From: Tim Vaughan Date: Fri, 15 May 2020 19:30:40 +0000 (+0200) Subject: Disabled TLS certificate validation by default. X-Git-Tag: v2.7.0~3 X-Git-Url: https://thelambdalab.xyz/gitweb/index.cgi?a=commitdiff_plain;h=b2c40d40dd28e506a63d61bd03fd5d385e914ff4;p=elpher.git Disabled TLS certificate validation by default. --- diff --git a/elpher.el b/elpher.el index dec79ae..d8193b9 100644 --- a/elpher.el +++ b/elpher.el @@ -186,6 +186,17 @@ The default behaviour is to use the ansi-color package to interpret these sequences." :type '(boolean)) +(defcustom elpher-TLS-cert-checks nil + "If non-nil, verify server TLS certificates using the default +emacs security protocol. Otherwise, certificate verification is disabled. + +This defaults to off because it is standard practice for Gemini servers +to use self-signed certificates, meaning that most servers provide what +emacs considers to be an invalid certificate. Since non-Gemini uses such +as gophers:// are essentially edge cases that rarely occur in the wild, +this setting applies to *all* TLS connections made by Elpher." + :type '(boolean)) + ;;; Model ;; @@ -434,6 +445,8 @@ unless NO-HISTORY is non-nil." (list 'with-current-buffer "*elpher*" '(elpher-mode) (append (list 'let '((inhibit-read-only t)) + '(unless elpher-TLS-cert-checks + (setq-local network-security-level 'low)) '(erase-buffer) '(elpher-update-header)) args)))