Re: client certs and CRL lists for GnuTLS

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: client certs and CRL lists for GnuTLS

From:	Lars Magne Ingebrigtsen
Subject:	Re: client certs and CRL lists for GnuTLS
Date:	Tue, 03 May 2011 17:25:44 +0200
User-agent:	Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> The attached patch adds a :keylist parameter to `gnutls-boot' which is a
> list of (client key file, client cert file) pairs.  It also renames the
> :keyfiles parameter to :crlfiles since it's for CRL lists.  So now you
> can specify any number of client certs.  If the key files require a
> passphrase, the decoding won't work because we don't set a callback.

Right.  Hm...  if you specify a keyfile (that requires a password), does
starttls.el allow prompting for that password?  (I'm just wondering
whether the gnutls.c situation would be totally equivalent or not...)

> `gnutls-negotiate' also gets the parameter changes (should I just make
> it take a plist?)

[...]

>  (defun gnutls-negotiate (proc type hostname &optional priority-string
> -                              trustfiles keyfiles verify-flags
> +                              trustfiles crlfiles keylist verify-flags
>                                verify-error verify-hostname-error)

Heh.  Yes, I think it would be better to change this to a plist.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Opportunistic STARTTLS in smtpmail.el, (continued)

Prev by Date: client certs and CRL lists for GnuTLS (was: Opportunistic STARTTLS in smtpmail.el)
Next by Date: Re: client certs and CRL lists for GnuTLS
Previous by thread: client certs and CRL lists for GnuTLS (was: Opportunistic STARTTLS in smtpmail.el)
Next by thread: Re: client certs and CRL lists for GnuTLS
Index(es):
- Date
- Thread