> From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> Date: Sun, 24 Jun 2018 22:30:50 +0100
> Cc: Eli Zaretskii <eliz@gnu.org>, Paul Eggert <eggert@cs.ucla.edu>,
> Noam Postavsky <npostavs@gmail.com>, emacs-devel@gnu.org
>
> Here's the patch to get GnuTLS to do CRL checking.
Thanks, a few minor comments:
> +(defcustom gnutls-crlfiles
> + '(
> + "/etc/grid-security/certificates/*.crl.pem"
> + )
> + "List of CRL file paths or a function returning said list.
> +If a file path contains a glob pattern, it will be expanded.
> +The files may be in PEM or DER format, as per the GnuTLS documentation.
> +The files may not exist, in which case they will be ignored."
> + :group 'gnutls
> + :type '(choice (function :tag "Function to produce list of CRL filenames")
> + (repeat (file :tag "CRL filename"))))
This should have a :version tag.
Do we really want/need to allow a function here? Isn't a list of
files enough? A function is more dangerous than a string, especially
in a security-sensitive place.
Finally, I think this defcustom needs to be called out in NEWS.