bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#29977: gnutls-verify-error does not allow matching hostnames

From: Robert Pluim
Subject: bug#29977: gnutls-verify-error does not allow matching hostnames
Date: Fri, 13 Apr 2018 14:31:58 +0200 
Lars Ingebrigtsen <larsi@gnus.org> writes:

> Robert Pluim <rpluim@gmail.com> writes:
>
>> gnutls-boot-parameters will always use (:trustfiles :hostname) even
>> though the intent is to turn off verification for news.gmane.org.
>> Proposed patch converts this to first-match, which I think matches the
>> intent of the variable.
>
> Yes, that makes sense, I think.  I've now applied the patch to Emacs
> 27.1.

Did we want something like this on top? I doubt this warrants a NEWS
entry, as the previous behaviour was never documented :-)

2018-04-13  Robert Pluim  <rpluim@gmail.com>

        * lisp/net/gnutls.el (gnutls-verify-error): Mention that the
        matching is first-match.


diff --git i/lisp/net/gnutls.el w/lisp/net/gnutls.el
index 85c9308c0d..a9ee6ebfaf 100644
--- i/lisp/net/gnutls.el
+++ w/lisp/net/gnutls.el
@@ -61,9 +61,9 @@ gnutls-verify-error
    ((HOST-REGEX FLAGS...) (HOST-REGEX FLAGS...) ...)
 
 where each HOST-REGEX is a regular expression to be matched
-against the hostname, and FLAGS is either t or a list of
-one or more verification flags.  The supported flags and the
-corresponding conditions to be tested are:
+against the hostname, on a first-match basis, and FLAGS is either
+t or a list of one or more verification flags.  The supported
+flags and the corresponding conditions to be tested are:
 
   :trustfiles -- certificate must be issued by a trusted authority.
   :hostname   -- hostname must match presented certificate's host name.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]