From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Elias Oltmanns Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Re: [Patch] Make tls.el support certificate verification Date: Tue, 27 Nov 2007 12:10:50 +0100 Message-ID: <871wacrlj9.fsf@denkblock.local> References: <877imqtdhb.fsf@denkblock.local> <87zlzc35bh.fsf@mocca.josefsson.org> <87ps063ixd.fsf@mocca.josefsson.org> <87zlxo4lwr.fsf@denkblock.local> <87d4uaksur.fsf@denkblock.local> <877ikhlrgs.fsf@denkblock.local> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: ger.gmane.org 1196162118 10028 80.91.229.12 (27 Nov 2007 11:15:18 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 27 Nov 2007 11:15:18 +0000 (UTC) Cc: ding@gnus.org To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 27 12:15:26 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1IwyPV-0003Ou-Um for ged-emacs-devel@m.gmane.org; Tue, 27 Nov 2007 12:15:26 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IwyPG-0001pf-JO for ged-emacs-devel@m.gmane.org; Tue, 27 Nov 2007 06:15:10 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IwyPD-0001ng-Bm for emacs-devel@gnu.org; Tue, 27 Nov 2007 06:15:07 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IwyPC-0001kw-3S for emacs-devel@gnu.org; Tue, 27 Nov 2007 06:15:06 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IwyPB-0001kp-SI for emacs-devel@gnu.org; Tue, 27 Nov 2007 06:15:05 -0500 Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1IwyPB-0007J1-1z for emacs-devel@gnu.org; Tue, 27 Nov 2007 06:15:05 -0500 Original-Received: from root by ciao.gmane.org with local (Exim 4.43) id 1IwyP8-0007qM-FP for emacs-devel@gnu.org; Tue, 27 Nov 2007 11:15:02 +0000 Original-Received: from pd9e84128.dip.t-dialin.net ([217.232.65.40]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Nov 2007 11:15:02 +0000 Original-Received: from eo by pd9e84128.dip.t-dialin.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Nov 2007 11:15:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 80 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pd9e84128.dip.t-dialin.net User-Agent: Gnus/5.110007 (No Gnus v0.7) Cancel-Lock: sha1:4k//sYWZwatm0+fbcVQMSHNGBog= X-detected-kernel: by monty-python.gnu.org: Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:84210 gmane.emacs.gnus.general:65787 Archived-At: --=-=-= Reiner Steib wrote: > Committed. Thank you for your contributions. I am very sorry to say that I've just discovered a rather awkward mistake in my patch. The variable tls-checktrust isn't even referenced anywhere, hence only parts of the advertised functionality are provided so far. Please find attached a patch to fix this issue. I really am sorry for making all the fuss and then not getting it right in the first place. > > Some remarks for future contributions: [...] > See http://article.gmane.org/gmane.emacs.gnus.commits/5529 for my > cosmetic/style changes. In the cvs trunk I can see that you made some adjustments to line breaks as well. What is the maximum line length in doc strings? Also, is there a comprehensive source for information about Emacs and Gnus codingstyle and good practice? And what is the canonical way to provide ChangeLog entries if I have no commit privileges or, to put it another way, the attached patch alright in this respect? Regards, Elias --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=tls.patch Index: lisp/ChangeLog =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v retrieving revision 7.1674 diff -u -r7.1674 ChangeLog --- lisp/ChangeLog 25 Nov 2007 18:25:12 -0000 7.1674 +++ lisp/ChangeLog 27 Nov 2007 11:02:51 -0000 @@ -1,3 +1,9 @@ +2007-11-27 Elias Oltmanns + + * tls.el: (open-tls-stream): Actually consult tls-checktrust to see if + certs should be verified and what is to be done in the event of a + verification failure. + 2007-11-25 Romain Francoise * gnus-msg.el (gnus-summary-reply): Delete extra paren. Index: lisp/tls.el =================================================================== RCS file: /usr/local/cvsroot/gnus/lisp/tls.el,v retrieving revision 7.18 diff -u -r7.18 tls.el --- lisp/tls.el 25 Nov 2007 14:17:03 -0000 7.18 +++ lisp/tls.el 27 Nov 2007 11:02:52 -0000 @@ -229,12 +229,15 @@ (set-buffer buffer) (when (or - (and tls-untrusted + (and tls-checktrust (progn (goto-char (point-min)) (re-search-forward tls-untrusted nil t)) - (not (yes-or-no-p - (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host)))) + (or + (and (not (eq tls-checktrust 'ask)) + (message "The certificate presented by `%s' is NOT trusted." host)) + (not (yes-or-no-p + (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host))))) (and tls-hostmismatch (progn (goto-char (point-min)) --=-=-= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://lists.gnu.org/mailman/listinfo/emacs-devel --=-=-=--