|
From: | Jimmy Yuen Ho Wong |
Subject: | Re: A couple of questions and concerns about Emacs network security |
Date: | Mon, 25 Jun 2018 19:06:00 +0100 |
> From: Jimmy Yuen Ho Wong <address@hidden>
> Date: Sun, 24 Jun 2018 22:30:50 +0100
> Cc: Eli Zaretskii <address@hidden>, Paul Eggert <address@hidden>,
> Noam Postavsky <address@hidden>, address@hidden
>
> Here's the patch to get GnuTLS to do CRL checking.
Thanks, a few minor comments:
> +(defcustom gnutls-crlfiles
> + '(
> + "/etc/grid-security/certificates/*.crl.pem"
> + )
> + "List of CRL file paths or a function returning said list.
> +If a file path contains a glob pattern, it will be expanded.
> +The files may be in PEM or DER format, as per the GnuTLS documentation.
> +The files may not exist, in which case they will be ignored."
> + :group 'gnutls
> + :type '(choice (function :tag "Function to produce list of CRL filenames")
> + (repeat (file :tag "CRL filename"))))
This should have a :version tag.
Do we really want/need to allow a function here? Isn't a list of
files enough? A function is more dangerous than a string, especially
in a security-sensitive place.
Finally, I think this defcustom needs to be called out in NEWS.
0001-Check-TLS-certs-against-CRL.patch
Description: Binary data
[Prev in Thread] | Current Thread | [Next in Thread] |