From 57a0133c36a1a0cf9222c9d3f1f17dcbf977fbb4 Mon Sep 17 00:00:00 2001 From: "F. Jason Park" Date: Tue, 17 Sep 2024 18:31:22 -0700 Subject: [PATCH] Make elpher-gemini-TLS-cert-checks usable with SOCKS This is a followup to: https://lists.sr.ht/~michel-slm/elpher/%3C87wmk7kvjl.fsf@librehacker.com%3E The changes make the option `elpher-gemini-TLS-cert-checks' usable with non .onion SOCKS connections. While it's possible to obtain DV certs for .onion domains, that's mostly a thing with the Facebooks and Twitters of the world, so this change doesn't bother checking them. Note that this will leak DNS for users on versions of Emacs 31.0.50 before https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=50deb59a The rationale here is that these are advanced users who update regularly enough for this not to be a problem. --- elpher.el | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/elpher.el b/elpher.el index dcc702a..5910e8c 100644 --- a/elpher.el +++ b/elpher.el @@ -996,8 +996,13 @@ the host operating system and the local network capabilities.)" (error (elpher-network-error address the-error))))) (when socks - (if use-tls - (apply #'gnutls-negotiate :process proc gnutls-params)) + (when use-tls + (apply #'gnutls-negotiate :process proc gnutls-params) + (unless (or (< emacs-major-version 31) + (string-suffix-p ".onion" host)) + ;; Bind this option to nil to suppress DNS lookups. + (let (nsm-trust-local-network) + (nsm-verify-connection proc host port)))) (funcall (process-sentinel proc) proc "open\n"))) (error (elpher-process-cleanup) -- 2.20.1