help-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User interface to bad certificate warning -- how to use?

From: Lars Magne Ingebrigtsen
Subject: Re: User interface to bad certificate warning -- how to use?
Date: Mon, 01 Feb 2016 06:02:25 +0100
User-agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) 
nljlistbox2@gmail.com (N. Jackson) writes:

> The warning is shown in a help window while simultaneously there is a
> prompt displayed in the minibuffer:
>
>     Continue connecting? (No, Session only, Always)
>
> Is the user intended to type in the full text of their choice or the
> first letter or what? If the first letter, must it be capitalised as
> shown?

I think the standard in Emacs is to use capitalisation to say what
characters you're supposed to hit.

> The prompt seems to disappear when _any_ key is pressed; for
> example I tried to copy the prompt to the clipboard and it disappeared
> when I started to select it -- I've no idea which of the three choices
> it decided I had entered. This seems rather surprising behaviour for the
> minibuffer.

I don't think that's what happened.  When you tried selecting the text,
you probably ended up aborting the function, just as if you'd hit `C-g'.

> After the prompt is gone, the help window remains but the buffer itself
> is gone. This seems to be rather the opposite of what would be useful.
> Wouldn't it be better if the buffer with the details about the
> problematic certificate persisted and the help window was closed?

The help window should have gone away.  Please report this as a bug with
`M-x report-emacs-bug'.

> Furthermore, the information in the help buffer is in a confusing order:
>
>     Certificate information
>     Issued by:          imap.example.com
>     Issued to:          IMAP server
>     Hostname:           imap.example.com
>     Public key:         RSA, signature: RSA-SHA1
>     Protocol:           TLS1.2, key: ECDHE-RSA, cipher: AES-128-GCM, mac: AEAD
>     Security level:     Low
>     Valid:              From 2013-09-07 to 2014-09-07
>
>     The TLS connection to localhost:993 is insecure for the following
>     reasons:
>
>     certificate signer was not found (self-signed)
>     certificate host does not match hostname
>     certificate has expired
>     the certificate was signed by an unknown and therefore untrusted authority
>     certificate could not be verified
>
> Would it not be better if the statement of the problem "The TLS
> connection ... is insecure" came first, and the detailed certificate
> information came at the end.

Yeah, that might be better...

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
reply via email to
[Prev in Thread] Current Thread [Next in Thread]