emenel/doomemacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tweak: disable gnutls-verify-error in interactive sessions

Browse source 
NSM has better UX when an invalid/expired certificate is encountered: it
prompts the user to decide what to do with it. If gnutls-verify-error is
non-nil, gnutls either kills or hangs the connection. This is (mostly)
acceptable in noninteractive sessions, where I can more tightly control
outgoing connections, but not in interactive sessions where I stand a
higher chance of stepping on the user's toes instead.

Ref: emacs-circe/circe#405
This commit is contained in:
Henrik Lissner 2022-06-17 20:15:10 +02:00
parent 9b5a3116d2
commit 196adfb28d
No known key found for this signature in database
GPG key ID: B60957CA074D39A3
1 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
core/core.el
View file

@ -233,9 +233,7 @@ do)."
;; Emacs is essentially one huge security vulnerability, what with all the ;; Emacs is essentially one huge security vulnerability, what with all the
;; dependencies it pulls in from all corners of the globe. Let's try to be at ;; dependencies it pulls in from all corners of the globe. Let's try to be at
;; least a little more discerning. ;; least a little more discerning.
(setq gnutls-verify-error (and (fboundp 'gnutls-available-p) (setq gnutls-verify-error noninteractive
(gnutls-available-p)
(not (getenv-internal "INSECURE")))
gnutls-algorithm-priority gnutls-algorithm-priority
(when (boundp 'libgnutls-version) (when (boundp 'libgnutls-version)
(concat "SECURE128:+SECURE192:-VERS-ALL" (concat "SECURE128:+SECURE192:-VERS-ALL"