From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] GnuTLS support on Woe32 Date: Mon, 07 Mar 2011 05:04:54 -0600 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87ei6jxkbt.fsf@lifelogs.com> References: <87ipvwl1nx.wl%claudio.bley@gmail.com> <83oc5ogp89.fsf@gnu.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1299495921 19182 80.91.229.12 (7 Mar 2011 11:05:21 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 7 Mar 2011 11:05:21 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Mar 07 12:05:17 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PwYFY-0005gB-Kw for ged-emacs-devel@m.gmane.org; Mon, 07 Mar 2011 12:05:16 +0100 Original-Received: from localhost ([127.0.0.1]:58726 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PwYFX-0008Jy-U7 for ged-emacs-devel@m.gmane.org; Mon, 07 Mar 2011 06:05:15 -0500 Original-Received: from [140.186.70.92] (port=57165 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PwYFS-0008Fh-RX for emacs-devel@gnu.org; Mon, 07 Mar 2011 06:05:11 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PwYFR-0005wY-Gs for emacs-devel@gnu.org; Mon, 07 Mar 2011 06:05:10 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]:57920) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PwYFR-0005wM-8s for emacs-devel@gnu.org; Mon, 07 Mar 2011 06:05:09 -0500 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PwYFO-0005b5-Jp for emacs-devel@gnu.org; Mon, 07 Mar 2011 12:05:06 +0100 Original-Received: from c-67-186-102-106.hsd1.il.comcast.net ([67.186.102.106]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 07 Mar 2011 12:05:06 +0100 Original-Received: from tzz by c-67-186-102-106.hsd1.il.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 07 Mar 2011 12:05:06 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 22 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: c-67-186-102-106.hsd1.il.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110014 (No Gnus v0.14) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:XHdvbdTnE9phWNvGCPSL95nLpSM= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:136829 Archived-At: On Mon, 07 Mar 2011 11:44:56 +0100 Robert Pluim wrote: RP> I modify that comment: builtin TLS support works for me if I set RP> 'trustfiles' to nil in gnutls-negotiate, instead of RP> "/etc/ssl/certs/ca-certificates.crt", which I don't have. What is that RP> file, and why do I need it all of a sudden? (builtin TLS worked fine for RP> me several months ago). Let us know what the file should be on your platform, if you know. This is the CA bundle which determines if the signers of any presented certificates can be trusted. I think Emacs should have its own default bundle and the user should be able to override to their own preference. I'll add code to test for the file's existence and to customize that file. RP> PS The error message I got could be improved: "Err [-64] File not found" RP> is not really helpful This error is coming from the GnuTLS library. It only reports errors numerically so gnutls.c needs to be improved to present the error better. Ted