From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Vincent Bernat <bernat@luffy.cx>
Newsgroups: gmane.emacs.bugs
Subject: bug#15792: 24.3;
	Builtin TLS support should enable certificate verification support by
	default
Date: Sat, 02 Nov 2013 16:05:21 +0100
Message-ID: <87a9hmu9n2.fsf@guybrush.luffy.cx>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1383417917 32357 80.91.229.3 (2 Nov 2013 18:45:17 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 2 Nov 2013 18:45:17 +0000 (UTC)
To: 15792@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Nov 02 19:45:21 2013
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1VcgCH-0002gs-8l
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 02 Nov 2013 19:45:21 +0100
Original-Received: from localhost ([::1]:42873 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1VcgCG-0003zZ-T0
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 02 Nov 2013 14:45:20 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47956)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VcgC6-0003zD-QO
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 14:45:17 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VcgBz-000255-VY
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 14:45:10 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:45823)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VcgBz-00024J-Mv
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 14:45:03 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1VcgBz-0001aH-BL
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 14:45:03 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Vincent Bernat <bernat@luffy.cx>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 02 Nov 2013 18:45:02 +0000
Resent-Message-ID: <handler.15792.B.13834178585996@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 15792
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.13834178585996
	(code B ref -1); Sat, 02 Nov 2013 18:45:02 +0000
Original-Received: (at submit) by debbugs.gnu.org; 2 Nov 2013 18:44:18 +0000
Original-Received: from localhost ([127.0.0.1]:59842 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1VcgBF-0001Yc-7f
	for submit@debbugs.gnu.org; Sat, 02 Nov 2013 14:44:17 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:45278)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <bernat@luffy.cx>) id 1Vcclt-0001An-Ni
	for submit@debbugs.gnu.org; Sat, 02 Nov 2013 11:05:54 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bernat@luffy.cx>) id 1Vcclh-0000B1-GK
	for submit@debbugs.gnu.org; Sat, 02 Nov 2013 11:05:48 -0400
Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:58516)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bernat@luffy.cx>) id 1Vcclh-0000Ax-Co
	for submit@debbugs.gnu.org; Sat, 02 Nov 2013 11:05:41 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:46985)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bernat@luffy.cx>) id 1Vcclb-0003ta-92
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 11:05:41 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bernat@luffy.cx>) id 1VcclV-00009w-1H
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 11:05:35 -0400
Original-Received: from bart.luffy.cx ([78.47.78.131]:39897)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bernat@luffy.cx>) id 1VcclU-000095-HO
	for bug-gnu-emacs@gnu.org; Sat, 02 Nov 2013 11:05:28 -0400
Original-Received: from bart.luffy.cx (localhost [127.0.0.1])
	by bart.luffy.cx (Postfix) with ESMTP id 7FED114948
	for <bug-gnu-emacs@gnu.org>; Sat,  2 Nov 2013 16:05:24 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:subject
	:date:message-id:mime-version:content-type; s=postfix; bh=wpL6FU
	yTDH3RRjaoaTxPmthUIJk=; b=dFlce1k3zu1Fgif7Rp3v4sqzbD6yXM15I7EiiX
	u5OtpAXYSLtDmU3aoiWOwVV02COFwDsXl8U13akgye2APzdd+zaz+bfopmAztgC3
	MC5sJBof2fX4ZmzIXz4U7H2POTVR5OwJ4AdN3qNRzCkwIGwKu9RDFf2zldde72d0
	tEm2E=
DomainKey-Signature: a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:subject
	:date:message-id:mime-version:content-type; q=dns; s=postfix; b=
	vpYIRbXayRbg7AGA2MXyQjBSrka8vpkpwfYGPHI/KPjNPYiYQFFvHS5ZoQziUate
	veHZJuH/PuDciityJndG9cHuTSdZP8FVJf5LlmM4yFmdEH1ubzqlIBm7PpThUxfv
	WCfrp8SsppJYOGR9qB52J1HzNDh42Pn6IVXVt7KlwBg=
Original-Received: from guybrush.luffy.cx (4vh54-1-88-121-64-64.fbx.proxad.net
	[88.121.64.64]) by bart.luffy.cx (Postfix) with ESMTPS id 4A58214943
	for <bug-gnu-emacs@gnu.org>; Sat,  2 Nov 2013 16:05:24 +0100 (CET)
Original-Received: by guybrush.luffy.cx (Postfix, from userid 1000)
	id 94A2533B; Sat,  2 Nov 2013 16:05:21 +0100 (CET)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Mailman-Approved-At: Sat, 02 Nov 2013 14:44:15 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:79893
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/79893>

Hi!

New builtin TLS support disables certificate verification by
default. This is a very bad practice and the default should be to check
for certificate validity.

Moreover, the end-user of a package using this builtin support has no
easy way to enable the verification of TLS certificates. For example,
Gnus does not provide anything to enable this and as a simple user, it
seems quite difficult to ensure that certificates are verified. And each
package has the responsability to enable this option. This is
cumbersome.

Previously, enabling/disabling certificate verification was easy. You
set `tls-program` variable to something that checks or don't check for
certificates. For gnutls-client, this was a matter of using or not using
the `--insecure` switch.

I didn't find a way to disable the builtin TLS support (other than to
recompile Emacs).

I propose:

 1. Verify the certificates by default.
 2. Prompt the user if there is a problem.
 3. Add the possibility to not check for certificates by default.

I can provide a patch for the first step but I have little Emacs-fu for
the other two parts (all the more that most of the code is in C).
-- 
Use variable names that mean something.
            - The Elements of Programming Style (Kernighan & Plauger)