emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls tofu support? or even --insecure?


From: Nix
Subject: Re: gnutls tofu support? or even --insecure?
Date: Fri, 04 Sep 2015 17:09:05 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

[Back from holiday.]

On 19 Aug 2015, Ted Zlatanov stated:

> On Wed, 12 Aug 2015 14:21:49 +0100 Nix <address@hidden> wrote: 
>
> N> On 11 Aug 2015, Toke Høiland-Jørgensen outgrape:
>>> Well, the outcome was that the new network manager functionality would
>>> replicate the tofu functionality in lisp and delegate only the
>>> certificate checking to gnutls. But I lost track of what happened after
>>> that; think the functionality was merged?
>
> N> It was, but I'm still being asked about certs on every Emacs restart --
> N> it doesn't seem to be remembering anything persistently.
>
> I'm not asked, and certs are stored for me. Can you check the cert
> storage?

It's being stored. This was a stupidity in the site I was connecting to:
some sort of failover device whose nature is opaque to me was picking a
different cert (from an apparently infinite selection) or generating a
new cert or something like that about every five minutes. So Emacs was
right to warn: the effect was outwardly identical to a really-badly-
implemented man-in-the-middle attack.

-- 
NULL && (void)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]