From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= Newsgroups: gmane.emacs.devel Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. Date: Wed, 08 Oct 2014 14:39:55 +0200 Message-ID: <877g0a20ro.fsf@toke.dk> References: <1412716565-7786-1-git-send-email-toke@toke.dk> <87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk> <87bnpm2249.fsf@toke.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1412772026 2256 80.91.229.3 (8 Oct 2014 12:40:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 Oct 2014 12:40:26 +0000 (UTC) Cc: Ted Zlatanov , emacs-devel@gnu.org To: Lars Magne Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 08 14:40:21 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XbqXS-0000pn-OB for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 14:40:18 +0200 Original-Received: from localhost ([::1]:35974 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbqXS-0004oO-4N for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 08:40:18 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44544) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbqXK-0004jG-PY for emacs-devel@gnu.org; Wed, 08 Oct 2014 08:40:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XbqXE-0005VB-3U for emacs-devel@gnu.org; Wed, 08 Oct 2014 08:40:10 -0400 Original-Received: from mail2.tohojo.dk ([77.235.48.147]:41280) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbqXD-0005RW-Rl for emacs-devel@gnu.org; Wed, 08 Oct 2014 08:40:04 -0400 X-Virus-Scanned: amavisd-new at mail2.tohojo.dk DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310; t=1412771932; bh=7kVCRBIAo7QLAs9t38bgl6cdaXFoQNBahT0U1ZshWqw=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=CH7pyXWkroT2vwXNnvRuEXRxHoaUMNsCgP2VOfumqlVZPzdlpz5cChfIeJxUP3UMS AWiZPutgHdkdkFQ5CnUHIq57jmux6NodPsUpb1wvBv1loC76LHhzF3yG2kjdJnbSdT eILqt/yNSwPEZB2Cz9G3g/e/1vy+WprJyosq/nKk= Original-Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 619162E4F2; Wed, 8 Oct 2014 14:39:55 +0200 (CEST) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Wed, 08 Oct 2014 14:18:27 +0200") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 77.235.48.147 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175115 Archived-At: Lars Magne Ingebrigtsen writes: > I think it would also be nice if the entire cert was also returned (in > a convenient format), so that Emacs can display the pertinent parts > while querying the user about what action to take. Okay, so basically a property list with everything that might be interesting? Or did you mean a text string? > And perhaps display graphically the fingerprint like ssh does? I have > no idea what's involved there, so I don't know whether that would be > possible (or easy)... Well, gnutls-cli displays one of those as well. So I suppose it has a way to do that; the question is whether it's exposed in the API somewhere. I'll go poking around. Can't promise anything about when, though; had expected this to be a small patch that would just be enough for me to stop using gnutls-cli to get TOFU trust... ;) -Toke