From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking.
Date: Wed, 08 Oct 2014 15:06:52 +0200
Message-ID: <m338ayzp5f.fsf@stories.gnus.org>
References: <1412716565-7786-1-git-send-email-toke@toke.dk>
	<m3iojv4l87.fsf@stories.gnus.org>
	<87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk>
	<m3ppe222ww.fsf@stories.gnus.org> <87bnpm2249.fsf@toke.dk>
	<m3zjd6zre4.fsf@stories.gnus.org> <83eguik9ip.fsf@gnu.org>
	<m3a956zpmd.fsf@stories.gnus.org> <83d2a2k91n.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1412773655 25203 80.91.229.3 (8 Oct 2014 13:07:35 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 8 Oct 2014 13:07:35 +0000 (UTC)
Cc: tzz@lifelogs.com, toke@toke.dk, emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 08 15:07:26 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xbqxh-0003Py-K2
	for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 15:07:25 +0200
Original-Received: from localhost ([::1]:36102 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xbqxh-0007Qm-5I
	for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 09:07:25 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50733)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XbqxZ-0007Pp-Bg
	for emacs-devel@gnu.org; Wed, 08 Oct 2014 09:07:22 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XbqxT-0006VJ-OJ
	for emacs-devel@gnu.org; Wed, 08 Oct 2014 09:07:17 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:43072)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>)
	id 1XbqxT-0006V6-IT; Wed, 08 Oct 2014 09:07:11 -0400
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1XbqxA-0001nY-Ns; Wed, 08 Oct 2014 15:06:52 +0200
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEUtBBFUBx1mDjEMAQez
	gGx6Hi1gCif+A8CgAAACeklEQVQ4jV2SMXPbMAyFwTDOLCqVZgtncZbKS2fFJT3LDKE5YiP+/59Q
	kLKTNrjzos94D3ggGCNiVBRsE2hWgHVPy0HVEsygVEzJTiqQaq2POnj5+MeAEaqqCd1lIxJg6ZIC
	QjMbGERb1aitvVZKfQRrtfUU3kcGChL1wdXvqrJcyL/pbcgegsj7q5BCZEAxTCBPDIAB0UMnxi6D
	sNrzIAOYUUCzEKVOVAWc0Nkj65uxVc2SiNZrXYXiEezvseFxW2qWFumavCdWwpOfj8MzgEq0LWvs
	lw2zl8d+EmbIC7L+kmokT+ZnT0md5gGAwbhQ8oq1nJFGbLoOcnisMki0+NT6XnISQ0rxaIz9vUtR
	Soqw4ZFcivgmg7PPYNoCVno45S08ohzsHGYYGgZLTBv/jeuMHfxyz4cZxgy0ZmAL6FYRpsEQjHwH
	z5Z6B5cOwPEaL6B2pag/drBKoQzIoQCduOgmJRuTq2SeAQY7/bCu07xBAeMOIgZqNnt82j/frsQN
	GsM12/PaMrOX0pF2qVwdDJBNDhksGei+gBVACs5pzaAMhXsLHCozSAOQAVvzdyxZAc3Fu0y1cQsh
	Zi1HVyX3cQ8FbJxqfmkXjvULoE4xos/AOVa/A59YCnsGjig3yLIgg4g8VX/msShU/NKKFjRUZkX0
	2TyQnW8eDYeusVTIWu4+1UZLXToikj33dLybb+VMGfS8eqs+pyJ+tAVgz6cidVujALUDLCnOt4Ow
	1FVhjLt5vu1dqiEv9A5OOSvrPse9Cv2pNVXt8uXRsnufU3RhqgC+wJpyhCX372DfPAP4Z9xlUajL
	it8AuSfce0729T8wPXG+PuXVX+/fzV/EMv3MoEZ3cAAAAABJRU5ErkJggg==
X-Now-Playing: Annie Lennox's _Diva_: "Stay By Me"
X-Hashcash: 1:23:141008:eliz@gnu.org::l3xcmDzUo0sSFfJx:000008bT2
X-Hashcash: 1:23:141008:emacs-devel@gnu.org::5au/SgugxiPTJjES:000000000000000000000000000000000000000000IeEP
X-Hashcash: 1:23:141008:toke@toke.dk::1ipjyy4IEFTyR4oJ:00000RUp8
X-Hashcash: 1:23:141008:tzz@lifelogs.com::XeL1X3JJSNno54rp:19rDl
In-Reply-To: <83d2a2k91n.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 08 Oct
	2014 16:03:48 +0300")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)
X-MailScanner-ID: 1XbqxA-0001nY-Ns
MailScanner-NULL-Check: 1413378413.52913@f2gnJt9qHIoT+drGb3J/2A
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175121
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175121>

Eli Zaretskii <eliz@gnu.org> writes:

> How can it return a valid descriptor without all the validations it
> does before that, which (AFAIU) you want to delegate to Lisp now?

It would validate the certificate, but never drop the connection even if
the certificate is invalid.  It would be up to `open-network-stream' to
close the connection if the user decides to not accept the invalid (or
self-signed) certificate.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no