From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Mon, 17 Nov 2014 23:53:10 +0100 Message-ID: References: <85a93pj1n5.fsf@stephe-leake.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416264833 16983 80.91.229.3 (17 Nov 2014 22:53:53 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 17 Nov 2014 22:53:53 +0000 (UTC) Cc: Stephen Leake , Emacs development discussions To: Kelvin White Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Nov 17 23:53:47 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqVB4-0000il-LA for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 23:53:46 +0100 Original-Received: from localhost ([::1]:50585 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqVB4-0001xT-6U for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 17:53:46 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50136) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqVAw-0001xK-ER for emacs-devel@gnu.org; Mon, 17 Nov 2014 17:53:43 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqVAr-0008LK-8W for emacs-devel@gnu.org; Mon, 17 Nov 2014 17:53:38 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:52182) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqVAq-0008KX-Vb; Mon, 17 Nov 2014 17:53:33 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XqVAU-000830-U3; Mon, 17 Nov 2014 23:53:10 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUkKCIREAzj5OOGh4ET FxMNDQgJBwQCAQAPDgkSFA+xR+ocAAACXUlEQVQ4jVWUMW/bMBCFr5CGjiEaG9RmSH9AENPOBspF W4yWirq1qEUje22jIwem7FYBKhD+276TZMu9IDBwn9+7xwNpUmWVqCJmQmQx9vY8lbWkSoUSXFG8 nmZwslTHGNGUQqxCWJ0v1VEUsReOkQtuAd+oFlCMIDjhr+AH6Riz3okeZtKtb8AQ2So4F0QIC/hK kYEIrTFC+pdL//RIMUOoEGQImLKAO+oRXwYP5FYLON8Tn8zDB6eQZgErnENIY0wIGQwXqy2shGgx OsT+FmhWIBNmvAZvnm5AxmHh1Mr2Bhw19U5idou8+DhcwE9YyWCMN65Hv7kFMPKWU0GxgL2mo2AP 0/o2+EYTTeBZ01PH38U/Iu9VvplCvTHkT633o5UxSTWD7x/+kD90mMpWTaLyvDhgzl31oMnbE/rI 2zyqKs9zhduR5ymDg0XcIHcsQBW4UBukWNmGzYx5N/UhqdRbANna5ujgVU19KPKH/ZaIY56xpk/5 tYoOAsKObHf6HT/iPk6i4v39Fgrn7U6sP+Mrah5SCK0Bml0d9TairZIJpBpF9IVlRHCiyankPiQ8 Bzb8x1nLlGaASmBTstf4qS8gmTsqr3gfmFCPQM1VJHw2GgXDBUxDK/RTPRenn3dRJIr0UMe6Hvt0 XQTm1hleURxqzUe4AY3buSxerJZ+uu6CzCarRVGUaZ9ZXO04/KdAILys1XEnJnIdrvi9C/FrJ8UI 0hmosp7eYidGsJ0VvIg4khfk0ldQcL8eSW+z6ddlBCrVw4D8W8C/z6rYYHMl8X0ZjTSVGm8b97Hk 7f8DZ+FUFmJmt98AAAAASUVORK5CYII= X-Now-Playing: Joe Jackson's _Look Sharp!_: "(Do The) Instant Mash" X-Hashcash: 1:23:141117:emacs-devel@gnu.org::a39wtDNjjh36xp27:0000000000000000000000000000000000000000006dez X-Hashcash: 1:23:141117:stephen_leake@stephe-leake.org::huah9t2hRrDhc7Fp:0000000000000000000000000000000LxvO X-Hashcash: 1:23:141117:kwhite@gnu.org::Q1nJYiuoeGGsNrPC:000lbrG In-Reply-To: (Kelvin White's message of "Mon, 17 Nov 2014 10:29:56 -0500") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) X-MailScanner-ID: 1XqVAU-000830-U3 MailScanner-NULL-Check: 1416869592.22572@5iwwzOJrDwgnNWaCjSorYQ X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177500 Archived-At: Kelvin White writes: > Lars Magne Ingebrigtsen wrote: > >> That sounds reasonable. Hm... Er... do you have a recipe for how to >> start a new branch off of emacs-24? >"? > > git checkout -b NEW_BRANCH > git commit -m "first commit" > git push -u origin NEW_BRANCH > > substitue the name of the new branch for NEW_BRANCH Stefan requested that I didn't push this to the public repository, but I'm not going to finish it tonight, and I need some feedback. So I did anyway. The new branch is called "nsm". This is my first test case, which is nice to use because it has a self-signed certificate: (setq process (open-network-stream "nntpd" (get-buffer-create "*nntp*") "news.gmane.org" "nntp" :end-of-command "^\\([2345]\\|[.]\\).*\n" :capability-command "HELP\r\n" :success "^3" :starttls-function (lambda (capabilities) (if (not (string-match "STARTTLS" capabilities)) nil "STARTTLS\r\n")))) ;; This new function returns a certificate hash and what's wrong with it. (gnutls-peer-status process) ;; Here's the security manager interface: (nsm-verify-connection process "news.gmane.org" "nntp") ;; And please don't leave a gazillion connections open to my server. >"? (delete-process process) Give it a whirl if you want. It's not finished, but it does some basic stuff, like keeping track of your responses. But here's the feedback I need: 1) What's the proper mapping for these error messages? if (verification & GNUTLS_CERT_INVALID) warnings = Fcons (list2 (intern (":invalid"), if (verification & GNUTLS_CERT_REVOKED) warnings = Fcons (list2 (intern (":revoked"), if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND) warnings = Fcons (list2 (intern (":signer-not-found"), if (verification & GNUTLS_CERT_SIGNER_NOT_CA) warnings = Fcons (list2 (intern (":self-signed"), if (verification & GNUTLS_CERT_INSECURE_ALGORITHM) warnings = Fcons (list2 (intern (":insecure"), if (verification & GNUTLS_CERT_NOT_ACTIVATED) warnings = Fcons (list2 (intern (":not-activated"), if (verification & GNUTLS_CERT_EXPIRED) warnings = Fcons (list2 (intern (":expired"), Which one is the real "self-signed" message? It's an important distinction between a self-signed certificate and a forged certificate... 2) What's the best way to ask longer questions these days? I just did a `read-char' on a 8-line message, but perhaps people don't like that... Put up a help message instead? Is there an easy-to-use pop-up-long-help-message-buffer-while-prompting-for-three-different-chars thing? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no