Antoine Beaupre writes:
> Obviously, one should never use openssl s_client for stuff like this...
> I should also note that even though Emacs 24 supports TLS natively now,
> its handling of X509 certificate is really problematic, as documented in
> #816063.
I've just
On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote:
> Kurt Roeckx writes:
>
> > From what I understand, it is (or was) possible to configure
> > things in such a way that it uses s_client to set up SSL, even
> > when it's configured to use gnutls. You should never
Kurt Roeckx writes:
> From what I understand, it is (or was) possible to configure
> things in such a way that it uses s_client to set up SSL, even
> when it's configured to use gnutls. You should never use s_client
> for that. s_client is a debug tool. It does create an SSL
>
On Fri, Oct 24, 2014 at 09:39:28AM -0400, Ted Zlatanov wrote:
> On Thu, 23 Oct 2014 10:57:17 -0500 Rob Browning
> wrote:
>
> RB> Ted Zlatanov writes:
> >> could you provide a test case? The information gathered by
> >> `M-x report-emacs-bug' would be
On 24/10/2014 11:01 +0400, Lars Magne Ingebrigtsen wrote:
I grepped through the Emacs tree, and there seems to still be one
in-tree usage -- mail-source.el. It uses imap.el to allow a simple
download-from-IMAP thing. Which probably nobody uses, but should
still be present, I think.
If I
[[[ To any NSA and FBI agents reading my email: please consider]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
In an issue of security vulnerability, giving users the right defaults
is paramount.
Stefan Monnier monn...@iro.umontreal.ca writes:
Is there anything that uses imap.el? I thought it was obsolete...
Should we move it to lisp/obsolete, then?
I grepped through the Emacs tree, and there seems to still be one
in-tree usage -- mail-source.el. It uses imap.el to allow a simple
On Thu, 23 Oct 2014 12:34:38 -0400 Richard Stallman r...@gnu.org wrote:
RS I've read that falling back to ssl3 is a real security hole,
RS being exploited frequently. That feature should be removed.
That's not really relevant to the bug report, but with GnuTLS you use
priority strings to
On Thu, 23 Oct 2014 10:57:17 -0500 Rob Browning r...@defaultvalue.org wrote:
RB Ted Zlatanov t...@lifelogs.com writes:
could you provide a test case? The information gathered by
`M-x report-emacs-bug' would be really helpful, too.
RB Hmm, I'm not the original reporter, and don't yet deeply
On Wed, 22 Oct 2014 15:05:02 -0500 Rob Browning r...@defaultvalue.org wrote:
RB Rob Browning r...@defaultvalue.org writes:
The following issue was just reported against emacs23 in Debian, and
from a quick glance, it looks like 24.4 still uses s_client, so if this
is a problem, it's perhaps
Ted Zlatanov t...@lifelogs.com writes:
could you provide a test case? The information gathered by
`M-x report-emacs-bug' would be really helpful, too.
Hmm, I'm not the original reporter, and don't yet deeply understand the
relevant issues, but on the surface, the bug appears to just ask that
[[[ To any NSA and FBI agents reading my email: please consider]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
I've read that falling back to ssl3 is a real security hole,
being exploited
This (untested) patch will make :stream ssl equivalent to :stream tls.
Andreas.
diff --git a/lisp/net/imap.el b/lisp/net/imap.el
index cf19e6c..9219b54 100644
--- a/lisp/net/imap.el
+++ b/lisp/net/imap.el
@@ -184,19 +184,6 @@ the list is tried until a successful connection is made.
:group
Andreas Schwab sch...@linux-m68k.org writes:
This (untested) patch will make :stream ssl equivalent to :stream tls.
[...]
diff --git a/lisp/net/imap.el b/lisp/net/imap.el
index cf19e6c..9219b54 100644
--- a/lisp/net/imap.el
+++ b/lisp/net/imap.el
Is there anything that uses imap.el? I
* Richard Stallman:
I've read that falling back to ssl3 is a real security hole,
being exploited frequently. That feature should be removed.
GNUTLS automatically and securely upgrades to a TLS protocol if
supported by the server. Dropping SSL 3.0 support altogether will
only encourage
On Thu, 23 Oct 2014 20:00:08 +0200 Florian Weimer f...@deneb.enyo.de
wrote:
* Richard Stallman:
I've read that falling back to ssl3 is a real security hole,
being exploited frequently. That feature should be removed.
GNUTLS automatically and securely upgrades to a TLS protocol if
Is there anything that uses imap.el? I thought it was obsolete...
Should we move it to lisp/obsolete, then?
Stefan
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[When possible, please preserve the -forwarded address in any replies.]
The following issue was just reported against emacs23 in Debian, and
from a quick glance, it looks like 24.4 still uses s_client, so if this
is a problem, it's perhaps still relevant.
Kurt Roeckx k...@roeckx.be writes:
It
Rob Browning r...@defaultvalue.org writes:
The following issue was just reported against emacs23 in Debian, and
from a quick glance, it looks like 24.4 still uses s_client, so if this
is a problem, it's perhaps still relevant.
Oh, and the link (for the emacs24 bug cloned from the emacs23 bug)
[When possible, please preserve the -forwarded address in any replies.]
The following issue was just reported against emacs23 in Debian, and
from a quick glance, it looks like 24.4 still uses s_client, so if this
is a problem, it's perhaps still relevant.
AFAIK, nowadays Emacs only use
Rob Browning r...@defaultvalue.org writes:
[When possible, please preserve the -forwarded address in any replies.]
The following issue was just reported against emacs23 in Debian, and
from a quick glance, it looks like 24.4 still uses s_client, so if this
is a problem, it's perhaps still
21 matches
Mail list logo