On Fri, Jul 11, 2014 at 8:09 AM, Daniel Kahn Gillmor <[email protected]> wrote:
> based on lib/verify-tofu.c and lib/system.c, it looks like the file will > always be named "known_hosts" and it will be within $HOME/.gnutls/ on > unix-derived systems. I suppose you could modify $HOME but that doesn't > sound very satisfying. gnutls_verify_stored_pubkey, allows specifying an alternative filename (through db_name), or even a database using the tdb argument. gnutls-cli doesn't allow setting that option but a small patch could allow setting that file. > Nikos, i note that the functions around this all use snprintf and are > generally limited to PATH_MAX, without verifying that snprintf returns a > sensible value. I worry that for very large values of $HOME, this might > produce some weird behavior, but i haven't been able to coax it into > anything concrete yet. Maybe it's worth having a look and thinking > through what the consequences would be for a very long $HOME? I think that the limitation can be lifted by using asprintf() or similar. If there is a patch that lifts that limitation in a portable way I'll apply it. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
