From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= Newsgroups: gmane.emacs.devel Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. Date: Wed, 08 Oct 2014 15:28:23 +0200 Message-ID: <8738ay1yiw.fsf@toke.dk> References: <1412716565-7786-1-git-send-email-toke@toke.dk> <87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk> <87bnpm2249.fsf@toke.dk> <83eguik9ip.fsf@gnu.org> <83d2a2k91n.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1412774944 12169 80.91.229.3 (8 Oct 2014 13:29:04 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 Oct 2014 13:29:04 +0000 (UTC) Cc: Eli Zaretskii , tzz@lifelogs.com, emacs-devel@gnu.org To: Lars Magne Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 08 15:28:59 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XbrIY-0004kW-IX for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 15:28:58 +0200 Original-Received: from localhost ([::1]:36254 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbrIY-0000zN-6o for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 09:28:58 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57421) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbrIH-0000yx-A5 for emacs-devel@gnu.org; Wed, 08 Oct 2014 09:28:46 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XbrIC-0006nU-B6 for emacs-devel@gnu.org; Wed, 08 Oct 2014 09:28:41 -0400 Original-Received: from mail2.tohojo.dk ([77.235.48.147]:44491) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbrI6-0006m7-SH; Wed, 08 Oct 2014 09:28:31 -0400 X-Virus-Scanned: amavisd-new at mail2.tohojo.dk DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1412774839; bh=gYX0SjvEuzvTkLYrQXEZLkiznbVijdH9jPYhkqduNms=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=V8E83V5iMNzs08n+7vfq+LgdpgmZ1VapmW3PKH9dvDsmuKTVYI6K5sHa7GzreVwqX rjGh91o78itrX4OKJB8PJCDLMqSKmNNIC8CL85VYJrbIzhiSExq1LeWuqPEMuAMumG JhZkBsB1VD+dLnjgOIXYkOISaCw4+0CqwTT92Ahw= Original-Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 4EC102E59D; Wed, 8 Oct 2014 15:28:23 +0200 (CEST) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Wed, 08 Oct 2014 15:06:52 +0200") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 77.235.48.147 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175128 Archived-At: Lars Magne Ingebrigtsen writes: > It would validate the certificate, but never drop the connection even > if the certificate is invalid. It would be up to `open-network-stream' > to close the connection if the user decides to not accept the invalid > (or self-signed) certificate. FWIW this was what I understood from your earlier emails as well. It does mean that the handshake will be completed before validation is done, which goes counter to how these things are usually done. Not sure if that is a problem; it surely will be if there's lisp code that doesn't go through open-network-stream... Another alternative would be to fail in the C code and report why, along with the cert details; and then make it up to the lisp code to retry the connection with appropriate flags set to ignore (some) errors based on user response... That would be similar to how the gnutls lisp/C interaction is now (I think), with the addition that certificate details are returned along with any errors signalled... -Toke