Emacs core TLS support

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Sep 13 09:49:30 CEST 2010


2010/9/11 Ted Zlatanov <tzz at lifelogs.com>:

> - no SRP anywhere, just anon and x509 (I'll add SRP if we need it and
>  when the other two are working)
> Now I get GNUTLS_E_INSUFFICIENT_CREDENTIALS when I open a x509
> connection to an IMAP TLS server so I think there's still work to do.
> The trust file seems to be wrong (see lisp/net/gnutls.el, I tried both
> "/etc/ssl/certs/ca-certificates.crt" and "/etc/ssl/certs/ca.pem").
> The GnuTLS examples don't seem to cover the standard situation of
> talking to a web server over SSL and possibly accepting an insecure
> connection if the server credentials are bad.  I must have missed
> something.  Could the GnuTLS developers look at my patch and help me
> out?

I cannot look at the patch but the example you are looking for is:
http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support
to do the connection, and this one to verify the certificate:
http://www.gnu.org/software/gnutls/manual/html_node/Verifying-peer_0027s-certificate.html#Verifying-peer_0027s-certificate

regards,
Nikos




More information about the Gnutls-devel mailing list