[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls tofu support? or even --insecure?
From: |
Nix |
Subject: |
Re: gnutls tofu support? or even --insecure? |
Date: |
Fri, 04 Sep 2015 17:09:05 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
[Back from holiday.]
On 19 Aug 2015, Ted Zlatanov stated:
> On Wed, 12 Aug 2015 14:21:49 +0100 Nix <address@hidden> wrote:
>
> N> On 11 Aug 2015, Toke Høiland-Jørgensen outgrape:
>>> Well, the outcome was that the new network manager functionality would
>>> replicate the tofu functionality in lisp and delegate only the
>>> certificate checking to gnutls. But I lost track of what happened after
>>> that; think the functionality was merged?
>
> N> It was, but I'm still being asked about certs on every Emacs restart --
> N> it doesn't seem to be remembering anything persistently.
>
> I'm not asked, and certs are stored for me. Can you check the cert
> storage?
It's being stored. This was a stupidity in the site I was connecting to:
some sort of failover device whose nature is opaque to me was picking a
different cert (from an apparently infinite selection) or generating a
new cert or something like that about every five minutes. So Emacs was
right to warn: the effect was outwardly identical to a really-badly-
implemented man-in-the-middle attack.
--
NULL && (void)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: gnutls tofu support? or even --insecure?,
Nix <=