[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using GnuTLS 3.x and certificate checks
From: |
Ted Zlatanov |
Subject: |
Re: using GnuTLS 3.x and certificate checks |
Date: |
Wed, 05 Jun 2013 11:13:18 -0400 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Wed, 27 Mar 2013 09:17:38 -0400 Ted Zlatanov <address@hidden> wrote:
TZ> On Wed, 27 Mar 2013 14:03:59 +0200 Eli Zaretskii <address@hidden> wrote:
>>> gnutls.c:117:1: warning: 'gnutls_connection_end_t' is deprecated
>>> [-Wdeprecated-declarations]
EZ> Ted, could you please look into this?
TZ> This function was deprecated in GnuTLS 2.99.
TZ> 3.1.10 is the latest. I used 2.x when I did the GnuTLS support, but by
TZ> now 3.x is much more widely distributed so I think we can switch to it.
TZ> Fortunately, the changes will be minimal because the API hasn't changed
TZ> significantly AFAIK. So this is mostly a policy decision.
TZ> At least in Ubuntu 12.10, GnuTLS 3.x is the default. I know it's
TZ> already what people use on W32 and MacOS X. What about other platforms?
TZ> Any concerns?
TZ> This would also be a good time to enable SSL certificate verification by
TZ> default. We said we'd wait until 24.3 is out to make that change.
Without comments, I will assume a general OK on these two things:
- move to the GnuTLS 3.x API and require that version of the libraries.
- enable SSL certificate verification by default (I have some questions
about non-interactive cases in a separate thread).
Ted