From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83849
Path: news.gmane.org!not-for-mail
From: Vincent Bernat <bernat@luffy.cx>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Builtin GnuTLS support and certificate verification
Date: Mon, 04 Nov 2013 23:38:50 +0100
Message-ID: <87a9hjaj2d.fsf@guybrush.luffy.cx>
References: <87iowbt5dq.fsf@guybrush.luffy.cx>
	<878ux782na.fsf@dex.adm.naquadah.org>
	<874n7uu2gg.fsf@guybrush.luffy.cx> <87txftsnub.fsf@flea.lifelogs.com>
	<m3zjpkndsd.fsf@neo.luffy.cx> <87li13q3dy.fsf@flea.lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1383604769 25005 80.91.229.3 (4 Nov 2013 22:39:29 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 4 Nov 2013 22:39:29 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M32105@lists.math.uh.edu Mon Nov 04 23:39:33 2013
Return-path: <ding-owner+M32105@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M32105@lists.math.uh.edu>)
	id 1VdSo0-00040J-R2
	for ding-account@gmane.org; Mon, 04 Nov 2013 23:39:33 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M32105@lists.math.uh.edu>)
	id 1VdSnS-0004t0-A4; Mon, 04 Nov 2013 16:38:58 -0600
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <bernat@luffy.cx>)
	id 1VdSnQ-0004sj-JO
	for ding@lists.math.uh.edu; Mon, 04 Nov 2013 16:38:56 -0600
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1:AES128-SHA:128)
	(Exim 4.76)
	(envelope-from <bernat@luffy.cx>)
	id 1VdSnP-0002lj-3M
	for ding@lists.math.uh.edu; Mon, 04 Nov 2013 16:38:56 -0600
Original-Received: from bart.luffy.cx ([78.47.78.131])
	by quimby.gnus.org with esmtp (Exim 4.80)
	(envelope-from <bernat@luffy.cx>)
	id 1VdSnM-0004t2-Vf
	for ding@gnus.org; Mon, 04 Nov 2013 23:38:53 +0100
Original-Received: from bart.luffy.cx (localhost [127.0.0.1])
	by bart.luffy.cx (Postfix) with ESMTP id 5C174141F7
	for <ding@gnus.org>; Mon,  4 Nov 2013 23:38:52 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:subject
	:references:date:in-reply-to:message-id:mime-version
	:content-type:content-transfer-encoding; s=postfix; bh=PXcLUGPQK
	ahp/4zw+5ENVCJuInM=; b=nbspBJ4169WgPbnSyJLlZ/caXafU7tcOi4yXSgsJt
	F+pGjAB4oAqsNPiqXUuzM1YsQvVFApjHcoD5nD60Jx/Vjhs0LqxzT82lxe1F+eCw
	DHXu1cfPYvqrQHouLv1UoFasCsQc3lc3AhGCSCYMcagrfAEOmSWsLpHBARoLa+uE
	6k=
DomainKey-Signature: a=rsa-sha1; c=simple; d=luffy.cx; h=from:to:subject
	:references:date:in-reply-to:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=postfix; b=ZbG
	XDZoLbQ5nOeS2nptJ5hf6p4QMg5hvFT3WI/C/UyvxGhz8J/2EQ33vcG1+pW+Kzkv
	br9i5GWvBFuu8PnIt3DDwqrQQQsdaQnDx3wgYkqoTgcX2jKUeoWufkvSof2ImRJK
	/jIK7xqavK7vuaYSVutN1rkXtMYW/EFAzjV4T9MI=
Original-Received: from guybrush.luffy.cx (unknown [IPv6:2a01:e34:ec6d:710:8ea9:82ff:fe6d:94c8])
	by bart.luffy.cx (Postfix) with ESMTPS id 1912514063
	for <ding@gnus.org>; Mon,  4 Nov 2013 23:38:52 +0100 (CET)
Original-Received: by guybrush.luffy.cx (Postfix, from userid 1000)
	id 04FEC1AA; Mon,  4 Nov 2013 23:38:50 +0100 (CET)
In-Reply-To: <87li13q3dy.fsf@flea.lifelogs.com> (Ted Zlatanov's message of
	"Mon, 04 Nov 2013 16:10:49 -0500")
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3 (gnu/linux)
X-Spam-Score: -2.0 (--)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:83849
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/83849>

 =E2=9D=A6  4 novembre 2013 22:10 CET, Ted Zlatanov <tzz@lifelogs.com>=C2=
=A0:

> VB> So, for me, there should be only one verification algorithm. We are n=
ot
> VB> in the ideal case for this because we only have one algorithm but its
> VB> name does not exactly describe it.
>
> VB> Maybe you could just alias verify-error and verify-hostname-error and
> VB> say in the documentation that they do the same and that
> VB> verify-hostname-error will be removed at some point?
>
> I think :verify-error should be a list; when it contains 'x509-hostname
> then we behave like :verify-hostname-error does now, for backwards
> compatibility.  But otherwise we'll add extra checks to the list, not as
> top-level options to `gnutls-boot'.  It's easy to put a Customize
> interface on top of that.

When you say x509-hostname, do you mean "by default"? If yes, I
agree. But I suppose you would have to implement a "confirm on error"
option. I cannot propose myself to implement that since I have
absolutely no clue on how Emacs Lisp interface with C.
--=20
Indent to show the logical structure of a program.
            - The Elements of Programming Style (Kernighan & Plauger)