From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: [PATCH RFC] GnuTLS: Support TOFU certificate checking. Date: Wed, 08 Oct 2014 15:47:33 +0200 Message-ID: References: <1412716565-7786-1-git-send-email-toke@toke.dk> <87a957o87z.fsf@alrua-karlstad.karlstad.toke.dk> <87bnpm2249.fsf@toke.dk> <83eguik9ip.fsf@gnu.org> <83d2a2k91n.fsf@gnu.org> <83bnpmk8fd.fsf@gnu.org> <838ukqk7gd.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1412776104 27186 80.91.229.3 (8 Oct 2014 13:48:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 Oct 2014 13:48:24 +0000 (UTC) Cc: tzz@lifelogs.com, toke@toke.dk, emacs-devel@gnu.org To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 08 15:48:17 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XbrbE-0004qq-P0 for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 15:48:16 +0200 Original-Received: from localhost ([::1]:36335 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbrbE-0008Lj-6D for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 09:48:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34376) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xbraw-0008LP-CP for emacs-devel@gnu.org; Wed, 08 Oct 2014 09:48:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xbrar-0004jk-1N for emacs-devel@gnu.org; Wed, 08 Oct 2014 09:47:58 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:41614) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xbraq-0004jT-SO; Wed, 08 Oct 2014 09:47:52 -0400 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XbraY-0002yQ-A0; Wed, 08 Oct 2014 15:47:34 +0200 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAD1BMVEVKUlSux88mJiWZs7pu f4QxwGGwAAACT0lEQVQ4jW2UgY3kIAxFvUAByzkFIEIBEFOAA+6/pvuQzJ5OWqTdmcnDxv/bhOxd 8v+qJMLxl3WQtPcrtkXp8g989nT10TT8gIaIbjajJh81l/XDrDGtTJUIDyf+3B07EYUHsMshsApA iZwA9AG1SA/iJEQNdvnIsQKsgFuO0E82VqKEndJbBDhKtOnH5DlyRgWRTTdg5PY9ifQcVk6kofsD zpHIRlA1R42DxQ/oOWdKPHJYAOl+gGmZ4SgQU9vxggOFN5TGYUipvrfr6wUO4LuIUBk+xSopPuCC BXEQTUQOeHX5BzAkNcbhqwDUNrPZvcDlGa3AgzHXJ7m0ZABoO+AzkeGBas6wZX6Ay8Vlh0QV/3TG 42sDsWAz6G4cW6gAO8KuMCM0RIn4zRPSH4AqwoSGp9VWc2jfO1VNMM6jp6sR3+qmNoevBAXB5ZNs R/xJQayfSyBEdC+YgD1fx4QghylZlqzqrkQBSJHzVbiB5yzQCPFL0GrNzQ+4zuU99UQTmjDSt2ww 81Kf/fAKsxaYG/BVpnnRnm4VR3BOXwCjycscOlVCh4v0gGufR730adcpmXKWBSRJEyA3AfK8itWy wWolhjOo9IkPxDqcT8LLGV7VknqkdBm2bLBvAjlIhugJf2SDJvsmwAZsLrqNeyJEcSmfrDgjWMA0 wdgN5EIZsnYrGfK9ADucrHbL8K7gjuTzAXDpXOcbemmS6oQ8AEaE7SZhDDCjvo5zg7bmcL0euOaU M+7pCgCILPy8V1ZlWMO/IL7vm109lr1vn8jy26p/AXpElUoFje1TAAAAAElFTkSuQmCC X-Now-Playing: Various's _The Wire Tapper 29_: "K-Conjog - Untitled 155" X-Hashcash: 1:23:141008:eliz@gnu.org::qt3vli7X3qMCFO8r:000001uLZ X-Hashcash: 1:23:141008:tzz@lifelogs.com::+ZBqdWCaWKCGSBRU:0FHJ8 X-Hashcash: 1:23:141008:emacs-devel@gnu.org::1mnAChoXa8wY1DrO:000000000000000000000000000000000000000000ccMS X-Hashcash: 1:23:141008:toke@toke.dk::DdRuYs9nTRlezPQk:00000mBz/ In-Reply-To: <838ukqk7gd.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 08 Oct 2014 16:38:10 +0300") User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux) X-MailScanner-ID: 1XbraY-0002yQ-A0 MailScanner-NULL-Check: 1413380854.62434@2Ixrwax/coxB7qDNAmREFA X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175130 Archived-At: Eli Zaretskii writes: > What happens if some stuff comes out of the stream that failed to be > validated, while Emacs negotiates with the user about what to do? > Normally, we would pass this stuff to whatever sentinel was defined, > or insert it into a buffer. Is that what you want? Does that really happen that early in the connection process? I thought sentinels and buffers were attached at a point later, so that `open-network-stream' would have a chance of inspecting the stream first. It's been a while since I looked at the code, so if that's wrong (and can't be fixed), then we'd have to do it the way you suggest: > If what you want is to cause gnutls-boot call out to Lisp for > validation as part of its normal path, then that's fine, I think. But > it does mean that we have no stream until the entire validation > completes. However, I was hoping to get the "bug out if the stream isn't encrypted and you wanted that" into the same code, so it would be nice to have it all in the same code path. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no