tested are:
+against the hostname, on a first-match basis, and FLAGS is either
+t or a list of one or more verification flags. The supported
+flags and the corresponding conditions to be tested are:
:trustfiles -- certificate must be issued by a trusted authority.
:hostname -- hostname must match presented certificate's host name.
^ permalink raw reply related [flat|nested] 4+ messages in thread
* bug#29977: gnutls-verify-error does not allow matching hostnames
2018-04-13 12:31 ` Robert Pluim
@ 2018-04-13 12:44 ` Lars Ingebrigtsen
0 siblings, 0 replies; 4+ messages in thread
From: Lars Ingebrigtsen @ 2018-04-13 12:44 UTC (permalink / raw)
To: 29977; +Cc: Ted Zlatanov
Robert Pluim <rpluim@gmail.com> writes:
> Did we want something like this on top? I doubt this warrants a NEWS
> entry, as the previous behaviour was never documented :-)
>
> 2018-04-13 Robert Pluim <rpluim@gmail.com>
>
> * lisp/net/gnutls.el (gnutls-verify-error): Mention that the
> matching is first-match.
Yup; applied.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-13 12:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-04 15:17 bug#29977: gnutls-verify-error does not allow matching hostnames Robert Pluim
2018-04-13 12:24 ` Lars Ingebrigtsen
2018-04-13 12:31 ` Robert Pluim
2018-04-13 12:44 ` Lars Ingebrigtsen
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).