From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83977
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Builtin GnuTLS support and certificate verification
Date: Mon, 16 Dec 2013 10:27:48 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @
 Cienfuegos
Message-ID: <87haa8olxn.fsf@flea.lifelogs.com>
References: <87iowbt5dq.fsf@guybrush.luffy.cx>
	<878ux782na.fsf@dex.adm.naquadah.org>
	<874n7uu2gg.fsf@guybrush.luffy.cx> <87txftsnub.fsf@flea.lifelogs.com>
	<m3zjpkndsd.fsf@neo.luffy.cx> <87li13q3dy.fsf@flea.lifelogs.com>
	<87a9hjaj2d.fsf@guybrush.luffy.cx> <87r4anhrh3.fsf@flea.lifelogs.com>
	<m338mwsig3.fsf@neo.luffy.cx> <871u2g1ofu.fsf@dex.adm.naquadah.org>
	<87vbz0vun4.fsf@flea.lifelogs.com> <87y53v7n44.fsf@guybrush.luffy.cx>
	<87ob4rwcjx.fsf@flea.lifelogs.com> <87sitvmhnj.fsf@flea.lifelogs.com>
	<b4md2kxo9p7.fsf@jpl.org>
Reply-To: ding@gnus.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1387207809 18596 80.91.229.3 (16 Dec 2013 15:30:09 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 16 Dec 2013 15:30:09 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M32229@lists.math.uh.edu Mon Dec 16 16:30:15 2013
Return-path: <ding-owner+M32229@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M32229@lists.math.uh.edu>)
	id 1Vsa7a-00011M-9o
	for ding-account@gmane.org; Mon, 16 Dec 2013 16:30:14 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M32229@lists.math.uh.edu>)
	id 1Vsa7V-0007vp-Mc; Mon, 16 Dec 2013 09:30:09 -0600
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Vsa7U-0007vV-8Y
	for ding@lists.math.uh.edu; Mon, 16 Dec 2013 09:30:08 -0600
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx1.math.uh.edu with esmtps (TLSv1:AES128-SHA:128)
	(Exim 4.76)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Vsa7S-00015v-Qw
	for ding@lists.math.uh.edu; Mon, 16 Dec 2013 09:30:08 -0600
Original-Received: from plane.gmane.org ([80.91.229.3])
	by quimby.gnus.org with esmtp (Exim 4.80)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Vsa7R-0007l1-Fc
	for ding@gnus.org; Mon, 16 Dec 2013 16:30:05 +0100
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Vsa7O-0000sc-TM
	for ding@gnus.org; Mon, 16 Dec 2013 16:30:02 +0100
Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Mon, 16 Dec 2013 16:30:02 +0100
Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Mon, 16 Dec 2013 16:30:02 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: ding@gnus.org
Original-Lines: 34
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)
Cancel-Lock: sha1:pCG3S856LJrhsrvd7xFvrhIi92E=
X-Spam-Score: -2.4 (--)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:83977
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/83977>

On Mon, 16 Dec 2013 10:39:48 +0900 Katsumi Yamaoka <yamaoka@jpl.org> wrote: 

KY> Ted Zlatanov wrote:
>> I pushed this work to the Emacs trunk with the old behavior (connections
>> never abort, just warn).  Please customize `gnutls-verify-error' to get
>> the new behavior, erroring out on validation failures.  I encourage you
>> to try it and report any issues.

KY> One of my POP mail sources got to not work for today's Emacs build
KY> from the trunk.

KY> First, `mapcan' that `gnutls-negotiate' uses is a cl run-time
KY> function, so I needed to load cl manually.

Ah, yes.  Stefan fixed it already.  Sorry.

KY> If `gnutls-verify-error' is nil, `mail-source-fetch-pop' fails
KY> for the error: (wrong-type-argument listp nil)
KY> This is what the built-in function `gnutls-boot' issues.
KY> The arguments passed to it then are:
KY> #<prosess POP>
KY> gnutls-x509pki
KY> (:priority "NORMAL" :hostname "my.pop.server" :loglevel 0
KY>  :min-prime-bits 1024 :trustfiles ("/usr/ssl/certs/ca-bundle.crt")
KY>  :crlfiles nil :keylist nil :verify-flags nil :verify-error nil
KY>  :callbacks nil)

KY> If I set `gnutls-verify-error' to t, `gnutls-boot' issues the error
KY> (wrong-type-argument listp t) because :verify-error is t.

Looks like http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16161 as well.
I'll follow up.

Ted