From 196adfb28da723333736cf024203d2284bc69ae3 Mon Sep 17 00:00:00 2001 From: Henrik Lissner Date: Fri, 17 Jun 2022 20:15:10 +0200 Subject: [PATCH] tweak: disable gnutls-verify-error in interactive sessions NSM has better UX when an invalid/expired certificate is encountered: it prompts the user to decide what to do with it. If gnutls-verify-error is non-nil, gnutls either kills or hangs the connection. This is (mostly) acceptable in noninteractive sessions, where I can more tightly control outgoing connections, but not in interactive sessions where I stand a higher chance of stepping on the user's toes instead. Ref: emacs-circe/circe#405 --- core/core.el | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/core/core.el b/core/core.el index 95bc8d6a3..03e48f2c6 100644 --- a/core/core.el +++ b/core/core.el @@ -233,9 +233,7 @@ do)." ;; Emacs is essentially one huge security vulnerability, what with all the ;; dependencies it pulls in from all corners of the globe. Let's try to be at ;; least a little more discerning. -(setq gnutls-verify-error (and (fboundp 'gnutls-available-p) - (gnutls-available-p) - (not (getenv-internal "INSECURE"))) +(setq gnutls-verify-error noninteractive gnutls-algorithm-priority (when (boundp 'libgnutls-version) (concat "SECURE128:+SECURE192:-VERS-ALL"