> From: Lars Ingebrigtsen <larsi@gnus.org>
> Cc: eggert@cs.ucla.edu, emacs-devel@gnu.org, Noam Postavsky <npostavs@gmail.com>, wyuenho@gmail.com
> Date: Sun, 24 Jun 2018 22:58:28 +0200
>
> Lars Ingebrigtsen <larsi@gnus.org> writes:
>
> > I had meant to implement warnings for this stuff on the default `medium'
> > level instead of letting it remain on the `high' level, but I simply
> > forgot. I'll be changing that on master hopefully sometime next week.
>
> Or today!
>
> I've now pushed the changes to master, so let me know if I accidentally
> broke all Emacs network traffic. It seems to be working OK for me,
> though...
Thanks for working on this.
Allow me a few comments, with an eye towards getting at least some of
this to the emacs-26 branch:
. First, the NEWS entry should tell users how to get the previous
(less secure) behavior if they want. I think this also calls for a
better documentation of the elements that can appear in
network-security-protocol-checks.
. The change to gnutls-peer-status is not reflected in its doc string
and is not called out in NEWS.
. Do I understand correctly that most of the changes, including those
in gnutls.c, are so that intermediary certificates could be
verified? If so, would it make sense to omit that for emacs-26,
and only beef up the medium level of security in NSM with the rest
of the checks?