-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] TLS verification #4009
[WIP] TLS verification #4009
Conversation
abfa149
to
2b472ae
Compare
core/core-configuration-layer.el
Outdated
@@ -62,6 +62,10 @@ | |||
(expand-file-name (concat user-emacs-directory "private/")) | |||
"Spacemacs private layers base directory.") | |||
|
|||
(defconst configuration-certs-directory |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be configuration-layer-certs-directory
?
I would prefer no abbreviation though even if the variable name is long like configuration-layer-certificates-directory
.
Also since it is a constant you can make it "private" with a double dash configuration-layer--certificates-directory
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was missing the layer
part when copying preceding defconst
lines, shame on me 😓 . Why should this one be private and not the others? I mean, it's fine for me, just wan to know
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good question 😶
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😂
2b472ae
to
fe052e1
Compare
fe052e1
to
124825c
Compare
TLS verification is now working with an external gnutls client. Next steps:
|
@StreakyCobra see this. Not sure whether it is relevant but Sourceforge doesn't use TLS so the chain of trust might be broken... |
Do we still trust sourceforge after the incidents of bundling adware and junkware?! |
I am on the develop branch and I currently need the external GnuTls lib for my 32-bits emacs on Windows 10. Not too sure what's the status for the 64-bit custom built version from the spacemacs README link. There doesn't seem to be any open issues regarding difficulty in connecting to melpa so I assume that most users do not face any problems. |
@Immortalin I don't have any windows, so I can't test on this platform. What I use to test it is: (let ((bad-hosts
(loop for bad
in `("https://wrong.host.badssl.com/"
"https://self-signed.badssl.com/")
if (condition-case e
(url-retrieve
bad (lambda (retrieved) t))
(error nil))
collect bad)))
(if bad-hosts
(error (format "tls misconfigured; retrieved %s ok"
bad-hosts))
(url-retrieve "https://badssl.com"
(lambda (retrieved) t)))) It shouldn't print |
On Windows, spacemacs (the 32 bit emacs from the GNU ftp servers) raises a "unable to establish connection" error to melpa without the GnuTls DLLs. |
@Immortalin Ok, but what can I do? It seems from your link that is a configuration on user side no? |
@StreakyCobra I am attempting to get emacs onto a CI so windows builds are more accessible(64/32bits, currently the sourceforge link is 64-bits only, GnuTls is compiled with it. Build script is based on the one by the sourceforge link author). |
@Immortalin Ok, nice initiative :-) but I don't understand what you try to tell me concerning this work in progress pull request? This is not merged in Spacemacs, also not finished and not even working yet. |
@StreakyCobra what I mean is that you don't have to do anything about GnuTls DLLs on Windows etc. since they should be part of the Emacs installation |
@Immortalin Ok, I'll think about it when I'll reach the point of interoperability. For now I still have some problem on linux ;-) |
Do we still need this with Emacs 26? |
I haven't followed the development of Spacemacs or Emacs recently, so no idea if it is still needed or not. But I think nobody will take over anyway now, so I'm closing it :-) |
I wonder what editor are you using now? |
I'm still using Spacemacs for magit-related tasks (it's still my default GIT_COMMIT editor) and also a from time to time when I need to do heavy macro-based text modifications. For general programming I've moved to VSCode. |
Emacs have been recently revamping their TLS implementation. |
WIP to implement #3977