[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network Security Manager merge time?
From: |
Ted Zlatanov |
Subject: |
Re: Network Security Manager merge time? |
Date: |
Tue, 25 Nov 2014 09:20:39 -0500 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
On Fri, 21 Nov 2014 12:29:45 +0100 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
>> Looking at the code, there's a lot of copy+pasta there between the
>> GnuTLS verification in `gnutls-boot' and the message collection in
>> `gnutls-peer-status'. Could you factor that out so there's only one
>> sequence of checks to maintain, especially since I'd like to deprecate
>> the GnuTLS verification in favor of NSM? Basically call
>> `gnutls-peer-status' in `gnutls-boot' and then iterate through the
>> messages (which can be the simpler version you use instead of the one
>> with the hostname attached I have in `gnutls-boot'). I can do it if you
>> prefer.
LMI> Sure; go ahead. The verification checks should probably be factored out
LMI> from `gnutls-peer-status', though, since `gnutls-boot' doesn't need the
LMI> other things it calculates (like the fingerprints etc).
OK, done as follows:
* `gnutls-peer-status' returns a simple list of symbols, which can then
be passed to `gnutls-peer-status-warning-describe' for the full
string. That could turn into a more complex struct or symbol
properties, but for now it's just a string message. I adapted
`gnutls-boot' accordingly. The certificate info is not generated when
it's called through `gnutls-boot' because that struct is not populated
yet, so there's no wasted cycles.
* nsm.el was also adapted accordingly.
I think we should now do the following:
* deprecate `gnutls-verify-error' in favor of `network-security-level'
* to help the migration, map :trustfiles and :hostname to 'medium (IIUC)
* add the ability to set the `network-security-level' per hostname regex
* put the 'gnutls customization group next to 'nsm under 'comm
WDYT?
Ted
- Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Ivan Shmakov, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/19
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/21
- Re: Network Security Manager merge time?,
Ted Zlatanov <=
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/25
- Re: Network Security Manager merge time?, Ted Zlatanov, 2014/11/25
- Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/25
- intrusive changes, Ivan Shmakov, 2014/11/25
- Re: intrusive changes, Stefan Monnier, 2014/11/30
- Re: intrusive changes, Ivan Shmakov, 2014/11/30
- Re: intrusive changes, Stefan Monnier, 2014/11/30
Re: Network Security Manager merge time?, Lars Magne Ingebrigtsen, 2014/11/19