[WIP] TLS verification #4009
[WIP] TLS verification #4009
Conversation
StreakyCobra
force-pushed
the
feature/tls-verification
branch
2 times, most recently
from
abfa149
to
2b472ae
Compare
core/core-configuration-layer.el
Outdated
| @@ -62,6 +62,10 @@ | |||
| (expand-file-name (concat user-emacs-directory "private/")) | |||
| "Spacemacs private layers base directory.") | |||
|
|
|||
| (defconst configuration-certs-directory | |||
There was a problem hiding this comment.
Should be configuration-layer-certs-directory ?
I would prefer no abbreviation though even if the variable name is long like configuration-layer-certificates-directory.
Also since it is a constant you can make it "private" with a double dash configuration-layer--certificates-directory.
There was a problem hiding this comment.
I was missing the layer part when copying preceding defconst lines, shame on me 😓 . Why should this one be private and not the others? I mean, it's fine for me, just wan to know
StreakyCobra
force-pushed
the
feature/tls-verification
branch
from
2b472ae
to
fe052e1
Compare
StreakyCobra
force-pushed
the
feature/tls-verification
branch
from
fe052e1
to
124825c
Compare
|
TLS verification is now working with an external gnutls client. Next steps:
|
|
@StreakyCobra see this. Not sure whether it is relevant but Sourceforge doesn't use TLS so the chain of trust might be broken... |
|
Do we still trust sourceforge after the incidents of bundling adware and junkware?! |
|
I am on the develop branch and I currently need the external GnuTls lib for my 32-bits emacs on Windows 10. Not too sure what's the status for the 64-bit custom built version from the spacemacs README link. There doesn't seem to be any open issues regarding difficulty in connecting to melpa so I assume that most users do not face any problems. |
|
@Immortalin I don't have any windows, so I can't test on this platform. What I use to test it is: (let ((bad-hosts
(loop for bad
in `("https://wrong.host.badssl.com/"
"https://self-signed.badssl.com/")
if (condition-case e
(url-retrieve
bad (lambda (retrieved) t))
(error nil))
collect bad)))
(if bad-hosts
(error (format "tls misconfigured; retrieved %s ok"
bad-hosts))
(url-retrieve "https://badssl.com"
(lambda (retrieved) t))))It shouldn't print |
|
On Windows, spacemacs (the 32 bit emacs from the GNU ftp servers) raises a "unable to establish connection" error to melpa without the GnuTls DLLs. |
|
@Immortalin Ok, but what can I do? It seems from your link that is a configuration on user side no? |
|
@StreakyCobra I am attempting to get emacs onto a CI so windows builds are more accessible(64/32bits, currently the sourceforge link is 64-bits only, GnuTls is compiled with it. Build script is based on the one by the sourceforge link author). |
|
@Immortalin Ok, nice initiative :-) but I don't understand what you try to tell me concerning this work in progress pull request? This is not merged in Spacemacs, also not finished and not even working yet. |
|
@StreakyCobra what I mean is that you don't have to do anything about GnuTls DLLs on Windows etc. since they should be part of the Emacs installation |
|
@Immortalin Ok, I'll think about it when I'll reach the point of interoperability. For now I still have some problem on linux ;-) |
|
Do we still need this with Emacs 26? |
|
I haven't followed the development of Spacemacs or Emacs recently, so no idea if it is still needed or not. But I think nobody will take over anyway now, so I'm closing it :-) |
|
I wonder what editor are you using now? |
|
I'm still using Spacemacs for magit-related tasks (it's still my default GIT_COMMIT editor) and also a from time to time when I need to do heavy macro-based text modifications. For general programming I've moved to VSCode. |
|
Emacs have been recently revamping their TLS implementation. |
WIP to implement #3977