From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel,gmane.emacs.devel
Subject: Re: Emacs core TLS support
Date: Mon, 13 Sep 2010 09:49:30 +0200
Message-ID: <AANLkTim_joNAMDoUACseNbTwVEn6dOAexWzb7PKML7K2@mail.gmail.com>
References: <878wc1vfh3.fsf@lifelogs.com> <87r5ptpnz2.fsf@stupidchicken.com>
	<871vhsvkut.fsf@lifelogs.com>
	<jwvbpgw1yp2.fsf-monnier+emacs@gnu.org>
	<87d41csktn.fsf@lifelogs.com> <87k4v0n0m8.fsf@lifelogs.com>
	<87wrrvfnc4.fsf@lifelogs.com> <m3zkwqhixi.fsf@carbon.jhcloos.org>
	<87r5i2d00q.fsf@lifelogs.com> <87zkwqijye.fsf@stupidchicken.com>
	<878w4actmg.fsf@lifelogs.com> <877hju123h.fsf@stupidchicken.com>
	<8762yklrdk.fsf@lifelogs.com>
	<jwvlj7fg7gk.fsf-monnier+emacs@gnu.org>
	<87wrqzhrjv.fsf@lifelogs.com>
	<jwvmxruehco.fsf-monnier+emacs@gnu.org>
	<87fwxmihyz.fsf@lifelogs.com> <8762ycfhqo.fsf@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Trace: dough.gmane.org 1284364183 5514 80.91.229.12 (13 Sep 2010 07:49:43 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 13 Sep 2010 07:49:43 +0000 (UTC)
Cc: gnutls-devel@gnu.org, emacs-devel@gnu.org
To: Ted Zlatanov <tzz@lifelogs.com>
Original-X-From: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org Mon Sep 13 09:49:41 2010
Return-path: <gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org>
Envelope-to: pgp-gnutls-dev@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org>)
	id 1Ov3nH-0003A5-GT
	for pgp-gnutls-dev@m.gmane.org; Mon, 13 Sep 2010 09:49:39 +0200
Original-Received: from localhost ([127.0.0.1]:54812 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1Ov3nG-0003lw-T6
	for pgp-gnutls-dev@m.gmane.org; Mon, 13 Sep 2010 03:49:38 -0400
Original-Received: from [140.186.70.92] (port=46083 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Ov3nD-0003lm-P1
	for gnutls-devel@gnu.org; Mon, 13 Sep 2010 03:49:36 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <n.mavrogiannopoulos@gmail.com>) id 1Ov3nC-00070k-TF
	for gnutls-devel@gnu.org; Mon, 13 Sep 2010 03:49:35 -0400
Original-Received: from mail-qy0-f176.google.com ([209.85.216.176]:34367)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <n.mavrogiannopoulos@gmail.com>)
	id 1Ov3n9-00070C-Rx; Mon, 13 Sep 2010 03:49:31 -0400
Original-Received: by qyk2 with SMTP id 2so5305285qyk.0
	for <multiple recipients>; Mon, 13 Sep 2010 00:49:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:sender:received
	:in-reply-to:references:date:x-google-sender-auth:message-id:subject
	:from:to:cc:content-type:content-transfer-encoding;
	bh=T2bacj9270Sv/rlQPnsuk1KJ5qiXoxmVtt6hiS9on/A=;
	b=ZGtlng/om1uMS5bo1XAI8cKkytOG+Gj4GT3rGn2dMS/mydlk31So9FRYJdLvzMYVuV
	F8qb7ibMcSTWk9XUODWZoQQYdSQPMxTUzYsoGXHMMvs+nKVBCNLJQJLVgMZJCZJsUmVv
	RRY1/1sY7T2BDy7eqeNgvZ9U4uhvG0Rk7ojrA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	b=GSS3zYi/4L5a+Do3W/OaF+ENeW1yI4MAI1+IZGqhIQwo/OysC27zqbOS58J8IEqcNm
	5Ggl2URiA6tkBeW09WBnawPqdQC1P3N3PEjLhJxupexupcJASo7eEph0if34+uS3yI+V
	HzrGZ5leHUrfRlE7wFhIefbECI+kyc5pBpFtM=
Original-Received: by 10.224.2.134 with SMTP id 6mr355338qaj.237.1284364170904; Mon, 13
	Sep 2010 00:49:30 -0700 (PDT)
Original-Received: by 10.229.28.17 with HTTP; Mon, 13 Sep 2010 00:49:30 -0700 (PDT)
In-Reply-To: <8762ycfhqo.fsf@lifelogs.com>
X-Google-Sender-Auth: DQuMZbEizIY7ruE1-J-VXc68y5A
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-BeenThere: gnutls-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GnuTLS development discussions <gnutls-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
	<mailto:gnutls-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/gnutls-devel>
List-Post: <mailto:gnutls-devel@gnu.org>
List-Help: <mailto:gnutls-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
	<mailto:gnutls-devel-request@gnu.org?subject=subscribe>
Original-Sender: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org
Errors-To: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.comp.encryption.gpg.gnutls.devel:4504 gmane.emacs.devel:130034
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/130034>

2010/9/11 Ted Zlatanov <tzz@lifelogs.com>:

> - no SRP anywhere, just anon and x509 (I'll add SRP if we need it and
> =C2=A0when the other two are working)
> Now I get GNUTLS_E_INSUFFICIENT_CREDENTIALS when I open a x509
> connection to an IMAP TLS server so I think there's still work to do.
> The trust file seems to be wrong (see lisp/net/gnutls.el, I tried both
> "/etc/ssl/certs/ca-certificates.crt" and "/etc/ssl/certs/ca.pem").
> The GnuTLS examples don't seem to cover the standard situation of
> talking to a web server over SSL and possibly accepting an insecure
> connection if the server credentials are bad. =C2=A0I must have missed
> something. =C2=A0Could the GnuTLS developers look at my patch and help me
> out?

I cannot look at the patch but the example you are looking for is:
http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-w=
ith-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509=
-certificate-support
to do the connection, and this one to verify the certificate:
http://www.gnu.org/software/gnutls/manual/html_node/Verifying-peer_0027s-ce=
rtificate.html#Verifying-peer_0027s-certificate

regards,
Nikos