From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Sascha Wilde Newsgroups: gmane.emacs.devel Subject: Re: Default value of tls-checktrust should be 'ask Date: Tue, 08 Apr 2008 12:55:08 +0200 Message-ID: References: <47FB38B7.70806@gnu.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1207652487 29547 80.91.229.12 (8 Apr 2008 11:01:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Apr 2008 11:01:27 +0000 (UTC) Cc: emacs-devel@gnu.org To: Jason Rumney Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Apr 08 13:01:59 2008 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1JjBaR-0004mb-1x for ged-emacs-devel@m.gmane.org; Tue, 08 Apr 2008 13:01:59 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JjBZn-0000Pi-Lv for ged-emacs-devel@m.gmane.org; Tue, 08 Apr 2008 07:01:19 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JjBU3-0006nl-08 for emacs-devel@gnu.org; Tue, 08 Apr 2008 06:55:23 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JjBTz-0006mz-Uf for emacs-devel@gnu.org; Tue, 08 Apr 2008 06:55:21 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JjBTx-0006mI-Vq for emacs-devel@gnu.org; Tue, 08 Apr 2008 06:55:18 -0400 Original-Received: from mail2.sha-bang.de ([78.47.120.114] helo=mail.sha-bang.de) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JjBTq-0004rw-1Z; Tue, 08 Apr 2008 06:55:10 -0400 Original-Received: from kenny.sha-bang.de (xdslab105.osnanet.de [82.149.177.105]) by mail.sha-bang.de (Postfix) with ESMTP id 0096855A; Tue, 8 Apr 2008 13:13:04 +0200 (CEST) Original-Received: from wilde by kenny.sha-bang.de with local (Sha Bang MUA v.0711184.68) ID 1JjBTo-00011E-Kb; Tue, 08 Apr 2008 12:55:08 +0200 In-Reply-To: <47FB38B7.70806@gnu.org> (Jason Rumney's message of "Tue, 08 Apr 2008 10:19:51 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:94691 Archived-At: Jason Rumney wrote: > We should also provide an easy way to insert the certificate into a > local trust store (ie 'ask will allow "always" and "never" as well as > "yes" and "no" answers) , to give the power over who to trust back to > the users, rather than allowing companies like Verisign to monopolise > it. Does gnutls have a local per user store we can use for this? No need for this, you can always add (or remove) any CAs root certificate, see tls-checktrust docstring for examples on how to configure a specific root-cert collection. (and of cause the documentation for gnutls for further details.) cheers sascha -- Sascha Wilde God put me on earth to accomplish a certain number of things. Right now I am so far behind I will never die. -- Bill Waterson, Calvin and Hobbes