From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: using GnuTLS 3.x and certificate checks
Date: Wed, 05 Jun 2013 16:55:39 -0400
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87k3m8wa44.fsf@lifelogs.com>
References: <87zjxumbjf.fsf@wanadoo.es> <86zjxrs4jm.fsf@gmail.com>
	<87k3ovcn1r.fsf@wanadoo.es> <86fvzj2gkz.fsf@gmail.com>
	<87sj3jaqfs.fsf@wanadoo.es> <83y5dazmpt.fsf@gnu.org>
	<86ehf2zefk.fsf@gmail.com> <86li9az2sw.fsf@gmail.com>
	<83hajyz1mi.fsf@gnu.org> <867gku88lx.fsf@gmail.com>
	<83a9pqysc5.fsf@gnu.org> <86sj3i6ndd.fsf@gmail.com>
	<83620eyonh.fsf@gnu.org> <86620dqmsd.fsf@gmail.com>
	<83r4j1xmim.fsf@gnu.org> <86y5d9p4oh.fsf@gmail.com>
	<83ppylxidt.fsf@gnu.org> <86txnxoz1k.fsf@gmail.com>
	<83hajxxd5c.fsf@gnu.org> <874nfxt219.fsf_-_@lifelogs.com>
	<87y5aozj3l.fsf@lifelogs.com>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1370465769 13634 80.91.229.3 (5 Jun 2013 20:56:09 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 5 Jun 2013 20:56:09 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jun 05 22:56:08 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1UkKkZ-0000cI-TN
	for ged-emacs-devel@m.gmane.org; Wed, 05 Jun 2013 22:56:08 +0200
Original-Received: from localhost ([::1]:41760 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1UkKkZ-0000qR-HU
	for ged-emacs-devel@m.gmane.org; Wed, 05 Jun 2013 16:56:07 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49337)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1UkKkS-0000qF-Uu
	for emacs-devel@gnu.org; Wed, 05 Jun 2013 16:56:05 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1UkKkN-0007w2-Vs
	for emacs-devel@gnu.org; Wed, 05 Jun 2013 16:56:00 -0400
Original-Received: from plane.gmane.org ([80.91.229.3]:54411)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1UkKkN-0007vD-PL
	for emacs-devel@gnu.org; Wed, 05 Jun 2013 16:55:55 -0400
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1UkKkH-0000Kz-72
	for emacs-devel@gnu.org; Wed, 05 Jun 2013 22:55:49 +0200
Original-Received: from pool-72-93-26-80.bstnma.east.verizon.net ([72.93.26.80])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Wed, 05 Jun 2013 22:55:49 +0200
Original-Received: from tzz by pool-72-93-26-80.bstnma.east.verizon.net with local
	(Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Wed, 05 Jun 2013 22:55:49 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 24
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: pool-72-93-26-80.bstnma.east.verizon.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)
Cancel-Lock: sha1:lT7U4NsMlX9qTopOsWx3PptpDeo=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:160144
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/160144>

On Wed, 05 Jun 2013 11:13:18 -0400 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> Without comments, I will assume a general OK on these two things:

TZ> - move to the GnuTLS 3.x API and require that version of the libraries.

TZ> - enable SSL certificate verification by default (I have some questions
TZ>   about non-interactive cases in a separate thread).

...and after Stefan's comments:

- SSL certificates will be run through a user-supplied acceptance
  function/regex/whatever.  If they are not accepted by it, the behavior
  forks.  In batch mode, we always refuse to accept.  In interactive
  mode, we do yes/no/save prompting, waiting forever.  Saving the
  certificate will put it in ~/.emacs.d/certificates or something
  similar.

  The interactive behavior may have a connection time out while waiting,
  which will cause surprises.  We'll try to reopen the connection but
  the user may not enjoy the experience and it could get refused the
  second time and so on.

Ted