From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: using GnuTLS 3.x and certificate checks Date: Wed, 05 Jun 2013 14:42:52 -0400 Message-ID: References: <87zjxumbjf.fsf@wanadoo.es> <83y5dazmpt.fsf@gnu.org> <86ehf2zefk.fsf@gmail.com> <86li9az2sw.fsf@gmail.com> <83hajyz1mi.fsf@gnu.org> <867gku88lx.fsf@gmail.com> <83a9pqysc5.fsf@gnu.org> <86sj3i6ndd.fsf@gmail.com> <83620eyonh.fsf@gnu.org> <86620dqmsd.fsf@gmail.com> <83r4j1xmim.fsf@gnu.org> <86y5d9p4oh.fsf@gmail.com> <83ppylxidt.fsf@gnu.org> <86txnxoz1k.fsf@gmail.com> <83hajxxd5c.fsf@gnu.org> <874nfxt219.fsf_-_@lifelogs.com> <874nfenmya@ch.ristopher.com> <877giv7k2s.fsf@lifelogs.com> <878v2o1tom.fsf@lifelogs.com> <87d2s0xwnv.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1370457780 21971 80.91.229.3 (5 Jun 2013 18:43:00 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 5 Jun 2013 18:43:00 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jun 05 20:43:00 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UkIfj-0005G8-2Y for ged-emacs-devel@m.gmane.org; Wed, 05 Jun 2013 20:42:59 +0200 Original-Received: from localhost ([::1]:56231 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UkIfi-0004IJ-HU for ged-emacs-devel@m.gmane.org; Wed, 05 Jun 2013 14:42:58 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38752) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UkIff-0004HN-Hw for emacs-devel@gnu.org; Wed, 05 Jun 2013 14:42:56 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UkIfe-0003ut-4t for emacs-devel@gnu.org; Wed, 05 Jun 2013 14:42:55 -0400 Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:48670) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UkIfe-0003ul-18 for emacs-devel@gnu.org; Wed, 05 Jun 2013 14:42:54 -0400 Original-Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id r55Igqbh031874; Wed, 5 Jun 2013 14:42:53 -0400 Original-Received: by faina.iro.umontreal.ca (Postfix, from userid 20848) id 8F7B5B4108; Wed, 5 Jun 2013 14:42:52 -0400 (EDT) In-Reply-To: <87d2s0xwnv.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 05 Jun 2013 14:03:16 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4600=0 X-NAI-Spam-Version: 2.3.0.9362 : core <4600> : streams <974562> : uri <1439312> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 132.204.246.20 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:160135 Archived-At: > When interactive, you should be asked if you want to accept a SSL > certificate unless your function pre-approves it. So the default > interactively is 'maybe-ask. The other question is, if the user > doesn't answer in 30 seconds, can we take that as a "no" answer? I > think the answer is "no, just wait for it." By default it makes sense to prompt the user, and if she's not available to reply, just wait until she is. No need for any special functionality. > When non-interactive, you can't be asked. So the default there can be > 'maybe-ask (what I describe in my question, and make it fail gracefully) > or 'maybe-reject (unless pre-approved, reject). It sounds like no one > wants 'maybe-ask non-interactively. In batch mode, prompting doesn't make much sense, so better default to signal an error. Stefan