unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: emacs-devel@gnu.org
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 17:19:12 +0200	[thread overview]
Message-ID: <87tx3emvwv.fsf@alrua-karlstad.karlstad.toke.dk> (raw)
In-Reply-To: <m2k34a4nri.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 08 Oct 2014 10:52:33 -0400")

Ted Zlatanov <tzz@lifelogs.com> writes:

> Wonderful work, thank you!

Glad you think so :)

> You should check in the autoconf script whether
> `gnutls_verify_stored_pubkey' is available. It's a fairly new function
> and we have to support older versions of GnuTLS without it.

Right; will look into that.

> I like the simplicity of it. It would be nice to do this inside Emacs
> itself (it's OK if it requires some kind of `emacs --batch' call,
> doesn't have to be immediate). Either way, the errors should tell us
> specifically what to run from the command line in these two cases:

I have an updated version where I split out the parameters into
:tofu-strict and :tofu-auto, where the latter will automatically add a
certificate that hasn't been seen before (and fail on mismatch only).
This might be more suitable to have turned out by default.

Removing things from the key store has to be done manually, though; but
that goes for gnutls-cli as well (and even for ssh).

>     error ("No TOFU trust entry found for hostname \"%s\" and service \"%s\"", c_hostname, c_service);
>     error ("TOFU trust MISMATCH for hostname \"%s\" and service \"%s\"", c_hostname, c_service);

Will update the messages to be more helpful.

> I think so. But Emacs creates a Emacs-specific homedir for the GnuPG
> keychain, for verification of the package archives, in
> `~/.emacs.d/gnupg' which is an equally valid approach. So I don't have
> a strong opinion.
>
> What's the drawback of having a dedicated Emacs store? Do any other
> programs besides `gnutls-cli` use the global GnuTLS store?

Well, any programs that use gnutls and pass NULL as the trust store will
share the site default. Using this also has the nice side effect of not
having to come up with a portable way to find a suitable file name (I'm
sure this is solved elsewhere in the emacs code but it saved me from
going looking ;)).

> If you can submit a bug with this, it would be wonderful.  I've been
> meaning to get rid of the `cl-mapcan' call anyhow.

I've submitted a bug.

> I think that's pretty tricky with GnuTLS because it expects all the
> validations to be C callbacks and just hands off the connection at the
> end. You're not supposed to interact with the session during the
> validation, IIUC. So it will probably require two attempts.

Noted. I checked what gnutls-cli does (by way of packet dumps), and it
seems to keep the connection open, presumably in the middle of the
handshake, while waiting for the user to decide whether to trust it. So
presumably something similar could be done by Emacs, and I think it's
more a matter of whether or not it's possible to call back up into lisp
from this part of the code.

> Yes, that would be nice and clean. They can simply be attached as
> symbol properties to the error. Maybe you can adjust
> `gnutls_make_error'?

I will look into it. I'm out of time to hack on this for a while, so for
now I'll just resubmit the patch with the changes noted above, and then
return to this at a later date (heh, famous last words).

-Toke



  reply	other threads:[~2014-10-08 15:19 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-07 21:16 [PATCH RFC] GnuTLS: Support TOFU certificate checking Toke Høiland-Jørgensen
2014-10-07 21:35 ` Lars Magne Ingebrigtsen
2014-10-07 21:55   ` Toke Høiland-Jørgensen
2014-10-08 11:53     ` Lars Magne Ingebrigtsen
2014-10-08 11:58       ` Lars Magne Ingebrigtsen
2014-10-08 12:10       ` Toke Høiland-Jørgensen
2014-10-08 12:18         ` Lars Magne Ingebrigtsen
2014-10-08 12:39           ` Toke Høiland-Jørgensen
2014-10-08 12:42             ` Lars Magne Ingebrigtsen
2014-10-08 12:53           ` Eli Zaretskii
2014-10-08 12:56             ` Lars Magne Ingebrigtsen
2014-10-08 13:03               ` Eli Zaretskii
2014-10-08 13:06                 ` Lars Magne Ingebrigtsen
2014-10-08 13:17                   ` Eli Zaretskii
2014-10-08 13:25                     ` Lars Magne Ingebrigtsen
2014-10-08 13:38                       ` Eli Zaretskii
2014-10-08 13:47                         ` Lars Magne Ingebrigtsen
2014-10-08 13:59                           ` Toke Høiland-Jørgensen
2014-10-08 14:05                             ` Lars Magne Ingebrigtsen
2014-10-08 14:01                           ` Eli Zaretskii
2014-10-08 14:09                             ` Lars Magne Ingebrigtsen
2014-10-08 14:11                               ` Eli Zaretskii
2014-10-08 14:56                               ` Ted Zlatanov
2014-10-08 15:31                                 ` Lars Magne Ingebrigtsen
2014-10-08 15:37                                   ` Ted Zlatanov
2014-10-09  2:43                                     ` Stephen J. Turnbull
2014-10-09 13:17                                       ` Ted Zlatanov
2014-10-08 13:28                   ` Toke Høiland-Jørgensen
2014-10-08 14:52 ` Ted Zlatanov
2014-10-08 15:19   ` Toke Høiland-Jørgensen [this message]
2014-10-08 15:45     ` Ted Zlatanov
2014-10-08 16:09       ` Toke Høiland-Jørgensen
2014-10-08 16:52     ` Lars Magne Ingebrigtsen
2014-10-08 17:07       ` Toke Høiland-Jørgensen
2014-10-09 13:10         ` Ted Zlatanov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87tx3emvwv.fsf@alrua-karlstad.karlstad.toke.dk \
    --to=toke@toke.dk \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).