[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] /srv/bzr/emacs/trunk r107274: Introduce and use CA bundle
|
From: |
Ted Zlatanov |
|
Subject: |
[Emacs-diffs] /srv/bzr/emacs/trunk r107274: Introduce and use CA bundle locator `gnutls-trustfiles'. |
|
Date: |
Mon, 13 Feb 2012 16:48:14 -0500 |
|
User-agent: |
Bazaar (2.3.1) |
------------------------------------------------------------
revno: 107274
committer: Ted Zlatanov <address@hidden>
branch nick: quickfixes
timestamp: Mon 2012-02-13 16:48:14 -0500
message:
Introduce and use CA bundle locator `gnutls-trustfiles'.
* net/gnutls.el (gnutls-trustfiles): New variable.
(gnutls-negotiate): Use it.
modified:
lisp/ChangeLog
lisp/net/gnutls.el
=== modified file 'lisp/ChangeLog'
--- a/lisp/ChangeLog 2012-02-13 19:42:58 +0000
+++ b/lisp/ChangeLog 2012-02-13 21:48:14 +0000
@@ -1,3 +1,8 @@
+2012-02-13 Teodor Zlatanov <address@hidden>
+
+ * net/gnutls.el (gnutls-trustfiles): New variable.
+ (gnutls-negotiate): Use it.
+
2012-02-13 Lars Ingebrigtsen <address@hidden>
* simple.el (mail-user-agent): Mention that `gnus-user-agent' only
=== modified file 'lisp/net/gnutls.el'
--- a/lisp/net/gnutls.el 2012-02-12 21:40:25 +0000
+++ b/lisp/net/gnutls.el 2012-02-13 21:48:14 +0000
@@ -49,7 +49,20 @@
set this variable to \"normal:-dhe-rsa\"."
:group 'gnutls
:type '(choice (const nil)
- string))
+ string))
+
+(defcustom gnutls-trustfiles
+ '(
+ "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch
Linux
+ "/etc/pki/tls/certs/ca-bundle.crt" ; Fedora and RHEL
+ "/etc/ssl/ca-bundle.pem" ; Suse
+ )
+ "List of CA bundle location filenames or a function returning said list.
+The files may be in PEM or DER format, as per the GnuTLS documentation.
+The files may not exist, in which case they will be ignored."
+ :group 'gnutls
+ :type '(choice (function :tag "Function to produce list of bundle filenames")
+ (repeat (file :tag "Bundle filename"))))
;;;###autoload
(defcustom gnutls-min-prime-bits nil
@@ -118,7 +131,7 @@
PROCESS is a process returned by `open-network-stream'.
HOSTNAME is the remote hostname. It must be a valid string.
PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
-TRUSTFILES is a list of CA bundles.
+TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'.
CRLFILES is a list of CRL files.
KEYLIST is an alist of (client key file, client cert file) pairs.
MIN-PRIME-BITS is the minimum acceptable size of Diffie-Hellman keys
@@ -156,18 +169,20 @@
It must be omitted, a number, or nil; if omitted or nil it
defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
(let* ((type (or type 'gnutls-x509pki))
- (default-trustfile "/etc/ssl/certs/ca-certificates.crt")
(trustfiles (or trustfiles
- (when (file-exists-p default-trustfile)
- (list default-trustfile))))
+ (delq nil
+ (mapcar (lambda (f) (and f (file-exists-p f) f))
+ (if (functionp gnutls-trustfiles)
+ (funcall gnutls-trustfiles)
+ gnutls-trustfiles)))))
(priority-string (or priority-string
(cond
((eq type 'gnutls-anon)
"NORMAL:+ANON-DH:!ARCFOUR-128")
((eq type 'gnutls-x509pki)
- (if gnutls-algorithm-priority
- (upcase gnutls-algorithm-priority)
- "NORMAL")))))
+ (if gnutls-algorithm-priority
+ (upcase gnutls-algorithm-priority)
+ "NORMAL")))))
(min-prime-bits (or min-prime-bits gnutls-min-prime-bits))
(params `(:priority ,priority-string
:hostname ,hostname
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] /srv/bzr/emacs/trunk r107274: Introduce and use CA bundle locator `gnutls-trustfiles'.,
Ted Zlatanov <=