From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ivan Shmakov Newsgroups: gmane.emacs.bugs Subject: bug#19284: 25.0.50; tls.el uses option --insecure Date: Wed, 30 Dec 2015 15:57:37 +0000 Message-ID: <87lh8cvsi6.fsf@violet.siamics.net> References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> <8737uk0zal.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1451491101 20143 80.91.229.3 (30 Dec 2015 15:58:21 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 30 Dec 2015 15:58:21 +0000 (UTC) To: 19284@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Dec 30 16:58:11 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aEJ8c-000177-3l for geb-bug-gnu-emacs@m.gmane.org; Wed, 30 Dec 2015 16:58:10 +0100 Original-Received: from localhost ([::1]:52873 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEJ8b-0002Fd-9E for geb-bug-gnu-emacs@m.gmane.org; Wed, 30 Dec 2015 10:58:09 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57577) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEJ8X-0002FP-Uz for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 10:58:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aEJ8U-00042t-Ko for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 10:58:05 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:42936) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEJ8U-00042o-Bc for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 10:58:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aEJ8U-00067r-5r for bug-gnu-emacs@gnu.org; Wed, 30 Dec 2015 10:58:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 30 Dec 2015 15:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security Original-Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145149107023528 (code B ref 19284); Wed, 30 Dec 2015 15:58:02 +0000 Original-Received: (at 19284) by debbugs.gnu.org; 30 Dec 2015 15:57:50 +0000 Original-Received: from localhost ([127.0.0.1]:50538 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEJ8I-00067Q-9e for submit@debbugs.gnu.org; Wed, 30 Dec 2015 10:57:50 -0500 Original-Received: from fely.am-1.org ([78.47.74.50]:33113) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEJ8F-00067G-Tl for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 10:57:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=QBjftlwiqrgz6AWpvEV53ztr7UpPq38W1CN5H1gpqKc=; b=XkoQidnigAaQdyycPFX1AwpXvDw4n0mvfdtWutn/eoJV7SLYlC7Htk2L/GhwgaukuJmJkXjhQ7iSyfjNGZ2o9bIqPZeyyjskbs/8Tu+KFMRcAY/s9pP4WHIWAjh40Uq62pexCH+7KJTdeREsvnhQvs+WvlalLsbF2/4qRs1+2Rg=; Original-Received: from violet.siamics.net ([2001:470:1f13:1eb::1:1d]) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aEJ8E-0006lc-85 for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 15:57:46 +0000 Original-Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aEJ85-00043j-Vq for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 22:57:38 +0700 In-Reply-To: <8737uk0zal.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 30 Dec 2015 09:46:42 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:111024 Archived-At: >>>>> "TZ" =3D=3D Ted Zlatanov writes: >>>>> On Tue, 29 Dec 2015 19:25:48 +0000 Ivan Shmakov wr= ote: [=E2=80=A6] TZ> I think the benefit to the rest of the users will be worth it, and TZ> that group can have a ELPA package to support them. IS> As long as the hooks are in place to route the requests via that IS> package, I have no (strong) objections to the move. TZ> The package itself will install those hooks, I assume. My point is that there=E2=80=99re no such hooks currently =E2=80=93 the di= spatch is instead hardcoded into network-stream-open-tls: 357 (stream 358 (funcall (if (gnutls-available-p) 359 'open-gnutls-stream 360 'open-tls-stream) 361 name buffer host service)) For it to still be possible to use functions other than open-gnutls-stream, and assuming open-tls-stream is removed from the Emacs proper, this would=E2=80=99ve to be replaced with a (customizable) variable, like: (stream (funcall network-stream-open-tls-function name buffer host service)) IS> But given that tls.el is about 300=C2=A0LoC in total, and hardly incurs IS> a high maintenance cost, I don=E2=80=99t see much value in the move, IS> either. TZ> There's a small but consistent amount of time spent checking "are TZ> you using tls.el?" every time we debug a SSL/TLS issue (even if we TZ> don't ask the user explicitly). TZ> There is a user experience difference between relying on external TZ> tools implicitly, which tls.el does, and explicitly, which TZ> ProxyCommand does. But that=E2=80=99s trivial to solve; say: (defcustom network-stream-open-tls-function 'open-gnutls-stream "The function to use to establish TLS/SSL connections." :type '(choice (function-item :tag "Native GnuTLS support" open-gnutls-stream) (function-item :tag "Use gnutls-cli external command" open-tls-stream))) This way, tls.el would only be used if explicitly configured by the user. TZ> Also, tls.el is not granular like ProxyCommand or the TZ> `nnimap-stream' functionality, it applies to all connectivity. The user may set network-stream-open-tls-function to an entirely arbitrary function, which may take the target host and service names into account. (Although I don=E2=80=99t have any sensible use case for that at hand.) TZ> I hope that explains my reasoning better. It does. --=20 FSF associate member #7257 http://am-1.org/~ivan/ =E2=80=A6 3013 B6A0= 230E 334A